Lambda Flashcards
1
Q
Lambda: Synchronous Inovacation
A
Use an ALB to call the lambda function
2
Q
Lambda@Edge
A
- Synchronous Invocation of Lambda
- More responsive applications
- You don’t manage servers; lambda is deployed globally
- Customize the CDN content
- Pay only for what you use
3
Q
Lambda@Edge CloudFront Requests and Responses
A
- After CloudFront receives the request from a viewer
- Before CloudFront forwards the request to the origin
- After CloudFront receives the response from the origin
- Before CloudFront forwards the response to the viewer
4
Q
Lambda - Destinations
A
- Asynchronous invocation
- AWS recommends to use destinations instead of DLQ
- Event Source Mapping
- SQS
- SNS
- you can send events to a DLQ directly for SQS
5
Q
Lambda Execution Role
A
- Grants the Lambda Function permissions to AWS Services/ Resources
- lambda uses execution roles use event source mappings to invoke the lambda function
- Best Practice: create one Lambda Execution role per function
6
Q
Lambda Managed Policies
A
- LambdaBasicExecutionRole
- LambdaKinesisExecutionRole
- LambdaDynamoDBExecutionRole
- LambdaSQSQueueExecutionRole
- LambdaVPCAccessExecutionRole
- XRayDaemonWriteAccess - upload trace data to X-Ray
7
Q
Lambda Resource Bases Policies
A
- resource-based polices gives other accounts and AWS services permission to use your lambda resources
- similar to S3 bucket policies for S3 bucket
8
Q
Lambda: Logging CloudWatch Logs
A
- execution logs are stored in CloudWatch Logs
9
Q
Lambda CloudWatch Metrics
A
- metrics displayed in CW Metrics
- invocations, duration, concurrent executions
- Error count, success rates, throttles
- Async Delivery failures
- iteration Age (Kinesis & DynamoDB Streams)
10
Q
Lambda Tracing with X-Ray
A
- enable lambda configuration
- runs the x-ray daemon for you
- use x-ray SDK in code
- AWSXRayDaemonWriteAccess Execution role
11
Q
Lambda X-Ray Environment Variables
A
- _X_AMZN_TRACE_ID: contains the tracing hearder
- AWS_XRAY_CONTEXT_MISSING: default, LOG_ERROR
- AWS_XRAY_DAEMON_ADDRESS: X-Ray daemon IP_ADDRESS:PORT
12
Q
Lambda VPC
A
- by default Lambda function is launched outside the your own VPC
- It cannot access resources in your
VPC - Define VPC ID, Subnets / Security Groups
- Lambda will create and ENI in your subnet
- AWSLambdaVPCAccessExecutionRole
13
Q
Lambda VPC - Internet Access
A
- Lambda in your VPC does not have internet access
- deploying lambda function in a public subnet does not give it internet access
- deploying lambda function in a private subnet give it internet access if you have a NAT Gateway/instance
- VPC endpoints to privately access AWS Services without a NAT
14
Q
Lambda Configuration RAM
A
- from 128MB - 3008GB in 64MB increments
- the move RAM to move vCPU credits
- at 1,792MB = 1 full vCPU
- after 1792MB you get move then one CPU you need to use multi threading
- Computation Heavy, increase RAM
- Time-out: default 3 seconds, max is 900 seconds (15 minutes)
15
Q
Lambda Execution Context
A
- temporary runtime environment that initialized any external dependencies of your lambda code
- great for DB connections, HTTP clients, SDK
- maintained for some time in anticipation of another invocation
- next invocation and “re-use” the context
- includes the /tmp directory
