function-base.d.ts
1 import * as cloudwatch from '@aws-cdk/aws-cloudwatch'; 2 import * as ec2 from '@aws-cdk/aws-ec2'; 3 import * as iam from '@aws-cdk/aws-iam'; 4 import { ConstructNode, IResource, Resource } from '@aws-cdk/core'; 5 import { EventInvokeConfigOptions } from './event-invoke-config'; 6 import { IEventSource } from './event-source'; 7 import { EventSourceMapping, EventSourceMappingOptions } from './event-source-mapping'; 8 import { IVersion } from './lambda-version'; 9 import { Permission } from './permission'; 10 /** 11 * @stability stable 12 */ 13 export interface IFunction extends IResource, ec2.IConnectable, iam.IGrantable { 14 /** 15 * The name of the function. 16 * 17 * @stability stable 18 * @attribute true 19 */ 20 readonly functionName: string; 21 /** 22 * The ARN of the function. 23 * 24 * @stability stable 25 * @attribute true 26 */ 27 readonly functionArn: string; 28 /** 29 * The IAM role associated with this function. 30 * 31 * @stability stable 32 */ 33 readonly role?: iam.IRole; 34 /** 35 * Whether or not this Lambda function was bound to a VPC. 36 * 37 * If this is is `false`, trying to access the `connections` object will fail. 38 * 39 * @stability stable 40 */ 41 readonly isBoundToVpc: boolean; 42 /** 43 * The `$LATEST` version of this function. 44 * 45 * Note that this is reference to a non-specific AWS Lambda version, which 46 * means the function this version refers to can return different results in 47 * different invocations. 48 * 49 * To obtain a reference to an explicit version which references the current 50 * function configuration, use `lambdaFunction.currentVersion` instead. 51 * 52 * @stability stable 53 */ 54 readonly latestVersion: IVersion; 55 /** 56 * The construct node where permissions are attached. 57 * 58 * @stability stable 59 */ 60 readonly permissionsNode: ConstructNode; 61 /** 62 * Adds an event source that maps to this AWS Lambda function. 63 * 64 * @param id construct ID. 65 * @param options mapping options. 66 * @stability stable 67 */ 68 addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping; 69 /** 70 * Adds a permission to the Lambda resource policy. 71 * 72 * @param id The id for the permission construct. 73 * @param permission The permission to grant to this Lambda function. 74 * @see Permission for details. 75 * @stability stable 76 */ 77 addPermission(id: string, permission: Permission): void; 78 /** 79 * Adds a statement to the IAM role assumed by the instance. 80 * 81 * @stability stable 82 */ 83 addToRolePolicy(statement: iam.PolicyStatement): void; 84 /** 85 * Grant the given identity permissions to invoke this Lambda. 86 * 87 * @stability stable 88 */ 89 grantInvoke(identity: iam.IGrantable): iam.Grant; 90 /** 91 * Return the given named metric for this Lambda Return the given named metric for this Function. 92 * 93 * @stability stable 94 */ 95 metric(metricName: string, props?: cloudwatch.MetricOptions): cloudwatch.Metric; 96 /** 97 * Metric for the Duration of this Lambda How long execution of this Lambda takes. 98 * 99 * Average over 5 minutes 100 * 101 * @default average over 5 minutes 102 * @stability stable 103 */ 104 metricDuration(props?: cloudwatch.MetricOptions): cloudwatch.Metric; 105 /** 106 * Metric for the number of invocations of this Lambda How often this Lambda is invoked. 107 * 108 * Sum over 5 minutes 109 * 110 * @default sum over 5 minutes 111 * @stability stable 112 */ 113 metricInvocations(props?: cloudwatch.MetricOptions): cloudwatch.Metric; 114 /** 115 * Metric for the number of throttled invocations of this Lambda How often this Lambda is throttled. 116 * 117 * Sum over 5 minutes 118 * 119 * @default sum over 5 minutes 120 * @stability stable 121 */ 122 metricThrottles(props?: cloudwatch.MetricOptions): cloudwatch.Metric; 123 /** 124 * Adds an event source to this function. 125 * 126 * Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module. 127 * 128 * The following example adds an SQS Queue as an event source: 129 * ``` 130 * import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; 131 * myFunction.addEventSource(new SqsEventSource(myQueue)); 132 * ``` 133 * 134 * @stability stable 135 */ 136 addEventSource(source: IEventSource): void; 137 /** 138 * Configures options for asynchronous invocation. 139 * 140 * @stability stable 141 */ 142 configureAsyncInvoke(options: EventInvokeConfigOptions): void; 143 } 144 /** 145 * Represents a Lambda function defined outside of this stack. 146 * 147 * @stability stable 148 */ 149 export interface FunctionAttributes { 150 /** 151 * The ARN of the Lambda function. 152 * 153 * Format: arn:<partition>:lambda:<region>:<account-id>:function:<function-name> 154 * 155 * @stability stable 156 */ 157 readonly functionArn: string; 158 /** 159 * The IAM execution role associated with this function. 160 * 161 * If the role is not specified, any role-related operations will no-op. 162 * 163 * @stability stable 164 */ 165 readonly role?: iam.IRole; 166 /** 167 * (deprecated) Id of the security group of this Lambda, if in a VPC. 168 * 169 * This needs to be given in order to support allowing connections 170 * to this Lambda. 171 * 172 * @deprecated use `securityGroup` instead 173 */ 174 readonly securityGroupId?: string; 175 /** 176 * The security group of this Lambda, if in a VPC. 177 * 178 * This needs to be given in order to support allowing connections 179 * to this Lambda. 180 * 181 * @stability stable 182 */ 183 readonly securityGroup?: ec2.ISecurityGroup; 184 /** 185 * Setting this property informs the CDK that the imported function is in the same environment as the stack. 186 * 187 * This affects certain behaviours such as, whether this function's permission can be modified. 188 * When not configured, the CDK attempts to auto-determine this. For environment agnostic stacks, i.e., stacks 189 * where the account is not specified with the `env` property, this is determined to be false. 190 * 191 * Set this to property *ONLY IF* the imported function is in the same account as the stack 192 * it's imported in. 193 * 194 * @default - depends: true, if the Stack is configured with an explicit `env` (account and region) and the account is the same as this function. 195 * For environment-agnostic stacks this will default to `false`. 196 * @stability stable 197 */ 198 readonly sameEnvironment?: boolean; 199 } 200 /** 201 * @stability stable 202 */ 203 export declare abstract class FunctionBase extends Resource implements IFunction, ec2.IClientVpnConnectionHandler { 204 /** 205 * The principal this Lambda Function is running as. 206 * 207 * @stability stable 208 */ 209 abstract readonly grantPrincipal: iam.IPrincipal; 210 /** 211 * The name of the function. 212 * 213 * @stability stable 214 */ 215 abstract readonly functionName: string; 216 /** 217 * The ARN fo the function. 218 * 219 * @stability stable 220 */ 221 abstract readonly functionArn: string; 222 /** 223 * The IAM role associated with this function. 224 * 225 * Undefined if the function was imported without a role. 226 * 227 * @stability stable 228 */ 229 abstract readonly role?: iam.IRole; 230 /** 231 * The construct node where permissions are attached. 232 * 233 * @stability stable 234 */ 235 abstract readonly permissionsNode: ConstructNode; 236 /** 237 * Whether the addPermission() call adds any permissions. 238 * 239 * True for new Lambdas, false for version $LATEST and imported Lambdas 240 * from different accounts. 241 * 242 * @stability stable 243 */ 244 protected abstract readonly canCreatePermissions: boolean; 245 /** 246 * Actual connections object for this Lambda 247 * 248 * May be unset, in which case this Lambda is not configured use in a VPC. 249 * @internal 250 */ 251 protected _connections?: ec2.Connections; 252 private _latestVersion?; 253 /** 254 * Mapping of invocation principals to grants. Used to de-dupe `grantInvoke()` calls. 255 * @internal 256 */ 257 protected _invocationGrants: Record<string, iam.Grant>; 258 /** 259 * Adds a permission to the Lambda resource policy. 260 * 261 * @param id The id for the permission construct. 262 * @param permission The permission to grant to this Lambda function. 263 * @see Permission for details. 264 * @stability stable 265 */ 266 addPermission(id: string, permission: Permission): void; 267 /** 268 * Adds a statement to the IAM role assumed by the instance. 269 * 270 * @stability stable 271 */ 272 addToRolePolicy(statement: iam.PolicyStatement): void; 273 /** 274 * Access the Connections object. 275 * 276 * Will fail if not a VPC-enabled Lambda Function 277 * 278 * @stability stable 279 */ 280 get connections(): ec2.Connections; 281 /** 282 * The `$LATEST` version of this function. 283 * 284 * Note that this is reference to a non-specific AWS Lambda version, which 285 * means the function this version refers to can return different results in 286 * different invocations. 287 * 288 * To obtain a reference to an explicit version which references the current 289 * function configuration, use `lambdaFunction.currentVersion` instead. 290 * 291 * @stability stable 292 */ 293 get latestVersion(): IVersion; 294 /** 295 * Whether or not this Lambda function was bound to a VPC. 296 * 297 * If this is is `false`, trying to access the `connections` object will fail. 298 * 299 * @stability stable 300 */ 301 get isBoundToVpc(): boolean; 302 /** 303 * Adds an event source that maps to this AWS Lambda function. 304 * 305 * @stability stable 306 */ 307 addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping; 308 /** 309 * Grant the given identity permissions to invoke this Lambda. 310 * 311 * @stability stable 312 */ 313 grantInvoke(grantee: iam.IGrantable): iam.Grant; 314 /** 315 * Adds an event source to this function. 316 * 317 * Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module. 318 * 319 * The following example adds an SQS Queue as an event source: 320 * ``` 321 * import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources'; 322 * myFunction.addEventSource(new SqsEventSource(myQueue)); 323 * ``` 324 * 325 * @stability stable 326 */ 327 addEventSource(source: IEventSource): void; 328 /** 329 * Configures options for asynchronous invocation. 330 * 331 * @stability stable 332 */ 333 configureAsyncInvoke(options: EventInvokeConfigOptions): void; 334 /** 335 * Returns the construct tree node that corresponds to the lambda function. 336 * For use internally for constructs, when the tree is set up in non-standard ways. Ex: SingletonFunction. 337 * @internal 338 */ 339 protected _functionNode(): ConstructNode; 340 /** 341 * Given the function arn, check if the account id matches this account 342 * 343 * Function ARNs look like this: 344 * 345 * arn:aws:lambda:region:account-id:function:function-name 346 * 347 * ..which means that in order to extract the `account-id` component from the ARN, we can 348 * split the ARN using ":" and select the component in index 4. 349 * 350 * @returns true if account id of function matches the account specified on the stack, false otherwise. 351 * 352 * @internal 353 */ 354 protected _isStackAccount(): boolean; 355 /** 356 * Translate IPrincipal to something we can pass to AWS::Lambda::Permissions 357 * 358 * Do some nasty things because `Permission` supports a subset of what the 359 * full IAM principal language supports, and we may not be able to parse strings 360 * outright because they may be tokens. 361 * 362 * Try to recognize some specific Principal classes first, then try a generic 363 * fallback. 364 */ 365 private parsePermissionPrincipal; 366 private parseConditions; 367 private isPrincipalWithConditions; 368 } 369 /** 370 * @stability stable 371 */ 372 export declare abstract class QualifiedFunctionBase extends FunctionBase { 373 /** 374 * @stability stable 375 */ 376 abstract readonly lambda: IFunction; 377 /** 378 * The construct node where permissions are attached. 379 * 380 * @stability stable 381 */ 382 readonly permissionsNode: ConstructNode; 383 /** 384 * The qualifier of the version or alias of this function. 385 * 386 * A qualifier is the identifier that's appended to a version or alias ARN. 387 * 388 * @see https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html#API_GetFunctionConfiguration_RequestParameters 389 * @stability stable 390 */ 391 protected abstract readonly qualifier: string; 392 /** 393 * The `$LATEST` version of this function. 394 * 395 * Note that this is reference to a non-specific AWS Lambda version, which 396 * means the function this version refers to can return different results in 397 * different invocations. 398 * 399 * To obtain a reference to an explicit version which references the current 400 * function configuration, use `lambdaFunction.currentVersion` instead. 401 * 402 * @stability stable 403 */ 404 get latestVersion(): IVersion; 405 /** 406 * Configures options for asynchronous invocation. 407 * 408 * @stability stable 409 */ 410 configureAsyncInvoke(options: EventInvokeConfigOptions): void; 411 }