generated from hashicorp/terraform-provider-scaffolding
-
Notifications
You must be signed in to change notification settings - Fork 104
/
AWS_Lambda_Function.json
573 lines (573 loc) · 29.1 KB
/
AWS_Lambda_Function.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
{
"typeName": "AWS::Lambda::Function",
"description": "The ``AWS::Lambda::Function`` resource creates a Lambda function. To create a function, you need a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) and an [execution role](https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html). The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use AWS services, such as Amazon CloudWatch Logs for log streaming and AWS X-Ray for request tracing.\n You set the package type to ``Image`` if the deployment package is a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html). For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties. \n You set the package type to ``Zip`` if the deployment package is a [.zip file archive](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html#gettingstarted-package-zip). For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. For a Python example, see [Deploy Python Lambda functions with .zip file archives](https://docs.aws.amazon.com/lambda/latest/dg/python-package.html).\n You can use [code signing](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html) if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with ``UpdateFunctionCode``, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n Note that you configure [provisioned concurrency](https://docs.aws.amazon.com/lambda/latest/dg/provisioned-concurrency.html) on a ``AWS::Lambda::Version`` or a ``AWS::Lambda::Alias``.\n For a complete introduction to Lambda functions, see [What is Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/lambda-welcome.html) in the *Lambda developer guide.*",
"additionalProperties": false,
"properties": {
"Arn": {
"description": "",
"type": "string"
},
"Code": {
"description": "The code for the function.",
"$ref": "#/definitions/Code"
},
"DeadLetterConfig": {
"description": "A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see [Dead-letter queues](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-dlq).",
"$ref": "#/definitions/DeadLetterConfig"
},
"Description": {
"description": "A description of the function.",
"type": "string",
"maxLength": 256
},
"Environment": {
"description": "Environment variables that are accessible from function code during execution.",
"$ref": "#/definitions/Environment"
},
"EphemeralStorage": {
"description": "The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.",
"$ref": "#/definitions/EphemeralStorage"
},
"FileSystemConfigs": {
"description": "Connection settings for an Amazon EFS file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) resource, you must also specify a ``DependsOn`` attribute to ensure that the mount target is created or updated before the function.\n For more information about using the ``DependsOn`` attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html).",
"maxItems": 1,
"type": "array",
"items": {
"$ref": "#/definitions/FileSystemConfig"
}
},
"FunctionName": {
"description": "The name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one.\n If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.",
"type": "string",
"minLength": 1
},
"Handler": {
"description": "The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html).",
"type": "string",
"maxLength": 128,
"pattern": "^[^\\s]+$"
},
"Architectures": {
"type": "array",
"uniqueItems": true,
"minItems": 1,
"maxItems": 1,
"items": {
"type": "string",
"enum": [
"x86_64",
"arm64"
]
},
"description": "The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is ``x86_64``."
},
"KmsKeyArn": {
"description": "The ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). When [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.",
"type": "string",
"pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$"
},
"Layers": {
"description": "A list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.",
"type": "array",
"uniqueItems": false,
"items": {
"type": "string"
}
},
"MemorySize": {
"description": "The amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.",
"type": "integer"
},
"ReservedConcurrentExecutions": {
"description": "The number of simultaneous executions to reserve for the function.",
"type": "integer",
"minimum": 0
},
"Role": {
"description": "The Amazon Resource Name (ARN) of the function's execution role.",
"type": "string",
"pattern": "^arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$"
},
"Runtime": {
"description": "The identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a .zip file archive.\n The following list includes deprecated runtimes. For more information, see [Runtime deprecation policy](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy).",
"type": "string"
},
"Tags": {
"description": "A list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function.",
"type": "array",
"uniqueItems": true,
"insertionOrder": false,
"items": {
"$ref": "#/definitions/Tag"
}
},
"Timeout": {
"description": "The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html).",
"type": "integer",
"minimum": 1
},
"TracingConfig": {
"description": "Set ``Mode`` to ``Active`` to sample and trace a subset of incoming requests with [X-Ray](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html).",
"$ref": "#/definitions/TracingConfig"
},
"VpcConfig": {
"description": "For network connectivity to AWS resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see [Configuring a Lambda function to access resources in a VPC](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html).",
"$ref": "#/definitions/VpcConfig"
},
"CodeSigningConfigArn": {
"description": "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.",
"type": "string",
"pattern": "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}"
},
"ImageConfig": {
"description": "Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms).",
"$ref": "#/definitions/ImageConfig"
},
"PackageType": {
"description": "The type of deployment package. Set to ``Image`` for container image and set ``Zip`` for .zip file archive.",
"type": "string",
"enum": [
"Image",
"Zip"
]
},
"SnapStart": {
"description": "The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.",
"$ref": "#/definitions/SnapStart"
},
"SnapStartResponse": {
"description": "",
"$ref": "#/definitions/SnapStartResponse"
},
"RuntimeManagementConfig": {
"description": "Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html).",
"$ref": "#/definitions/RuntimeManagementConfig"
},
"LoggingConfig": {
"description": "The function's Amazon CloudWatch Logs configuration settings.",
"$ref": "#/definitions/LoggingConfig"
}
},
"definitions": {
"Code": {
"type": "object",
"additionalProperties": false,
"properties": {
"S3Bucket": {
"type": "string",
"description": "An Amazon S3 bucket in the same AWS-Region as your function. The bucket can be in a different AWS-account.",
"minLength": 3,
"maxLength": 63,
"pattern": ""
},
"S3Key": {
"type": "string",
"description": "The Amazon S3 key of the deployment package.",
"minLength": 1,
"maxLength": 1024
},
"S3ObjectVersion": {
"type": "string",
"description": "For versioned objects, the version of the deployment package object to use.",
"minLength": 1,
"maxLength": 1024
},
"ZipFile": {
"type": "string",
"description": "(Node.js and Python) The source code of your Lambda function. If you include your function source inline with this parameter, CFN places it in a file named ``index`` and zips it to create a [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html). This zip file cannot exceed 4MB. For the ``Handler`` property, the first part of the handler identifier must be ``index``. For example, ``index.handler``.\n For JSON, you must escape quotes and special characters such as newline (``\\n``) with a backslash.\n If you specify a function that interacts with an AWS CloudFormation custom resource, you don't have to write your own functions to send responses to the custom resource that invoked the function. AWS CloudFormation provides a response module ([cfn-response](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-lambda-function-code-cfnresponsemodule.html)) that simplifies sending responses. See [Using Lambda with CloudFormation](https://docs.aws.amazon.com/lambda/latest/dg/services-cloudformation.html) for details."
},
"ImageUri": {
"type": "string",
"description": "URI of a [container image](https://docs.aws.amazon.com/lambda/latest/dg/lambda-images.html) in the Amazon ECR registry."
}
},
"description": "The [deployment package](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-package.html) for a Lambda function. To deploy a function defined as a container image, you specify the location of a container image in the Amazon ECR registry. For a .zip file deployment package, you can specify the location of an object in Amazon S3. For Node.js and Python functions, you can specify the function code inline in the template.\n Changes to a deployment package in Amazon S3 or a container image in ECR are not detected automatically during stack updates. To update the function code, change the object key or version in the template."
},
"DeadLetterConfig": {
"description": "The [dead-letter queue](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq) for failed asynchronous invocations.",
"type": "object",
"additionalProperties": false,
"properties": {
"TargetArn": {
"type": "string",
"description": "The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.",
"pattern": "^(arn:(aws[a-zA-Z-]*)?:[a-z0-9-.]+:.*)|()$"
}
}
},
"Environment": {
"type": "object",
"additionalProperties": false,
"description": "A function's environment variable settings. You can use environment variables to adjust your function's behavior without updating code. An environment variable is a pair of strings that are stored in a function's version-specific configuration.",
"properties": {
"Variables": {
"type": "object",
"additionalProperties": false,
"description": "Environment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html).",
"patternProperties": {
"": {
"type": "string"
}
}
}
}
},
"EphemeralStorage": {
"type": "object",
"additionalProperties": false,
"description": "The size of the function's ``/tmp`` directory in MB. The default value is 512, but it can be any whole number between 512 and 10,240 MB.",
"properties": {
"Size": {
"type": "integer",
"description": "The size of the function's ``/tmp`` directory.",
"minimum": 512,
"maximum": 10240
}
},
"required": [
"Size"
]
},
"FileSystemConfig": {
"type": "object",
"additionalProperties": false,
"properties": {
"Arn": {
"type": "string",
"pattern": "^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}$",
"description": "The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.",
"maxLength": 200
},
"LocalMountPath": {
"type": "string",
"description": "The path where the function can access the file system, starting with ``/mnt/``.",
"pattern": "^/mnt/[a-zA-Z0-9-_.]+$",
"maxLength": 160
}
},
"required": [
"Arn",
"LocalMountPath"
],
"description": "Details about the connection between a Lambda function and an [Amazon EFS file system](https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html)."
},
"TracingConfig": {
"type": "object",
"additionalProperties": false,
"description": "The function's [](https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html) tracing configuration. To sample and record incoming requests, set ``Mode`` to ``Active``.",
"properties": {
"Mode": {
"type": "string",
"description": "The tracing mode.",
"enum": [
"Active",
"PassThrough"
]
}
}
},
"VpcConfig": {
"type": "object",
"additionalProperties": false,
"description": "The VPC security groups and subnets that are attached to a Lambda function. When you connect a function to a VPC, Lambda creates an elastic network interface for each combination of security group and subnet in the function's VPC configuration. The function can only access resources and the internet through that VPC. For more information, see [VPC Settings](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html).\n When you delete a function, CFN monitors the state of its network interfaces and waits for Lambda to delete them before proceeding. If the VPC is defined in the same stack, the network interfaces need to be deleted by Lambda before CFN can delete the VPC's resources.\n To monitor network interfaces, CFN needs the ``ec2:DescribeNetworkInterfaces`` permission. It obtains this from the user or role that modifies the stack. If you don't provide this permission, CFN does not wait for network interfaces to be deleted.",
"properties": {
"SecurityGroupIds": {
"type": "array",
"description": "A list of VPC security group IDs.",
"uniqueItems": false,
"maxItems": 5,
"items": {
"type": "string"
}
},
"SubnetIds": {
"type": "array",
"description": "A list of VPC subnet IDs.",
"uniqueItems": false,
"maxItems": 16,
"items": {
"type": "string"
}
},
"Ipv6AllowedForDualStack": {
"type": "boolean",
"description": "Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets."
}
}
},
"Tag": {
"type": "object",
"additionalProperties": false,
"properties": {
"Key": {
"type": "string",
"description": "",
"minLength": 1,
"maxLength": 128
},
"Value": {
"type": "string",
"description": "",
"minLength": 0,
"maxLength": 256
}
},
"required": [
"Key"
],
"description": ""
},
"ImageConfig": {
"type": "object",
"additionalProperties": false,
"properties": {
"EntryPoint": {
"type": "array",
"description": "Specifies the entry point to their application, which is typically the location of the runtime executable. You can specify a maximum of 1,500 string entries in the list.",
"uniqueItems": true,
"maxItems": 1500,
"items": {
"type": "string"
}
},
"Command": {
"type": "array",
"description": "Specifies parameters that you want to pass in with ENTRYPOINT. You can specify a maximum of 1,500 parameters in the list.",
"uniqueItems": true,
"maxItems": 1500,
"items": {
"type": "string"
}
},
"WorkingDirectory": {
"type": "string",
"description": "Specifies the working directory. The length of the directory string cannot exceed 1,000 characters."
}
},
"description": "Configuration values that override the container image Dockerfile settings. For more information, see [Container image settings](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-parms)."
},
"SnapStart": {
"type": "object",
"additionalProperties": false,
"description": "The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.",
"properties": {
"ApplyOn": {
"type": "string",
"description": "Set ``ApplyOn`` to ``PublishedVersions`` to create a snapshot of the initialized execution environment when you publish a function version.",
"enum": [
"PublishedVersions",
"None"
]
}
},
"required": [
"ApplyOn"
]
},
"SnapStartResponse": {
"type": "object",
"additionalProperties": false,
"description": "The function's [SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html) setting.",
"properties": {
"ApplyOn": {
"type": "string",
"description": "When set to ``PublishedVersions``, Lambda creates a snapshot of the execution environment when you publish a function version.",
"enum": [
"PublishedVersions",
"None"
]
},
"OptimizationStatus": {
"type": "string",
"description": "When you provide a [qualified Amazon Resource Name (ARN)](https://docs.aws.amazon.com/lambda/latest/dg/configuration-versions.html#versioning-versions-using), this response element indicates whether SnapStart is activated for the specified function version.",
"enum": [
"On",
"Off"
]
}
}
},
"RuntimeManagementConfig": {
"type": "object",
"additionalProperties": false,
"properties": {
"UpdateRuntimeOn": {
"type": "string",
"description": "Specify the runtime update mode.\n + *Auto (default)* - Automatically update to the most recent and secure runtime version using a [Two-phase runtime version rollout](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase). This is the best choice for most customers to ensure they always benefit from runtime updates.\n + *FunctionUpdate* - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date.\n + *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see [Roll back a runtime version](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback).\n \n *Valid Values*: ``Auto`` | ``FunctionUpdate`` | ``Manual``",
"enum": [
"Auto",
"FunctionUpdate",
"Manual"
]
},
"RuntimeVersionArn": {
"type": "string",
"description": "The ARN of the runtime version you want the function to use.\n This is only required if you're using the *Manual* runtime update mode."
}
},
"required": [
"UpdateRuntimeOn"
],
"description": "Sets the runtime management configuration for a function's version. For more information, see [Runtime updates](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html)."
},
"LoggingConfig": {
"type": "object",
"additionalProperties": false,
"description": "The function's Amazon CloudWatch Logs configuration settings.",
"properties": {
"LogGroup": {
"type": "string",
"description": "The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named ``/aws/lambda/<function name>``. To use a different log group, enter an existing log group or enter a new log group name.",
"pattern": "[\\.\\-_/#A-Za-z0-9]+",
"minLength": 1,
"maxLength": 512
},
"LogFormat": {
"type": "string",
"description": "The format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON.",
"enum": [
"Text",
"JSON"
]
},
"ApplicationLogLevel": {
"type": "string",
"description": "Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where ``TRACE`` is the highest level and ``FATAL`` is the lowest.",
"enum": [
"TRACE",
"DEBUG",
"INFO",
"WARN",
"ERROR",
"FATAL"
]
},
"SystemLogLevel": {
"type": "string",
"description": "Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where ``DEBUG`` is the highest level and ``WARN`` is the lowest.",
"enum": [
"DEBUG",
"INFO",
"WARN"
]
}
}
}
},
"readOnlyProperties": [
"/properties/SnapStartResponse",
"/properties/SnapStartResponse/ApplyOn",
"/properties/SnapStartResponse/OptimizationStatus",
"/properties/Arn"
],
"createOnlyProperties": [
"/properties/FunctionName"
],
"writeOnlyProperties": [
"/properties/SnapStart",
"/properties/SnapStart/ApplyOn",
"/properties/Code",
"/properties/Code/ImageUri",
"/properties/Code/S3Bucket",
"/properties/Code/S3Key",
"/properties/Code/S3ObjectVersion",
"/properties/Code/ZipFile"
],
"required": [
"Code",
"Role"
],
"primaryIdentifier": [
"/properties/FunctionName"
],
"tagging": {
"taggable": true,
"tagOnCreate": true,
"tagUpdatable": true,
"cloudFormationSystemTags": true,
"tagProperty": "/properties/Tags"
},
"handlers": {
"create": {
"permissions": [
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:PutFunctionConcurrency",
"iam:PassRole",
"s3:GetObject",
"s3:GetObjectVersion",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticfilesystem:DescribeMountTargets",
"kms:CreateGrant",
"kms:Decrypt",
"kms:Encrypt",
"kms:GenerateDataKey",
"lambda:GetCodeSigningConfig",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetLayerVersion",
"lambda:GetRuntimeManagementConfig",
"lambda:PutRuntimeManagementConfig",
"lambda:TagResource",
"lambda:GetPolicy",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:GetResourcePolicy",
"lambda:PutResourcePolicy"
]
},
"update": {
"permissions": [
"lambda:DeleteFunctionConcurrency",
"lambda:GetFunction",
"lambda:PutFunctionConcurrency",
"lambda:ListTags",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateFunctionCode",
"iam:PassRole",
"s3:GetObject",
"s3:GetObjectVersion",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticfilesystem:DescribeMountTargets",
"kms:CreateGrant",
"kms:Decrypt",
"kms:GenerateDataKey",
"lambda:GetRuntimeManagementConfig",
"lambda:PutRuntimeManagementConfig",
"lambda:PutFunctionCodeSigningConfig",
"lambda:DeleteFunctionCodeSigningConfig",
"lambda:GetCodeSigningConfig",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetPolicy",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:GetResourcePolicy",
"lambda:PutResourcePolicy",
"lambda:DeleteResourcePolicy"
]
},
"read": {
"permissions": [
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig"
]
},
"delete": {
"permissions": [
"lambda:DeleteFunction",
"lambda:GetFunction",
"ec2:DescribeNetworkInterfaces"
]
},
"list": {
"permissions": [
"lambda:ListFunctions"
]
}
}
}