Class ProviderProps
Initialization properties for the Provider construct.
Implements
Inherited Members
Namespace: Amazon.CDK.CustomResources
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ProviderProps : IProviderPropsSyntax (vb)
Public Class ProviderProps Implements IProviderPropsRemarks
ExampleMetadata: infused
Examples
// Create custom resource handler entrypoint
var handler = new Function(this, "my-handler", new FunctionProps {
Runtime = Runtime.NODEJS_20_X,
Handler = "index.handler",
Code = Code.FromInline(@"
exports.handler = async (event, context) => {
return {
PhysicalResourceId: '1234',
NoEcho: true,
Data: {
mySecret: 'secret-value',
hello: 'world',
ghToken: 'gho_xxxxxxx',
},
};
};")
});
// Provision a custom resource provider framework
var provider = new Provider(this, "my-provider", new ProviderProps {
OnEventHandler = handler
});
new CustomResource(this, "my-cr", new CustomResourceProps {
ServiceToken = provider.ServiceToken
});Synopsis
Constructors
| ProviderProps() | Initialization properties for the |
Properties
| DisableWaiterStateMachineLogging | Whether logging for the waiter state machine is disabled. |
| FrameworkCompleteAndTimeoutRole | Lambda execution role for provider framework's isComplete/onTimeout Lambda function. |
| FrameworkLambdaLoggingLevel | Log level of the provider framework lambda. |
| FrameworkOnEventRole | Lambda execution role for provider framework's onEvent Lambda function. |
| IsCompleteHandler | The AWS Lambda function to invoke in order to determine if the operation is complete. |
| LogGroup | The Log Group used for logging of events emitted by the custom resource's lambda function. |
| LogRetention | The number of days framework log events are kept in CloudWatch Logs. |
| OnEventHandler | The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE). |
| ProviderFunctionEnvEncryption | AWS KMS key used to encrypt provider lambda's environment variables. |
| ProviderFunctionName | Provider Lambda name. |
| QueryInterval | Time between calls to the |
| Role | (deprecated) AWS Lambda execution role. |
| SecurityGroups | Security groups to attach to the provider functions. |
| TotalTimeout | Total timeout for the entire operation. |
| Vpc | The vpc to provision the lambda functions in. |
| VpcSubnets | Which subnets from the VPC to place the lambda functions in. |
| WaiterStateMachineLogOptions | Defines what execution history events of the waiter state machine are logged and where they are logged. |
Constructors
ProviderProps()
Initialization properties for the Provider construct.
public ProviderProps()Remarks
ExampleMetadata: infused
Examples
// Create custom resource handler entrypoint
var handler = new Function(this, "my-handler", new FunctionProps {
Runtime = Runtime.NODEJS_20_X,
Handler = "index.handler",
Code = Code.FromInline(@"
exports.handler = async (event, context) => {
return {
PhysicalResourceId: '1234',
NoEcho: true,
Data: {
mySecret: 'secret-value',
hello: 'world',
ghToken: 'gho_xxxxxxx',
},
};
};")
});
// Provision a custom resource provider framework
var provider = new Provider(this, "my-provider", new ProviderProps {
OnEventHandler = handler
});
new CustomResource(this, "my-cr", new CustomResourceProps {
ServiceToken = provider.ServiceToken
});Properties
DisableWaiterStateMachineLogging
Whether logging for the waiter state machine is disabled.
public bool? DisableWaiterStateMachineLogging { get; set; }Property Value
bool?
Remarks
Default: - true
FrameworkCompleteAndTimeoutRole
Lambda execution role for provider framework's isComplete/onTimeout Lambda function.
public IRole? FrameworkCompleteAndTimeoutRole { get; set; }Property Value
Remarks
Note that this role must be assumed by the 'lambda.amazonaws.com' service principal. To prevent circular dependency problem in the provider framework, please ensure you specify a different IAM Role for 'frameworkCompleteAndTimeoutRole' from 'frameworkOnEventRole'.
This property cannot be used with 'role' property
Default: - A default role will be created.
FrameworkLambdaLoggingLevel
Log level of the provider framework lambda.
public ApplicationLogLevel? FrameworkLambdaLoggingLevel { get; set; }Property Value
Remarks
Default: true - Logging is disabled by default
FrameworkOnEventRole
Lambda execution role for provider framework's onEvent Lambda function.
public IRole? FrameworkOnEventRole { get; set; }Property Value
Remarks
Note that this role must be assumed by the 'lambda.amazonaws.com' service principal.
This property cannot be used with 'role' property
Default: - A default role will be created.
IsCompleteHandler
The AWS Lambda function to invoke in order to determine if the operation is complete.
public IFunction? IsCompleteHandler { get; set; }Property Value
Remarks
This function will be called immediately after onEvent and then
periodically based on the configured query interval as long as it returns
false. If the function still returns false and the alloted timeout has
passed, the operation will fail.
Default: - provider is synchronous. This means that the onEvent handler
is expected to finish all lifecycle operations within the initial invocation.
LogGroup
The Log Group used for logging of events emitted by the custom resource's lambda function.
public ILogGroup? LogGroup { get; set; }Property Value
Remarks
Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.
Default: - a default log group created by AWS Lambda
LogRetention
The number of days framework log events are kept in CloudWatch Logs.
public RetentionDays? LogRetention { get; set; }Property Value
Remarks
When
updating this property, unsetting it doesn't remove the log retention policy.
To remove the retention policy, set the value to INFINITE.
This is a legacy API and we strongly recommend you migrate to logGroup if you can.
logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.
Default: logs.RetentionDays.INFINITE
OnEventHandler
The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE).
public IFunction OnEventHandler { get; set; }Property Value
Remarks
This function is responsible to begin the requested resource operation
(CREATE/UPDATE/DELETE) and return any additional properties to add to the
event, which will later be passed to isComplete. The PhysicalResourceId
property must be included in the response.
ProviderFunctionEnvEncryption
AWS KMS key used to encrypt provider lambda's environment variables.
public IKey? ProviderFunctionEnvEncryption { get; set; }Property Value
Remarks
Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK)
ProviderFunctionName
Provider Lambda name.
public string? ProviderFunctionName { get; set; }Property Value
Remarks
The provider lambda function name.
Default: - CloudFormation default name from unique physical ID
QueryInterval
Time between calls to the isComplete handler which determines if the resource has been stabilized.
public Duration? QueryInterval { get; set; }Property Value
Remarks
The first isComplete will be called immediately after handler and then
every queryInterval seconds, and until timeout has been reached or until
isComplete returns true.
Default: Duration.seconds(5)
Role
(deprecated) AWS Lambda execution role.
[Obsolete("- Use frameworkOnEventLambdaRole, frameworkIsCompleteLambdaRole, frameworkOnTimeoutLambdaRole")]
public IRole? Role { get; set; }Property Value
Remarks
The role is shared by provider framework's onEvent, isComplete lambda, and onTimeout Lambda functions. This role will be assumed by the AWS Lambda, so it must be assumable by the 'lambda.amazonaws.com' service principal.
Default: - A default role will be created.
Stability: Deprecated
SecurityGroups
Security groups to attach to the provider functions.
public ISecurityGroup[]? SecurityGroups { get; set; }Property Value
Remarks
Only used if 'vpc' is supplied
Default: - If vpc is not supplied, no security groups are attached. Otherwise, a dedicated security
group is created for each function.
TotalTimeout
Total timeout for the entire operation.
public Duration? TotalTimeout { get; set; }Property Value
Remarks
The maximum timeout is 1 hour (yes, it can exceed the AWS Lambda 15 minutes)
Default: Duration.minutes(30)
Vpc
The vpc to provision the lambda functions in.
public IVpc? Vpc { get; set; }Property Value
Remarks
Default: - functions are not provisioned inside a vpc.
VpcSubnets
Which subnets from the VPC to place the lambda functions in.
public ISubnetSelection? VpcSubnets { get; set; }Property Value
Remarks
Only used if 'vpc' is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.
Default: - the Vpc default strategy if not specified
WaiterStateMachineLogOptions
Defines what execution history events of the waiter state machine are logged and where they are logged.
public ILogOptions? WaiterStateMachineLogOptions { get; set; }Property Value
Remarks
Default: - A default log group will be created if logging for the waiter state machine is enabled.