Package software.amazon.awscdk.customresources

Interface ProviderProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
ProviderProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-20T23:37:32.306Z") @Stability(Stable) public interface ProviderProps extends software.amazon.jsii.JsiiSerializable
Initialization properties for the Provider construct.

Example: 

 // Create custom resource handler entrypoint
 Function handler = Function.Builder.create(this, "my-handler")
         .runtime(Runtime.NODEJS_20_X)
         .handler("index.handler")
         .code(Code.fromInline("\n  exports.handler = async (event, context) => {\n    return {\n      PhysicalResourceId: '1234',\n      NoEcho: true,\n      Data: {\n        mySecret: 'secret-value',\n        hello: 'world',\n        ghToken: 'gho_xxxxxxx',\n      },\n    };\n  };"))
         .build();
 // Provision a custom resource provider framework
 Provider provider = Provider.Builder.create(this, "my-provider")
         .onEventHandler(handler)
         .build();
 CustomResource.Builder.create(this, "my-cr")
         .serviceToken(provider.getServiceToken())
         .build();

  • Method Details

    • getOnEventHandler

      @Stability(Stable) @NotNull IFunction getOnEventHandler()
      The AWS Lambda function to invoke for all resource lifecycle operations (CREATE/UPDATE/DELETE).

      This function is responsible to begin the requested resource operation (CREATE/UPDATE/DELETE) and return any additional properties to add to the event, which will later be passed to isComplete. The PhysicalResourceId property must be included in the response.

    • getDisableWaiterStateMachineLogging

      @Stability(Stable) @Nullable default Boolean getDisableWaiterStateMachineLogging()
      Whether logging for the waiter state machine is disabled.

      Default: - true

    • getFrameworkCompleteAndTimeoutRole

      @Stability(Stable) @Nullable default IRole getFrameworkCompleteAndTimeoutRole()
      Lambda execution role for provider framework's isComplete/onTimeout Lambda function.

      Note that this role must be assumed by the 'lambda.amazonaws.com' service principal. To prevent circular dependency problem in the provider framework, please ensure you specify a different IAM Role for 'frameworkCompleteAndTimeoutRole' from 'frameworkOnEventRole'.

      This property cannot be used with 'role' property

      Default: - A default role will be created.

    • getFrameworkLambdaLoggingLevel

      @Stability(Stable) @Nullable default ApplicationLogLevel getFrameworkLambdaLoggingLevel()
      Log level of the provider framework lambda.

      Default: true - Logging is disabled by default

    • getFrameworkOnEventRole

      @Stability(Stable) @Nullable default IRole getFrameworkOnEventRole()
      Lambda execution role for provider framework's onEvent Lambda function.

      Note that this role must be assumed by the 'lambda.amazonaws.com' service principal.

      This property cannot be used with 'role' property

      Default: - A default role will be created.

    • getIsCompleteHandler

      @Stability(Stable) @Nullable default IFunction getIsCompleteHandler()
      The AWS Lambda function to invoke in order to determine if the operation is complete.

      This function will be called immediately after onEvent and then periodically based on the configured query interval as long as it returns false. If the function still returns false and the alloted timeout has passed, the operation will fail.

      Default: - provider is synchronous. This means that the `onEvent` handler is expected to finish all lifecycle operations within the initial invocation.

    • getLogGroup

      @Stability(Stable) @Nullable default ILogGroup getLogGroup()
      The Log Group used for logging of events emitted by the custom resource's lambda function.

      Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

      Default: - a default log group created by AWS Lambda

    • getLogRetention

      @Stability(Stable) @Nullable default RetentionDays getLogRetention()
      The number of days framework log events are kept in CloudWatch Logs.

      When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

      This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

      Default: logs.RetentionDays.INFINITE

    • getProviderFunctionEnvEncryption

      @Stability(Stable) @Nullable default IKeyRef getProviderFunctionEnvEncryption()
      AWS KMS key used to encrypt provider lambda's environment variables.

      Default: - AWS Lambda creates and uses an AWS managed customer master key (CMK)

    • getProviderFunctionName

      @Stability(Stable) @Nullable default String getProviderFunctionName()
      Provider Lambda name.

      The provider lambda function name.

      Default: - CloudFormation default name from unique physical ID

    • getQueryInterval

      @Stability(Stable) @Nullable default Duration getQueryInterval()
      Time between calls to the isComplete handler which determines if the resource has been stabilized.

      The first isComplete will be called immediately after handler and then every queryInterval seconds, and until timeout has been reached or until isComplete returns true.

      Default: Duration.seconds(5)

    • getRole

      @Stability(Deprecated) @Deprecated @Nullable default IRole getRole()
      Deprecated.
      • Use frameworkOnEventRole, frameworkCompleteAndTimeoutRole
      (deprecated) AWS Lambda execution role.

      The role is shared by provider framework's onEvent, isComplete lambda, and onTimeout Lambda functions. This role will be assumed by the AWS Lambda, so it must be assumable by the 'lambda.amazonaws.com' service principal.

      Default: - A default role will be created.

    • getSecurityGroups

      @Stability(Stable) @Nullable default List<ISecurityGroup> getSecurityGroups()
      Security groups to attach to the provider functions.

      Only used if 'vpc' is supplied

      Default: - If `vpc` is not supplied, no security groups are attached. Otherwise, a dedicated security group is created for each function.

    • getTotalTimeout

      @Stability(Stable) @Nullable default Duration getTotalTimeout()
      Total timeout for the entire operation.

      The maximum timeout is 1 hour (yes, it can exceed the AWS Lambda 15 minutes)

      Default: Duration.minutes(30)

    • getVpc

      @Stability(Stable) @Nullable default IVpc getVpc()
      The vpc to provision the lambda functions in.

      Default: - functions are not provisioned inside a vpc.

    • getVpcSubnets

      @Stability(Stable) @Nullable default SubnetSelection getVpcSubnets()
      Which subnets from the VPC to place the lambda functions in.

      Only used if 'vpc' is supplied. Note: internet access for Lambdas requires a NAT gateway, so picking Public subnets is not allowed.

      Default: - the Vpc default strategy if not specified

    • getWaiterStateMachineLogOptions

      @Stability(Stable) @Nullable default LogOptions getWaiterStateMachineLogOptions()
      Defines what execution history events of the waiter state machine are logged and where they are logged.

      Default: - A default log group will be created if logging for the waiter state machine is enabled.

    • builder

      @Stability(Stable) static ProviderProps.Builder builder()
      Returns:
      a ProviderProps.Builder of ProviderProps