Amazon CloudFormation resources generated when AWS::Serverless::Function is specified - Amazon Serverless Application Model
Core function propertiesEvent sourcesEvent configuration
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon CloudFormation resources generated when AWS::Serverless::Function is specified

When an AWS::Serverless::Function is specified, Amazon Serverless Application Model (Amazon SAM) always creates an AWS::Lambda::Function base Amazon CloudFormation resource.

AWS::Lambda::Function

LogicalId: <function‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

In addition to this Amazon CloudFormation resource, when AWS::Serverless::Function is specified, Amazon SAM also generates Amazon CloudFormation resources for the following scenarios.

Core function properties

The following scenarios generate Amazon CloudFormation resources based on core function properties:

Role property is not specified

When the Role property of an AWS::Serverless::Function is not specified, Amazon SAM generates an AWS::IAM::Role Amazon CloudFormation resource.

AWS::IAM::Role

LogicalId: <function‑LogicalId>Role

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AutoPublishAlias property is specified

When the AutoPublishAlias property of an AWS::Serverless::Function is specified, Amazon SAM generates the following Amazon CloudFormation resources: AWS::Lambda::Alias and AWS::Lambda::Version.

AWS::Lambda::Alias

LogicalId: <function‑LogicalId>Alias<alias‑name>

<alias‑name> is the string that AutoPublishAlias is set to. For example, if you set AutoPublishAlias to live, the LogicalId is: MyFunctionAliaslive.

Referenceable property: <function‑LogicalId>.Alias

AWS::Lambda::Version

LogicalId: <function‑LogicalId>Version<sha>

<sha> is a unique hash value that is generated when the stack is created. For example, MyFunctionVersion926eeb5ff1.

Referenceable property: <function‑LogicalId>.Version

For additional information on the AutoPublishAlias property, see the Properties section of AWS::Serverless::Function.

DeploymentPreference property is specified

When the DeploymentPreference property of an AWS::Serverless::Function is specified, Amazon SAM generates the following resources Amazon CloudFormation resources: AWS::CodeDeploy::Application and AWS::CodeDeploy::DeploymentGroup. In addition, if the Role property of the DeploymentPreference object is not specified, Amazon SAM also generates an AWS::IAM::Role Amazon CloudFormation resource.

AWS::CodeDeploy::Application

LogicalId: ServerlessDeploymentApplication

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::CodeDeploy::DeploymentGroup

LogicalId: <function‑LogicalId>DeploymentGroup

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::IAM::Role

LogicalId: CodeDeployServiceRole

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

FunctionUrlConfig property is specified

When the FunctionUrlConfig property is specified, Amazon SAM generates different Amazon CloudFormation resources based on the AuthType.

When AuthType: NONE is specified, Amazon SAM generates the following Amazon CloudFormation resources:

AWS::Lambda::Permission (Invoke Access)

LogicalId: <function‑LogicalId>URLInvokeAllowPublicAccess

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::Lambda::Permission (Public Access)

LogicalId: <function‑LogicalId>UrlPublicPermissions

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::Lambda::Url

LogicalId: <function‑LogicalId>Url

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

When AuthType: AWS_IAM is specified, Amazon SAM generates only:

AWS::Lambda::Url

LogicalId: <function‑LogicalId>Url

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

For additional information on the FunctionUrlConfig property, see FunctionUrlConfig.

Event sources

The following scenarios generate Amazon CloudFormation resources based on event sources:

An Api event source is specified

When the Event property of an AWS::Serverless::Function is set to Api, but the RestApiId property is not specified, Amazon SAM generates the AWS::ApiGateway::RestApi Amazon CloudFormation resource.

AWS::ApiGateway::RestApi

LogicalId: ServerlessRestApi

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

An HttpApi event source is specified

When the Event property of an AWS::Serverless::Function is set to HttpApi, but the ApiId property is not specified, Amazon SAM generates the AWS::ApiGatewayV2::Api Amazon CloudFormation resource.

AWS::ApiGatewayV2::Api

LogicalId: ServerlessHttpApi

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

A streaming event source is specified

When the Event property of an AWS::Serverless::Function is set to one of the streaming types, Amazon SAM generates the AWS::Lambda::EventSourceMapping Amazon CloudFormation resource. This applies to the following types: DynamoDB, Kinesis, MQ, MSK, and SQS.

AWS::Lambda::EventSourceMapping

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

An event bridge (or event bus) event source is specified

When the Event property of an AWS::Serverless::Function is set to one of the event bridge (or event bus) types, Amazon SAM generates the AWS::Events::Rule Amazon CloudFormation resource. This applies to the following types: EventBridgeRule, Schedule, and CloudWatchEvents.

AWS::Events::Rule

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

An IotRule event source is specified

When the Event property of an AWS::Serverless::Function is set to IoTRule, Amazon SAM generates the AWS::IoT::TopicRule Amazon CloudFormation resource.

AWS::IoT::TopicRule

LogicalId: <function‑LogicalId><event‑LogicalId>

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

Event configuration

The following scenarios generate Amazon CloudFormation resources based on event configuration:

OnSuccess (or OnFailure) property is specified for Amazon SNS events

When the OnSuccess (or OnFailure) property of the DestinationConfig property of the EventInvokeConfig property of an AWS::Serverless::Function is specified, and the destination type is SNS but the destination ARN is not specified, Amazon SAM generates the following Amazon CloudFormation resources: AWS::Lambda::EventInvokeConfig and AWS::SNS::Topic.

AWS::Lambda::EventInvokeConfig

LogicalId: <function‑LogicalId>EventInvokeConfig

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::SNS::Topic

LogicalId: <function‑LogicalId>OnSuccessTopic (or <function‑LogicalId>OnFailureTopic)

Referenceable property: <function‑LogicalId>.DestinationTopic

If both OnSuccess and OnFailure are specified for an Amazon SNS event, to distinguish between the generated resources, you must use the LogicalId.

OnSuccess (or OnFailure) property is specified for Amazon SQS events

When the OnSuccess (or OnFailure) property of the DestinationConfig property of the EventInvokeConfig property of an AWS::Serverless::Function is specified, and the destination type is SQS but the destination ARN is not specified, Amazon SAM generates the following Amazon CloudFormation resources: AWS::Lambda::EventInvokeConfig and AWS::SQS::Queue.

AWS::Lambda::EventInvokeConfig

LogicalId: <function‑LogicalId>EventInvokeConfig

Referenceable property: N/A (you must use the LogicalId to reference this Amazon CloudFormation resource)

AWS::SQS::Queue

LogicalId: <function‑LogicalId>OnSuccessQueue (or <function‑LogicalId>OnFailureQueue)

Referenceable property: <function‑LogicalId>.DestinationQueue

If both OnSuccess and OnFailure are specified for an Amazon SQS event, to distinguish between the generated resources, you must use the LogicalId.