Skip to main content
← back to extensions

Aws/lambda

@swamp/aws/lambdav2026.06.16.1· 1d agoMODELS
01README

AWS LAMBDA infrastructure models

02Release Notes
  • Updated: capacity_provider
03Models11
alias.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
FunctionNamestringThe name of the Lambda function.
ProvisionedConcurrencyConfig?objectThe amount of provisioned concurrency to allocate for the alias.
Description?stringA description of the alias.
FunctionVersionstringThe function version that the alias invokes.
RoutingConfig?objectThe second version, and the percentage of traffic that's routed to it.
NamestringThe name of the alias.
fn create()
Create a Lambda Alias
fn get(identifier: string)
Get a Lambda Alias
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Alias
fn update()
Update a Lambda Alias
fn delete(identifier: string)
Delete a Lambda Alias
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Alias
fn sync()
Sync Lambda Alias state from AWS
capacity_provider.tsv2026.06.16.1

Global Arguments

ArgumentTypeDescription
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
CapacityProviderName?string
CapacityProviderScalingConfig?objectThe maximum number of vCPUs that the capacity provider can provision across all compute instances.
InstanceRequirements?objectA list of supported CPU architectures for compute instances. Valid values include x86_64 and arm64.
KmsKeyArn?stringThe ARN of the KMS key used to encrypt the capacity provider's resources.
PermissionsConfigobjectThe ARN of the IAM role that the capacity provider uses to manage compute instances and other AWS resources.
Tags?arrayA key-value pair that provides metadata for the capacity provider.
VpcConfigobjectA list of subnet IDs where the capacity provider launches compute instances.
PropagateTags?object
fn create()
Create a Lambda CapacityProvider
fn get(identifier: string)
Get a Lambda CapacityProvider
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda CapacityProvider
fn update()
Update a Lambda CapacityProvider
fn delete(identifier: string)
Delete a Lambda CapacityProvider
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda CapacityProvider
fn sync()
Sync Lambda CapacityProvider state from AWS
code_signing_config.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
Description?stringA description of the CodeSigningConfig
AllowedPublishersobjectList of Signing profile version Arns
CodeSigningPolicies?objectIndicates how Lambda operations involve updating the code artifact will operate. Default to Warn if not provided
Tags?arrayA list of tags to apply to CodeSigningConfig resource
fn create()
Create a Lambda CodeSigningConfig
fn get(identifier: string)
Get a Lambda CodeSigningConfig
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda CodeSigningConfig
fn update()
Update a Lambda CodeSigningConfig
fn delete(identifier: string)
Delete a Lambda CodeSigningConfig
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda CodeSigningConfig
fn sync()
Sync Lambda CodeSigningConfig state from AWS
event_invoke_config.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
DestinationConfig?objectThe destination configuration for failed invocations.
FunctionNamestringThe name of the Lambda function.
MaximumEventAgeInSeconds?numberThe maximum age of a request that Lambda sends to a function for processing.
MaximumRetryAttempts?numberThe maximum number of times to retry when the function returns an error.
QualifierstringThe identifier of a version or alias.
fn create()
Create a Lambda EventInvokeConfig
fn get(identifier: string)
Get a Lambda EventInvokeConfig
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda EventInvokeConfig
fn update()
Update a Lambda EventInvokeConfig
fn delete(identifier: string)
Delete a Lambda EventInvokeConfig
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda EventInvokeConfig
fn sync()
Sync Lambda EventInvokeConfig state from AWS
event_source_mapping.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
BatchSize?numberThe maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB). *Amazon Kinesis* – Default 100. Max 10,000. *Amazon DynamoDB Streams* – Default 100. Max 10,000. *Amazon Simple Queue Service* – Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10. *Amazon Managed Streaming for Apache Kafka* – Default 100. Max 10,000. *Self-managed Apache Kafka* – Default 100. Max 10,000. *Amazon MQ (ActiveMQ and RabbitMQ)* – Default 100. Max 10,000. *DocumentDB* – Default 100. Max 10,000.
BisectBatchOnFunctionError?boolean(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false. When using BisectBatchOnFunctionError, check the BatchSize parameter in the OnFailure destination message's metadata. The BatchSize could be greater than 1 since LAM consolidates failed messages metadata when writing to the OnFailure destination.
DestinationConfig?objectThe destination configuration for failed invocations.
Enabled?booleanWhen true, the event source mapping is active. When false, Lambda pauses polling and invocation. Default: True
EventSourceArn?stringThe Amazon Resource Name (ARN) of the event source. *Amazon Kinesis* – The ARN of the data stream or a stream consumer. *Amazon DynamoDB Streams* – The ARN of the stream. *Amazon Simple Queue Service* – The ARN of the queue. *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)). *Amazon MQ* – The ARN of the broker. *Amazon DocumentDB* – The ARN of the DocumentDB change stream.
FilterCriteria?objectA list of filters.
KmsKeyArn?stringThe ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics).
FunctionNamestringThe name or ARN of the Lambda function. **Name formats** *Function name* – MyFunction. *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction. *Version or Alias ARN* – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD. *Partial ARN* – 123456789012:function:MyFunction. The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
MaximumBatchingWindowInSeconds?numberThe maximum amount of time, in seconds, that Lambda spends gathering records before invoking the function. *Default (,, event sources)*: 0 *Default (, Kafka,, event sources)*: 500 ms *Related setting:* For SQS event sources, when you set BatchSize to a value greater than 10, you must set MaximumBatchingWindowInSeconds to at least 1.
MaximumRecordAgeInSeconds?number(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
MaximumRetryAttempts?number(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
ParallelizationFactor?number(Kinesis and DynamoDB Streams only) The number of batches to process concurrently from each shard. The default value is 1.
StartingPosition?stringThe position in a stream from which to start reading. Required for Amazon Kinesis and Amazon DynamoDB. *LATEST* - Read only new records. *TRIM_HORIZON* - Process all available records. *AT_TIMESTAMP* - Specify a time from which to start reading records.
StartingPositionTimestamp?numberWith StartingPosition set to AT_TIMESTAMP, the time from which to start reading, in Unix time seconds. StartingPositionTimestamp cannot be in the future.
Tags?arrayA list of tags to add to the event source mapping. You must have the lambda:TagResource, lambda:UntagResource, and lambda:ListTags permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
Topics?arrayThe name of the Kafka topic.
Queues?array(Amazon MQ) The name of the Amazon MQ broker destination queue to consume.
SourceAccessConfigurations?arrayAn array of the authentication protocol, VPC components, or virtual host to secure and define your event source.
TumblingWindowInSeconds?number(Kinesis and DynamoDB Streams only) The duration in seconds of a processing window for DynamoDB and Kinesis Streams event sources. A value of 0 seconds indicates no tumbling window.
FunctionResponseTypes?array(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping. Valid Values: ReportBatchItemFailures
SelfManagedEventSource?objectThe list of bootstrap servers for your Kafka brokers in the following format: "KafkaBootstrapServers": ["abc.xyz.com:xxxx","abc2.xyz.com:xxxx"].
AmazonManagedKafkaEventSourceConfig?objectThe identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-consumer-group-id).
SelfManagedKafkaEventSourceConfig?objectThe identifier for the Kafka consumer group to join. The consumer group ID must be unique among all your Kafka event sources. After creating a Kafka event source mapping with the consumer group ID specified, you cannot update this value. For more information, see [Customizable consumer group ID](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka-process.html#services-smaa-topic-add).
ScalingConfig?objectLimits the number of concurrent instances that the SQS event source can invoke.
DocumentDBEventSourceConfig?objectThe name of the database to consume within the DocumentDB cluster.
ProvisionedPollerConfig?objectThe minimum number of event pollers this event source can scale down to. For Amazon SQS events source mappings, default is 2, and minimum 2 required. For Amazon MSK and self-managed Apache Kafka event source mappings, default is 1.
MetricsConfig?objectThe metrics you want your event source mapping to produce. Include EventCount to receive event source mapping metrics related to the number of events processed by your event source mapping. For more information about these metrics, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics).
LoggingConfig?objectSet this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest.
fn create()
Create a Lambda EventSourceMapping
fn get(identifier: string)
Get a Lambda EventSourceMapping
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda EventSourceMapping
fn update()
Update a Lambda EventSourceMapping
fn delete(identifier: string)
Delete a Lambda EventSourceMapping
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda EventSourceMapping
fn sync()
Sync Lambda EventSourceMapping state from AWS
function.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
FunctionScalingConfig?objectThe minimum number of execution environments to maintain for the function.
Description?stringA description of the function.
TracingConfig?objectThe tracing mode.
VpcConfig?objectAllows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
RuntimeManagementConfig?objectSpecify the runtime update mode. *Auto (default)* - Automatically update to the most recent and secure runtime version using a [Two-phase runtime version rollout](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-two-phase). This is the best choice for most customers to ensure they always benefit from runtime updates. *FunctionUpdate* - LAM updates the runtime of you function to the most recent and secure runtime version when you update your function. This approach synchronizes runtime updates with function deployments, giving you control over when runtime updates are applied and allowing you to detect and mitigate rare runtime update incompatibilities early. When using this setting, you need to regularly update your functions to keep their runtime up-to-date. *Manual* - You specify a runtime version in your function configuration. The function will use this runtime version indefinitely. In the rare case where a new runtime version is incompatible with an existing function, this allows you to roll back your function to an earlier runtime version. For more information, see [Roll back a runtime version](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html#runtime-management-rollback). *Valid Values*: Auto | FunctionUpdate | Manual
DurableConfig?objectThe maximum time (in seconds) that a durable execution can run before timing out. This timeout applies to the entire durable execution, not individual function invocations.
ReservedConcurrentExecutions?numberThe number of simultaneous executions to reserve for the function.
FileSystemConfigs?arrayConnection settings for an Amazon EFS or Amazon S3 Files file system. To connect a function to a file system, a mount target must be available in every Availability Zone that your function connects to. If your template contains an [AWS::EFS::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-efs-mounttarget.html) or [AWS::S3Files::MountTarget](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3files-mounttarget.html) resource, you must also specify a DependsOn attribute to ensure that the mount target is created or updated before the function. For more information about using the DependsOn attribute, see [DependsOn Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html).
FunctionName?stringThe name of the Lambda function, up to 64 characters in length. If you don't specify a name, CFN generates one. If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
Runtime?stringThe identifier of the function's [runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). Runtime is required if the deployment package is a.zip file archive. Specifying a runtime results in an error if you're deploying a function using a container image. The following list includes deprecated runtimes. Lambda blocks creating new functions and updating existing functions shortly after each runtime is deprecated. For more information, see [Runtime use after deprecation](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-deprecation-levels). For a list of all currently supported runtimes, see [Supported runtimes](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-supported).
KmsKeyArn?stringThe ARN of the KMSlong (KMS) customer managed key that's used to encrypt the following resources: The function's [environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-encryption). The function's [Lambda SnapStart](https://docs.aws.amazon.com/lambda/latest/dg/snapstart-security.html) snapshots. When used with SourceKMSKeyArn, the unzipped version of the.zip deployment package that's used for function invocations. For more information, see [Specifying a customer managed key for Lambda](https://docs.aws.amazon.com/lambda/latest/dg/encrypt-zip-package.html#enable-zip-custom-encryption). The optimized version of the container image that's used for function invocations. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). For more information, see [Function lifecycle](https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-lifecycle). If you don't provide a customer managed key, Lambda uses an [owned key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) or an [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
PublishToLatestPublished?boolean
PackageType?enumThe type of deployment package. Set to Image for container image and set Zip for.zip file archive.
CodeSigningConfigArn?stringTo enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.
Layers?arrayA list of [function layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html) to add to the function's execution environment. Specify each layer by its ARN, including the version.
TenancyConfig?objectTenant isolation mode allows for invocation to be sent to a corresponding execution environment dedicated to a specific tenant ID.
Tags?arrayA list of [tags](https://docs.aws.amazon.com/lambda/latest/dg/tagging.html) to apply to the function. You must have the lambda:TagResource, lambda:UntagResource, and lambda:ListTags permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update.
ImageConfig?objectSpecifies the working directory. The length of the directory string cannot exceed 1,000 characters.
MemorySize?numberThe amount of [memory available to the function](https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console) at runtime. Increasing the function memory also increases its CPU allocation. The default value is 128 MB. The value can be any multiple of 1 MB. Note that new AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. You can also request a quota increase.
DeadLetterConfig?objectThe Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
Timeout?numberThe amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For more information, see [Lambda execution environment](https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html).
CapacityProviderConfig?objectConfiguration for Lambda-managed instances used by the capacity provider.
Handler?stringThe name of the method within your code that Lambda calls to run your function. Handler is required if the deployment package is a.zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see [Lambda programming model](https://docs.aws.amazon.com/lambda/latest/dg/foundation-progmodel.html).
Code?objectThe ARN of the KMSlong (KMS) customer managed key that's used to encrypt your function's.zip deployment package. If you don't provide a customer managed key, Lambda uses an [owned key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk).
RolestringThe Amazon Resource Name (ARN) of the function's execution role.
LoggingConfig?objectThe format in which Lambda sends your function's application and system logs to CloudWatch. Select between plain text and structured JSON.
RecursiveLoop?enumThe status of your function's recursive loop detection configuration. When this value is set to Allow and Lambda detects your function being invoked as part of a recursive loop, it doesn't take any action. When this value is set to Terminate and Lambda detects your function being invoked as part of a recursive loop, it stops your function being invoked and notifies you.
Environment?objectEnvironment variable key-value pairs. For more information, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html). If the value of the environment variable is a time or a duration, enclose the value in quotes.
EphemeralStorage?objectThe size of the function's /tmp directory.
Architectures?arrayThe instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is x86_64.
fn create()
Create a Lambda Function
fn get(identifier: string)
Get a Lambda Function
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Function
fn update()
Update a Lambda Function
fn delete(identifier: string)
Delete a Lambda Function
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Function
fn sync()
Sync Lambda Function state from AWS
layer_version.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
CompatibleRuntimes?arrayA list of compatible function runtimes. Used for filtering with ListLayers and ListLayerVersions.
LicenseInfo?stringThe layer's software license.
Description?stringThe description of the version.
LayerName?stringThe name or Amazon Resource Name (ARN) of the layer.
Content?objectFor versioned objects, the version of the layer archive object to use.
CompatibleArchitectures?arrayA list of compatible instruction set architectures.
fn create()
Create a Lambda LayerVersion
fn get(identifier: string)
Get a Lambda LayerVersion
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda LayerVersion
fn delete(identifier: string)
Delete a Lambda LayerVersion
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda LayerVersion
fn sync()
Sync Lambda LayerVersion state from AWS
layer_version_permission.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
ActionstringThe API action that grants access to the layer.
LayerVersionArnstringThe name or Amazon Resource Name (ARN) of the layer.
OrganizationId?stringWith the principal set to *, grant permission to all accounts in the specified organization.
PrincipalstringAn account ID, or * to grant layer usage permission to all accounts in an organization, or all AWS accounts (if organizationId is not specified).
fn create()
Create a Lambda LayerVersionPermission
fn get(identifier: string)
Get a Lambda LayerVersionPermission
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda LayerVersionPermission
fn delete(identifier: string)
Delete a Lambda LayerVersionPermission
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda LayerVersionPermission
fn sync()
Sync Lambda LayerVersionPermission state from AWS
permission.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
ActionstringThe action that the principal can use on the function. For example, lambda:InvokeFunction or lambda:GetFunction.
EventSourceToken?stringFor Alexa Smart Home functions, a token that the invoker must supply.
FunctionNamestringThe name or ARN of the Lambda function, version, or alias. **Name formats** *Function name* – my-function (name-only), my-function:v1 (with alias). *Function ARN* – arn:aws:lambda:us-west-2:123456789012:function:my-function. *Partial ARN* – 123456789012:function:my-function. You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
FunctionUrlAuthType?enumThe type of authentication that your function URL uses. Set to AWS_IAM if you want to restrict access to authenticated users only. Set to NONE if you want to bypass IAM authentication to create a public endpoint. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
InvokedViaFunctionUrl?booleanRestricts the lambda:InvokeFunction action to function URL calls. When specified, this option prevents the principal from invoking the function by any means other than the function URL. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html).
PrincipalstringThe AWS-service, AWS-account, IAM user, or IAM role that invokes the function. If you specify a service, use SourceArn or SourceAccount to limit who can invoke the function through that service.
PrincipalOrgID?stringThe identifier for your organization in AOlong. Use this to grant permissions to all the AWS-accounts under this organization.
SourceAccount?stringFor AWS-service, the ID of the AWS-account that owns the resource. Use this together with SourceArn to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.
SourceArn?stringFor AWS-services, the ARN of the AWS resource that invokes the function. For example, an Amazon S3 bucket or Amazon SNS topic. Note that Lambda configures the comparison using the StringLike operator.
fn create()
Create a Lambda Permission
fn get(identifier: string)
Get a Lambda Permission
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Permission
fn delete(identifier: string)
Delete a Lambda Permission
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Permission
fn sync()
Sync Lambda Permission state from AWS
url.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
TargetFunctionArnstringThe Amazon Resource Name (ARN) of the function associated with the Function URL.
Qualifier?stringThe alias qualifier for the target function. If TargetFunctionArn is unqualified then Qualifier must be passed.
AuthTypeenumCan be either AWS_IAM if the requests are authorized via IAM, or NONE if no authorization is configured on the Function URL.
InvokeMode?enumThe invocation mode for the function's URL. Set to BUFFERED if you want to buffer responses before returning them to the client. Set to RESPONSE_STREAM if you want to stream responses, allowing faster time to first byte and larger response payload sizes. If not set, defaults to BUFFERED.
Cors?objectSpecifies whether credentials are included in the CORS request.
fn create()
Create a Lambda Url
fn get(identifier: string)
Get a Lambda Url
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Url
fn update()
Update a Lambda Url
fn delete(identifier: string)
Delete a Lambda Url
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Url
fn sync()
Sync Lambda Url state from AWS
version.tsv2026.06.15.1

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
accessKeyId?stringAWS access key ID; overrides AWS_ACCESS_KEY_ID environment variable. Wire with a vault.get(...) expression to source it from a vault.
secretAccessKey?stringAWS secret access key; overrides AWS_SECRET_ACCESS_KEY environment variable. Wire with a vault.get(...) expression to source it from a vault.
sessionToken?stringAWS session token for temporary credentials; overrides AWS_SESSION_TOKEN environment variable. Wire with a vault.get(...) expression to source it from a vault.
region?stringAWS region; overrides AWS_REGION / AWS_DEFAULT_REGION environment variables and ~/.aws/config profile region. Defaults to us-east-1.
CodeSha256?stringOnly publish a version if the hash value matches the value that's specified. Use this option to avoid publishing a version if the function code has changed since you last updated it. Updates are not supported for this property.
Description?stringA description for the version to override the description in the function configuration. Updates are not supported for this property.
FunctionNamestringThe name of the Lambda function.
ProvisionedConcurrencyConfig?objectThe amount of provisioned concurrency to allocate for the version.
RuntimePolicy?objectThe ARN of the runtime the function is configured to use. If the runtime update mode is manual, the ARN is returned, otherwise null is returned.
FunctionScalingConfig?objectThe minimum number of execution environments to maintain for the function.
fn create()
Create a Lambda Version
fn get(identifier: string)
Get a Lambda Version
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Version
fn update()
Update a Lambda Version
fn delete(identifier: string)
Delete a Lambda Version
ArgumentTypeDescription
identifierstringThe primary identifier of the Lambda Version
fn sync()
Sync Lambda Version state from AWS
04Previous Versions15
2026.06.15.1Jun 15, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.06.08.2Jun 8, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.06.06.1Jun 6, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version

Added 1, removed 11 models

2026.06.04.1Jun 4, 2026
  • Updated: capacity_provider
2026.05.31.1May 31, 2026
  • Updated: function
2026.05.29.1May 29, 2026
  • Updated: capacity_provider
2026.05.27.1May 27, 2026
  • Updated: layer_version
2026.04.23.3Apr 23, 2026
2026.04.23.2Apr 23, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.04.09.1Apr 9, 2026
  • Updated: function
2026.04.08.1Apr 8, 2026
  • Updated: function
2026.04.03.2Apr 3, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.03.19.1Mar 19, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.03.16.1Mar 16, 2026
  • Updated: alias, capacity_provider, code_signing_config, event_invoke_config, event_source_mapping, function, layer_version, layer_version_permission, permission, url, version
2026.03.10.5Mar 10, 2026
05Stats
B
85 / 100
Downloads
147
Archive size
2.6 MB
Verified by Swamp
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit0/2missing
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/swamp-club/swamp-extensions
06Platforms
07Labels
#aws#lambda#cloud#infrastructure