[ aws . lambda ]

create-function

Description

Creates a Lambda function. To create a function, you need a deployment package and an execution role . The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use Amazon Web Services services, such as Amazon CloudWatch Logs for log streaming and X-Ray for request tracing.

You set the package type to Image if the deployment package is a container image . For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.

You set the package type to Zip if the deployment package is a .zip file archive . For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must be compatible with the target instruction set architecture of the function (x86-64 or arm64 ). If you do not specify the architecture, the default value is x86-64 .

When you create a function, Lambda provisions an instance of the function and its supporting resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can’t invoke or modify the function. The State , StateReason , and StateReasonCode fields in the response from GetFunctionConfiguration indicate when the function is ready to invoke. For more information, see Function States .

A function has an unpublished version, and can have published versions and aliases. The unpublished version changes when you update your function’s code and configuration. A published version is a snapshot of your function code and configuration that can’t be changed. An alias is a named resource that maps to a version, and can be changed to map to a different version. Use the Publish parameter to create version 1 of your function from its initial configuration.

The other parameters let you configure version-specific and function-level settings. You can modify version-specific settings later with UpdateFunctionConfiguration . Function-level settings apply to both the unpublished and published versions of the function, and include tags ( TagResource ) and per-function concurrency limits ( PutFunctionConcurrency ).

You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode , Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes set set of signing profiles, which define the trusted publishers for this function.

If another account or an Amazon Web Services service invokes your function, use AddPermission to grant permission by creating a resource-based IAM policy. You can grant permissions at the function level, on a version, or on an alias.

To invoke your function directly, use Invoke . To invoke your function in response to events in other Amazon Web Services services, create an event source mapping ( CreateEventSourceMapping ), or configure a function trigger in the other service. For more information, see Invoking Functions .

See also: AWS API Documentation

Synopsis

  create-function
--function-name <value>
[--runtime <value>]
--role <value>
[--handler <value>]
[--code <value>]
[--description <value>]
[--timeout <value>]
[--memory-size <value>]
[--publish | --no-publish]
[--vpc-config <value>]
[--package-type <value>]
[--dead-letter-config <value>]
[--environment <value>]
[--kms-key-arn <value>]
[--tracing-config <value>]
[--tags <value>]
[--layers <value>]
[--file-system-configs <value>]
[--image-config <value>]
[--code-signing-config-arn <value>]
[--architectures <value>]
[--ephemeral-storage <value>]
[--zip-file <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Options

--function-name (string)

The name of the Lambda function.

Name formats

  • Function name - my-function .

  • Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function .

  • Partial ARN - 123456789012:function:my-function .

The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.

--runtime (string)

The identifier of the function’s runtime . Runtime is required if the deployment package is a .zip file archive.

Possible values:

  • nodejs

  • nodejs4.3

  • nodejs6.10

  • nodejs8.10

  • nodejs10.x

  • nodejs12.x

  • nodejs14.x

  • nodejs16.x

  • java8

  • java8.al2

  • java11

  • python2.7

  • python3.6

  • python3.7

  • python3.8

  • python3.9

  • dotnetcore1.0

  • dotnetcore2.0

  • dotnetcore2.1

  • dotnetcore3.1

  • dotnet6

  • nodejs4.3-edge

  • go1.x

  • ruby2.5

  • ruby2.7

  • provided

  • provided.al2

--role (string)

The Amazon Resource Name (ARN) of the function’s execution role.

--handler (string)

The name of the method within your code that Lambda calls to execute your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Programming Model .

--code (structure)

The code for the function.

S3Bucket -> (string)

An Amazon S3 bucket in the same Amazon Web Services Region as your function. The bucket can be in a different Amazon Web Services account.

S3Key -> (string)

The Amazon S3 key of the deployment package.

S3ObjectVersion -> (string)

For versioned objects, the version of the deployment package object to use.

ImageUri -> (string)

URI of a container image in the Amazon ECR registry.

Shorthand Syntax:

S3Bucket=string,S3Key=string,S3ObjectVersion=string,ImageUri=string

JSON Syntax:

{
  "S3Bucket": "string",
  "S3Key": "string",
  "S3ObjectVersion": "string",
  "ImageUri": "string"
}

--description (string)

A description of the function.

--timeout (integer)

The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For additional information, see Lambda execution environment .

--memory-size (integer)

The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.

--publish | --no-publish (boolean)

Set to true to publish the first version of the function during creation.

--vpc-config (structure)

For network connectivity to Amazon Web Services resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can only access resources and the internet through that VPC. For more information, see VPC Settings .

SubnetIds -> (list)

A list of VPC subnet IDs.

(string)

SecurityGroupIds -> (list)

A list of VPC security groups IDs.

(string)

Shorthand Syntax:

SubnetIds=string,string,SecurityGroupIds=string,string

JSON Syntax:

{
  "SubnetIds": ["string", ...],
  "SecurityGroupIds": ["string", ...]
}

--package-type (string)

The type of deployment package. Set to Image for container image and set Zip for ZIP archive.

Possible values:

  • Zip

  • Image

--dead-letter-config (structure)

A dead letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead Letter Queues .

TargetArn -> (string)

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

Shorthand Syntax:

TargetArn=string

JSON Syntax:

{
  "TargetArn": "string"
}

--environment (structure)

Environment variables that are accessible from function code during execution.

Variables -> (map)

Environment variable key-value pairs. For more information, see Using Lambda environment variables .

key -> (string)

value -> (string)

Shorthand Syntax:

Variables={KeyName1=string,KeyName2=string}

JSON Syntax:

{
  "Variables": {"string": "string"
    ...}
}

--kms-key-arn (string)

The ARN of the Amazon Web Services Key Management Service (KMS) key that’s used to encrypt your function’s environment variables. If it’s not provided, Lambda uses a default service key.

--tracing-config (structure)

Set Mode to Active to sample and trace a subset of incoming requests with X-Ray .

Mode -> (string)

The tracing mode.

Shorthand Syntax:

Mode=string

JSON Syntax:

{
  "Mode": "Active"|"PassThrough"
}

--tags (map)

A list of tags to apply to the function.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--layers (list)

A list of function layers to add to the function’s execution environment. Specify each layer by its ARN, including the version.

(string)

Syntax:

"string" "string" ...

--file-system-configs (list)

Connection settings for an Amazon EFS file system.

(structure)

Details about the connection between a Lambda function and an Amazon EFS file system .

Arn -> (string)

The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.

LocalMountPath -> (string)

The path where the function can access the file system, starting with /mnt/ .

Shorthand Syntax:

Arn=string,LocalMountPath=string ...

JSON Syntax:

[
  {
    "Arn": "string",
    "LocalMountPath": "string"
  }
  ...
]

--image-config (structure)

Container image configuration values that override the values in the container image Dockerfile.

EntryPoint -> (list)

Specifies the entry point to their application, which is typically the location of the runtime executable.

(string)

Command -> (list)

Specifies parameters that you want to pass in with ENTRYPOINT.

(string)

WorkingDirectory -> (string)

Specifies the working directory.

Shorthand Syntax:

EntryPoint=string,string,Command=string,string,WorkingDirectory=string

JSON Syntax:

{
  "EntryPoint": ["string", ...],
  "Command": ["string", ...],
  "WorkingDirectory": "string"
}

--code-signing-config-arn (string)

To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.

--architectures (list)

The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64 .

(string)

Syntax:

"string" "string" ...

Where valid values are:
  x86_64
  arm64

--ephemeral-storage (structure)

The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.

Size -> (integer)

The size of the function’s /tmp directory.

Shorthand Syntax:

Size=integer

JSON Syntax:

{
  "Size": integer
}

--zip-file (blob)

The path to the zip file of the code you are uploading. Specify –zip-file or –code, but not both. Example: fileb://code.zip

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json

  • text

  • table

  • yaml

  • yaml-stream

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on

  • off

  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64

  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

Examples

Note

To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.

Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .

To create a Lambda function

The following create-function example creates a Lambda function named my-function.

aws lambda create-function \
    --function-name my-function \
    --runtime nodejs14.x \
    --zip-file fileb://my-function.zip \
    --handler my-function.handler \
    --role arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-tges6bf4

Contents of my-function.zip: This file is a deployment package that contains your function code and any dependencies.

Output:

{
    "TracingConfig": {
        "Mode": "PassThrough"
    },
    "CodeSha256": "PFn4S+er27qk+UuZSTKEQfNKG/XNn7QJs90mJgq6oH8=",
    "FunctionName": "my-function",
    "CodeSize": 308,
    "RevisionId": "873282ed-4cd3-4dc8-a069-d0c647e470c6",
    "MemorySize": 128,
    "FunctionArn": "arn:aws:lambda:us-west-2:123456789012:function:my-function",
    "Version": "$LATEST",
    "Role": "arn:aws:iam::123456789012:role/service-role/MyTestFunction-role-zgur6bf4",
    "Timeout": 3,
    "LastModified": "2019-08-14T22:26:11.234+0000",
    "Handler": "my-function.handler",
    "Runtime": "nodejs14.x",
    "Description": ""
}

For more information, see AWS Lambda Function Configuration in the AWS Lambda Developer Guide.

Output

FunctionName -> (string)

The name of the function.

FunctionArn -> (string)

The function’s Amazon Resource Name (ARN).

Runtime -> (string)

The runtime environment for the Lambda function.

Role -> (string)

The function’s execution role.

Handler -> (string)

The function that Lambda calls to begin executing your function.

CodeSize -> (long)

The size of the function’s deployment package, in bytes.

Description -> (string)

The function’s description.

Timeout -> (integer)

The amount of time in seconds that Lambda allows a function to run before stopping it.

MemorySize -> (integer)

The amount of memory available to the function at runtime.

LastModified -> (string)

The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).

CodeSha256 -> (string)

The SHA256 hash of the function’s deployment package.

Version -> (string)

The version of the Lambda function.

VpcConfig -> (structure)

The function’s networking configuration.

SubnetIds -> (list)

A list of VPC subnet IDs.

(string)

SecurityGroupIds -> (list)

A list of VPC security groups IDs.

(string)

VpcId -> (string)

The ID of the VPC.

DeadLetterConfig -> (structure)

The function’s dead letter queue.

TargetArn -> (string)

The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.

Environment -> (structure)

The function’s environment variables .

Variables -> (map)

Environment variable key-value pairs.

key -> (string)

value -> (string)

Error -> (structure)

Error messages for environment variables that couldn’t be applied.

ErrorCode -> (string)

The error code.

Message -> (string)

The error message.

KMSKeyArn -> (string)

The KMS key that’s used to encrypt the function’s environment variables. This key is only returned if you’ve configured a customer managed key.

TracingConfig -> (structure)

The function’s X-Ray tracing configuration.

Mode -> (string)

The tracing mode.

MasterArn -> (string)

For Lambda@Edge functions, the ARN of the main function.

RevisionId -> (string)

The latest updated revision of the function or alias.

Layers -> (list)

The function’s layers .

(structure)

An Lambda layer .

Arn -> (string)

The Amazon Resource Name (ARN) of the function layer.

CodeSize -> (long)

The size of the layer archive in bytes.

SigningProfileVersionArn -> (string)

The Amazon Resource Name (ARN) for a signing profile version.

SigningJobArn -> (string)

The Amazon Resource Name (ARN) of a signing job.

State -> (string)

The current state of the function. When the state is Inactive , you can reactivate the function by invoking it.

StateReason -> (string)

The reason for the function’s current state.

StateReasonCode -> (string)

The reason code for the function’s current state. When the code is Creating , you can’t invoke or modify the function.

LastUpdateStatus -> (string)

The status of the last update that was performed on the function. This is first set to Successful after function creation completes.

LastUpdateStatusReason -> (string)

The reason for the last update that was performed on the function.

LastUpdateStatusReasonCode -> (string)

The reason code for the last update that was performed on the function.

FileSystemConfigs -> (list)

Connection settings for an Amazon EFS file system .

(structure)

Details about the connection between a Lambda function and an Amazon EFS file system .

Arn -> (string)

The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.

LocalMountPath -> (string)

The path where the function can access the file system, starting with /mnt/ .

PackageType -> (string)

The type of deployment package. Set to Image for container image and set Zip for .zip file archive.

ImageConfigResponse -> (structure)

The function’s image configuration values.

ImageConfig -> (structure)

Configuration values that override the container image Dockerfile.

EntryPoint -> (list)

Specifies the entry point to their application, which is typically the location of the runtime executable.

(string)

Command -> (list)

Specifies parameters that you want to pass in with ENTRYPOINT.

(string)

WorkingDirectory -> (string)

Specifies the working directory.

Error -> (structure)

Error response to GetFunctionConfiguration.

ErrorCode -> (string)

Error code.

Message -> (string)

Error message.

SigningProfileVersionArn -> (string)

The ARN of the signing profile version.

SigningJobArn -> (string)

The ARN of the signing job.

Architectures -> (list)

The instruction set architecture that the function supports. Architecture is a string array with one of the valid values. The default architecture value is x86_64 .

(string)

EphemeralStorage -> (structure)

The size of the function’s /tmp directory in MB. The default value is 512, but can be any whole number between 512 and 10240 MB.

Size -> (integer)

The size of the function’s /tmp directory.