21. Lambda **IMPORTANT** Flashcards
When should you use Lambda@Edge?
Whenever we need to integrate Lambda with a CloudFront distribution or for the following:
- search engine optimization
- web security + privacy
- dynamic web app at edge
- user tracking + analytics
- user authentication + authorization
When can you use Lambda@Edge to change CloudFront requests and responses?
- After CF receives a request from a viewer
- Before CF forwards the request to the origin
- After CF receives the response from the origin
- Before CF forwards the response to the viewer
What is the best way to give other accounts and AWS services permission to use your Lambda resources?
Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources.
True or False: Deploying a Lambda function in a public subnet does not give it internet access or a public IP.
True
True or False: Deploying a Lambda function in a private subnet does not give it internet access or a public IP.
Depends. Deploying a Lambda function in a private subnet gives it internet access if you have a NAT Gateway / Instance.
What is the default Lambda function timeout?
3 seconds
Where should you store reusable, temporary context for Lambda?
/tmp directory
Where should you store persistent objects (not temporary) for Lambda?
S3
What do you set to throttle/limit a Lambda function?
Reserved concurrency at the function level
What is the Lambda concurrency limit?
1,000 concurrent executions
How do you use function dependencies in Lambda?
Install the packages alongside your code and zip it together.
Upload the zip to Lambda if less than 50MB, else to S3 first
True or False: Aliases can reference aliases.
False.
Aliases cannot reference aliases (only versions)
What is the correct way to connect a Lambda function to an RDS instance?
Configure Lambda to connect to VPC with private subnet and Security Group needed to access RDS
How do you increase CPU or network on Lambda?
The more RAM you add, the more vCPU you get
How is Lambda priced?
pay per call (first 1mil free)
and per duration (first 400,000GB-sec per month free)
usually very cheap to run Lambda
What is a synchronous invocation?
- you wait for the function to process the event and return a response
- error handling must happen client side (retries, exponential backoff, etc)
Lambda communicates via synchronous invocation with which services?
CLI SDK API Gateway Application Load Balancer CloudFront (Lambda@Edge) Cognito Step Functions Kinesis Data Firehose
How do you expose a Lambda function as an HTTP(S) endpoint?
- use the ALB or an API Gateway
- Lambda function must be registered in a target group
ALB converts the HTTP to JSON for Lambda (and converts it back)
How does AWS support multi-header values?
An ALB setting that takes HTTP headers and query string parameters with multiple values and forms them into arrays for Lambda events and response objects
What is an asynchronous invocation?
- Lambda queues the event for processing and returns a response immediately
- Lambda attempts to retry on errors (3 tries total)
- will see duplicate log entries in CloudWatch Logs
- can create DLQ in SQS or SNS for failed events
When should you use asynchronous invocations?
When you want to speed up processing because you don’t need to wait for the result
Lambda communicates via asynchronous invocation with which services?
S3
SNS
EventBridge
What are the 2 ways to setup S3 Event notifications to send to Lambda?
- S3 –> SQS –> Lambda
2. S3 – (asynchronous) –> Lambda
By default, what happens if your Lambda function returns an error on a batch?
The entire batch is reprocessed until the function succeeds or the items in the batch expire
The DLQ for Lambda only works for what type of invocations?
asynchronous
How should you setup Lambda to pull from SQS?
- Lambda Event Source Mapping will poll SQS (Long Polling)
- Setup a DLQ on the SQS queue, not Lambda OR use a Lambda destination for failures
When processing in-order FIFO queues, Lambda scales up to what?
For FIFO queues, Lambda scales up to the number of active message groups. Messages with the same GroupID will be processed in order.
When you use an event source mapping to invoke your function, what role does Lambda need?
When you use an event source mapping to invoke your function, Lambda uses the execution role to read event data
When do you use a Resource Based Policy on Lambda?
When our function is invoked by other services
When should you use Resource Based Policies?
Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources (similar to S3 bucket policies on S3)
How do you setup Lambda to write to CloudWatch logs?
It is automatic so long as your AWS Lambda function has an execution role with an IAM policy that authorizes writes to CloudWatch logs
What are the 3 environment variables for Lambda to communicate with X-Ray?
AWS_XRAY_DAEMON_ADDRESS
_X_AMZN_TRACE_ID
AWS_X_RAY_CONTENT_MISSING
What is the AWS_XRAY_DAEMON_ADDRESS environment variable provide?
The X-Ray Daemon IP_ADDRESS:PORT
True or False: By default, your Lambda function is launched inside your own VPC.
False.
By default, your Lambda function is launched outside your own VPC. It is launched in an AWS-owned VPC.
True or False: Deploying a Lambda function in a public subnet does not give it internet access or a public IP.
True.
How do you access AWS services privately without a NAT?
VPC endpoints
What should you use to maintain Lambda connection to databases or HTTP clients?
Lambda Execution Context
the execution context is a temporary runtime environment that initializes any external dependencies of your lambda code (includes the /tmp directory)
What is the max size of the Lambda /tmp directory?
512 MB
What do you set to throttle a Lambda function?
Reserved concurrency
How do you allocate threads for a Lambda function before it is invoked (in advance)?
Provisioned concurrency
What property do you set to declare a Lambda function inline of a CloudFormation template?
Code.ZipFile
When should you use Lambda Layers?
To externalize dependencies to re-use them
_____ are “pointers” to Lambda function versions.
Aliases
We can define a “dev,” “test,” “prod” aliases and have them point to different lambda versions. Used for blue/green deployment
What is the Lambda environment variable size limit?
4 KB
What is the max Lambda memory allocation?
3008 MB (3 GB)
lowest is 128 MB, 64 MB increments
What is the max Lambda function deployment size (compressed .zip)?
50 MB
What is the max Lambda function uncompressed deployment size (code + dependencies)?
250 MB
You are looking to invoke an AWS Lambda function every hour (similar to a cron job) in a serverless way. Which event source should you use for your AWS Lambda function?
CloudWatch Events
Which services require an event source mapping?
DynamoDB Streams
Kinesis Streams
SQS
To process items from a stream or queue, you can create an event source mapping. An event source mapping is a resource in Lambda that reads items from an Amazon SQS queue, an Amazon Kinesis stream, or an Amazon DynamoDB stream, and sends them to your function in batches. Each event that your function processes can contain hundreds or thousands of items.
