Lambda

Question 1

What is Serverless?

Answer 1

• Serverless is a new paradigm in which the developers don’t have to manage servers anymore…
• They just deploy code
• They just deploy… functions!
• Initially… Serverless == FaaS (Function as a Service)
• Serverless was pioneered by AWS Lambda but now also includes anything that’s managed: “databases, messaging, storage, etc.”
• Serverless does not mean there are no servers… it means you just don’t manage / provision / see them

Question 2

What are the Serverless services in AWS?

Answer 2

• AWS Lambda
• DynamoDB
• AWS Cognito
• AWS API Gateway
• Amazon S3
• AWS SNS & SQS
• AWS Kinesis Data Firehose
• Aurora Serverless
• Step Functions
• Fargate

Question 3

What platform is not for Lambda?

Answer 3

Docker

Question 4

Apart from the supported programming languages by Lambda, what else can you do?

Answer 4

Custom Runtime API (community supported, example Rust)

Question 5

What is Lambda pricing by call?

Answer 5

Pay per calls:
o First 1,000,000 requests are free
o $0.20 per 1 million requests thereafter ($0.0000002 per request)

Question 6

What is Lambda pricing by duration?

Answer 6

Pay per duration: (in increment of 100ms, round up)
o 400,000 GB-seconds of compute time per month if FREE
o == 400,000 seconds if function is 1GB RAM
o == 3,200,000 seconds if function is 128 MB RAM
o After that $1.00 for 600,000 GB-seconds

Question 7

How is calculated the duration of your Lambda?

Answer 7

To the nearest multiple of 100 ms, rounded up. This means that if your function ran in 1 ms you are billed for 100 ms

Question 8

What is the Lambda Handler?

Answer 8

Handler = name of the file + “.” + name of the function

Question 9

What is Lambda Execution Role?

Answer 9

A role to interact with the necessary services, it should allow you at least to upload logs to CloudWatch logs because each function invocation will create a new log stream in CloudWatch

Question 10

What is best practice regarding to Lambda functions and the Role executions?

Answer 10

It is best practice to maintain 1 role per function.

Question 11

How are Lambda invocations?

Answer 11

Sync and Asyc

Question 12

What are the main service that invoke Lambda sync?

Answer 12

o	ALB
o	API Gateway
o	CloudFront (Lambda@Edge)
o	CLI
o	SDK
o	Cognito
o	Step Functions

Question 13

How can you expose a Lambda function as an HTTP(S) endpoint?

Answer 13

Using an ALB or API Gateway

Question 14

What you must do to expose Lambda as an HTTP(S) endpoint using ALB?

Answer 14

The Lambda function must be registered in a target group

Question 15

What particularity has ALB health checks for Lambda?

Answer 15

Health checks if enabled count as a Lambda function request

Question 16

How is the comunication between the ALB and Lambda?

Answer 16

HTTP request is translated to JSON

Question 17

What is the main information sent by an ALB to Lambda?

Answer 17

• ELB information
• HTTP method
• Path
• Query String Params (Key/Value)
• Headers (Key/Value)
• Body (for POST, PUT…)
• isBase64Encoded (flag)

Question 18

What is the main information sent by Lambda to an ALB?

Answer 18

• Status Code
• Description
• Headers (Key/Value)
• Body
• isBase64Encoded (flag)

Question 19

What is ALB multi-header setting?

Answer 19

/path?name=foo&name=bar

Question 20

What happens when you enable ALB multi-headers in Lambda?

Answer 20

When you enable multi-headers, HTTP headers and query string parameters that are sent with multiple values are shown as arrays within the AWS Lambda event and response objects

Question 21

What is Lambda@Edge?

Answer 21

Run a global AWS Lambda alongside your CDN

Question 22

What is useful for Lambda@Edge?

Answer 22

You can use Lambda to change CloudFront requests and responses:
o After CloudFront receives a request from a viewer (viewer request)
o Before CloudFront forwards the request to the origin (origin request)
o After CloudFront receives the response from the origin (origin response)
o Before CloudFront forwards the response to the viewer (viewer response)
You can also generate responses to viewers without ever sending the request to the origin

Question 23

What are Lambda@Edge use cases?

Answer 23

Lambda@Edge: Use Cases
•	Website Security and Privacy
•	Dynamic Web Application at the Edge
•	Search Engine Optimization (SEO)
•	Intelligently Route Across Origins and Data Centers
•	Bot Mitigation at the Edge
•	Real-time Image Transformation
•	A/B Testing
•	User Authentication and Authorization
•	User Prioritization
•	User Tracking and Analytics

Question 24

What are the main services that invoke Lambda async?

Answer 24

• S3 Event Notifications
• SNS
• CloudWatch Events / EventBridge
• CodeCommit (CodeCommit Trigger: new branch, new tag, new push)
• CodePipeline (invoke a Lambda function during the pipeline, Lambda must callback)

Question 25

Where are async calls placed in Lambda?

Answer 25

The events are placed in an Event Queue

Question 26

What happens when Lambda fails processing an async call?

Answer 26

Lambda attempts to retry on errors 3 times

o 1-minute wait after 1st, then 2 minutes wait

Question 27

How can you realize that Lambda has retryied an async call?

Answer 27

If the function is retried, you will see duplicate logs entries in CloudWatch Logs with the same request id

Question 28

What you need to make sure in your Lambda function to handle retries successfuly?

Answer 28

Make sure the processing is idempotent, that way in case of retries the result is the same

Question 29

What can you use for failed async invoked Lambda functions?

Answer 29

Can define a DLQ (dead-letter queue) – SNS or SQS – for failed processing (need correct IAM permissions)

Question 30

What you must use from the CLI when invoking a Llambda function async?

Answer 30

From the CLI you must use –invocation-type Event

Question 31

What is the response received in the CLI when invoking a Lambda function async?

Answer 31

the response StatusCode will be 202, synonym of asynchronous invocation

Question 32

What you need to do in EventBridge to async invoke a Lambda function?

Answer 32

You need to create a rule and define an Event pattern or a Schedule

Question 33

What services do Lambda polls records from them?

Answer 33

• Kinesis Data Streams
• SQS & SQS FIFO queue
• DynamoDB Streams

Question 34

What is used by Lambda to poll records?

Answer 34

Event Source Mapping

Question 35

How is your Lambda function invoked by the Lambda Event Source Mapping?

Answer 35

Your Lambda function is invoked synchronously

Question 36

How does work the Lambda Event Source Mapping with Kinesis?

Answer 36

An event source mapping creates an iterator for each shard, processes items in order.
Start with new items, from the beginning or from timestamp

Question 37

What happens to items in a kinesis stream that were read by the Lambda Event Source Mapping?

Answer 37

Processed items aren’t removed from the stream (other consumers can read them)

Question 38

What can you do if the traffic in Kinesis is low and a Lambda Event Source Mapping is poling it?

Answer 38

Use batch window to accumulate records before processing.

Question 39

How is error handling in Lambda when polling data from streams?

Answer 39

By default, if your function returns an error, the entire batch is reprocessed until the function succeeds, or the items in the batch expire

Question 40

What does Lambda do to ensure in order processing while polling data from streams?

Answer 40

To ensure in-order processing, processing for the affected shard is paused until the error is resolved

Question 41

How can you configure the Lambda Event Source Mapping for error handling?

Answer 41

o discard old events
o restrict the number of retries
o split the batch on error (to work around Lambda timeout issues)

Question 42

Where can discarded events by the Lambda Event Source Mapping go?

Answer 42

to a Destination

Question 43

How would Lambda Event Souce Mapping poll from SQS and SQS FIFO?

Answer 43

Using Long Polling, specifying a batch size in the range (1-10)

Question 44

What is the recommended visibility timeout for SQS when a Lambda Event Source Mapping is polling from it?

Answer 44

Set the queue visibility timeout to 6x the timeout of your Lambda function

Question 45

What is the best option to use if you need a DLQ while polling data from SQS using a Lambda Event Source Mapping?

Answer 45

To use a DLQ set-up on the SQS queue, not Lambda (DLQ for Lambda is only for async invocations) or use a Lambda destination for failures

Question 46

How does Lambda scale while reading SQS queues?

Answer 46

• Up to the number of active message groups. Messages with the same GroupID will be processed in order
• Lambda scales up to process a standard queue as quickly as possible, up to 1000 batches of messages processed simultaneously

Question 47

What could happen occasionally in the Lambda Event Source Mapping while polling SQS even if no function error occurred?

Answer 47

Occasionally, the event source mapping might receive the same item from the queue twice, even if no function error occurred

Question 48

How does Lambda scale when polling stream shards?

Answer 48

o One Lambda invocation per stream shard

o If you use parallelization, up to 10 batches processed per Shard simultaneously

Question 49

What is recommended to use over Lambda DLQs?

Answer 49

AWS recommends you use destinations instead of DLQ now (but both can be used at the same time).

Question 50

What is the difference between Lambda destinations and Lambda DLQs?

Answer 50

Lambda destinations provide several destinations and you can send your successful events as well

Question 51

How are used Lambda destinations for async invocations?

Answer 51

can define destinations for successful and failed processing events:
o	Amazon SQS
o	Amazon SNS
o	AWS Lambda
o	Amazon EventBridge bus

Question 52

How are used Lambda destinations for Event Source Mappings?

Answer 52

for discarded event batches
o Amazon SQS
o Amazon SNS
Note: you can send events to a DLQ directly from SQS when using Event Source Mapping

Question 53

What is the Lambda Execution Role?

Answer 53

Grants the Lambda function permissions to AWS services / resources.
When you use an event source mapping to invoke your function, Lambda uses the execution role to read event data

Question 54

What are main managed policies for Lambda Execution Role?

Answer 54

o AWSLambdaBasicExecutionRole – Upload logs to CloudWatch.
o AWSLambdaKinesisExecutionRole – Read from Kinesis
o AWSLambdaDynamoDBExecutionRole – Read from DynamoDB Streams
o AWSLambdaSQSQueueExecutionRole – Read from SQS
o AWSLambdaVPCAccessExecutionRole – Deploy Lambda function in VPC
o AWSXRayDaemonWriteAccess – Upload trace data to X-Ray.

Question 55

What is best practice for Lambda Execution Role?

Answer 55

create one Lambda Execution Role per function

Question 56

What are Lambda Resource Based Policies?

Answer 56

Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources
• Similar to S3 bucket policies for S3 bucket

Question 57

How can you adjust your Lambda function behavior without updating code?

Answer 57

Using Lambda Environment Variables

Question 58

What can you do with secrets in Lambda?

Answer 58

Use environment variables to store secrets (encrypted by KMS). Secrets can be encrypted by the Lambda service key, or your own CMK

Question 59

What you need to do to to make sure that Lambda logs are stored?

Answer 59

o AWS Lambda execution logs are stored in AWS CloudWatch Logs
o Make sure your AWS Lambda function has an execution role with an IAM policy that authorizes writes to CloudWatch Logs

Question 60

Where are Lambda metrics available?

Answer 60

In CloudWatch Metrics

Question 61

How can you integrate X-Ray to lambda?

Answer 61

Enabling it in the Lambda Configuration (Active Tracing)

Question 62

How can you write traces to X-Ray from your Lambda function?

Answer 62

• Use AWS X-Ray SDK in Code

* Ensure Lambda Function has a correct IAM Execution Role

Question 63

What are the environment variables used by Lambda to communicate with X-Ray?

Answer 63

o _X_AMZN_TRACE_ID: contains the tracing header
o AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR
o AWS_XRAY_DAEMON_ADDRESS: the X-Ray Daemon IP_ADDRESS:PORT (most important)

Question 64

Where are my Lambda functions launched?

Answer 64

• By default, your Lambda function is launched outside your own VPC (in an AWS-owned VPC)
• Therefore, it cannot access resources in your VPC (RDS, ElastiCache, internal ELB…)

Question 65

What you need to do to communicate i.e. with a RDS DB in a VPC from your Lambda?

Answer 65

You must define the VPC ID, the Subnets and the Security Groups

Question 66

What happens to a Lambda function in a public subnet?

Answer 66

does not have internet access

Question 67

What you must do to provide internet access to a Lambda function in a VPC?

Answer 67

Deploying a Lambda function in a private subnet gives it internet access if you have a NAT Gateway / Instance

Question 68

What can Lambda use to privately access AWS services?

Answer 68

You can use VPC endpoints to privately access AWS services without a NAT

Question 69

What is RAM in Lambda?

Answer 69

From 128MB to 3,008MB in 64MB increments

Question 70

How can you add vCPU to your Lambda?

Answer 70

By adding RAM

Question 71

At how much RAM does your Lambda have 1 vCPU?

Answer 71

o At 1,792 MB, a function has the equivalent of one full vCPU
o After 1,792 MB, you get more than one CPU, and need to use multi-threading in your code to benefit from it

Question 72

What is Lambda timeout value?

Answer 72

default 3 seconds, maximum is 900 seconds (15 minutes)

Question 73

What is the Lambda execution context?

Answer 73

The execution context is a temporary runtime environment that initializes any external dependencies of your lambda code

Question 74

What is great for the Lambda execution context?

Answer 74

Great for database connections, HTTP clients, SDK clients…

Question 75

How does work the Lambda execution context?

Answer 75

• The execution context is maintained for some time in anticipation of another Lambda function invocation
• The next function invocation can “re-use” the context to execution time and save time in initializing connections objects
• The execution context includes the /tmp directory

Question 76

What is max size allowed in Lambda tmp directory?

Answer 76

512 MB

Question 77

What can be used for the tmp directory in Lambda?

Answer 77

• If your Lambda function needs to download a big file to work…
• If your Lambda function needs disk space to perform operations…

Question 78

What can you use for permanent persistence of object in Lambda?

Answer 78

S3

Question 79

What is Lambda concurrency limit?

Answer 79

1000. The limit is shared by all your functions in the region, so no matter how many applications are using your lambda function. If one application reaches the limit, the other applications will throttle.

Question 80

What is Lambda Throttle behavior?

Answer 80

Throttle behavior:
o If synchronous invocation => return ThrottleError - 429
o If asynchronous invocation => retry automatically and then go to DLQ

Question 81

What you need to do if you need to go over your Lambda limits?

Answer 81

open a support ticket

Question 82

What can you set about concurrency at the function level?

Answer 82

A reserved concurrency

Question 83

What can you set about concurrency at the function level?

Answer 83

A reserved concurrency

Question 84

What is done by Lambda if the function does not have enough concurrency available for async invocations?

Answer 84

• If the function doesn’t have enough concurrency available to process all events, additional requests are throttled.
• For throttling errors (429) and system errors (500-series), Lambda returns the event to the queue and attempts to run the function again for up to 6 hours.

Question 85

What is the retry policy used by Lambda?

Answer 85

The retry interval increases exponentially from 1 second after the first attempt to a maximum of 5 minutes

Question 86

What is Lambda Cold Start?

Answer 86

First request served by new instances has higher latency than the rest. If the init is large (code, dependencies, SDK…) this process can take some time.

Question 87

What is Provisioned Concurrency?

Answer 87

o Concurrency is allocated before the function is invoked (in advance)
o So, the cold start never happens and all invocations have low latency

Question 88

What can you do if your Lambda function depends on external libraries?

Answer 88

You need to install the packages alongside your code and zip it together
• Native libraries work: they need to be compiled on Amazon Linux
• AWS SDK comes by default with every Lambda function

Question 89

How can you define Lambda functions in CloudFormation?

Answer 89

• Inline

- Through S3

Question 90

What property is used in CloudFormation for defining inline Lambda function?

Answer 90

Use the Code.ZipFile property

Question 91

What can’t you include in CloudFormation defined Lambda function?

Answer 91

You cannot include function dependencies with inline functions

Question 92

Hoes does work CloudFormation defined Lambda functions thorugh S3?

Answer 92

• You must store the Lambda zip in S3
• You must refer the S3 zip location in the CloudFormation code
• S3Bucket
• S3Key: full path to zip
• S3ObjectVersion: if versioned bucket

Question 93

What might happen if you update the code of a Lambda function in S3 that is referenced by CloudFormation?

Answer 93

If you update the code in S3, but don’t update S3Bucket, S3Key or S3ObjectVersion, CloudFormation won’t update your function

Question 94

How can you use a Lambda Custom Runtime?

Answer 94

Using Lambda Layers

Question 95

What is a Lambda Layer?

Answer 95

Externalize Dependencies to re-use them:

Question 96

What caracteristic have Lambda Versions?

Answer 96

• immutable
• increasing version numbers
• own ARN

Question 97

What are Lambda Aliases?

Answer 97

• Aliases are ”pointers” to Lambda function versions

* We can define a “dev”, ”test”, “prod” aliases and have them point at different lambda versions

Question 98

What caracteristic have Lambda Aliases?

Answer 98

• mutable

- own ARN

Question 99

What enables Lambda Aliases?

Answer 99

• Aliases enable Blue / Green deployment by assigning weights to lambda functions
• Aliases enable stable configuration of our event

Question 100

What cannot do Lambda Aliases?

Answer 100

reference aliases

Question 101

What can help you to automate traffic shift for Lambda Aliases?

Answer 101

CodeDeploy deployment configurations

Question 102

What CodeDeploy deployment configurations are integrated with Lambda?

Answer 102

• Linear
• Canary
• AllAtOnce

Question 103

How does work CodeDeploy Linear configuration?

Answer 103

grow traffic every N minutes until 100%
o Linear10PercentEvery3Minutes
o Linear10PercentEvery10Minutes

Question 104

How does work CodeDeploy Canary configuration?

Answer 104

try X percent then 100%
o Canary10Percent5Minutes
o Canary10Percent30Minutes

Question 105

How does work CodeDeploy AllAtOnce configuration?

Answer 105

immediate

Question 106

What can you do to check the health of a Lambda function deployed using CodeDeploy?

Answer 106

Can create Pre & Post Traffic hooks to check the health of the Lambda function

Question 107

What is the max size of Environment Variables in Lambda?

Answer 107

4 KB

Question 108

What is the max size of Lambda zip file?

Answer 108

50 MB

Question 109

What is the max size of Lambda uncompressed deployment (code + dependencies)?

Answer 109

250 MB

Question 110

What you must avoid in Lambda functions code?

Answer 110

recursive code

Question 111

What does Lambda do when you specify the VPC configuration?

Answer 111

• Lambda will create an ENI (Elastic Network Interface) in your subnets
• Your Lambda function needs AWSLambdaVPCAccessExecutionRole

Question 112

What else you need to do to access RDS from your Lambda besides specifying the VPC configuration?

Answer 112

RDS security group must allow access from Lambda Security Group