Function
Reference doc for the `sst.aws.Function` component.
The Function component lets you add serverless functions to your app.
It uses AWS Lambda.
Minimal example
Pass in the path to your handler function.
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler"});Set additional config
Pass in additional Lambda config.
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler", timeout: "3 minutes", memory: "1024 MB"});Link resources
Link resources to the function. This will grant permissions to the resources and allow you to access it in your handler.
const bucket = new sst.aws.Bucket("MyBucket");
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler", link: [bucket]});You can use the SDK to access the linked resources in your handler.
import { Resource } from "sst";
console.log(Resource.MyBucket.name);Set environment variables
Set environment variables for the function. Available in your handler as process.env.
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler", environment: { DEBUG: "true" }});Enable function URLs
Enable function URLs to invoke the function over HTTP.
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler", url: true});Bundling
Customize how SST uses esbuild to bundle your worker code with the nodejs property.
new sst.aws.Function("MyFunction", { handler: "src/lambda.handler", nodejs: { install: ["pg"] }});Or override it entirely by passing in your own function bundle.
Constructor
new Function(name, args, opts?)Parameters
-
namestring -
argsFunctionArgs -
opts?ComponentResourceOptions
FunctionArgs
architecture?
Type Input<“x86_64” | “arm64”>
Default “x86_64”
The architecture of the Lambda function.
{ architecture: "arm64"}bundle?
Type Input<string>
Path to the source code directory for the function. By default, the handler is
bundled with esbuild. Use bundle to skip bundling.
If the bundle option is specified, the handler needs to be in the root of the bundle.
Here, the entire packages/functions/src directory is zipped. And the handler is
in the src directory.
{ bundle: "packages/functions/src", handler: "index.handler"}copyFiles?
Type Input<Object[]>
Add additional files to copy into the function package. Takes a list of objects
with from and to paths. These will be copied over before the function package
is zipped up.
Copying over a single file from the src directory to the src/ directory of the
function package.
{ copyFiles: [{ from: "src/index.js" }]}Copying over a single file from the src directory to the core/src directory in
the function package.
{ copyFiles: [{ from: "src/index.js", to: "core/src/index.js" }]}Copying over a couple of files.
{ copyFiles: [ { from: "src/this.js", to: "core/src/this.js" }, { from: "src/that.js", to: "core/src/that.js" } ]}copyFiles[].from
Type Input<string>
Source path relative to the sst.config.ts.
copyFiles[].to?
Type Input<string>
Default The from path in the function package
Destination path relative to function root in the package. By default, it
creates the same directory structure as the from path and copies the file.
description?
Type Input<string>
A description for the function. This is displayed in the AWS Console.
{ description: "Handler function for my nightly cron job."}environment?
Type Input<Record<string, Input<string>>>
Key-value pairs of values that are set as Lambda environment variables. The keys need to:
- Start with a letter
- Be at least 2 characters long
- Contain only letters, numbers, or underscores
They can be accessed in your function using process.env.<key>.
{ environment: { DEBUG: "true" }}handler
Type Input<string>
Path to the handler for the function with the format {file}.{method}.
The handler path is relative to the root your repo or the sst.config.ts.
Here there is a file called index.js (or .ts) in the packages/functions/src/
directory with an exported method called handler.
{ handler: "packages/functions/src/index.handler"}If bundle is specified, the handler needs to be in the root of the bundle directory.
{ bundle: "packages/functions/src", handler: "index.handler"}layers?
Type Input<Input<string>[]>
A list of Lambda layer ARNs to add to the function.
{ layers: ["arn:aws:lambda:us-east-1:123456789012:layer:my-layer:1"]}link?
Type Input<any[]>
Link resources to your function. This will:
- Grant the permissions needed to access the resources.
- Allow you to access it in your site using the SDK.
Takes a list of components to link to the function.
{ link: [bucket, stripeKey]}live?
logging?
Type Input<Object>
Default {retention: “forever”}
Configure the function logs in CloudWatch.
{ logging: { retention: "1 week" }}logging.retention?
Type Input<“1 day” | “3 days” | “5 days” | “1 week” | “2 weeks” | “1 month” | “2 months” | “3 months” | “4 months” | “5 months” | “6 months” | “1 year” | “13 months” | “18 months” | “2 years” | “3 years” | “5 years” | “6 years” | “7 years” | “8 years” | “9 years” | “10 years” | “forever”>
Default forever
The duration the function logs are kept in CloudWatch.
memory?
Type Input<“${number} MB” | “${number} GB”>
Default “1024 MB”
The amount of memory allocated for the function. Takes values between 128 MB and 10240 MB in 1 MB increments. The amount of memory affects the amount of virtual CPU available to the function.
{ memory: "10240 MB"}nodejs?
Type Input<Object>
Configure how your function is bundled.
By default, SST will bundle your function code using esbuild. This tree shakes your code to only include what’s used; reducing the size of your function package and improving cold starts.
nodejs.banner?
Type Input<string>
Use this to insert a string at the beginning of the generated JS file.
{ nodejs: { banner: "console.log('Function starting')" }}nodejs.esbuild?
Type Input<BuildOptions>
This allows you to customize esbuild config that is used.
nodejs.format?
Type Input<“cjs” | “esm”>
Default “esm”
Configure the format of the generated JS code; ESM or CommonJS.
{ nodejs: { format: "cjs" }}nodejs.install?
Type Input<string[]>
Dependencies that need to be excluded from the function package.
Certain npm packages cannot be bundled using esbuild. This allows you to exclude them
from the bundle. Instead they’ll be moved into a node_modules/ directory in the
function package.
This will allow your functions to be able to use these dependencies when deployed. They
just won’t be tree shaken. You however still need to have them in your package.json.
Esbuild will ignore them while traversing the imports in your code. So these are the package names as seen in the imports. It also works on packages that are not directly imported by your code.
{ nodejs: { install: ["pg"] }}nodejs.loader?
Type Input<Record<string, Loader>>
Configure additional esbuild loaders for other file extensions. This is useful
when your code is importing non-JS files like .png, .css, etc.
{ nodejs: { loader: { ".png": "file" } }}nodejs.minify?
Type Input<boolean>
Default true
Enable or disable if the function code is minified when bundled.
{ nodejs: { minify: false }}nodejs.sourcemap?
Type Input<boolean>
Default false
Configure if source maps are added to the function bundle for production. Since they
increase payload size and potentially cold starts, they are not added by default.
However, they are always generated during sst dev.
{ nodejs: { sourcemap: true }}nodejs.splitting?
Type Input<boolean>
Default false
If enabled, modules that are dynamically imported will be bundled in their own files with common dependencies placed in shared chunks. This can help reduce cold starts as your function grows in size.
{ nodejs: { splitting: true }}permissions?
Type Input<Object[]>
Permissions and the resources that the function needs to access. These permissions are used to create the function’s IAM role.
Allow the function to read and write to an S3 bucket called my-bucket.
{ permissions: [ { actions: ["s3:GetObject", "s3:PutObject"], resources: ["arn:aws:s3:::my-bucket/*"] }, ]}Allow the function to perform all actions on an S3 bucket called my-bucket.
{ permissions: [ { actions: ["s3:*"], resources: ["arn:aws:s3:::my-bucket/*"] }, ]}Granting the function permissions to access all resources.
{ permissions: [ { actions: ["*"], resources: ["*"] }, ]}permissions[].actions
permissions[].resources
Type Input<string>[]
The resourcess specified using the IAM ARN format.
{ resources: ["arn:aws:s3:::my-bucket/*"]}role?
Type Input<string>
Default Creates a new role
Assigns the given IAM role ARN to the function. This allows you to pass in a previously created role.
By default, the function creates a new IAM role when it’s created. It’ll update this role if you add permissions or link resources.
However, if you pass in a role, you’ll need to update it manually if you add permissions or link resources.
{ role: "arn:aws:iam::123456789012:role/my-role"}runtime?
Type Input<“nodejs18.x” | “nodejs20.x” | “provided.al2023”>
Default “nodejs20.x”
The runtime environment for the function. Support for other runtimes is on our roadmap.
{ runtime: "nodejs18.x"}streaming?
Type Input<boolean>
Default false
Enable streaming for the function. Stream is only supported when using the function
url and not when using it with API Gateway.
{ streaming: true}timeout?
Type Input<“${number} second” | “${number} seconds” | “${number} minute” | “${number} minutes”>
Default “20 seconds”
The maximum amount of time the function can run. The minimum timeout is 1 second and the maximum is 900 seconds or 15 minutes.
While the maximum timeout is 15 minutes, if a function is connected to other services, it’ll time out based on those limits. API Gateway for example has a timeout of 30 seconds. So even if the function has a timeout of 15 minutes, the API request will time out after 30 seconds.
{ timeout: "900 seconds"}transform?
Type Object
Transform how this component creates its underlying resources.
transform.function?
Type FunctionArgs | (args: FunctionArgs => void)
Transform the Lambda Function resource.
transform.logGroup?
Type LogGroupArgs | (args: LogGroupArgs => void)
Transform the CloudWatch LogGroup resource.
transform.role?
url?
Type Input<boolean | Object>
-
cors?Input<boolean|Object>
Default false
Enable Lambda function URLs. These are dedicated endpoints for your Lambda functions.
Enable it with the default options.
{ url: true}Enable it and configure the options.
{ url: { authorization: "iam", cors: { allowedOrigins: ['https://example.com'] } }}url.authorization?
Type Input<“none” | “iam”>
Default “none”
The authorization used for the function URL. Supports IAM authorization.
{ url: { authorization: "iam" }}url.cors?
Type Input<boolean | Object>
Default true
Customize the CORS (Cross-origin resource sharing) settings for the function URL.
Disable CORS.
{ url: { cors: true }}Only enable the GET and POST methods for https://example.com.
{ url: { cors: { allowedMethods: ["GET", "POST"], allowedOrigins: ["https://example.com"] } }}url.cors.allowCredentials?
Type Input<boolean>
Default false
Allow cookies or other credentials in requests to the function URL.
{ url: { cors: { allowCredentials: true } }}url.cors.allowHeaders?
Type Input<Input<string>[]>
Default [”*“]
The HTTP headers that origins can include in requests to the function URL.
{ url: { cors: { allowHeaders: ["date", "keep-alive", "x-custom-header"] } }}url.cors.allowMethods?
Type Input<Input<“DELETE” | “GET” | “HEAD” | “OPTIONS” | “PATCH” | “POST” | “PUT” | “*”>[]>
Default [”*“]
The HTTP methods that are allowed when calling the function URL.
{ url: { cors: { allowMethods: ["GET", "POST", "DELETE"] } }}Or the wildcard for all methods.
{ url: { cors: { allowMethods: ["*"] } }}url.cors.allowOrigins?
Type Input<Input<string>[]>
Default [”*“]
The origins that can access the function URL.
{ url: { cors: { allowOrigins: ["https://www.example.com", "http://localhost:60905"] } }}Or the wildcard for all origins.
{ url: { cors: { allowOrigins: ["*"] } }}url.cors.exposeHeaders?
Type Input<Input<string>[]>
Default []
The HTTP headers you want to expose in your function to an origin that calls the function URL.
{ url: { cors: { exposeHeaders: ["date", "keep-alive", "x-custom-header"] } }}url.cors.maxAge?
Type Input<“${number} second” | “${number} seconds” | “${number} minute” | “${number} minutes” | “${number} hour” | “${number} hours” | “${number} day” | “${number} days”>
Default “0 seconds”
The maximum amount of time the browser can cache results of a preflight request. By
default the browser doesn’t cache the results. The maximum value is 86400 seconds or 1 day.
{ url: { cors: { maxAge: "1 day" } }}vpc?
Type Input<Object>
Configure the function to connect to private subnets in a virtual private cloud or VPC. This allows your function to access private resources.
{ vpc: { securityGroups: ["sg-0399348378a4c256c"], subnets: ["subnet-0b6a2b73896dc8c4c", "subnet-021389ebee680c2f0"] }}vpc.securityGroups
Type Input<Input<string>[]>
A list of VPC security group IDs.
vpc.subnets
Type Input<Input<string>[]>
A list of VPC subnet IDs.
Properties
arn
Type Output<string>
The ARN of the Lambda function.
name
Type Output<string>
The name of the Lambda function.
nodes
nodes.function
Type Output<Function>
The AWS Lambda function.
nodes.logGroup
Type LogGroup
The CloudWatch Log Group the function logs are stored.
nodes.role
Type Role
The IAM Role the function will use.
url
Type Output<string>
The Lambda function URL if url is enabled.
SDK
The following are accessible through the SDK at runtime.
name
Type string
The name of the Lambda function.
url
Type undefined | string
The Lambda function URL if url is enabled.