export const meta = {
  title: `Overview`,
  description: `Use Amplify CLI to add powerful Lambda functions to your cloud-based mobile and web app with a simple guided workflow.`,
};

## Set up a function

You can add a Lambda function to your project which you can use alongside a REST API or as a datasource in your GraphQL API using the [`@function` directive](/cli/graphql/custom-business-logic#lambda-function-resolver).

```bash
amplify add function
```

```console
? Select which capability you want to add: Lambda function (serverless function)
? Provide a friendly name for your resource to be used as a label for this category in the project: lambdafunction
? Provide the AWS Lambda function name: lambdafunction
? Choose the runtime that you want to use: NodeJS
? Choose the function template that you want to use: (Use arrow keys)
❯ Hello world function
  CRUD function for Amazon DynamoDB table (Integration with Amazon API Gateway and Amazon DynamoDB)
  Serverless express function (Integration with Amazon API Gateway)
```

## Function templates

- The `Hello World function` will create a basic hello world Lambda function
- The `CRUD function for Amazon DynamoDB table (Integration with Amazon API Gateway and Amazon DynamoDB)` function will add a predefined [serverless-express](https://github.com/awslabs/aws-serverless-express) Lambda function template for CRUD operations to DynamoDB tables (which you can create by following the CLI prompts or use the tables which you've already configured using the `amplify add storage` command)
- The `Serverless express function (Integration with Amazon API Gateway)` will add a predefined [serverless-express](https://github.com/awslabs/aws-serverless-express) Lambda function template with routing enabled for your REST API paths.

You can update the Lambda execution role policies for your function to access other resources generated and maintained by the CLI using the CLI.

```console
$ amplify update function
Please select the Lambda Function you would want to update: lambdafunction
? Which setting do you want to update? Resource access permissions
? Select the category (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◉ api
 ◯ function
 ◯ storage
 ◯ auth
? Select the operations you want to permit on <YOUR_API_NAME> (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◉ Query
 ◯ Mutation
 ◯ Subscription

You can access the following resource attributes as environment variables from your Lambda function
	API_<YOUR_API_NAME>_GRAPHQLAPIENDPOINTOUTPUT
	API_<YOUR_API_NAME>_GRAPHQLAPIIDOUTPUT
	API_<YOUR_API_NAME>_GRAPHQLAPIKEYOUTPUT
```

Behind the scenes, the CLI automates populating of the resource identifiers for the selected resources as Lambda environment variables which you will see in your function code as well. This process additionally configures CRUD level IAM policies on the Lambda execution role to access these resources from the Lambda function. For instance, you might grant permissions to your Lambda function to read/write to a DynamoDB table in the Amplify project by using the above flow and the appropriate IAM policy would be set on that Lambda function's execution policy which is scoped to that table only.

## Supported Lambda runtimes

Amplify CLI enables you to create, test and deploy Lambda functions with the following runtimes:

|Runtime|Default Version|Requirements|
|-------|-----------------|------------|
|NodeJS |14.x|- Install [NodeJS](https://nodejs.org/en/)|
|Java   |11|- Install [Java 11 JDK](https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html) and [Gradle 5+](https://docs.gradle.org/current/userguide/installation.html)|
|Go     |1.x|- Install [Go](https://golang.org/doc/install)|
|.NET Core|3.1|- Install [.NET Core SDK](https://docs.microsoft.com/en-us/dotnet/core/install/sdk)|
|Python |3.8.x|- Install [python3](https://www.python.org/downloads/) and [pipenv](https://pypi.org/project/pipenv/) <br/> - Ensure `python3` and `pipenv` commands are available in your `PATH`|


In order to create and test Lambda functions locally, you need to have the runtime's requirements (table above) fulfilled. You'll be asked to `Choose the runtime you would like to use:` when running `amplify add function`.

Once a runtime is selected, you can select a function template for the runtime to help bootstrap your Lambda function.

## Access existing AWS resource from Lambda Function

You can grant your Lambda function  access to your existing resources. After running `amplify add function`, the CLI generates a `custom-policies.json` file under the folder `amplify/backend/function/<function-name>/`. The file is where you can specify the [resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html) and [actions](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html) that grant Lambda Function access to the specified AWS resources.


### File Structure

```json
[
    {
        "Action": ["s3:CreateBucket"],
        "Resource": ["arn:aws:s3:::*"]
    }
]
```

**Action:** Specify the actions that are required to be granted to your AWS resource. Wild characters ‘*’ is accepted. 

**Resource**: Specify resources that the AWS resource needs access. The resource accepts multiple Arns for a service and wild card character ‘*’ is accepted.


> Note: Specifying resource or action as ‘*’ is not recommended as best practice. This gives the Amplify function resource Administrative privileges which should be avoided.


If your Amplify resource requires access to multiple AWS services and resources, create another block to grant access to the additional services and resources. 

```json
[
    {
        "Action": ["s3:CreateBucket"],
        "Resource": ["arn:aws:s3:::*"]
    },
    {
        "Action": ["iam:GetPolicy"],
        "Resource": ["arn:aws:iam:::policy/*"]
    }
]
```


Optionally, the `Effect` field can be specified to use ‘Allow’ or ‘Deny’. If not specified the field defaults to ‘Allow’

```json
{
    "Action": ["s3:CreateBucket"],
    "Resource": ["arn:aws:s3:::*"],
    "Effect": "Allow"
}
```

### Multi-Environment Workflow

To specify AWS ARN resources across environments, an optional ‘\${env}’ parameter can be used for resources. The ‘\${env}’ parameter in the AWS ARN resource will get populated with the current Amplify environment name at deployment.

``` json
"Resource": ["arn:aws:s3:::${env}my-bucket"]
```

### Next Step

On running `amplify push` commands, the IAM policies specified in the `custom-policies.json` file will be appended to the existing IAM policy list tied to the Lambda Function's execution role.

## Schedule recurring Lambda functions

Amplify CLI allows you to schedule Lambda functions to be executed periodically (e.g every minute, hourly, daily, weekly, monthly or yearly). You can also formulate more complex schedules using AWS Cron Expressions such as: *“10:15 AM on the last Friday of every month”*. Review the [Schedule Expression for Rules documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html#CronExpressions) for more details.

To schedule your Lambda function, answer **Yes** to `Do you want to invoke this function on a recurring schedule?` in the `amplify add function` flow. Once you deploy a function, it'll create a CloudWatch Rule to periodically execute the selected Lambda function.

## GraphQL from Lambda

import all0 from "/src/fragments/lib/graphqlapi/graphql-from-node.mdx";

<Fragments fragments={{all: all0}} />

For more information on files generated in the function resource folder, see [Function Category Files](/cli/reference/files#function-category-files).