Function
Reference doc for the `sst.aws.Function` component.
The Function
component lets you add serverless functions to your app.
It uses AWS Lambda.
Supported runtimes
Currently supports Node.js and Golang functions. Python is community supported and is currently a work in progress. Other runtimes are on the roadmap.
Minimal example
Pass in the path to your handler function.
Pass in the directory to your Go app.
Set additional config
Pass in additional Lambda config.
Link resources
Link resources to the function. This will grant permissions to the resources and allow you to access it in your handler.
You can use the SDK to access the linked resources in your handler.
Set environment variables
Set environment variables that you can read in your function. For example, using
process.env
in your Node.js functions.
Enable function URLs
Enable function URLs to invoke the function over HTTP.
Bundling
Customize how SST uses esbuild to bundle your Node.js
functions with the nodejs
property.
Or override it entirely by passing in your own function bundle
.
Constructor
Parameters
-
name
string
-
args
FunctionArgs
-
opts?
ComponentResourceOptions
FunctionArgs
architecture?
bundle?
Type Input
<
string
>
Path to the source code directory for the function. By default, the handler is
bundled with esbuild. Use bundle
to skip bundling.
If the bundle
option is specified, the handler
needs to be in the root of the bundle.
Here, the entire packages/functions/src
directory is zipped. And the handler is
in the src
directory.
concurrency?
Type Input
<
Object
>
Default No concurrency settings set
Configure the concurrency settings for the function.
concurrency.provisioned?
Type Input
<
number
>
Default No provisioned concurrency
Provisioned concurrency ensures a specific number of Lambda instances are always ready to handle requests, reducing cold start times. Enabling this will incur extra charges.
Note that versioning
needs to be enabled for provisioned concurrency.
concurrency.reserved?
Type Input
<
number
>
Default No reserved concurrency
Reserved concurrency limits the maximum number of concurrent executions for a function, ensuring critical functions always have capacity. It does not incur extra charges.
copyFiles?
Type Input
<
Object
[]
>
Add additional files to copy into the function package. Takes a list of objects
with from
and to
paths. These will be copied over before the function package
is zipped up.
Copying over a single file from the src
directory to the src/
directory of the
function package.
Copying over a single file from the src
directory to the core/src
directory in
the function package.
Copying over a couple of files.
copyFiles[].from
Type Input
<
string
>
Source path relative to the sst.config.ts
.
copyFiles[].to?
Type Input
<
string
>
Default The from
path in the function package
Destination path relative to function root in the package. By default, it
creates the same directory structure as the from
path and copies the file.
description?
Type Input
<
string
>
A description for the function. This is displayed in the AWS Console.
dev?
environment?
Type Input
<
Record
<
string
, Input
<
string
>
>
>
Key-value pairs of values that are set as Lambda environment variables. The keys need to:
- Start with a letter
- Be at least 2 characters long
- Contain only letters, numbers, or underscores
They can be accessed in your function using process.env.<key>
.
handler
Type Input
<
string
>
Path to the handler for the function with the format {file}.{method}
.
The handler path is relative to the root your repo or the sst.config.ts
.
Here there is a file called index.js
(or .ts
) in the packages/functions/src/
directory with an exported method called handler
.
If bundle
is specified, the handler needs to be in the root of the bundle directory.
layers?
Type Input
<
Input
<
string
>
[]
>
A list of Lambda layer ARNs to add to the function.
These are only added when the function is deployed. In sst dev
, your functions are run
locally, so the layers are not used. Instead you should use a local version of what’s
in the layer.
link?
Type Input
<
any
[]
>
Link resources to your function. This will:
- Grant the permissions needed to access the resources.
- Allow you to access it in your function using the SDK.
Takes a list of components to link to the function.
logging?
Type Input
<
false
|
Object
>
Default {retention: “1 month”, format: “text”}
Configure the function logs in CloudWatch. Or pass in false
to disable writing logs.
When set to false
, the function is not given permissions to write to CloudWatch.
Logs.
logging.format?
logging.logGroup?
Type Input
<
string
>
Default Creates a log group
Assigns the given CloudWatch log group name to the function. This allows you to pass in a previously created log group.
By default, the function creates a new log group when it’s created.
logging.retention?
Type Input
<
“
1 day
”
|
“
3 days
”
|
“
5 days
”
|
“
1 week
”
|
“
2 weeks
”
|
“
1 month
”
|
“
2 months
”
|
“
3 months
”
|
“
4 months
”
|
“
5 months
”
|
“
6 months
”
|
“
1 year
”
|
“
13 months
”
|
“
18 months
”
|
“
2 years
”
|
“
3 years
”
|
“
5 years
”
|
“
6 years
”
|
“
7 years
”
|
“
8 years
”
|
“
9 years
”
|
“
10 years
”
|
“
forever
”
>
Default 1 month
The duration the function logs are kept in CloudWatch.
Not application when an existing log group is provided.
memory?
Type Input
<
“
${number} MB
”
|
“
${number} GB
”
>
Default “1024 MB”
The amount of memory allocated for the function. Takes values between 128 MB and 10240 MB in 1 MB increments. The amount of memory affects the amount of virtual CPU available to the function.
name?
Type Input
<
string
>
The name for the function.
By default, the name is generated from the app name, stage name, and component name. This is displayed in the AWS Console for this function.
If you are going to set the name, you need to make sure:
- It’s unique across your app.
- Uses the app and stage name, so it doesn’t thrash when you deploy to different stages.
Also, changing the name after your’ve deployed it once will create a new function and delete the old one.
nodejs?
Type Input
<
Object
>
Configure how your function is bundled.
By default, SST will bundle your function code using esbuild. This tree shakes your code to only include what’s used; reducing the size of your function package and improving cold starts.
nodejs.banner?
Type Input
<
string
>
Use this to insert a string at the beginning of the generated JS file.
nodejs.esbuild?
Type Input
<
BuildOptions
>
This allows you to customize esbuild config that is used.
nodejs.format?
Type Input
<
“
cjs
”
|
“
esm
”
>
Default “esm”
Configure the format of the generated JS code; ESM or CommonJS.
nodejs.install?
Type Input
<
string
[]
>
Dependencies that need to be excluded from the function package.
Certain npm packages cannot be bundled using esbuild. This allows you to exclude them
from the bundle. Instead they’ll be moved into a node_modules/
directory in the
function package.
This will allow your functions to be able to use these dependencies when deployed. They
just won’t be tree shaken. You however still need to have them in your package.json
.
Esbuild will ignore them while traversing the imports in your code. So these are the package names as seen in the imports. It also works on packages that are not directly imported by your code.
nodejs.loader?
Type Input
<
Record
<
string
, Loader
>
>
Configure additional esbuild loaders for other file extensions. This is useful
when your code is importing non-JS files like .png
, .css
, etc.
nodejs.minify?
Type Input
<
boolean
>
Default true
Disable if the function code is minified when bundled.
nodejs.plugins?
Type Input
<
string
>
Point to a file that exports a list of esbuild plugins to use.
The path is relative to the location of the sst.config.ts
.
You’ll also need to install the npm package of the plugin.
nodejs.sourcemap?
Type Input
<
boolean
>
Default false
Configure if source maps are added to the function bundle when deployed. Since they
increase payload size and potentially cold starts, they are not added by default.
However, they are always generated during sst dev
.
nodejs.splitting?
Type Input
<
boolean
>
Default false
If enabled, modules that are dynamically imported will be bundled in their own files with common dependencies placed in shared chunks. This can help reduce cold starts as your function grows in size.
permissions?
Type Input
<
Object
[]
>
Permissions and the resources that the function needs to access. These permissions are used to create the function’s IAM role.
Allow the function to read and write to an S3 bucket called my-bucket
.
Allow the function to perform all actions on an S3 bucket called my-bucket
.
Granting the function permissions to access all resources.
permissions[].actions
Type string
[]
The IAM actions that can be performed.
permissions[].resources
Type Input
<
string
>
[]
The resourcess specified using the IAM ARN format.
python?
Type Input
<
Object
>
Configure your python function.
By default, SST will package all files in the same directory as the handler
file.
This means that you need to your handler file be the root of all files that need to be
included in the function package. The only exception to this is a parent pyproject.toml
file. SST will look for this file by finding the closest parent directory that contains
a pyproject.toml
file.
python.container?
Type Input
<
boolean
>
Default false
Whether to deploy the function to the container runtime. You should use this if you are deploying a function that needs native dependencies, is large, or if you need to customize some runtime configuration.
role?
Type Input
<
string
>
Default Creates a new role
Assigns the given IAM role ARN to the function. This allows you to pass in a previously created role.
By default, the function creates a new IAM role when it’s created. It’ll update this role if you add permissions
or link
resources.
However, if you pass in a role, you’ll need to update it manually if you add permissions
or link
resources.
runtime?
Type Input
<
“
nodejs18.x
”
|
“
nodejs20.x
”
|
“
nodejs22.x
”
|
“
go
”
|
“
provided.al2023
”
|
“
python3.9
”
|
“
python3.10
”
|
“
python3.11
”
|
“
python3.12
”
>
Default “nodejs20.x”
The language runtime for the function.
Currently supports Node.js and Golang functions. Python is community supported and is currently a work in progress. Other runtimes are on the roadmap.
storage?
Type Input
<
“
${number} MB
”
|
“
${number} GB
”
>
Default “512 MB”
The amount of ephemeral storage allocated for the function. This sets the ephemeral storage of the lambda function (/tmp). Must be between “512 MB” and “10240 MB” (“10 GB”) in 1 MB increments.
streaming?
Type Input
<
boolean
>
Default false
Enable streaming for the function.
Streaming is only supported when using the function url
is enabled and not when using it
with API Gateway.
You’ll also need to wrap your handler with awslambda.streamifyResponse
to enable streaming.
While sst dev
doesn’t support streaming, you can use the
lambda-stream
package to test locally.
Check out the AWS Lambda streaming example for more details.
tags?
Type Input
<
Record
<
string
, Input
<
string
>
>
>
A list of tags to add to the function.
timeout?
Type Input
<
“
${number} minute
”
|
“
${number} minutes
”
|
“
${number} second
”
|
“
${number} seconds
”
>
Default “20 seconds”
The maximum amount of time the function can run. The minimum timeout is 1 second and the maximum is 900 seconds or 15 minutes.
While the maximum timeout is 15 minutes, if a function is connected to other services, it’ll time out based on those limits. API Gateway for example has a timeout of 30 seconds. So even if the function has a timeout of 15 minutes, the API request will time out after 30 seconds.
transform?
Type Object
Transform how this component creates its underlying resources.
transform.function?
Type FunctionArgs
|
(
args
:
FunctionArgs
,
opts
:
ComponentResourceOptions
,
name
:
string
)
=>
void
Transform the Lambda Function resource.
transform.logGroup?
Type LogGroupArgs
|
(
args
:
LogGroupArgs
,
opts
:
ComponentResourceOptions
,
name
:
string
)
=>
void
Transform the CloudWatch LogGroup resource.
transform.role?
Type RoleArgs
|
(
args
:
RoleArgs
,
opts
:
ComponentResourceOptions
,
name
:
string
)
=>
void
Transform the IAM Role resource.
url?
Type Input
<
boolean
|
Object
>
-
cors?
Input
<
boolean
|
Object
>
Default false
Enable Lambda function URLs. These are dedicated endpoints for your Lambda functions.
Enable it with the default options.
Configure the authorization and CORS settings for the endpoint.
url.authorization?
Type Input
<
“
none
”
|
“
iam
”
>
Default “none”
The authorization used for the function URL. Supports IAM authorization.
url.cors?
Type Input
<
boolean
|
Object
>
Default true
Customize the CORS (Cross-origin resource sharing) settings for the function URL.
Disable CORS.
Only enable the GET
and POST
methods for https://example.com
.
url.cors.allowCredentials?
Type Input
<
boolean
>
Default false
Allow cookies or other credentials in requests to the function URL.
url.cors.allowHeaders?
Type Input
<
Input
<
string
>
[]
>
Default [”*”]
The HTTP headers that origins can include in requests to the function URL.
url.cors.allowMethods?
Type Input
<
Input
<
“
GET
”
|
“
POST
”
|
“
PUT
”
|
“
DELETE
”
|
“
HEAD
”
|
“
OPTIONS
”
|
“
PATCH
”
|
“
*
”
>
[]
>
Default [”*”]
The HTTP methods that are allowed when calling the function URL.
Or the wildcard for all methods.
url.cors.allowOrigins?
Type Input
<
Input
<
string
>
[]
>
Default [”*”]
The origins that can access the function URL.
Or the wildcard for all origins.
url.cors.exposeHeaders?
Type Input
<
Input
<
string
>
[]
>
Default []
The HTTP headers you want to expose in your function to an origin that calls the function URL.
url.cors.maxAge?
Type Input
<
“
${number} minute
”
|
“
${number} minutes
”
|
“
${number} hour
”
|
“
${number} hours
”
|
“
${number} second
”
|
“
${number} seconds
”
|
“
${number} day
”
|
“
${number} days
”
>
Default “0 seconds”
The maximum amount of time the browser can cache results of a preflight request. By
default the browser doesn’t cache the results. The maximum value is 86400 seconds
or 1 day
.
versioning?
Type Input
<
boolean
>
Default false
Enable versioning for the function.
volume?
Type Input
<
Object
>
Mount an EFS file system to the function.
Create an EFS file system.
And pass it in.
By default, the file system will be mounted to /mnt/efs
. You can change this by
passing in the path
property.
To use an existing EFS, you can pass in an EFS access point ARN.
volume.efs
Type Input
<
string
|
Efs
>
The EFS file system to mount. Or an EFS access point ARN.
volume.path?
Type Input
<
string
>
Default “/mnt/efs”
The path to mount the volume.
vpc?
Type Vpc
|
Input
<
Object
>
Configure the function to connect to private subnets in a virtual private cloud or VPC. This allows your function to access private resources.
vpc.privateSubnets
Type Input
<
Input
<
string
>
[]
>
A list of VPC subnet IDs.
vpc.securityGroups
Type Input
<
Input
<
string
>
[]
>
A list of VPC security group IDs.
Properties
arn
Type Output
<
string
>
The ARN of the Lambda function.
name
Type Output
<
string
>
The name of the Lambda function.
nodes
nodes.function
Type Output
<
Function
>
The AWS Lambda function.
nodes.logGroup
Type Output
<
undefined
|
LogGroup
>
The CloudWatch Log Group the function logs are stored.
nodes.role
Type Role
The IAM Role the function will use.
url
Type Output
<
string
>
The Lambda function URL if url
is enabled.
SDK
Use the SDK in your runtime to interact with your infrastructure.
Links
This is accessible through the Resource
object in the SDK.
-
name
string
The name of the Lambda function.
-
url
undefined
|
string
The Lambda function URL if
url
is enabled.