Before you install Lambda monitoring, make sure your system meets the following requirements.
Basic requirements
Before enabling serverless monitoring using our Lambda layer, you'll need:
A New Relic account with either an admin role or have the Infrastructure manager add-on role.
A .
An AWS account with permissions for creating IAM resources, managed secrets, and Lambdas. You also need permissions for creating CloudFormation stacks and S3 buckets.
AWS permissions
Infrastructure integration permissions
By default, New Relic uses the AWS Managed Policy ReadOnlyAccess. This allows the Infrastructure integration to see all the resources in your account, rather than just your Lambda functions and CloudWatch metrics. New Relic recommends this default, but if your organization requires a strict security posture for third-party integrations, you can grant the IAM role a minimum of these permissions instead:
Resource: "*" Action: - "cloudwatch:GetMetricStatistics" - "cloudwatch:ListMetrics" - "cloudwatch:GetMetricData" - "lambda:GetAccountSettings" - "lambda:ListFunctions" - "lambda:ListAliases" - "lambda:ListTags" - "lambda:ListEventSourceMappings"CLI permissions
Before running the newrelic-lambda CLI, grant New Relic a minimum of these permissions in AWS:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CLIAccessPolicy", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "iam:AttachRolePolicy", "iam:CreateRole", "iam:GetRole", "iam:PassRole", "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetFunction", "logs:DeleteSubscriptionFilter", "logs:DescribeSubscriptionFilters", "logs:PutSubscriptionFilter", "s3:GetObject", "serverlessrepo:CreateCloudFormationChangeSet", "secretsmanager:CreateSecret" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "NRLogAccessPolicy", "Effect": "Allow", "Action": [ "serverlessrepo:CreateCloudFormationTemplate", "serverlessrepo:GetCloudFormationTemplate" ], "Resource": "arn:aws:serverlessrepo:us-east-1:463657938898:applications/NewRelic-log-ingestion" } ]}For more information, refer to the newrelic-lambda CLI repo.
Tip
New Relic recommends integrating your AWS account with New Relic using the AWS integration to automatically discover and monitor your Lambda functions. This allows you to leverage the full power of New Relic APM for your serverless functions.
Supported runtimes
Based on the type of instrumentation, the following runtimes are supported.
- Node.js:
nodejs16.x,nodejs18.x,nodejs20.x,nodejs22.x,nodejs24.x - Python:
python3.8,python3.9,python3.10,python3.11,python3.12,python3.13,python3.14 - Go:
provided.al2,provided.al2023 - Java:
java8.al2,java11,java17,java21 - Ruby:
ruby3.2,ruby3.3,ruby3.4 - .NET:
dotnet6,dotnet8
- Use the supported New Relic agent packages for respective runtimes to instrument your Lambda function.
- Node.js(OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64) :
nodejs16.x,nodejs18.x,nodejs20.x,nodejs22.x,nodejs24.x - Python (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64):
python3.7,python3.8,python3.9,python3.10,python3.11,python3.12,python3.13,python3.14 - Java (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64):
java8,java11,java17,java21 - Ruby :
ruby3.2,ruby3.3 - .NET (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64):
dotnet6,dotnet8
- Java:
java8.al2orjava11
Supported Libraries
- Java: New Relic Java's layered and SDK instrumentation are compatible with
com.amazonaws:aws-lambda-java-eventsversions3.0.0to the latest.