Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS. The Lambda Function itself includes source code and runtime configuration.

For information about Lambda and how to use it, see What is AWS Lambda?

Example Usage

resource "aws_iam_role" "iam_for_lambda" {
    name = "iam_for_lambda"
    assume_role_policy = <<EOF
  "Version": "2012-10-17",
  "Statement": [
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": ""
      "Effect": "Allow",
      "Sid": ""

resource "aws_lambda_function" "test_lambda" {
    filename = ""
    function_name = "lambda_function_name"
    role = "${aws_iam_role.iam_for_lambda.arn}"
    handler = "exports.test"
    source_code_hash = "${base64sha256(file(""))}"

Argument Reference

  • filename - (Optional) A zip file containing your lambda function source code. If defined, The s3_* options cannot be used.
  • s3_bucket - (Optional) The S3 bucket location containing your lambda function source code. Conflicts with filename.
  • s3_key - (Optional) The S3 key containing your lambda function source code. Conflicts with filename.
  • s3_object_version - (Optional) The object version of your lambda function source code. Conflicts with filename.
  • function_name - (Required) A unique name for your Lambda Function.
  • handler - (Required) The function entrypoint in your code.
  • role - (Required) IAM role attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details.
  • description - (Optional) Description of what your Lambda Function does.
  • memory_size - (Optional) Amount of memory in MB your Lambda Function can use at runtime. Defaults to 128. See Limits
  • runtime - (Optional) Defaults to nodejs. See Runtimes for valid values.
  • timeout - (Optional) The amount of time your Lambda Function has to run in seconds. Defaults to 3. See Limits
  • vpc_config - (Optional) Provide this to allow your function to access your VPC. Fields documented below. See Lambda in VPC
  • source_code_hash - (Optional) Used to trigger updates. This is only useful in conjuction with filename. The only useful value is ${base64sha256(file(""))}.

vpc_config requires the following:

  • subnet_ids - (Required) A list of subnet IDs associated with the Lambda function.
  • security_group_ids - (Required) A list of security group IDs associated with the Lambda function.

~> NOTE: if both subnet_ids and security_group_ids are empty then vpc_config is considered to be empty or unset.

Attributes Reference

  • arn - The Amazon Resource Name (ARN) identifying your Lambda Function.
  • last_modified - The date this resource was last modified.
  • source_code_hash - Base64-encoded representation of raw SHA-256 sum of the zip file provided either via filename or s3_* parameters


Lambda Functions can be imported using the function_name, e.g.

$ terraform import aws_lambda_function.tesr_lambda my_test_lambda_function