Lambda
Last updated
Last updated
Lamda function URL | Custom runtime | Lambda Destination | Troubleshooting | Execution Environment | Lambda quotas | Concurrency |
Lambda = CODE + CONFIG
Memory size
Time out
limited by time (<15min)
limited by region: 1000 function / region. But you can extend if create a ticket.
Memory < 10GB
GPU is not support
Not support statefull
New AWS accounts have reduced concurrency and memory quotas. AWS raises these quotas automatically based on your usage. So it's still best to request a quota increase if you need more than 1000 concurrency and
A function URL is a dedicated HTTP(S) endpoint for Lambda function. Once you create a function URL, its URL endpoint never changes. Function URLs are dual stack-enabled, supporting IPv4 and IPv6.
Access through Internet. Do not support AWS PrivateLink
https://<url-id>
.lambda-url.<region>.on.aws
A Lambda alias is a pointer to a function version that you can update. Each alias has a unique ARN. An alias can point only to a function version, not to another alias.
-> That means a Lambda function alias can only point to an unqualified function ARN
A destination can be SNS topic, Lambda, SQS queue, EventBridge event bus.
Condition: on failure, and on success.
pattern to determine how your function is triggered and how it handles incoming events.
3 ways of invoke
Define
request -> (waiting) <- response
request come in queue. no Waiting for response.
Lambda will manage the poller on your behalf, retrieve any matching events and perform Synchronous invokes
Error/Retry behavior
None
built-in 2x retry
retry based on data expiration
Services
- ELB (ALB) - Cognito - Lex - Alexa - API Gateway - Cloudfront - Kinesis - Step Function
- S3 - SNS & SQS - SES - CloudFormation - CloudWatch Logs - EventBridge - CodeCommit - AWS Config - IoT Events
- Kinesis - SQS - DynamoDB Streams
Isolated runtime environment that Lambda execute your function in.
the environment shared between the functions and extensions, include: permissions, resources, credentials, and env variables.
properties
isolated
secure
provide life cycle support
provide external extensions associated with your function.
3 phases
Cold & warm starts
Cold start
Warm start
differ
create new execution env
retain the environment
save time
Require 2 different IAM policies
Compare between 2 types
Resource-based policy
Execution role
when
add triggered
created when you create a Lambda func
how
associated with a push
event
- IAM policy: include actions
you can take with the resouce
- Trust policy: allow Lambda to AssumeRole
what
allows the event src to take the lambda:InvokeFunction
limit/note
policy size limit
creator must have permission for iam:PassRole
When a function is invoked, it call the handler
The handler method takes 2 objects (event object, optional context-object)
Event object: is used to pass in data to the function from the trigger (data from an S3 event, an API Gateway request, a DynamoDB stream record, etc)
Context object: is passed to your function by Lambda at runtime. Doesn't contain information about the event itself but about the environment in which the Lambda function is running. It includes metadata such as the function name, the memory limit, the function version, and importantly, the awsRequestId
.
initialize the SDK clients and database connections outside of the function handler.
Minimize cold start times
understand the latency requirements --> optimize for peak performance
using provisioned concurrency
Take advantage of warm starts
Store and reference dependencies locally
Limit re-init of variables
Add code to reuse existing connections
Use tmp space as transient cache
Check that background processes have completed.
Use AWS SAM to help manage the policies.
Seperate business logic: portable, can target unit-tests without worrying about the configuration
Write modular functions: reduce the amount of time it takes for package to be downloaded and unpacked before invocation. This is the same principles as developing microservices.
Treat functions as stateless If you want to store state data, consider:
DynamoDB
ElastiCache
S3
Only include what you need
X-Amz-Function-Error
: header property that contains error response when status code = 200. 400 and 500-series status codes are reserved for invocation errors.
Method completed with status: 502
: Lambda responded with wrong JSON format.
To enable logs and traces (X-Ray), add the following roles
AWSLambdaBasicExecutionRole
AWSXRayDaemonWriteAccess
It may take 5 to 10 minutes for logs to show up after a function invocation.
Lambda supports custom runtimes.
Do not assump Lambda will reuse the execution env, maybe it will create new env.
The /tmp
directory is the recommended location for storing temporary files within an AWS Lambda function. Data in /tmp
persists across invocations in the same execution environment -> You can add extra code to check if the cache has the data that you stored.
AWS Lambda functions provide each execution environment with 512 MB of ephemeral disk space for the /tmp
directory.
You can configure the amount of memory allocated to Lambda function from 128MB to 10240MB.
Lambda scaling ability is faster than EC2 Auto Scaling, Elastic Beantalk, or EC2 due to its lightweight nature. Can handle burst of traffic within seconds.
If a function is CPU-, network- or memory-bound, then changing the memory setting can dramatically improve its performance.
You use the Lambda execution role to grant Lambda permission to AWS resources. The resource-based policy allows other services to invoke the Lambda function.
To ensure sufficient capacity for running multiple Lambda functions simultaneously, it's recommended to set the reserved concurrency.
If you want your Lambda function to interact with resources (e.g., RDS database, EC2 instance) inside a private subnet, the proper way is configure your function to connect to a VPC.
Lambda inside a VPC need AWSLambdaVPCAccessExecutionRole
specify the VPC where your private resources are located
Choose the subnets where the ENIs are deployed and a security group that controls the traffic between your Lambda function and VPC
Once connected, your Lambda function will lose internet access. Create a NAT gateway if you want Internet access.
When your Lambda, and your resource have the same SG, then allow both inbound and outbound of that SG to access the private resource. When in different SG, make sure to allow outbound traffic for Lambda, and inbound traffic for that resources. Refer this.
Function: a resource you can invoke to run your code in Lambda.
Unqualified function ARN: does not include the version identifier at the end of the ARN. A qualified function ARN includes the version.
For example:
Unqualified function ARN:
arn:aws:lambda:us-west-2:123456789012:function:my-function
Qualified function ARN (includes version):
arn:aws:lambda:us-west-2:123456789012:function:my-function:1
Concurrency: the number of instances serving requests simultaneously. Burst capacity ranges from 500 - 3000 instances, varying by region.