Lambda Functions

Complete Lambda function support with all configurations and best practices

Overview

sls.tf provides comprehensive support for AWS Lambda functions, automatically converting your Serverless Framework function definitions into production-ready Terraform resources. All Lambda configurations are supported, including runtime settings, environment variables, VPC networking, and advanced features like layers and concurrency controls.

Basic Function Definition

Define Lambda functions in your serverless.yml configuration:

Simple function

service: my-api
provider:
  name: aws
  runtime: nodejs18.x

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: get

Generated Terraform resources

# Lambda function
resource "aws_lambda_function" "hello" {
  function_name = "my-api-production-hello"
  role         = aws_iam_role.lambda_exec.arn
  handler      = "handler.hello"
  runtime      = "nodejs18.x"

  filename         = "hello.zip"
  source_code_hash = data.archive_file.hello.output_base64sha256

  environment {
    variables = {
      STAGE = "production"
    }
  }
}

Advanced Configuration

Configure advanced Lambda function settings:

Advanced function configuration

functions:
  api:
    handler: dist/index.handler
    description: "Main API handler"
    memorySize: 512
    timeout: 30
    runtime: nodejs18.x

    # Environment variables
    environment:
      NODE_ENV: production
      DATABASE_URL: ${ssm:/my-app/database-url~true}
      LOG_LEVEL: info

    # VPC configuration
    vpc:
      subnetIds:
        - subnet-12345
        - subnet-67890
      securityGroupIds:
        - sg-12345

    # Lambda layers
    layers:
      - arn:aws:lambda:us-east-1:123456789:layer:shared-libraries:1

    # Concurrency settings
    reservedConcurrencyLimit: 10
    provisionedConcurrency: 5

    # Dead Letter Queue
    deadLetterArn: arn:aws:sqs:us-east-1:123456789:queue/dead-letter-queue

    # Tracing
    tracing: Active

    # Tags
    tags:
      Team: Backend
      CostCenter: engineering

Event Sources

sls.tf supports all Lambda event sources:

HTTP API Gateway

functions:
  api:
    handler: handler.api
    events:
      - http:
          path: /api/{proxy+}
          method: ANY
          cors: true

S3 events

functions:
  processImage:
    handler: image.process
    events:
      - s3:
          bucket: my-bucket
          event: s3:ObjectCreated:*
          existing: true

DynamoDB streams

functions:
  processData:
    handler: data.process
    events:
      - stream:
          type: dynamodb
          arn: arn:aws:dynamodb:us-east-1:123456789:table/my-table/stream
          batchSize: 100
          startingPosition: LATEST

Schedule events

functions:
  cleanup:
    handler: cleanup.run
    events:
      - schedule:
          rate: rate(1 day)
          enabled: true
          input:
            cleanup_type: "logs"

SNS topics

functions:
  handleNotification:
    handler: notification.handle
    events:
      - sns:
          topicName: my-topic
          displayName: "My notification topic"

SQS queues

functions:
  processMessage:
    handler: message.process
    events:
      - sqs:
          arn: arn:aws:sqs:us-east-1:123456789:queue/my-queue
          batchSize: 10

Runtime Support

sls.tf supports all AWS Lambda runtimes:

  • Node.js: nodejs14.x, nodejs16.x, nodejs18.x, nodejs20.x
  • Python: python3.8, python3.9, python3.10, python3.11, python3.12
  • Java: java8.al2, java11, java17, java21
  • Go: go1.x
  • Ruby: ruby2.7, ruby3.2
  • .NET: dotnet6, dotnet7, dotnet8
  • Custom runtimes: provided.al2, provided

Security Best Practices

sls.tf implements security best practices for Lambda functions:

  • Principle of least privilege: IAM roles with minimal required permissions
  • VPC isolation: Network isolation for sensitive functions
  • Environment variable encryption: Automatic encryption of sensitive variables
  • Resource policies: Proper resource-based policies for cross-account access
  • VPC endpoints: Secure access to AWS services without internet access

Performance Optimization

Performance optimization features:

  • Provisioned Concurrency: Keep functions warm and reduce cold starts
  • Reserved Concurrency: Limit concurrent executions
  • Memory optimization: Automatic memory sizing recommendations
  • Layer optimization: Shared dependencies across functions

Performance configuration

functions:
  optimizedFunction:
    handler: optimized.handler
    memorySize: 1024
    timeout: 60
    reservedConcurrencyLimit: 20
    provisionedConcurrency: 5
    layers:
      - arn:aws:lambda:us-east-1:123456789:layer:shared-dependencies:3
    package:
      individually: true
      patterns:
        - '!node_modules/**'
        - 'node_modules/required-package/**'