Lambda

Question 1

Lambda: Synchronous Inovacation

Answer 1

Use an ALB to call the lambda function

Question 2

Lambda@Edge

Answer 2

• Synchronous Invocation of Lambda
• More responsive applications
• You don’t manage servers; lambda is deployed globally
• Customize the CDN content
• Pay only for what you use

Question 3

Lambda@Edge CloudFront Requests and Responses

Answer 3

• After CloudFront receives the request from a viewer
• Before CloudFront forwards the request to the origin
• After CloudFront receives the response from the origin
• Before CloudFront forwards the response to the viewer

Question 4

Lambda - Destinations

Answer 4

• Asynchronous invocation
• AWS recommends to use destinations instead of DLQ
• Event Source Mapping
  
  • SQS
  • SNS
• you can send events to a DLQ directly for SQS

Question 5

Lambda Execution Role

Answer 5

• Grants the Lambda Function permissions to AWS Services/ Resources
• lambda uses execution roles use event source mappings to invoke the lambda function
• Best Practice: create one Lambda Execution role per function

Question 6

Lambda Managed Policies

Answer 6

• LambdaBasicExecutionRole
• LambdaKinesisExecutionRole
• LambdaDynamoDBExecutionRole
• LambdaSQSQueueExecutionRole
• LambdaVPCAccessExecutionRole
• XRayDaemonWriteAccess - upload trace data to X-Ray

Question 7

Lambda Resource Bases Policies

Answer 7

• resource-based polices gives other accounts and AWS services permission to use your lambda resources
• similar to S3 bucket policies for S3 bucket

Question 8

Lambda: Logging CloudWatch Logs

Answer 8

• execution logs are stored in CloudWatch Logs

Question 9

Lambda CloudWatch Metrics

Answer 9

• metrics displayed in CW Metrics
• invocations, duration, concurrent executions
• Error count, success rates, throttles
• Async Delivery failures
• iteration Age (Kinesis & DynamoDB Streams)

Question 10

Lambda Tracing with X-Ray

Answer 10

• enable lambda configuration
• runs the x-ray daemon for you
• use x-ray SDK in code
• AWSXRayDaemonWriteAccess Execution role

Question 11

Lambda X-Ray Environment Variables

Answer 11

• _X_AMZN_TRACE_ID: contains the tracing hearder
• AWS_XRAY_CONTEXT_MISSING: default, LOG_ERROR
• AWS_XRAY_DAEMON_ADDRESS: X-Ray daemon IP_ADDRESS:PORT

Question 12

Lambda VPC

Answer 12

• by default Lambda function is launched outside the your own VPC
• It cannot access resources in your
  VPC
• Define VPC ID, Subnets / Security Groups
• Lambda will create and ENI in your subnet
• AWSLambdaVPCAccessExecutionRole

Question 13

Lambda VPC - Internet Access

Answer 13

• Lambda in your VPC does not have internet access
• deploying lambda function in a public subnet does not give it internet access
• deploying lambda function in a private subnet give it internet access if you have a NAT Gateway/instance
• VPC endpoints to privately access AWS Services without a NAT

Question 14

Lambda Configuration RAM

Answer 14

• from 128MB - 3008GB in 64MB increments
• the move RAM to move vCPU credits
• at 1,792MB = 1 full vCPU
• after 1792MB you get move then one CPU you need to use multi threading
• Computation Heavy, increase RAM
• Time-out: default 3 seconds, max is 900 seconds (15 minutes)

Question 15

Lambda Execution Context

Answer 15

• temporary runtime environment that initialized any external dependencies of your lambda code
• great for DB connections, HTTP clients, SDK
• maintained for some time in anticipation of another invocation
• next invocation and “re-use” the context
• includes the /tmp directory

Question 16

Lambda /tmp space

Answer 16

• need to download files
• needs disk space
• Max size 512MB
• remains when execution context is frozen
• for permanent file storage use S3

Question 17

Lambda Concurrency

Answer 17

• limit up to 1000 concurrent executions
• throttling errors (429) and system errors (500-series
• retry interval increases exponentially from 1 second to 5 min
• Concurrency limit applies to all the functions of the account

Question 18

Lambda: Cold Start

Answer 18

• Provisioned Concurrency
  
  • concurrently is allocated before the function is invoked
  • ASG can manage concurrency

Question 19

Lambda: Layers

Answer 19

• custom runtimes like C++ and Rust

- externalize dependencies to re-use them

Question 20

Lambda: CodeDeploy

Answer 20

Linear: grow traffic every N minutes
Canary: try X percentage then 100%
AllAtOnce: immediate

Question 21

Lambda: Limits Per-Region: Execution

Answer 21

• Memory Allocation: 128MB - 300MB
• Max execution: 900 seconds (15min)
• Environment Variables (4KB)
• Disk capacity /tmp 512MB

Question 22

Lambda Limits: Deployment

Answer 22

• function size 50MB .zip
• uncompressed 250MB
• environment variable 4KB

Question 23

Lambda: Best Practices

Answer 23

• heavy duty work outside function handler
• use environment variables: dB connections, s3 bucket
• minimize deployment package sizes
• avoid recurszie code, never have a lambda code calling itself.

Question 24

Lambda Authorizer

Answer 24

An API GW Lambda Authorizer is a lambda function that you provide to control access to your API

• uses bearer token Auth or OAuth or SAML