diff --git a/patches/0041-Include-CloudWatch-Logging-section-in-Lambda-Example.patch b/patches/0041-Include-CloudWatch-Logging-section-in-Lambda-Example.patch deleted file mode 100644 index f853a39efbf..00000000000 --- a/patches/0041-Include-CloudWatch-Logging-section-in-Lambda-Example.patch +++ /dev/null @@ -1,19 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: guineveresaenger -Date: Fri, 9 Feb 2024 15:25:41 -0800 -Subject: [PATCH 41/47] Include CloudWatch Logging section in Lambda Example - - -diff --git a/website/docs/r/lambda_function.html.markdown b/website/docs/r/lambda_function.html.markdown -index 29ab71f69f..212521e7e5 100644 ---- a/website/docs/r/lambda_function.html.markdown -+++ b/website/docs/r/lambda_function.html.markdown -@@ -186,7 +186,7 @@ resource "aws_efs_access_point" "access_point_for_lambda" { - - Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the [aws_lambda_function_event_invoke_config resource](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config). - --## CloudWatch Logging and Permissions -+### CloudWatch Logging and Permissions - - For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). - diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index 6b065f71313..184369ec917 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -265623,7 +265623,7 @@ } }, "aws:lambda/function:Function": { - "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n sourceCodeHash: lambda.then(lambda =\u003e lambda.outputBase64sha256),\n runtime: \"nodejs18.x\",\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n source_code_hash=lambda_.output_base64sha256,\n runtime=\"nodejs18.x\",\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n SourceCodeHash = lambda.Apply(getFileResult =\u003e getFileResult.OutputBase64sha256),\n Runtime = \"nodejs18.x\",\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tSourceCodeHash: *pulumi.String(lambda.OutputBase64sha256),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .sourceCodeHash(lambda.applyValue(getFileResult -\u003e getFileResult.outputBase64sha256()))\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n sourceCodeHash: ${lambda.outputBase64sha256}\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Layers\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.LayerVersion(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {layers: [example.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.LayerVersion(\"example\")\nexample_function = aws.lambda_.Function(\"example\", layers=[example.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.LayerVersion(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\", new()\n {\n Layers = new[]\n {\n example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewLayerVersion(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texample.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LayerVersion(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n name: example\n properties:\n layers:\n - ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efs_for_lambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"access_point_for_lambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [subnetForLambda.id],\n securityGroupIds: [sgForLambda.id],\n },\n});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: subnetForLambda.id,\n securityGroups: [sgForLambda.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efs_for_lambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"access_point_for_lambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[subnet_for_lambda[\"id\"]],\n security_group_ids=[sg_for_lambda[\"id\"]],\n ))\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=subnet_for_lambda[\"id\"],\n security_groups=[sg_for_lambda[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efs_for_lambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"access_point_for_lambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n subnetForLambda.Id,\n },\n SecurityGroupIds = new[]\n {\n sgForLambda.Id,\n },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = subnetForLambda.Id,\n SecurityGroups = new[]\n {\n sgForLambda.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// EFS file system\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efs_for_lambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// EFS access point used by lambda file system\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"access_point_for_lambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// A lambda function connected to an EFS file system\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tsubnetForLambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsgForLambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Mount target connects the file system to the subnet\n\t\t_, err = efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(subnetForLambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tsgForLambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(subnetForLambda.id())\n .securityGroupIds(sgForLambda.id())\n .build())\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(subnetForLambda.id())\n .securityGroups(sgForLambda.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${subnetForLambda.id}\n securityGroupIds:\n - ${sgForLambda.id}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n name: efs_for_lambda\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${subnetForLambda.id}\n securityGroups:\n - ${sgForLambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n name: access_point_for_lambda\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n name: lambdaFunctionName,\n loggingConfig: {\n logFormat: \"Text\",\n },\n});\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/lambda/${lambdaFunctionName}`,\n retentionInDays: 14,\n});\n// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nconst lambdaLogging = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambda_logging\", {\n name: \"lambda_logging\",\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLogging.then(lambdaLogging =\u003e lambdaLogging.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambda_logs\", {\n role: iamForLambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n name=lambda_function_name,\n logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n ))\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/lambda/{lambda_function_name}\",\n retention_in_days=14)\n# See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nlambda_logging = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambda_logging\",\n name=\"lambda_logging\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambda_logs\",\n role=iam_for_lambda[\"name\"],\n policy_arn=lambda_logging_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Name = lambdaFunctionName,\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n });\n\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/lambda/{lambdaFunctionName}\",\n RetentionInDays = 14,\n });\n\n // See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n var lambdaLogging = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambda_logging\", new()\n {\n Name = \"lambda_logging\",\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLogging.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambda_logs\", new()\n {\n Role = iamForLambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\t_, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tName: pulumi.String(lambdaFunctionName),\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n\t\t// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/lambda/%v\", lambdaFunctionName)),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n\t\tlambdaLogging, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambda_logging\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"lambda_logging\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: *pulumi.String(lambdaLogging.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"lambda_logs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(iamForLambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .name(lambdaFunctionName)\n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build());\n\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(String.format(\"/aws/lambda/%s\", lambdaFunctionName))\n .retentionInDays(14)\n .build());\n\n final var lambdaLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .name(\"lambda_logging\")\n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLogging.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(iamForLambda.name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n name: ${lambdaFunctionName}\n loggingConfig:\n logFormat: Text\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/lambda/${lambdaFunctionName}\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n name: lambda_logging\n properties:\n name: lambda_logging\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLogging.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n name: lambda_logs\n properties:\n role: ${iamForLambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n # See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n lambdaLogging:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n", + "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n sourceCodeHash: lambda.then(lambda =\u003e lambda.outputBase64sha256),\n runtime: \"nodejs18.x\",\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n source_code_hash=lambda_.output_base64sha256,\n runtime=\"nodejs18.x\",\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n SourceCodeHash = lambda.Apply(getFileResult =\u003e getFileResult.OutputBase64sha256),\n Runtime = \"nodejs18.x\",\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tSourceCodeHash: *pulumi.String(lambda.OutputBase64sha256),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .sourceCodeHash(lambda.applyValue(getFileResult -\u003e getFileResult.outputBase64sha256()))\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n sourceCodeHash: ${lambda.outputBase64sha256}\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Layers\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.LayerVersion(\"example\", {});\nconst exampleFunction = new aws.lambda.Function(\"example\", {layers: [example.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.LayerVersion(\"example\")\nexample_function = aws.lambda_.Function(\"example\", layers=[example.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Lambda.LayerVersion(\"example\");\n\n var exampleFunction = new Aws.Lambda.Function(\"example\", new()\n {\n Layers = new[]\n {\n example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := lambda.NewLayerVersion(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texample.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LayerVersion(\"example\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(example.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n name: example\n properties:\n layers:\n - ${example.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iam_for_lambda\", {\n name: \"iam_for_lambda\",\n assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json),\n});\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n name: \"lambda_function_name\",\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iam_for_lambda\",\n name=\"iam_for_lambda\",\n assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n name=\"lambda_function_name\",\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iam_for_lambda\", new()\n {\n Name = \"iam_for_lambda\",\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Name = \"lambda_function_name\",\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iam_for_lambda\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"iam_for_lambda\"),\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tName: pulumi.String(\"lambda_function_name\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .name(\"iam_for_lambda\")\n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .name(\"lambda_function_name\")\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n name: iam_for_lambda\n properties:\n name: iam_for_lambda\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n name: lambda_function_name\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efs_for_lambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"access_point_for_lambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [subnetForLambda.id],\n securityGroupIds: [sgForLambda.id],\n },\n});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: subnetForLambda.id,\n securityGroups: [sgForLambda.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efs_for_lambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"access_point_for_lambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[subnet_for_lambda[\"id\"]],\n security_group_ids=[sg_for_lambda[\"id\"]],\n ))\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=subnet_for_lambda[\"id\"],\n security_groups=[sg_for_lambda[\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efs_for_lambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"access_point_for_lambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n subnetForLambda.Id,\n },\n SecurityGroupIds = new[]\n {\n sgForLambda.Id,\n },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = subnetForLambda.Id,\n SecurityGroups = new[]\n {\n sgForLambda.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// EFS file system\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efs_for_lambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// EFS access point used by lambda file system\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"access_point_for_lambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// A lambda function connected to an EFS file system\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tsubnetForLambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsgForLambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Mount target connects the file system to the subnet\n\t\t_, err = efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(subnetForLambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tsgForLambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(subnetForLambda.id())\n .securityGroupIds(sgForLambda.id())\n .build())\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(subnetForLambda.id())\n .securityGroups(sgForLambda.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${subnetForLambda.id}\n securityGroupIds:\n - ${sgForLambda.id}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n name: efs_for_lambda\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${subnetForLambda.id}\n securityGroups:\n - ${sgForLambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n name: access_point_for_lambda\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n\n## CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\nconst testLambda = new aws.lambda.Function(\"test_lambda\", {\n name: lambdaFunctionName,\n loggingConfig: {\n logFormat: \"Text\",\n },\n});\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/lambda/${lambdaFunctionName}`,\n retentionInDays: 14,\n});\n// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nconst lambdaLogging = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambda_logging\", {\n name: \"lambda_logging\",\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLogging.then(lambdaLogging =\u003e lambdaLogging.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambda_logs\", {\n role: iamForLambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\ntest_lambda = aws.lambda_.Function(\"test_lambda\",\n name=lambda_function_name,\n logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n ))\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/lambda/{lambda_function_name}\",\n retention_in_days=14)\n# See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nlambda_logging = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambda_logging\",\n name=\"lambda_logging\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambda_logs\",\n role=iam_for_lambda[\"name\"],\n policy_arn=lambda_logging_policy.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n var testLambda = new Aws.Lambda.Function(\"test_lambda\", new()\n {\n Name = lambdaFunctionName,\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n });\n\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/lambda/{lambdaFunctionName}\",\n RetentionInDays = 14,\n });\n\n // See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n var lambdaLogging = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambda_logging\", new()\n {\n Name = \"lambda_logging\",\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLogging.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambda_logs\", new()\n {\n Role = iamForLambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\t_, err := lambda.NewFunction(ctx, \"test_lambda\", \u0026lambda.FunctionArgs{\n\t\t\tName: pulumi.String(lambdaFunctionName),\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n\t\t// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n\t\t_, err = cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(fmt.Sprintf(\"/aws/lambda/%v\", lambdaFunctionName)),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n\t\tlambdaLogging, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambda_logging\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"lambda_logging\"),\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: *pulumi.String(lambdaLogging.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"lambda_logs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(iamForLambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .name(lambdaFunctionName)\n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build());\n\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .name(String.format(\"/aws/lambda/%s\", lambdaFunctionName))\n .retentionInDays(14)\n .build());\n\n final var lambdaLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .name(\"lambda_logging\")\n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLogging.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(iamForLambda.name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n name: test_lambda\n properties:\n name: ${lambdaFunctionName}\n loggingConfig:\n logFormat: Text\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/lambda/${lambdaFunctionName}\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n name: lambda_logging\n properties:\n name: lambda_logging\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLogging.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n name: lambda_logs\n properties:\n role: ${iamForLambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n # See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n lambdaLogging:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n$ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n", "properties": { "architectures": { "type": "array", diff --git a/sdk/dotnet/Lambda/Function.cs b/sdk/dotnet/Lambda/Function.cs index 11e7feddc15..e8356030da7 100644 --- a/sdk/dotnet/Lambda/Function.cs +++ b/sdk/dotnet/Lambda/Function.cs @@ -264,7 +264,7 @@ namespace Pulumi.Aws.Lambda /// /// Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource. /// - /// ### CloudWatch Logging and Permissions + /// ## CloudWatch Logging and Permissions /// /// For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). /// diff --git a/sdk/go/aws/lambda/function.go b/sdk/go/aws/lambda/function.go index 1662674a4eb..3d234bcb8a9 100644 --- a/sdk/go/aws/lambda/function.go +++ b/sdk/go/aws/lambda/function.go @@ -286,7 +286,7 @@ import ( // // Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the lambda.FunctionEventInvokeConfig resource. // -// ### CloudWatch Logging and Permissions +// ## CloudWatch Logging and Permissions // // For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). // diff --git a/sdk/java/src/main/java/com/pulumi/aws/lambda/Function.java b/sdk/java/src/main/java/com/pulumi/aws/lambda/Function.java index 392033ea081..e13d1e0a35d 100644 --- a/sdk/java/src/main/java/com/pulumi/aws/lambda/Function.java +++ b/sdk/java/src/main/java/com/pulumi/aws/lambda/Function.java @@ -295,7 +295,7 @@ * * Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource. * - * ### CloudWatch Logging and Permissions + * ## CloudWatch Logging and Permissions * * For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). * diff --git a/sdk/nodejs/lambda/function.ts b/sdk/nodejs/lambda/function.ts index 1239d043eb5..6c4e868c980 100644 --- a/sdk/nodejs/lambda/function.ts +++ b/sdk/nodejs/lambda/function.ts @@ -166,7 +166,7 @@ import {ARN} from ".."; * * Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource. * - * ### CloudWatch Logging and Permissions + * ## CloudWatch Logging and Permissions * * For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). * diff --git a/sdk/python/pulumi_aws/lambda_/function.py b/sdk/python/pulumi_aws/lambda_/function.py index 29b9d75aa15..c0605b61699 100644 --- a/sdk/python/pulumi_aws/lambda_/function.py +++ b/sdk/python/pulumi_aws/lambda_/function.py @@ -1470,7 +1470,7 @@ def __init__(__self__, Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the lambda.FunctionEventInvokeConfig resource. - ### CloudWatch Logging and Permissions + ## CloudWatch Logging and Permissions For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html). @@ -1718,7 +1718,7 @@ def __init__(__self__, Lambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the lambda.FunctionEventInvokeConfig resource. - ### CloudWatch Logging and Permissions + ## CloudWatch Logging and Permissions For more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).