21. Lambda **IMPORTANT**

Question 1

When should you use Lambda@Edge?

Answer 1

Whenever we need to integrate Lambda with a CloudFront distribution or for the following:

1. search engine optimization
2. web security + privacy
3. dynamic web app at edge
4. user tracking + analytics
5. user authentication + authorization

Question 2

When can you use Lambda@Edge to change CloudFront requests and responses?

Answer 2

1. After CF receives a request from a viewer
2. Before CF forwards the request to the origin
3. After CF receives the response from the origin
4. Before CF forwards the response to the viewer

Question 3

What is the best way to give other accounts and AWS services permission to use your Lambda resources?

Answer 3

Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources.

Question 4

True or False: Deploying a Lambda function in a public subnet does not give it internet access or a public IP.

Answer 4

True

Question 5

True or False: Deploying a Lambda function in a private subnet does not give it internet access or a public IP.

Answer 5

Depends. Deploying a Lambda function in a private subnet gives it internet access if you have a NAT Gateway / Instance.

Question 6

What is the default Lambda function timeout?

Answer 6

3 seconds

Question 7

Where should you store reusable, temporary context for Lambda?

Answer 7

/tmp directory

Question 8

Where should you store persistent objects (not temporary) for Lambda?

Answer 8

S3

Question 9

What do you set to throttle/limit a Lambda function?

Answer 9

Reserved concurrency at the function level

Question 10

What is the Lambda concurrency limit?

Answer 10

1,000 concurrent executions

Question 11

How do you use function dependencies in Lambda?

Answer 11

Install the packages alongside your code and zip it together.

Upload the zip to Lambda if less than 50MB, else to S3 first

Question 12

True or False: Aliases can reference aliases.

Answer 12

False.

Aliases cannot reference aliases (only versions)

Question 13

What is the correct way to connect a Lambda function to an RDS instance?

Answer 13

Configure Lambda to connect to VPC with private subnet and Security Group needed to access RDS

Question 14

How do you increase CPU or network on Lambda?

Answer 14

The more RAM you add, the more vCPU you get

Question 15

How is Lambda priced?

Answer 15

pay per call (first 1mil free)
and per duration (first 400,000GB-sec per month free)

usually very cheap to run Lambda

Question 16

What is a synchronous invocation?

Answer 16

• you wait for the function to process the event and return a response
• error handling must happen client side (retries, exponential backoff, etc)

Question 17

Lambda communicates via synchronous invocation with which services?

Answer 17

CLI
SDK
API Gateway
Application Load Balancer
CloudFront (Lambda@Edge)
Cognito
Step Functions
Kinesis Data Firehose

Question 18

How do you expose a Lambda function as an HTTP(S) endpoint?

Answer 18

1. use the ALB or an API Gateway
2. Lambda function must be registered in a target group

ALB converts the HTTP to JSON for Lambda (and converts it back)

Question 19

How does AWS support multi-header values?

Answer 19

An ALB setting that takes HTTP headers and query string parameters with multiple values and forms them into arrays for Lambda events and response objects

Question 20

What is an asynchronous invocation?

Answer 20

• Lambda queues the event for processing and returns a response immediately
• Lambda attempts to retry on errors (3 tries total)
• will see duplicate log entries in CloudWatch Logs
• can create DLQ in SQS or SNS for failed events

Question 21

When should you use asynchronous invocations?

Answer 21

When you want to speed up processing because you don’t need to wait for the result

Question 22

Lambda communicates via asynchronous invocation with which services?

Answer 22

S3
SNS
EventBridge

Question 23

What are the 2 ways to setup S3 Event notifications to send to Lambda?

Answer 23

1. S3 –> SQS –> Lambda

2. S3 – (asynchronous) –> Lambda

Question 24

By default, what happens if your Lambda function returns an error on a batch?

Answer 24

The entire batch is reprocessed until the function succeeds or the items in the batch expire

Question 25

The DLQ for Lambda only works for what type of invocations?

Answer 25

asynchronous

Question 26

How should you setup Lambda to pull from SQS?

Answer 26

1. Lambda Event Source Mapping will poll SQS (Long Polling)
2. Setup a DLQ on the SQS queue, not Lambda OR use a Lambda destination for failures

Question 27

When processing in-order FIFO queues, Lambda scales up to what?

Answer 27

For FIFO queues, Lambda scales up to the number of active message groups. Messages with the same GroupID will be processed in order.

Question 28

When you use an event source mapping to invoke your function, what role does Lambda need?

Answer 28

When you use an event source mapping to invoke your function, Lambda uses the execution role to read event data

Question 29

When do you use a Resource Based Policy on Lambda?

Answer 29

When our function is invoked by other services

Question 30

When should you use Resource Based Policies?

Answer 30

Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources (similar to S3 bucket policies on S3)

Question 31

How do you setup Lambda to write to CloudWatch logs?

Answer 31

It is automatic so long as your AWS Lambda function has an execution role with an IAM policy that authorizes writes to CloudWatch logs

Question 32

What are the 3 environment variables for Lambda to communicate with X-Ray?

Answer 32

AWS_XRAY_DAEMON_ADDRESS
_X_AMZN_TRACE_ID
AWS_X_RAY_CONTENT_MISSING

Question 33

What is the AWS_XRAY_DAEMON_ADDRESS environment variable provide?

Answer 33

The X-Ray Daemon IP_ADDRESS:PORT

Question 34

True or False: By default, your Lambda function is launched inside your own VPC.

Answer 34

False.

By default, your Lambda function is launched outside your own VPC. It is launched in an AWS-owned VPC.

Question 35

True or False: Deploying a Lambda function in a public subnet does not give it internet access or a public IP.

Answer 35

True.

Question 36

How do you access AWS services privately without a NAT?

Answer 36

VPC endpoints

Question 37

What should you use to maintain Lambda connection to databases or HTTP clients?

Answer 37

Lambda Execution Context

the execution context is a temporary runtime environment that initializes any external dependencies of your lambda code (includes the /tmp directory)

Question 38

What is the max size of the Lambda /tmp directory?

Answer 38

512 MB

Question 39

What do you set to throttle a Lambda function?

Answer 39

Reserved concurrency

Question 40

How do you allocate threads for a Lambda function before it is invoked (in advance)?

Answer 40

Provisioned concurrency

Question 41

What property do you set to declare a Lambda function inline of a CloudFormation template?

Answer 41

Code.ZipFile

Question 42

When should you use Lambda Layers?

Answer 42

To externalize dependencies to re-use them

Question 43

_____ are “pointers” to Lambda function versions.

Answer 43

Aliases

We can define a “dev,” “test,” “prod” aliases and have them point to different lambda versions. Used for blue/green deployment

Question 44

What is the Lambda environment variable size limit?

Answer 44

4 KB

Question 45

What is the max Lambda memory allocation?

Answer 45

3008 MB (3 GB)

lowest is 128 MB, 64 MB increments

Question 46

What is the max Lambda function deployment size (compressed .zip)?

Answer 46

50 MB

Question 47

What is the max Lambda function uncompressed deployment size (code + dependencies)?

Answer 47

250 MB

Question 48

You are looking to invoke an AWS Lambda function every hour (similar to a cron job) in a serverless way. Which event source should you use for your AWS Lambda function?

Answer 48

CloudWatch Events

Question 49

Which services require an event source mapping?

Answer 49

DynamoDB Streams
Kinesis Streams
SQS

To process items from a stream or queue, you can create an event source mapping. An event source mapping is a resource in Lambda that reads items from an Amazon SQS queue, an Amazon Kinesis stream, or an Amazon DynamoDB stream, and sends them to your function in batches. Each event that your function processes can contain hundreds or thousands of items.