diff --git a/apis/v1alpha1/function.go b/apis/v1alpha1/function.go
index a0670f70..814d4a86 100644
--- a/apis/v1alpha1/function.go
+++ b/apis/v1alpha1/function.go
@@ -157,6 +157,8 @@ type FunctionSpec struct {
 	// A list of tags (https://docs.aws.amazon.com/lambda/latest/dg/tagging.html)
 	// to apply to the function.
 	Tags map[string]*string `json:"tags,omitempty"`
+	// The function's tenant isolation configuration.
+	TenancyConfig *TenancyConfig `json:"tenancyConfig,omitempty"`
 	// The amount of time (in seconds) that Lambda allows a function to run before
 	// stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds.
 	// For more information, see Lambda execution environment (https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html).
diff --git a/apis/v1alpha1/types.go b/apis/v1alpha1/types.go
index 3d44a606..13c68b03 100644
--- a/apis/v1alpha1/types.go
+++ b/apis/v1alpha1/types.go
@@ -613,6 +613,13 @@ type TracingConfigResponse struct {
 	Mode *string `json:"mode,omitempty"`
 }
 
+// The function's tenant isolation configuration. Specifies whether
+// the Lambda function runs on a shared or dedicated infrastructure per unique
+// tenant.
+type TenancyConfig struct {
+	TenantIsolationMode *string `json:"tenantIsolationMode,omitempty"`
+}
+
 // The VPC security groups and subnets that are attached to a Lambda function.
 // For more information, see Configuring a Lambda function to access resources
 // in a VPC (https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html).
diff --git a/config/crd/bases/lambda.services.k8s.aws_functions.yaml b/config/crd/bases/lambda.services.k8s.aws_functions.yaml
index ed6e9a32..1c08349f 100644
--- a/config/crd/bases/lambda.services.k8s.aws_functions.yaml
+++ b/config/crd/bases/lambda.services.k8s.aws_functions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
   name: functions.lambda.services.k8s.aws
 spec:
   group: lambda.services.k8s.aws
@@ -365,6 +365,12 @@ spec:
                   A list of tags (https://docs.aws.amazon.com/lambda/latest/dg/tagging.html)
                   to apply to the function.
                 type: object
+              tenancyConfig:
+                description: The function's tenant isolation configuration.
+                properties:
+                  tenantIsolationMode:
+                    type: string
+                type: object
               timeout:
                 description: |-
                   The amount of time (in seconds) that Lambda allows a function to run before
diff --git a/go.mod b/go.mod
index 7f26fbd1..cf4729e0 100644
--- a/go.mod
+++ b/go.mod
@@ -14,9 +14,9 @@ require (
 	github.com/aws-controllers-k8s/s3-controller v0.1.5
 	github.com/aws-controllers-k8s/secretsmanager-controller v1.1.0
 	github.com/aws/aws-sdk-go v1.49.0
-	github.com/aws/aws-sdk-go-v2 v1.38.0
-	github.com/aws/aws-sdk-go-v2/service/lambda v1.75.0
-	github.com/aws/smithy-go v1.22.5
+	github.com/aws/aws-sdk-go-v2 v1.41.1
+	github.com/aws/aws-sdk-go-v2/service/lambda v1.87.1
+	github.com/aws/smithy-go v1.24.0
 	github.com/go-logr/logr v1.4.2
 	github.com/micahhausler/aws-iam-policy v0.4.2
 	github.com/spf13/pflag v1.0.5
@@ -27,12 +27,12 @@ require (
 )
 
 require (
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.28.6 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
diff --git a/go.sum b/go.sum
index 53458377..136eaba8 100644
--- a/go.sum
+++ b/go.sum
@@ -16,36 +16,36 @@ github.com/aws-controllers-k8s/secretsmanager-controller v1.1.0 h1:S+8FLIRMcwzR+
 github.com/aws-controllers-k8s/secretsmanager-controller v1.1.0/go.mod h1:Q8+dGg+vmB8FcUftJp+Jwe47V5xVVelYWCzCVuKqxOE=
 github.com/aws/aws-sdk-go v1.49.0 h1:g9BkW1fo9GqKfwg2+zCD+TW/D36Ux+vtfJ8guF4AYmY=
 github.com/aws/aws-sdk-go v1.49.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
-github.com/aws/aws-sdk-go-v2 v1.38.0 h1:UCRQ5mlqcFk9HJDIqENSLR3wiG1VTWlyUfLDEvY7RxU=
-github.com/aws/aws-sdk-go-v2 v1.38.0/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0 h1:6GMWV6CNpA/6fbFHnoAjrv4+LGfyTqZz2LtCHnspgDg=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.0/go.mod h1:/mXlTIVG9jbxkqDnr5UQNQxW1HRYxeGklkM9vAFeabg=
+github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU=
+github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4=
 github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
 github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 h1:sPiRHLVUIIQcoVZTNwqQcdtjkqkPopyYmIX0M5ElRf4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2/go.mod h1:ik86P3sgV+Bk7c1tBFCwI3VxMoSEwl4YkRB9xn1s340=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 h1:ZdzDAg075H6stMZtbD2o+PyB933M/f20e9WmCBC17wA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2/go.mod h1:eE1IIzXG9sdZCB0pNNpMpsYTLl4YdOQD3njiVN1e/E4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 h1:xOLELNKGp2vsiteLsvLPwxC+mYmO6OZ8PYgiuPJzF8U=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17/go.mod h1:5M5CI3D12dNOtH3/mk6minaRwI2/37ifCURZISxA/IQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v3ISRNiv+3KdQoZ6JWyfcsyQik=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
-github.com/aws/aws-sdk-go-v2/service/lambda v1.75.0 h1:8hoKtn/EgZ0bA2dQ/meHFNsalY5fuA7M3QDqnrVxPLA=
-github.com/aws/aws-sdk-go-v2/service/lambda v1.75.0/go.mod h1:YDWB9+Y6hLDGdI+S1TQIs8Fq3pu5ZF+7l2ZwF7dzhjg=
+github.com/aws/aws-sdk-go-v2/service/lambda v1.87.1 h1:QBdmTXWwqVgx0PueT/Xgp2+al5HR0gAV743pTzYeBRw=
+github.com/aws/aws-sdk-go-v2/service/lambda v1.87.1/go.mod h1:ogjbkxFgFOjG3dYFQ8irC92gQfpfMDcy1RDKNSZWXNU=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8=
-github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw=
-github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
+github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
+github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
diff --git a/helm/crds/lambda.services.k8s.aws_functions.yaml b/helm/crds/lambda.services.k8s.aws_functions.yaml
index a9080c19..8d523c1b 100644
--- a/helm/crds/lambda.services.k8s.aws_functions.yaml
+++ b/helm/crds/lambda.services.k8s.aws_functions.yaml
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
   name: functions.lambda.services.k8s.aws
 spec:
   group: lambda.services.k8s.aws
@@ -365,6 +365,12 @@ spec:
                   A list of tags (https://docs.aws.amazon.com/lambda/latest/dg/tagging.html)
                   to apply to the function.
                 type: object
+              tenancyConfig:
+                description: The function's tenant isolation configuration.
+                properties:
+                  tenantIsolationMode:
+                    type: string
+                type: object
               timeout:
                 description: |-
                   The amount of time (in seconds) that Lambda allows a function to run before
diff --git a/pkg/resource/function/sdk.go b/pkg/resource/function/sdk.go
index e20f609d..85955480 100644
--- a/pkg/resource/function/sdk.go
+++ b/pkg/resource/function/sdk.go
@@ -317,12 +317,21 @@ func (rm *resourceManager) sdkFind(
 	} else {
 		ko.Spec.Timeout = nil
 	}
+	if resp.Configuration.TenancyConfig != nil {
+		f33 := &svcapitypes.TenancyConfig{}
+		if resp.Configuration.TenancyConfig.TenantIsolationMode != "" {
+			f33.TenantIsolationMode = aws.String(string(resp.Configuration.TenancyConfig.TenantIsolationMode))
+		}
+		ko.Spec.TenancyConfig = f33
+	} else {
+		ko.Spec.TenancyConfig = nil
+	}
 	if resp.Configuration.TracingConfig != nil {
-		f33 := &svcapitypes.TracingConfig{}
+		f34 := &svcapitypes.TracingConfig{}
 		if resp.Configuration.TracingConfig.Mode != "" {
-			f33.Mode = aws.String(string(resp.Configuration.TracingConfig.Mode))
+			f34.Mode = aws.String(string(resp.Configuration.TracingConfig.Mode))
 		}
-		ko.Spec.TracingConfig = f33
+		ko.Spec.TracingConfig = f34
 	} else {
 		ko.Spec.TracingConfig = nil
 	}
@@ -685,12 +694,21 @@ func (rm *resourceManager) sdkCreate(
 	} else {
 		ko.Spec.Timeout = nil
 	}
+	if resp.TenancyConfig != nil {
+		f32 := &svcapitypes.TenancyConfig{}
+		if resp.TenancyConfig.TenantIsolationMode != "" {
+			f32.TenantIsolationMode = aws.String(string(resp.TenancyConfig.TenantIsolationMode))
+		}
+		ko.Spec.TenancyConfig = f32
+	} else {
+		ko.Spec.TenancyConfig = nil
+	}
 	if resp.TracingConfig != nil {
-		f32 := &svcapitypes.TracingConfig{}
+		f33 := &svcapitypes.TracingConfig{}
 		if resp.TracingConfig.Mode != "" {
-			f32.Mode = aws.String(string(resp.TracingConfig.Mode))
+			f33.Mode = aws.String(string(resp.TracingConfig.Mode))
 		}
-		ko.Spec.TracingConfig = f32
+		ko.Spec.TracingConfig = f33
 	} else {
 		ko.Spec.TracingConfig = nil
 	}
@@ -899,6 +917,13 @@ func (rm *resourceManager) newCreateRequestPayload(
 	if r.ko.Spec.Tags != nil {
 		res.Tags = aws.ToStringMap(r.ko.Spec.Tags)
 	}
+	if r.ko.Spec.TenancyConfig != nil {
+		f20 := &svcsdktypes.TenancyConfig{}
+		if r.ko.Spec.TenancyConfig.TenantIsolationMode != nil {
+			f20.TenantIsolationMode = svcsdktypes.TenantIsolationMode(*r.ko.Spec.TenancyConfig.TenantIsolationMode)
+		}
+		res.TenancyConfig = f20
+	}
 	if r.ko.Spec.Timeout != nil {
 		timeoutCopy0 := *r.ko.Spec.Timeout
 		if timeoutCopy0 > math.MaxInt32 || timeoutCopy0 < math.MinInt32 {
diff --git a/test/e2e/resources/function_tenancy.yaml b/test/e2e/resources/function_tenancy.yaml
new file mode 100644
index 00000000..dcbe403b
--- /dev/null
+++ b/test/e2e/resources/function_tenancy.yaml
@@ -0,0 +1,17 @@
+apiVersion: lambda.services.k8s.aws/v1alpha1
+kind: Function
+metadata:
+  name: $FUNCTION_NAME
+  annotations:
+    services.k8s.aws/region: $AWS_REGION
+spec:
+  name: $FUNCTION_NAME
+  code:
+    s3Bucket: $BUCKET_NAME
+    s3Key: $LAMBDA_FILE_NAME
+  role: $LAMBDA_ROLE
+  runtime: python3.9
+  handler: main
+  description: function with tenant isolation enabled
+  tenancyConfig:
+    tenantIsolationMode: "PER_TENANT"