diff --git a/.changelog/45170.txt b/.changelog/45170.txt
new file mode 100644
index 000000000000..fc0c3644c521
--- /dev/null
+++ b/.changelog/45170.txt
@@ -0,0 +1,19 @@
+```release-note:enhancement
+resource/aws_lambda_function: Add `tenancy_config` argument
+```
+
+```release-note:enhancement
+data-source/aws_lambda_function: Add `tenancy_config` attribute
+```
+
+```release-note:enhancement
+resource/aws_lambda_invocation: Add `tenant_id` argument
+```
+
+```release-note:enhancement
+data-source/aws_lambda_invocation: Add `tenant_id` argument
+```
+
+```release-note:enhancement
+action/aws_lambda_invoke: Add `tenant_id` argument
+```
\ No newline at end of file
diff --git a/internal/service/lambda/function.go b/internal/service/lambda/function.go
index 2d590d6f048b..5bbb05a39d0c 100644
--- a/internal/service/lambda/function.go
+++ b/internal/service/lambda/function.go
@@ -398,6 +398,21 @@ func resourceFunction() *schema.Resource {
 			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
+			"tenancy_config": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Optional: true,
+				ForceNew: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"tenant_isolation_mode": {
+							Type:             schema.TypeString,
+							Required:         true,
+							ValidateDiagFunc: enum.Validate[awstypes.TenantIsolationMode](),
+						},
+					},
+				},
+			},
 			names.AttrTimeout: {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -585,6 +600,12 @@ func resourceFunctionCreate(ctx context.Context, d *schema.ResourceData, meta an
 		input.Code.SourceKMSKeyArn = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("tenancy_config"); ok && len(v.([]any)) > 0 && v.([]any)[0] != nil {
+		input.TenancyConfig = &awstypes.TenancyConfig{
+			TenantIsolationMode: awstypes.TenantIsolationMode(v.([]any)[0].(map[string]any)["tenant_isolation_mode"].(string)),
+		}
+	}
+
 	if v, ok := d.GetOk("tracing_config"); ok && len(v.([]any)) > 0 && v.([]any)[0] != nil {
 		input.TracingConfig = &awstypes.TracingConfig{
 			Mode: awstypes.TracingMode(v.([]any)[0].(map[string]any)[names.AttrMode].(string)),
@@ -752,6 +773,15 @@ func resourceFunctionRead(ctx context.Context, d *schema.ResourceData, meta any)
 	}); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting tracing_config: %s", err)
 	}
+	if function.TenancyConfig != nil {
+		if err := d.Set("tenancy_config", []any{
+			map[string]any{
+				"tenant_isolation_mode": string(function.TenancyConfig.TenantIsolationMode),
+			},
+		}); err != nil {
+			return sdkdiag.AppendErrorf(diags, "setting tenancy_config: %s", err)
+		}
+	}
 	if err := d.Set(names.AttrVPCConfig, flattenVPCConfigResponse(function.VpcConfig)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting vpc_config: %s", err)
 	}
diff --git a/internal/service/lambda/function_data_source.go b/internal/service/lambda/function_data_source.go
index 82d3f2e71e41..dfe3fa87a319 100644
--- a/internal/service/lambda/function_data_source.go
+++ b/internal/service/lambda/function_data_source.go
@@ -209,6 +209,18 @@ func dataSourceFunction() *schema.Resource {
 				Type:     schema.TypeInt,
 				Computed: true,
 			},
+			"tenancy_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"tenant_isolation_mode": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 			"tracing_config": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -365,6 +377,15 @@ func dataSourceFunctionRead(ctx context.Context, d *schema.ResourceData, meta an
 	d.Set("source_code_size", function.CodeSize)
 	d.Set("source_kms_key_arn", functionCode.SourceKMSKeyArn)
 	d.Set(names.AttrTimeout, function.Timeout)
+	if function.TenancyConfig != nil {
+		if err := d.Set("tenancy_config", []any{
+			map[string]any{
+				"tenant_isolation_mode": string(function.TenancyConfig.TenantIsolationMode),
+			},
+		}); err != nil {
+			return sdkdiag.AppendErrorf(diags, "setting tenancy_config: %s", err)
+		}
+	}
 	tracingConfigMode := awstypes.TracingModePassThrough
 	if function.TracingConfig != nil {
 		tracingConfigMode = function.TracingConfig.Mode
diff --git a/internal/service/lambda/function_data_source_test.go b/internal/service/lambda/function_data_source_test.go
index b98bdcc8a708..fef211dfc576 100644
--- a/internal/service/lambda/function_data_source_test.go
+++ b/internal/service/lambda/function_data_source_test.go
@@ -398,6 +398,29 @@ func TestAccLambdaFunctionDataSource_loggingConfig(t *testing.T) {
 	})
 }
 
+func TestAccLambdaFunctionDataSource_tenancyConfig(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	dataSourceName := "data.aws_lambda_function.test"
+	resourceName := "aws_lambda_function.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFunctionDataSourceConfig_tenancyConfig(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, names.AttrARN, resourceName, names.AttrARN),
+					resource.TestCheckResourceAttrPair(dataSourceName, "tenancy_config.#", resourceName, "tenancy_config.#"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "tenancy_config.0.tenant_isolation_mode", resourceName, "tenancy_config.0.tenant_isolation_mode"),
+				),
+			},
+		},
+	})
+}
+
 func testAccImageLatestPreCheck(t *testing.T) {
 	if os.Getenv("AWS_LAMBDA_IMAGE_LATEST_ID") == "" {
 		t.Skip("AWS_LAMBDA_IMAGE_LATEST_ID env var must be set for Lambda Function Data Source Image Support acceptance tests.")
@@ -850,3 +873,23 @@ data "aws_lambda_function" "test" {
 }
 `, rName, rName+"_custom"))
 }
+
+func testAccFunctionDataSourceConfig_tenancyConfig(rName string) string {
+	return acctest.ConfigCompose(testAccFunctionDataSourceConfig_base(rName), fmt.Sprintf(`
+resource "aws_lambda_function" "test" {
+  filename      = "test-fixtures/lambdatest.zip"
+  function_name = %[1]q
+  role          = aws_iam_role.lambda.arn
+  handler       = "exports.example"
+  runtime       = "nodejs20.x"
+
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+}
+
+data "aws_lambda_function" "test" {
+  function_name = aws_lambda_function.test.function_name
+}
+`, rName))
+}
diff --git a/internal/service/lambda/function_test.go b/internal/service/lambda/function_test.go
index b4b6624f6664..6419ae3caa26 100644
--- a/internal/service/lambda/function_test.go
+++ b/internal/service/lambda/function_test.go
@@ -2410,6 +2410,72 @@ func TestAccLambdaFunction_sourceKMSKeyARN(t *testing.T) {
 	})
 }
 
+func TestAccLambdaFunction_tenancyConfig(t *testing.T) {
+	ctx := acctest.Context(t)
+	var conf lambda.GetFunctionOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_lambda_function.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckFunctionDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFunctionConfig_tenancyConfig(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckFunctionExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "tenancy_config.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tenancy_config.0.tenant_isolation_mode", "PER_TENANT"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"filename", "publish"},
+			},
+		},
+	})
+}
+
+func TestAccLambdaFunction_tenancyConfigForceNew(t *testing.T) {
+	ctx := acctest.Context(t)
+	var conf lambda.GetFunctionOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_lambda_function.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckFunctionDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFunctionConfig_basic(rName, rName, rName, rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckFunctionExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "tenancy_config.#", "0"),
+				),
+			},
+			{
+				Config: testAccFunctionConfig_tenancyConfig(rName),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionReplace),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckFunctionExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "tenancy_config.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tenancy_config.0.tenant_isolation_mode", "PER_TENANT"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccLambdaFunction_resetNonRefreshableAttributesAfterUpdateFailure(t *testing.T) {
 	ctx := acctest.Context(t)
 	var conf lambda.GetFunctionOutput
@@ -4364,6 +4430,24 @@ resource "aws_lambda_function" "test" {
 `, rName, kmsIdentifier))
 }
 
+func testAccFunctionConfig_tenancyConfig(rName string) string {
+	return acctest.ConfigCompose(
+		acctest.ConfigLambdaBase(rName, rName, rName),
+		fmt.Sprintf(`
+resource "aws_lambda_function" "test" {
+  filename      = "test-fixtures/lambdatest.zip"
+  function_name = %[1]q
+  role          = aws_iam_role.iam_for_lambda.arn
+  handler       = "exports.example"
+  runtime       = "nodejs20.x"
+
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+}
+`, rName))
+}
+
 func testAccFunctionConfig_skipDestroy(rName string) string {
 	return acctest.ConfigCompose(acctest.ConfigLambdaBase(rName, rName, rName), fmt.Sprintf(`
 resource "aws_lambda_function" "test" {
diff --git a/internal/service/lambda/invocation.go b/internal/service/lambda/invocation.go
index d13e63c8b8c4..b1e795a13fa4 100644
--- a/internal/service/lambda/invocation.go
+++ b/internal/service/lambda/invocation.go
@@ -88,6 +88,10 @@ func resourceInvocation() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"tenant_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"terraform_key": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -213,6 +217,9 @@ func invoke(ctx context.Context, conn *lambda.Client, d *schema.ResourceData, ac
 		Payload:        payload,
 		Qualifier:      aws.String(qualifier),
 	}
+	if v, ok := d.GetOk("tenant_id"); ok {
+		input.TenantId = aws.String(v.(string))
+	}
 
 	output, err := conn.Invoke(ctx, input)
 
diff --git a/internal/service/lambda/invocation_data_source.go b/internal/service/lambda/invocation_data_source.go
index 2b848bc336d5..2eb061311147 100644
--- a/internal/service/lambda/invocation_data_source.go
+++ b/internal/service/lambda/invocation_data_source.go
@@ -42,6 +42,10 @@ func dataSourceInvocation() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"tenant_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -61,6 +65,10 @@ func dataSourceInvocationRead(ctx context.Context, d *schema.ResourceData, meta
 		Qualifier:      aws.String(qualifier),
 	}
 
+	if v, ok := d.GetOk("tenant_id"); ok {
+		input.TenantId = aws.String(v.(string))
+	}
+
 	output, err := conn.Invoke(ctx, input)
 
 	if err != nil {
diff --git a/internal/service/lambda/invocation_data_source_test.go b/internal/service/lambda/invocation_data_source_test.go
index adf622ec172e..0b38207ed9e8 100644
--- a/internal/service/lambda/invocation_data_source_test.go
+++ b/internal/service/lambda/invocation_data_source_test.go
@@ -100,6 +100,26 @@ func TestAccLambdaInvocationDataSource_complex(t *testing.T) {
 	})
 }
 
+func TestAccLambdaInvocationDataSource_tenantId(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	testData := "value3"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccInvocationDataSourceConfig_tenantId(rName, testData),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckInvocationResult("data.aws_lambda_invocation.invocation_test", `{"key1":"value1","key2":"value2","key3":"`+testData+`"}`),
+				),
+			},
+		},
+	})
+}
+
 func testAccInvocationDataSource_base_config(roleName string) string {
 	return fmt.Sprintf(`
 data "aws_iam_policy_document" "lambda_assume_role_policy" {
@@ -230,3 +250,37 @@ JSON
 }
 `, rName, testData)
 }
+
+func testAccInvocationDataSourceConfig_tenantId(rName, testData string) string {
+	return fmt.Sprintf(testAccInvocationDataSource_base_config(rName)+`
+resource "aws_lambda_function" "lambda" {
+  depends_on = [aws_iam_role_policy_attachment.lambda_role_policy]
+
+  filename      = "test-fixtures/lambda_invocation.zip"
+  function_name = "%s"
+  role          = aws_iam_role.lambda_role.arn
+  handler       = "lambda_invocation.handler"
+  runtime       = "nodejs20.x"
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+
+  environment {
+    variables = {
+      TEST_DATA = "%s"
+    }
+  }
+}
+
+data "aws_lambda_invocation" "invocation_test" {
+  function_name = aws_lambda_function.lambda.function_name
+  tenant_id     = "tenant-1"
+  input         = <<JSON
+{
+  "key1": "value1",
+  "key2": "value2"
+}
+JSON
+}
+`, rName, testData)
+}
diff --git a/internal/service/lambda/invocation_test.go b/internal/service/lambda/invocation_test.go
index 2ef85ff8cf52..1f2d3739f3a1 100644
--- a/internal/service/lambda/invocation_test.go
+++ b/internal/service/lambda/invocation_test.go
@@ -558,6 +558,41 @@ func TestAccLambdaInvocation_UpgradeState_v5_83_0(t *testing.T) {
 	})
 }
 
+func TestAccLambdaInvocation_tenantID(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_lambda_invocation.test"
+	fName := "lambda_invocation"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	testData := "value3"
+	tenantID := "test-tenant-123"
+	inputJSON := `{"key1":"value1","key2":"value2"}`
+	resultJSON := fmt.Sprintf(`{"key1":"value1","key2":"value2","key3":%q}`, testData)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             acctest.CheckDestroyNoop,
+		Steps: []resource.TestStep{
+			{
+				Config: acctest.ConfigCompose(
+					testAccInvocationConfig_function_with_tenant(fName, rName, testData),
+					testAccInvocationConfig_tenantID(inputJSON, tenantID),
+				),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckInvocationResult(resourceName, resultJSON),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"input", "lifecycle_scope", "result", "terraform_key", "tenant_id"},
+			},
+		},
+	})
+}
+
 // testAccCheckCRUDDestroyResult verifies that when CRUD lifecycle is active that a destroyed resource
 // triggers the lambda.
 //
@@ -695,6 +730,30 @@ resource "aws_lambda_function" "test" {
 `, fName, rName, testData))
 }
 
+func testAccInvocationConfig_function_with_tenant(fName, rName, testData string) string {
+	return acctest.ConfigCompose(
+		testAccInvocationConfig_base(rName),
+		fmt.Sprintf(`
+resource "aws_lambda_function" "test" {
+  depends_on = [aws_iam_role_policy_attachment.test]
+
+  filename      = "test-fixtures/%[1]s.zip"
+  function_name = %[2]q
+  role          = aws_iam_role.test.arn
+  handler       = "%[1]s.handler"
+  runtime       = "nodejs18.x"
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+  environment {
+    variables = {
+      TEST_DATA = %[3]q
+    }
+  }
+}
+`, fName, rName, testData))
+}
+
 func testAccInvocationConfig_invocation(inputJSON, extraArgs string) string {
 	return fmt.Sprintf(`
 resource "aws_lambda_invocation" "test" {
@@ -781,3 +840,14 @@ resource "aws_ssm_parameter" "result_key1" {
 }
 `, rName, resourceName)
 }
+
+func testAccInvocationConfig_tenantID(inputJSON, tenantID string) string {
+	return fmt.Sprintf(`
+resource "aws_lambda_invocation" "test" {
+  function_name = aws_lambda_function.test.function_name
+  tenant_id     = %[2]q
+
+  input = %[1]s
+}
+`, strconv.Quote(inputJSON), tenantID)
+}
diff --git a/internal/service/lambda/invoke_action.go b/internal/service/lambda/invoke_action.go
index bf40bf9b0707..aed102895e16 100644
--- a/internal/service/lambda/invoke_action.go
+++ b/internal/service/lambda/invoke_action.go
@@ -43,6 +43,7 @@ type invokeActionModel struct {
 	InvocationType fwtypes.StringEnum[awstypes.InvocationType] `tfsdk:"invocation_type"`
 	LogType        fwtypes.StringEnum[awstypes.LogType]        `tfsdk:"log_type"`
 	ClientContext  types.String                                `tfsdk:"client_context"`
+	TenantId       types.String                                `tfsdk:"tenant_id"`
 }
 
 func (a *invokeAction) Schema(ctx context.Context, req action.SchemaRequest, resp *action.SchemaResponse) {
@@ -78,6 +79,10 @@ func (a *invokeAction) Schema(ctx context.Context, req action.SchemaRequest, res
 				Description: "Up to 3,583 bytes of base64-encoded data about the invoking client to pass to the function in the context object. This is only used for mobile applications.",
 				Optional:    true,
 			},
+			"tenant_id": schema.StringAttribute{
+				Description: "The Tenant Id for lambda function invocation. This is mandatory, if tenancy_config is enabled in lambda function",
+				Optional:    true,
+			},
 		},
 	}
 }
@@ -134,6 +139,10 @@ func (a *invokeAction) Invoke(ctx context.Context, req action.InvokeRequest, res
 	if !config.Qualifier.IsNull() {
 		input.Qualifier = config.Qualifier.ValueStringPointer()
 	}
+	// Set optional parameters
+	if !config.TenantId.IsNull() {
+		input.TenantId = config.TenantId.ValueStringPointer()
+	}
 
 	if !config.ClientContext.IsNull() {
 		clientContext := config.ClientContext.ValueString()
diff --git a/internal/service/lambda/invoke_action_test.go b/internal/service/lambda/invoke_action_test.go
index ffedccd8a10e..1ec4e58dc485 100644
--- a/internal/service/lambda/invoke_action_test.go
+++ b/internal/service/lambda/invoke_action_test.go
@@ -211,6 +211,35 @@ func TestAccLambdaInvokeAction_complexPayload(t *testing.T) {
 	})
 }
 
+func TestAccLambdaInvokeAction_tenantId(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	testData := "value3"
+	inputJSON := `{"key1":"value1","key2":"value2"}`
+	expectedResult := fmt.Sprintf(`{"key1":"value1","key2":"value2","key3":%q}`, testData)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.LambdaEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.LambdaServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.SkipBelow(tfversion.Version1_14_0),
+		},
+		CheckDestroy: acctest.CheckDestroyNoop,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccInvokeActionConfig_tenantId(rName, testData, inputJSON),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckInvokeAction(ctx, rName, inputJSON, expectedResult),
+				),
+			},
+		},
+	})
+}
+
 // Test helper functions
 
 // testAccCheckInvokeAction verifies that the action can successfully invoke a Lambda function
@@ -559,3 +588,52 @@ resource "terraform_data" "trigger" {
 }
 `, inputJSON, clientContext))
 }
+
+func testAccInvokeActionConfig_function_tenant(rName, testData string) string {
+	return acctest.ConfigCompose(
+		testAccInvokeActionConfig_base(rName),
+		fmt.Sprintf(`
+resource "aws_lambda_function" "test" {
+  depends_on = [aws_iam_role_policy_attachment.test]
+
+  filename      = "test-fixtures/lambda_invocation.zip"
+  function_name = %[1]q
+  role          = aws_iam_role.test.arn
+  handler       = "lambda_invocation.handler"
+  runtime       = "nodejs18.x"
+
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+  environment {
+    variables = {
+      TEST_DATA = %[2]q
+    }
+  }
+}
+`, rName, testData))
+}
+
+func testAccInvokeActionConfig_tenantId(rName, testData, inputJSON string) string {
+	return acctest.ConfigCompose(
+		testAccInvokeActionConfig_function_tenant(rName, testData),
+		fmt.Sprintf(`
+action "aws_lambda_invoke" "test" {
+  config {
+    function_name = aws_lambda_function.test.function_name
+    payload       = %[1]q
+    tenant_id     = "tenant-1"
+  }
+}
+
+resource "terraform_data" "trigger" {
+  input = "trigger"
+  lifecycle {
+    action_trigger {
+      events  = [before_create, before_update]
+      actions = [action.aws_lambda_invoke.test]
+    }
+  }
+}
+`, inputJSON))
+}
diff --git a/website/docs/actions/lambda_invoke.html.markdown b/website/docs/actions/lambda_invoke.html.markdown
index f78a2cd204a7..7a26e6f0b7a6 100644
--- a/website/docs/actions/lambda_invoke.html.markdown
+++ b/website/docs/actions/lambda_invoke.html.markdown
@@ -220,3 +220,4 @@ This action supports the following arguments:
 * `payload` - (Required) JSON payload to send to the Lambda function. This should be a valid JSON string that represents the event data for your function. The payload size limit is 6 MB for synchronous invocations and 256 KB for asynchronous invocations.
 * `region` - (Optional) Region where this action should be [run](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
 * `qualifier` - (Optional) Version or alias of the Lambda function to invoke. If not specified, the `$LATEST` version will be invoked. Can be a version number (e.g., `1`) or an alias (e.g., `PROD`).
+* `tenant_id` - (Optional)  Tenant Id to serve invocations from specified tenant.
diff --git a/website/docs/d/lambda_function.html.markdown b/website/docs/d/lambda_function.html.markdown
index c0108877d25e..85e85388d9e1 100644
--- a/website/docs/d/lambda_function.html.markdown
+++ b/website/docs/d/lambda_function.html.markdown
@@ -145,6 +145,7 @@ This data source exports the following attributes in addition to the arguments a
 * `source_kms_key_arn` - ARN of the AWS Key Management Service key used to encrypt the function's `.zip` deployment package.
 * `tags` - Map of tags assigned to the Lambda Function.
 * `timeout` - Function execution time at which Lambda should terminate the function.
+* `tenancy_config` - Tenancy settings of the function. [See below](#tenancy_config-attribute-reference).
 * `tracing_config` - Tracing settings of the function. [See below](#tracing_config-attribute-reference).
 * `version` - Version of the Lambda function returned. If `qualifier` is not set, this will resolve to the most recent published version. If no published version of the function exists, `version` will resolve to `$LATEST`.
 * `vpc_config` - VPC configuration associated with your Lambda function. [See below](#vpc_config-attribute-reference).
@@ -173,6 +174,10 @@ This data source exports the following attributes in addition to the arguments a
 * `log_group` - CloudWatch log group your function sends logs to.
 * `system_log_level` - Detail level of the Lambda platform event logs sent to CloudWatch.
 
+### tenancy_config
+
+* `tenant_isolation_mode` - (Required) Tenant Isolation Mode. Valid values: `PER_TENANT`.
+
 ### tracing_config
 
 * `mode` - Tracing mode. Valid values: `Active`, `PassThrough`.
diff --git a/website/docs/d/lambda_invocation.html.markdown b/website/docs/d/lambda_invocation.html.markdown
index d90ec514624f..f02aeae2712e 100644
--- a/website/docs/d/lambda_invocation.html.markdown
+++ b/website/docs/d/lambda_invocation.html.markdown
@@ -103,6 +103,7 @@ The following arguments are optional:
 
 * `qualifier` - (Optional) Qualifier (a.k.a version) of the Lambda function. Defaults to `$LATEST`.
 * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
+* `tenant_id` - (Optional) Tenant Id to serve invocations from specified tenant.
 
 ## Attribute Reference
 
diff --git a/website/docs/r/lambda_function.html.markdown b/website/docs/r/lambda_function.html.markdown
index f20d24b0fd80..5469b3ef3886 100644
--- a/website/docs/r/lambda_function.html.markdown
+++ b/website/docs/r/lambda_function.html.markdown
@@ -524,6 +524,7 @@ The following arguments are optional:
 * `source_kms_key_arn` - (Optional) ARN of the AWS Key Management Service key used to encrypt the function's `.zip` deployment package. Conflicts with `image_uri`.
 * `tags` - (Optional) Key-value map of tags for the Lambda function. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `timeout` - (Optional) Amount of time your Lambda Function has to run in seconds. Defaults to 3. Valid between 1 and 900.
+* `tenancy_config` - (Optional) Configuration block for Tenancy. [See below](#tenancy_config-configuration-block).
 * `tracing_config` - (Optional) Configuration block for X-Ray tracing. [See below](#tracing_config-configuration-block).
 * `vpc_config` - (Optional) Configuration block for VPC. [See below](#vpc_config-configuration-block).
 
@@ -561,6 +562,10 @@ The following arguments are optional:
 
 * `apply_on` - (Required) When to apply snap start optimization. Valid value: `PublishedVersions`.
 
+### tenancy_config Configuration Block
+
+* `tenant_isolation_mode` - (Required) Tenant Isolation Mode. Valid values: `PER_TENANT`.
+
 ### tracing_config Configuration Block
 
 * `mode` - (Required) X-Ray tracing mode. Valid values: `Active`, `PassThrough`.
diff --git a/website/docs/r/lambda_invocation.html.markdown b/website/docs/r/lambda_invocation.html.markdown
index 582d8d35235e..f3b35400bee7 100644
--- a/website/docs/r/lambda_invocation.html.markdown
+++ b/website/docs/r/lambda_invocation.html.markdown
@@ -173,6 +173,7 @@ The following arguments are optional:
 * `lifecycle_scope` - (Optional) Lifecycle scope of the resource to manage. Valid values are `CREATE_ONLY` and `CRUD`. Defaults to `CREATE_ONLY`. `CREATE_ONLY` will invoke the function only on creation or replacement. `CRUD` will invoke the function on each lifecycle event, and augment the input JSON payload with additional lifecycle information.
 * `qualifier` - (Optional) Qualifier (i.e., version) of the Lambda function. Defaults to `$LATEST`.
 * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
+* `tenant_id` - (Optional) Tenant Id to serve invocations from specified tenant.
 * `terraform_key` - (Optional) JSON key used to store lifecycle information in the input JSON payload. Defaults to `tf`. This additional key is only included when `lifecycle_scope` is set to `CRUD`.
 * `triggers` - (Optional) Map of arbitrary keys and values that, when changed, will trigger a re-invocation. To force a re-invocation without changing these keys/values, use the [`terraform taint` command](https://developer.hashicorp.com/terraform/cli/commands/taint).