Lambda Flashcards
What programming languages are supported by Lambda?
Python Node.js C# Go Java Ruby Powershell Custom Runtime API Lambda Container Image - Must implement the lambda runtime API - Don’t run any container that does not use the lambda runtime api
How can a lambda function be invoked?
Synchronously and Asynchronously
What defines Lambda Synchronous invocation?
Called by e.g. SDK, CLI, API Gateway, or an ALB.
Result is retuned rightaway.
Error handling happens on client side
Which services call lambda synchronously?
User invoked:
CLoudFront@Edge
ALB
API Gateway
S3 batch
Service invoked:
Cognito
Step functions
Other services:
Alexa
Lex
Kinesis Data Firehose
How can Lambda be exposed to the internet?
ALB & API Gateway
How does Client to ALB to Lambda work?
CLient sends http-request that ALB picks up.
ALB transforms the http-request into json that is readable by lambda. Especially each querystring will appear in the json document.
Lambda then sends it json response to the ALB.
The ALB transforms the json back to http and sends it to the client.
What are ALB multi-header values and how to enable them?
The http request contains multiple querystrings with the same key.
Then the http headers and the querystrings will be converted to an array in the json send to lambda.
This setting has to enabled on ALB side.
What is Lambda@edge?
Enables to deploy lambda globally alongside a CloudFront distribution.
Why use Lmabda@edge?
more responsive apps
globally deployed
customize CDN content
pay for what you use
What CLoudFront requests and responses can be modified by lambda?
viewer(client) request
viewer response
origin(lambda) request
origin response
What defines Lambda Asynchronous invocation?
Called by e.g. SNS, S3, CLoudWatch Events, codecommit, codepipeline, cloudformation, config
Events are placed in an event queue
3 retries on failures
indempotent processing
SNS or SQS can be defined as dead letter queue (permission required)
better if we don’t need to wait for the result
some services can only call asynchronously
WHich services utilize lambda event source mapping?
Kinesis Data Stream
SQS & SQS fifo stream
dynamodb streams
function is invoked synchronuosly
UNDERSTAND IN PROPERLY
What is lambda destinations?
DO NOT UNDERSTAND
What role do roles play in lambda invocations?
DO NOT ASK ME - NO CLUE
Lambda - Logging & Montoring
CloudWatch Logs:
Stores lambda execution logs
Requires lambda function to assume role with IAM policy that authorizes writing cloudwatch logs
CLoudWatch Metrics:
Invocations, durations, concurrent exeutions
error count, success rate, throttles
async delivery failures
iterator age (Kinesis & dynamodb streams)
How to use tracing with Lambda?
Lambda Tracing with X-Ray:
enable in lambda configuration (Active Tracing)
Use X-Ray SDK in code
Ensure Lambda has service role with policy called AWSxraydaemonwriteaccess
env vars to communicate with x ray:
_X_AMZN_TRACE_ID: contains tracing header
AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR
AWS_XRAY_DAEMON_ADDRESS: the x ray daemon IP_ADDRESS_PORT
Who “owns” the VPC that lambda runs on?
AWS, not we.
THerefore, it cannot access resources in our VPC.
Can Lambda be deployed to our VPC?
Yes, define VPC ID, subnets, and security groups.
Lambda will create an ENI in our subnets.
Managed Policy AWSLambdaVPCAccessExecutionRole – Permission to manage elastic network interfaces to connect your function to a virtual private cloud (VPC) is required
Deploying a lambda function to a public subnet surely makes the function publicly accessable, right?
No.
Instead, deploy the lambda function to a private subnet and give it access to an NAT Gateway Instance that itself is deployed in a public subnet
Also, we can configure a VPC endpoint in the private subnet, such that lmabda can communicate with all AWS resources in my VPC (VPCs?)
Lambda Function Configuration
RAM:
From 128 MB to 3008 MB in 64 MB increments
vCPU credits automatically increase with chosen RAM
At 1792 MB, we get 1 vCPU
After 1792 MB RAM the code has to make use of multi-threading to benefit from more vCPU
TImeOut:
Default 3 secs, max 900 secs (15 min)
What is the Lambda Execution Context?
Execution context is a temporary runtime environment that initializes any external dependencies of our lambda code.
Great for db connections, http clients and SDK clients
If another lambda function is called again quickly enough, then the execution context can be re-used, improving performance.
Execution context includes the /tmp directory. 512 MB, good for downloads or code execution. Same /tmp folder remains if execution context is re-invoked (transient cache)
Put anything that takes time to initialize outside of the function handler
Lambda Concurrency and Threading
Up to 1000 concurrent executions (Support TIcket for more).
Use “reserved concurrency” to limit the number of concurrent executions.
After that limit Throttling is invoked.
Throttle behaviour:
Synchronous invocation: ThrottleError 429
Asynchronous invocation: auto retry and then DLQ
Does the Lambda concurrency limit apply to all function in my account?
YES.
What are Cold Start and Provisioned Concurrency?
Cold Start:
First request served by new instances has higher latency (Improved a lot though since fall 2019).
If init is large, e.g.
Provision Concurrency:
Concurrency is allocated before the function is invoked.
All requests have low latency
Application Auto Scaling can manage concurrency (target and scheduled)
Checkout provisioned vs reserved concurrency
How to get external code dependencies into Lambda (like pip)?
Install the packages (where?) zip them and upload them to Lambda
50 MB max otherwise use S3
AWS SDK exists by default, however e.g. AWS X Ray SDK does not
How to define Lambda in CloudFormation?
Inline as a Resource:
CodeZipFile-propety must be used for the code, but external libraries cannot be imported that way.
Through S3:
For that upload lambda zip to S3 and reference S3-location with Code-property. Lambda function is still a resource.
What is possible with Lambda Layers?
Custom Runtimes:
C++
Rust
Externalize dependencies and re-use them:
Hard drive heavy dependencies can be put into layers, which are then referenced by the lambda function, keeping the function itself lightweight.
What are Lambda Container Images?
Deploy Lambda Functions as Container Images up to 10 gigs in ECR
COntainer’s base images HAS to use a Lambda Runtime API
COntainer can be tested locally using the Lambda Runtime Interface Emulator
How do Lambda Versions work?
Working version if referred to as $LATEST (mutable).
First published version is V1 (immutable)
Each version has their own ARN
BUT, what if we want to provide a stable endpoint?
Use Aliases, which can be pointed to specific version. Aliases are mutable.
Aliases enable Green/Blue deployment, e.g. PROD-alias points 90% to V2 and 10% to V3.
Aliases also have their own ARNs
Lambda and CodeDeploy
CodeDeploy can help with traffic shift to Aliases.
Feature is integrated with SAM framework
Linear & Canary & AllAtOnce
Lambda Limits per region:
Execution:
Memory allocation: 128 MB to 10 GB (64 MB increments)
Maximum Execution Time: 900 secs aka 15 min
Env Vars: 4kb
Disk capacity: 512 mb in /tmp
1000 concurrent execs
Deployment:
Lambda deployment size (zip): 50 mb
Env vars: 4 kb
Size of uncompressed deployent code with dependencies: 250 mb
Use /tmp folder’s 512 mb for big externals