Lambda / Client / create_function
create_function#
- Lambda.Client.create_function(**kwargs)#
Creates a Lambda function. To create a function, you need a deployment package and an execution role. The deployment package is a .zip file archive or container image that contains your function code. The execution role grants the function permission to use Amazon Web Services, such as Amazon CloudWatch Logs for log streaming and X-Ray for request tracing.
If the deployment package is a container image, then you set the package type to
Image
. For a container image, the code property must include the URI of a container image in the Amazon ECR registry. You do not need to specify the handler and runtime properties.If the deployment package is a .zip file archive, then you set the package type to
Zip
. For a .zip file archive, the code property specifies the location of the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must be compatible with the target instruction set architecture of the function (x86-64
orarm64
). If you do not specify the architecture, then the default value isx86-64
.When you create a function, Lambda provisions an instance of the function and its supporting resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can’t invoke or modify the function. The
State
,StateReason
, andStateReasonCode
fields in the response from GetFunctionConfiguration indicate when the function is ready to invoke. For more information, see Lambda function states.A function has an unpublished version, and can have published versions and aliases. The unpublished version changes when you update your function’s code and configuration. A published version is a snapshot of your function code and configuration that can’t be changed. An alias is a named resource that maps to a version, and can be changed to map to a different version. Use the
Publish
parameter to create version1
of your function from its initial configuration.The other parameters let you configure version-specific and function-level settings. You can modify version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply to both the unpublished and published versions of the function, and include tags ( TagResource) and per-function concurrency limits ( PutFunctionConcurrency).
You can use code signing if your deployment package is a .zip file archive. To enable code signing for this function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with UpdateFunctionCode, Lambda checks that the code package has a valid signature from a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted publishers for this function.
If another Amazon Web Services account or an Amazon Web Service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.
To invoke your function directly, use Invoke. To invoke your function in response to events in other Amazon Web Services, create an event source mapping ( CreateEventSourceMapping), or configure a function trigger in the other service. For more information, see Invoking Lambda functions.
See also: AWS API Documentation
Request Syntax
response = client.create_function( FunctionName='string', Runtime='nodejs'|'nodejs4.3'|'nodejs6.10'|'nodejs8.10'|'nodejs10.x'|'nodejs12.x'|'nodejs14.x'|'nodejs16.x'|'java8'|'java8.al2'|'java11'|'python2.7'|'python3.6'|'python3.7'|'python3.8'|'python3.9'|'dotnetcore1.0'|'dotnetcore2.0'|'dotnetcore2.1'|'dotnetcore3.1'|'dotnet6'|'dotnet8'|'nodejs4.3-edge'|'go1.x'|'ruby2.5'|'ruby2.7'|'provided'|'provided.al2'|'nodejs18.x'|'python3.10'|'java17'|'ruby3.2'|'ruby3.3'|'python3.11'|'nodejs20.x'|'provided.al2023'|'python3.12'|'java21', Role='string', Handler='string', Code={ 'ZipFile': b'bytes', 'S3Bucket': 'string', 'S3Key': 'string', 'S3ObjectVersion': 'string', 'ImageUri': 'string' }, Description='string', Timeout=123, MemorySize=123, Publish=True|False, VpcConfig={ 'SubnetIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ], 'Ipv6AllowedForDualStack': True|False }, PackageType='Zip'|'Image', DeadLetterConfig={ 'TargetArn': 'string' }, Environment={ 'Variables': { 'string': 'string' } }, KMSKeyArn='string', TracingConfig={ 'Mode': 'Active'|'PassThrough' }, Tags={ 'string': 'string' }, Layers=[ 'string', ], FileSystemConfigs=[ { 'Arn': 'string', 'LocalMountPath': 'string' }, ], ImageConfig={ 'EntryPoint': [ 'string', ], 'Command': [ 'string', ], 'WorkingDirectory': 'string' }, CodeSigningConfigArn='string', Architectures=[ 'x86_64'|'arm64', ], EphemeralStorage={ 'Size': 123 }, SnapStart={ 'ApplyOn': 'PublishedVersions'|'None' }, LoggingConfig={ 'LogFormat': 'JSON'|'Text', 'ApplicationLogLevel': 'TRACE'|'DEBUG'|'INFO'|'WARN'|'ERROR'|'FATAL', 'SystemLogLevel': 'DEBUG'|'INFO'|'WARN', 'LogGroup': 'string' } )
- Parameters:
FunctionName (string) –
[REQUIRED]
The name or ARN of the Lambda function.
Name formats
Function name –
my-function
.Function ARN –
arn:aws:lambda:us-west-2:123456789012:function:my-function
.Partial ARN –
123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
Runtime (string) –
The identifier of the function’s runtime. Runtime is required if the deployment package is a .zip file archive.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
Role (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the function’s execution role.
Handler (string) – The name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see Lambda programming model.
Code (dict) –
[REQUIRED]
The code for the function.
ZipFile (bytes) –
The base64-encoded contents of the deployment package. Amazon Web Services SDK and CLI clients handle the encoding for you.
S3Bucket (string) –
An Amazon S3 bucket in the same Amazon Web Services Region as your function. The bucket can be in a different Amazon Web Services account.
S3Key (string) –
The Amazon S3 key of the deployment package.
S3ObjectVersion (string) –
For versioned objects, the version of the deployment package object to use.
ImageUri (string) –
URI of a container image in the Amazon ECR registry.
Description (string) – A description of the function.
Timeout (integer) – The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see Lambda execution environment.
MemorySize (integer) – The amount of memory available to the function at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB.
Publish (boolean) – Set to true to publish the first version of the function during creation.
VpcConfig (dict) –
For network connectivity to Amazon Web Services resources in a VPC, specify a list of security groups and subnets in the VPC. When you connect a function to a VPC, it can access resources and the internet only through that VPC. For more information, see Configuring a Lambda function to access resources in a VPC.
SubnetIds (list) –
A list of VPC subnet IDs.
(string) –
SecurityGroupIds (list) –
A list of VPC security group IDs.
(string) –
Ipv6AllowedForDualStack (boolean) –
Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
PackageType (string) – The type of deployment package. Set to
Image
for container image and set toZip
for .zip file archive.DeadLetterConfig (dict) –
A dead-letter queue configuration that specifies the queue or topic where Lambda sends asynchronous events when they fail processing. For more information, see Dead-letter queues.
TargetArn (string) –
The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
Environment (dict) –
Environment variables that are accessible from function code during execution.
Variables (dict) –
Environment variable key-value pairs. For more information, see Using Lambda environment variables.
(string) –
(string) –
KMSKeyArn (string) – The ARN of the Key Management Service (KMS) customer managed key that’s used to encrypt your function’s environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function’s snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it’s deployed. Note that this is not the same key that’s used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don’t provide a customer managed key, Lambda uses a default service key.
TracingConfig (dict) –
Set
Mode
toActive
to sample and trace a subset of incoming requests with X-Ray.Mode (string) –
The tracing mode.
Tags (dict) –
A list of tags to apply to the function.
(string) –
(string) –
Layers (list) –
A list of function layers to add to the function’s execution environment. Specify each layer by its ARN, including the version.
(string) –
FileSystemConfigs (list) –
Connection settings for an Amazon EFS file system.
(dict) –
Details about the connection between a Lambda function and an Amazon EFS file system.
Arn (string) – [REQUIRED]
The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.
LocalMountPath (string) – [REQUIRED]
The path where the function can access the file system, starting with
/mnt/
.
ImageConfig (dict) –
Container image configuration values that override the values in the container image Dockerfile.
EntryPoint (list) –
Specifies the entry point to their application, which is typically the location of the runtime executable.
(string) –
Command (list) –
Specifies parameters that you want to pass in with ENTRYPOINT.
(string) –
WorkingDirectory (string) –
Specifies the working directory.
CodeSigningConfigArn (string) – To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
Architectures (list) –
The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is
x86_64
.(string) –
EphemeralStorage (dict) –
The size of the function’s
/tmp
directory in MB. The default value is 512, but can be any whole number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).Size (integer) – [REQUIRED]
The size of the function’s
/tmp
directory.
SnapStart (dict) –
The function’s SnapStart setting.
ApplyOn (string) –
Set to
PublishedVersions
to create a snapshot of the initialized execution environment when you publish a function version.
LoggingConfig (dict) –
The function’s Amazon CloudWatch Logs configuration settings.
LogFormat (string) –
The format in which Lambda sends your function’s application and system logs to CloudWatch. Select between plain text and structured JSON.
ApplicationLogLevel (string) –
Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where
TRACE
is the highest level andFATAL
is the lowest.SystemLogLevel (string) –
Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where
DEBUG
is the highest level andWARN
is the lowest.LogGroup (string) –
The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named
/aws/lambda/<function name>
. To use a different log group, enter an existing log group or enter a new log group name.
- Return type:
dict
- Returns:
Response Syntax
{ 'FunctionName': 'string', 'FunctionArn': 'string', 'Runtime': 'nodejs'|'nodejs4.3'|'nodejs6.10'|'nodejs8.10'|'nodejs10.x'|'nodejs12.x'|'nodejs14.x'|'nodejs16.x'|'java8'|'java8.al2'|'java11'|'python2.7'|'python3.6'|'python3.7'|'python3.8'|'python3.9'|'dotnetcore1.0'|'dotnetcore2.0'|'dotnetcore2.1'|'dotnetcore3.1'|'dotnet6'|'dotnet8'|'nodejs4.3-edge'|'go1.x'|'ruby2.5'|'ruby2.7'|'provided'|'provided.al2'|'nodejs18.x'|'python3.10'|'java17'|'ruby3.2'|'ruby3.3'|'python3.11'|'nodejs20.x'|'provided.al2023'|'python3.12'|'java21', 'Role': 'string', 'Handler': 'string', 'CodeSize': 123, 'Description': 'string', 'Timeout': 123, 'MemorySize': 123, 'LastModified': 'string', 'CodeSha256': 'string', 'Version': 'string', 'VpcConfig': { 'SubnetIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ], 'VpcId': 'string', 'Ipv6AllowedForDualStack': True|False }, 'DeadLetterConfig': { 'TargetArn': 'string' }, 'Environment': { 'Variables': { 'string': 'string' }, 'Error': { 'ErrorCode': 'string', 'Message': 'string' } }, 'KMSKeyArn': 'string', 'TracingConfig': { 'Mode': 'Active'|'PassThrough' }, 'MasterArn': 'string', 'RevisionId': 'string', 'Layers': [ { 'Arn': 'string', 'CodeSize': 123, 'SigningProfileVersionArn': 'string', 'SigningJobArn': 'string' }, ], 'State': 'Pending'|'Active'|'Inactive'|'Failed', 'StateReason': 'string', 'StateReasonCode': 'Idle'|'Creating'|'Restoring'|'EniLimitExceeded'|'InsufficientRolePermissions'|'InvalidConfiguration'|'InternalError'|'SubnetOutOfIPAddresses'|'InvalidSubnet'|'InvalidSecurityGroup'|'ImageDeleted'|'ImageAccessDenied'|'InvalidImage'|'KMSKeyAccessDenied'|'KMSKeyNotFound'|'InvalidStateKMSKey'|'DisabledKMSKey'|'EFSIOError'|'EFSMountConnectivityError'|'EFSMountFailure'|'EFSMountTimeout'|'InvalidRuntime'|'InvalidZipFileException'|'FunctionError', 'LastUpdateStatus': 'Successful'|'Failed'|'InProgress', 'LastUpdateStatusReason': 'string', 'LastUpdateStatusReasonCode': 'EniLimitExceeded'|'InsufficientRolePermissions'|'InvalidConfiguration'|'InternalError'|'SubnetOutOfIPAddresses'|'InvalidSubnet'|'InvalidSecurityGroup'|'ImageDeleted'|'ImageAccessDenied'|'InvalidImage'|'KMSKeyAccessDenied'|'KMSKeyNotFound'|'InvalidStateKMSKey'|'DisabledKMSKey'|'EFSIOError'|'EFSMountConnectivityError'|'EFSMountFailure'|'EFSMountTimeout'|'InvalidRuntime'|'InvalidZipFileException'|'FunctionError', 'FileSystemConfigs': [ { 'Arn': 'string', 'LocalMountPath': 'string' }, ], 'PackageType': 'Zip'|'Image', 'ImageConfigResponse': { 'ImageConfig': { 'EntryPoint': [ 'string', ], 'Command': [ 'string', ], 'WorkingDirectory': 'string' }, 'Error': { 'ErrorCode': 'string', 'Message': 'string' } }, 'SigningProfileVersionArn': 'string', 'SigningJobArn': 'string', 'Architectures': [ 'x86_64'|'arm64', ], 'EphemeralStorage': { 'Size': 123 }, 'SnapStart': { 'ApplyOn': 'PublishedVersions'|'None', 'OptimizationStatus': 'On'|'Off' }, 'RuntimeVersionConfig': { 'RuntimeVersionArn': 'string', 'Error': { 'ErrorCode': 'string', 'Message': 'string' } }, 'LoggingConfig': { 'LogFormat': 'JSON'|'Text', 'ApplicationLogLevel': 'TRACE'|'DEBUG'|'INFO'|'WARN'|'ERROR'|'FATAL', 'SystemLogLevel': 'DEBUG'|'INFO'|'WARN', 'LogGroup': 'string' } }
Response Structure
(dict) –
Details about a function’s configuration.
FunctionName (string) –
The name of the function.
FunctionArn (string) –
The function’s Amazon Resource Name (ARN).
Runtime (string) –
The identifier of the function’s runtime. Runtime is required if the deployment package is a .zip file archive.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
Role (string) –
The function’s execution role.
Handler (string) –
The function that Lambda calls to begin running your function.
CodeSize (integer) –
The size of the function’s deployment package, in bytes.
Description (string) –
The function’s description.
Timeout (integer) –
The amount of time in seconds that Lambda allows a function to run before stopping it.
MemorySize (integer) –
The amount of memory available to the function at runtime.
LastModified (string) –
The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).
CodeSha256 (string) –
The SHA256 hash of the function’s deployment package.
Version (string) –
The version of the Lambda function.
VpcConfig (dict) –
The function’s networking configuration.
SubnetIds (list) –
A list of VPC subnet IDs.
(string) –
SecurityGroupIds (list) –
A list of VPC security group IDs.
(string) –
VpcId (string) –
The ID of the VPC.
Ipv6AllowedForDualStack (boolean) –
Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
DeadLetterConfig (dict) –
The function’s dead letter queue.
TargetArn (string) –
The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
Environment (dict) –
The function’s environment variables. Omitted from CloudTrail logs.
Variables (dict) –
Environment variable key-value pairs. Omitted from CloudTrail logs.
(string) –
(string) –
Error (dict) –
Error messages for environment variables that couldn’t be applied.
ErrorCode (string) –
The error code.
Message (string) –
The error message.
KMSKeyArn (string) –
The KMS key that’s used to encrypt the function’s environment variables. When Lambda SnapStart is activated, this key is also used to encrypt the function’s snapshot. This key is returned only if you’ve configured a customer managed key.
TracingConfig (dict) –
The function’s X-Ray tracing configuration.
Mode (string) –
The tracing mode.
MasterArn (string) –
For Lambda@Edge functions, the ARN of the main function.
RevisionId (string) –
The latest updated revision of the function or alias.
Layers (list) –
The function’s layers.
(dict) –
An Lambda layer.
Arn (string) –
The Amazon Resource Name (ARN) of the function layer.
CodeSize (integer) –
The size of the layer archive in bytes.
SigningProfileVersionArn (string) –
The Amazon Resource Name (ARN) for a signing profile version.
SigningJobArn (string) –
The Amazon Resource Name (ARN) of a signing job.
State (string) –
The current state of the function. When the state is
Inactive
, you can reactivate the function by invoking it.StateReason (string) –
The reason for the function’s current state.
StateReasonCode (string) –
The reason code for the function’s current state. When the code is
Creating
, you can’t invoke or modify the function.LastUpdateStatus (string) –
The status of the last update that was performed on the function. This is first set to
Successful
after function creation completes.LastUpdateStatusReason (string) –
The reason for the last update that was performed on the function.
LastUpdateStatusReasonCode (string) –
The reason code for the last update that was performed on the function.
FileSystemConfigs (list) –
Connection settings for an Amazon EFS file system.
(dict) –
Details about the connection between a Lambda function and an Amazon EFS file system.
Arn (string) –
The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.
LocalMountPath (string) –
The path where the function can access the file system, starting with
/mnt/
.
PackageType (string) –
The type of deployment package. Set to
Image
for container image and setZip
for .zip file archive.ImageConfigResponse (dict) –
The function’s image configuration values.
ImageConfig (dict) –
Configuration values that override the container image Dockerfile.
EntryPoint (list) –
Specifies the entry point to their application, which is typically the location of the runtime executable.
(string) –
Command (list) –
Specifies parameters that you want to pass in with ENTRYPOINT.
(string) –
WorkingDirectory (string) –
Specifies the working directory.
Error (dict) –
Error response to
GetFunctionConfiguration
.ErrorCode (string) –
Error code.
Message (string) –
Error message.
SigningProfileVersionArn (string) –
The ARN of the signing profile version.
SigningJobArn (string) –
The ARN of the signing job.
Architectures (list) –
The instruction set architecture that the function supports. Architecture is a string array with one of the valid values. The default architecture value is
x86_64
.(string) –
EphemeralStorage (dict) –
The size of the function’s
/tmp
directory in MB. The default value is 512, but can be any whole number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).Size (integer) –
The size of the function’s
/tmp
directory.
SnapStart (dict) –
Set
ApplyOn
toPublishedVersions
to create a snapshot of the initialized execution environment when you publish a function version. For more information, see Improving startup performance with Lambda SnapStart.ApplyOn (string) –
When set to
PublishedVersions
, Lambda creates a snapshot of the execution environment when you publish a function version.OptimizationStatus (string) –
When you provide a qualified Amazon Resource Name (ARN), this response element indicates whether SnapStart is activated for the specified function version.
RuntimeVersionConfig (dict) –
The ARN of the runtime and any errors that occured.
RuntimeVersionArn (string) –
The ARN of the runtime version you want the function to use.
Error (dict) –
Error response when Lambda is unable to retrieve the runtime version for a function.
ErrorCode (string) –
The error code.
Message (string) –
The error message.
LoggingConfig (dict) –
The function’s Amazon CloudWatch Logs configuration settings.
LogFormat (string) –
The format in which Lambda sends your function’s application and system logs to CloudWatch. Select between plain text and structured JSON.
ApplicationLogLevel (string) –
Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the selected level of detail and lower, where
TRACE
is the highest level andFATAL
is the lowest.SystemLogLevel (string) –
Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where
DEBUG
is the highest level andWARN
is the lowest.LogGroup (string) –
The name of the Amazon CloudWatch log group the function sends logs to. By default, Lambda functions send logs to a default log group named
/aws/lambda/<function name>
. To use a different log group, enter an existing log group or enter a new log group name.
Exceptions
Lambda.Client.exceptions.ServiceException
Lambda.Client.exceptions.InvalidParameterValueException
Lambda.Client.exceptions.ResourceNotFoundException
Lambda.Client.exceptions.ResourceConflictException
Lambda.Client.exceptions.TooManyRequestsException
Lambda.Client.exceptions.CodeStorageExceededException
Lambda.Client.exceptions.CodeVerificationFailedException
Lambda.Client.exceptions.InvalidCodeSignatureException
Lambda.Client.exceptions.CodeSigningConfigNotFoundException
Examples
The following example creates a function with a deployment package in Amazon S3 and enables X-Ray tracing and environment variable encryption.
response = client.create_function( Code={ 'S3Bucket': 'my-bucket-1xpuxmplzrlbh', 'S3Key': 'function.zip', }, Description='Process image objects from Amazon S3.', Environment={ 'Variables': { 'BUCKET': 'my-bucket-1xpuxmplzrlbh', 'PREFIX': 'inbound', }, }, FunctionName='my-function', Handler='index.handler', KMSKeyArn='arn:aws:kms:us-west-2:123456789012:key/b0844d6c-xmpl-4463-97a4-d49f50839966', MemorySize=256, Publish=True, Role='arn:aws:iam::123456789012:role/lambda-role', Runtime='nodejs12.x', Tags={ 'DEPARTMENT': 'Assets', }, Timeout=15, TracingConfig={ 'Mode': 'Active', }, ) print(response)
Expected Output:
{ 'CodeSha256': 'YFgDgEKG3ugvF1+pX64gV6tu9qNuIYNUdgJm8nCxsm4=', 'CodeSize': 5797206, 'Description': 'Process image objects from Amazon S3.', 'Environment': { 'Variables': { 'BUCKET': 'my-bucket-1xpuxmplzrlbh', 'PREFIX': 'inbound', }, }, 'FunctionArn': 'arn:aws:lambda:us-west-2:123456789012:function:my-function', 'FunctionName': 'my-function', 'Handler': 'index.handler', 'KMSKeyArn': 'arn:aws:kms:us-west-2:123456789012:key/b0844d6c-xmpl-4463-97a4-d49f50839966', 'LastModified': '2020-04-10T19:06:32.563+0000', 'LastUpdateStatus': 'Successful', 'MemorySize': 256, 'RevisionId': 'b75dcd81-xmpl-48a8-a75a-93ba8b5b9727', 'Role': 'arn:aws:iam::123456789012:role/lambda-role', 'Runtime': 'nodejs12.x', 'State': 'Active', 'Timeout': 15, 'TracingConfig': { 'Mode': 'Active', }, 'Version': '1', 'ResponseMetadata': { '...': '...', }, }