AWS Lambda Function Event Invoke Config

This page shows how to write Terraform and CloudFormation for Lambda Function Event Invoke Config and write them securely.

aws_lambda_function_event_invoke_config (Terraform)

The Function Event Invoke Config in Lambda can be configured in Terraform with the resource name aws_lambda_function_event_invoke_config. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

lambda.tf#L25
resource "aws_lambda_function_event_invoke_config" "secretsmanager_eks_sync" {
  function_name          = aws_lambda_function.secretsmanager_eks_sync.function_name
  maximum_retry_attempts = 0
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages an asynchronous invocation configuration for a Lambda Function or Alias. More information about asynchronous invocations and the configurable values can be found in the Lambda Developer Guide.

Tips: Best Practices for The Other AWS Lambda Resources

In addition to the aws_lambda_permission, AWS Lambda has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_lambda_permission

Ensure to limit your Lambda function permission as much as possible

It is better for limiting the Lambda function permission to set `source_arn` if the ARN can be specified to grant permissions.

Review your AWS Lambda settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::Lambda::EventInvokeConfig (CloudFormation)

The EventInvokeConfig in Lambda can be configured in CloudFormation with the resource name AWS::Lambda::EventInvokeConfig. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

serverless.yml#L168
      Type: "AWS::Lambda::EventInvokeConfig"
      Properties:
        FunctionName: !Ref ExtractLambdaFunction
        DestinationConfig:
          OnSuccess:
            Destination: !GetAtt Group3SQSExtracttoTransform.Arn
serverless.yml#L168
      Type: "AWS::Lambda::EventInvokeConfig"
      Properties:
        FunctionName: !Ref ExtractLambdaFunction
        DestinationConfig:
          OnSuccess:
            Destination: !GetAtt Group1SQSExtracttoTransform.Arn
serverless.yml#L168
      Type: "AWS::Lambda::EventInvokeConfig"
      Properties:
        FunctionName: !Ref ExtractLambdaFunction
        DestinationConfig:
          OnSuccess:
            Destination: !GetAtt Group3SQSExtracttoTransform.Arn
serverless.yml#L168
      Type: "AWS::Lambda::EventInvokeConfig"
      Properties:
        FunctionName: !Ref ExtractLambdaFunction
        DestinationConfig:
          OnSuccess:
            Destination: !GetAtt Group3SQSExtracttoTransform.Arn
serverless.yml#L141
      Type: AWS::Lambda::EventInvokeConfig
      Properties:
        FunctionName:
          Ref: DbupdateLambdaFunction
        MaximumRetryAttempts: 0
        Qualifier: $LATEST
integ.destinations.expected.json#L98
      "Type": "AWS::Lambda::EventInvokeConfig",
      "Properties": {
        "FunctionName": {
          "Ref": "SnsSqsC4810B27"
        },
        "Qualifier": "$LATEST",
integ.destinations.expected.json#L100
      "Type": "AWS::Lambda::EventInvokeConfig",
      "Properties": {
        "FunctionName": {
          "Ref": "SnsSqsC4810B27"
        },
        "Qualifier": "$LATEST",
integ.destinations.expected.json#L100
      "Type": "AWS::Lambda::EventInvokeConfig",
      "Properties": {
        "FunctionName": {
          "Ref": "SnsSqsC4810B27"
        },
        "Qualifier": "$LATEST",
integ.destinations.expected.json#L100
      "Type": "AWS::Lambda::EventInvokeConfig",
      "Properties": {
        "FunctionName": {
          "Ref": "SnsSqsC4810B27"
        },
        "Qualifier": "$LATEST",
basic_function_event_destinations.json#L10
  { "LogicalResourceId":"MyTestFunction2EventInvokeConfig", "ResourceType":"AWS::Lambda::EventInvokeConfig"},
  { "LogicalResourceId":"MyTestFunction2Version", "ResourceType":"AWS::Lambda::Version"},
  { "LogicalResourceId":"MyTestFunctionEventInvokeConfig", "ResourceType":"AWS::Lambda::EventInvokeConfig"},
  { "LogicalResourceId":"DestinationLambdaRole", "ResourceType":"AWS::IAM::Role"}

Parameters

Explanation in CloudFormation Registry

The AWS::Lambda::EventInvokeConfig resource configures options for asynchronous invocation on a version or an alias.

By default, Lambda retries an asynchronous invocation twice if the function returns an error. It retains events in a queue for up to six hours. When an event fails all processing attempts or stays in the asynchronous invocation queue for too long, Lambda discards it.

Frequently asked questions

What is AWS Lambda Function Event Invoke Config?

AWS Lambda Function Event Invoke Config is a resource for Lambda of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Lambda Function Event Invoke Config?

For Terraform, the IronCore864/terraform-sm2kubes source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the jacobcallear/infinityque, dnpaul97/cafe_connect and shameelabegum/infinity-que source code examples are useful. See the CloudFormation Example section for further details.