Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS DEV > LAmbda > Flashcards

LAmbda Flashcards

1
Q

Lambda Execution Context

TMP Space

A

Large files can be written into a /tmp space, max is 512MB. These files can be used for multiple invocations.
Permeant persistence should be S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How Throttling helps Lambda Concurrency ThrottlingReserved

A

QOS for lambda functions, limited bandwidth between different use bases. Multiple functions will use the same bandwith of concurrency limit, so if one function uses all 1000, like a ALB, then other items will be sluggish or be throttled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Concurrency : Asnychronous

A

ExampleS3 Bucket upload triggering a Lambda Function, more than 1000 that occur will cause a error. Attempt to retry for 6 hoursretry interval goes from 1 second to 5 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lambda Tracing
1 _X_AMZN_TRACE_ID
2 AWS_XRAY_CONTENT_MISSING
3 AWS_XRAY_DAEMON_ADDRESS

A

environment variables to communicate with XRAYENABLE ACTIVE TRACING IN XRAY SECTION TO ALLOW

1 Containing tracing header
2 Log_error
3 XRAY daemon ip addressport

Policy and permissions:

happens automatically after enable active tracing.

in execution role
Xray:
PuttracesegmentsXray
PuttelemertrySegments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Lambda Access VPC, normally outside, can be done inside a VP

A

Lambda must be made in VPC
1. Define VPC ID, subnet and security group-Lamda will have its own ENI interface inside a subnet

  1. Lambda enters via ENI
  2. Need AWSLambdaExecutionRole
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lambda and Internet access

A 
Default, no internet access
Need Permissions to create ENI, Policy: 
AWSlambdaENIManagmentAccess::
ec2:Createnetworkinterface
ec2:describenetworkinterface
ec2:deletenetworkinterfaceDeploy in Public subnet,

will not give it internet access or a public IP. NEEDS TO BE DEPLOYED IN PRIVATE SUBNET WITH A NAT GATEWAY OR INSTANCE

Lambda must be placed in private subnet, can be routed online via a NAT gateway which needs to be located in separate public subnet

Public resources access from online, S3 or DynamoDB etc. These can be accessed via a VPC endpoint,

-S3 and Dynamo are Gateway endpoint-all others via a interface endpoint private link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lambda Function Configuration:RAM

A

Ram must be increased to get more VCPU
1792 MB ram for each VCPU
More than one VCPU needs Multi-threading

MORE CPU HEAVY PROCESSES NEED MORE RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cold start and Provision concurrency Init

A

Cold Start:
New instance, code is loaded outside handler run (init)

Initialization plus code will need to occur first at a cold start

Provisioned Concurrency helps reduce latency by creating execution environments ahead of invocations.

This combination helps to provide a consistent execution time even during special events that cause usage peaks. It also helps to optimize cost by limiting the time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Lambda Execution Context

A

Creates temporary runtime environment for any external dependencies of your code

Execution context includes /tmp directory.

Allows this runtime to be maintained to allow repeated invocations. saves time.

ALLOWS connections to be established outside handler and be used between function calls*

Top has the DB connection part of the function, to run the request each time, initiate many connections. the next allows one connection to DB to be used by many invocations.

——-def

connect to DBcall
db get itemsend

========
——–
connect to DB

def
call db get items
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Lambda Function Dependencies

DEPLOYMENT PACKAGE

A

Dependencies may be required to run code, this needs to be zipped into Lambda.

Less than 50MB goes to lambda
Else to S3

Node.js (Node_modules)
Python PIP (–target)
Java (.jar files)

Native libraries need to be compiled into AWS linux
SDK, comes by default.

in Lambda, Code entry type, Upload a Zip file
needs to be saved and wait until zip is uploaded and seen in directory tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lambda and Cloudformation

A 
Works with cloudformation
Inline:
Simple code only
Code.Zipfile property is used
Cannot use function dependancies

or Zip file and S3
Zip stored in S3
S3 Zip location must be reference in code via following parameters in cloud formation

Cloud formation parameters
S3Bucket
S3Key: Full path to Zip
S3ObjectVersion, if bucket is versioned

If you update code in S3, but do not update above, then cloud formation wont update your function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Lambda Layers

A

Custom Runtimes
C++
Rust

Externalize Dependencies
Package heavy portions of function library files into layers, that can be referenced by separate functions.

Function 1 and function 2 will both reference layer that contains heavy library file 1.**

*Layer is underneath function lambda code middle section. you will select a layer or provide one.

**ALLOWS IMPORTING CODE THAT YOU CANNOT RUN NATIVELY, USE A LAYER FOR THIS ALSO!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Lambda Versions And Aliases

A

$Latest (mutable)
V1 : Immutable

Each version get their own ARN, the version is a code and configuration. Each version and latest should be able to be accessed.

Aliases, they point to different lambda versions
EXAMPLE: Can define a Dev/Test/prod aliases and have them point to different lambda versions. These aliases are mutable!

Use case:
Blue Green deployment, allows traffic to be directed based on weight to make sure function works before full traffic switches

Own ARN
Cannot reference other aliases

LAB:

Qualifiers: show information about version and aliases
Actions: We can publish versions
Next to both we then can switch to the version we like, which is immutable.

Aliases, action can allow creation of aliases which will point to specific versions.

Blue Green deployment, Under Alias configuration, you can another version and assign a weighting on the alternative version.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cold start and Provision concurrencyInit

A

Cold Start:
New instance, code is loaded outside handler run (init)

Initialization plus code will need to occur first at a cold start

Provisioned Concurrency helps reduce latency by creating execution environments ahead of invocations.

This combination helps to provide a consistent execution time even during special events that cause usage peaks. It also helps to optimize cost by limiting the time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Lambda Reserved and Provisioned Capacity

A

How to manage bandwidth of 1000 invocations at a time.
When a function has reserved concurrency, no other function can use that concurrency. … By allocating provisioned concurrency before an increase in invocations, you can ensure that all requests are served by initialized instances with very low latency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lambda Function Dependances

A

Dependencies may be required to run code, this needs to be zipped into Lambda.

Less than 50MB goes to lambda
Else to S3

Node_modules Node.js
Python PIP –target
Java .jar files

Native libraries need to be compiled into AWS linux
SDK, comes by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Lambda and Cloudformation

A 
Works with cloudformation
Inline:
Simple code only
Code.Zipfile property is used
Cannot use function dependancies

or Zip file and S3
Zip stored in S3
S3 Zip location must be reference in code via following terms

S3Bucket
S3Key: Full path to Zip
S3ObjectVersion, if bucket is versioned

If you update code in S3, but do not update above, then cloud formation wont update your function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Lambda Layers

A

Custom Runtimes
C++
Rust

Externalize Dependencies
Package heavy portions of function library files into layers, that can be referenced by separate functions.

Function 1 and function 2 will both reference layer that contains heavy library file 1.**

*Layer is underneath function lambda code middle section. you will select a layer or provide one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Lambda Versions And Aliases

A

$Latest (mutable)
V1 : Immutable

Each version get their own ARN, the version is a code and configuration. Each version and latest should be able to be accessed.

Aliases, they point to different lambda versions
EXAMPLE: Can define a Dev/Test/prod aliases and have them point to different lambda versions. These aliases are mutable!

Use case:
Blue Green deployment, allows traffic to be directed based on weight to make sure function works before full traffic switches

Own ARN
Cannot reference other aliases

20
Q

LAMBDA integration main ones

A 
API gateway
Kinesis
DynamoDB
S3
Cloudfront
Cloudwatch events eventbridge
Cloudwatch logs
SNS
SQS 
cognito
21
Q

LAMBDA PRICE

A

Per Call
first million free
.20$ per first million, then very small per

Per duration
400K GB/s Free
meaning 800k for 500mb ram etc

after its 1.00 for 600kGB/s

22
Q

Lambda SYNCHRONOUS INVOCATION

origins

A

Origin
CLI, SDK, API gateway, Application Load balance

Results are returned right away
Error handling must happen at client side
- retry, exponential backoff, etc. Client takes onus

SDK: Invoke lambda, LAMBDA: responds back

23
Q

Lambda SYNCHRONOUS INVOCATION SERVICES
User invoked:
Service invoked
Other services

A 
User invoked:
s3 Batch
Elastic Load balance
API gateway
Cloudfront (LAMBDA EDGE)

Service invoked
Cognito
Step functions

Other
LEX
ALEXA
Kinesis data firehose

24
Q

Lambda and ALB

what is it used for
where do the messages go and return back from
ALB configuration

A

SYNCHRONOUS
App load Balancer
*expose a Lambda Function as HTTPS endpoint done via 2 ways

  1. ALB / API gateway
  2. Lambda must be registered as “TARGET GROUP” for the ALB

Client: HTTPS to ALB
ALB invoke SYNC with Target group which contains lambda

25
Q

ALB to Lambda: How HTTP gets to lambda

A

SYNCHRONOUS
HTTP to JSON
*in JSON document

  1. ELB information: target group
  2. HTTP Method and Path
    Method is Get, path is lambda
  3. Query String Parameters : seen as key value pairs, each query string appears in document
  4. Headers are translated into key value pairs
  5. BODY for (post/put etc) is Base64Encoded

HTTP request to JSON
Query string/Header : Key value pair
Body: Base64 conversion

REVIEW FOR YOUR INFO ABOUT HTTPS

Method - action we need
Path - resource to be used
Query String - data to be used
Body - message

The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI

26
Q

Lambda to ALB response: How to get JSON to HTTP

A 
SYNCHRONOUS 
Information
Status code: If successful or not
Description: What the success means
Headers: Seen as key value pair, 
Information about the response/request
Body: the actual response and request

Header: Key value pair
Body: Base64 Encoded.

27
Q

Lambda, ALB multiheader values

A

SYNCHRONOUS
ALB can support multi header values
:setting on ALB can accomplish this

HTTP shows http://e.com/Path?name=foo&name=Bar
on JSON it will show
“QueryStringParameters”: “Name”:[“Foo”,”bar”]
This JSON will not go to Lambda

Thus allowing HTTP header and Query string parameters sent with multiple values to be seen as ARRAYS inside the Lambda event and response objects.

28
Q

Lambda Edge

Use cases

A 
SYNCHRONOUS 
Build responsive apps
dont manage servers deploy local
Customize CDN content
pay for usage.
29
Q 
Lambda Edge
Viewer request
origin request
origin response
viewer response

examples global application

use cases

A

SYNCHRONOUS
types of request you can change
Viewer request: going to CF
origin request: From CF to Origin
origin response: From origin to CF:
viewer response: Response from CF to client
* CAN also generate response without sending request to origin also.

Example: Global Application
HTML website has users that make: DYNAMIC API REQUEST to CF
CF will trigger Lambda function which will query DynamoDB and return data back without sending request all the way back home. BASAL ROOT GANGLION , a computer to process request locally.

Use case:
Website security and privacy
 dynamic web app at edge
search engine optimization
user tracking analytics etc
30
Q

Lambda Asynchronous Invocation

Event Queue
how many retries
Idempotent

A

Lambda Service will have the Event Queue along with lambda function

Lambda service receives request from example service : S3, these requests are held within the “EVENT QUEUE” where they will be read by “LAMBDA” . If failure does occur then it is re-read up to “THREE TIMES” . It immediately is retried, then after 1 min, then 2 mins

After repeated failures, the third failure triggers DLQ filing procedure and the message is moved outside lambda service into a DLQ, SQS/SNS is used to handle this and send a message out if needed.

  • retry will cause multiple cloudwatch logs entries
  • Make sure function is IDEMPOTENT in case of multiple retries. ( in case of retry, result is same)
31
Q

Lambda Asynchronous Invocation

SERVICES

A

Main

S3 , s3 event notifications
SNS
Cloudwatch Events, Cloudwatch EVENTS BRIDGE

alt
codecommit
codepipeline
cloudwatch logs
simple email service
cloudformation
config
IOT , IOT events.
32
Q

Lambda Integration: Asynchronous
Cloudwatch Events/ Events Bridge
two method to trigger lambda

A
  1. CRON/ Rate Job: Event Bridge rule
    Triggers lambda every one hour to perform task
  2. Codepipeline: Eventbridge Rule
    Trigger on state changes for Lambda to perform task
33
Q

Lambda Integration: Asynchronous
S3 EVENT NOTIFICATIONS
filtering
versioning

A

S3: TO SNS: FANOUT TO SQS: TO LAMBDA

S3 API

S3:ObjectCreated
S3:ObjectRemoved
S3:ObjectRestore
S3:Replication

Filter by prefix / suffix, object name filtering
–this allows only certain items to trigger event. Allowing lambda to store items in same bucket and not trigger infinitely

  • Typically deliver in seconds, may take longer
  • If you want to ensure event notification is sent after every write then enable versioning, so that one event happens and with one notification, not one event is processed twice with two notifications.
34
Q

Lambda Event Source Mapping:

Overview

Where records come from
How lambda is invoked
where is the event source mapping

A

Within Lambda service:

Event Source mapping is the Queue that polls a data stream and returns a batch of information

Sources are:
Kinesis Data streams
SQS SQS fifo
DynamoDB streams

Lambda is then INVOKED SYNCHRONOUSLY

35
Q

Streams and Lambda
Lambda Event Source Mapping

Kinesis and DynamoDB

Creation of iterator and what unit it corresponds to
How many batches total
In order in what method?

A

EVENT source mapping creates a separate iterator for each shard, processing them in order. Start with new items from beginning or a specific timestamp

Processed items ARE NOT REMOVED FROM STREAM

Record processor will process each data point on Shard based on Partition key and assign them to separate batcher per Partition key. IN ORDER PROCESSING IS PER PARTITION KEY.

Batcher groups will group data points via Partition key and each invoke a separate LAMBDA function. this allows parallel processing

10 Batches PER SHARD MAX

LOW traffic: Use batch window to accumalate records before processing

36
Q

Streams and Lambda : ERROR
Lambda Event Source Mapping

this relates to what type of event source mapping
does it stop?
why would it do so?

A

EVENT source mapping creates a separate iterator for each shard, processing them in order. Start with new items from beginning or a specific timestamp

DEFAULT:
Function returns error, ENTIRE batch is reprocessed until the function succeeds or items in batch EXPIRE

To ensure IN ORDER processing, the processing for shard is STOPPED until error resolved

RESOLUTION:
Configure event source mapping to
discard old events
restrict number of retries
SPLIT BATCH ON ERROR
37
Q

Lambda Event Source Mapping:
SQS, SQS FIFO

SQS vs Event source mapping sync vs async, which is which?
recommended visibility timeout is?
Failure paths

A

Will POLL SQS : Long poll
Batch size is 1-10Messages

Event source mapping will poll SQS and return batch items, then invoke with EVENT batch the Lambda function. this is Synchronous.

Recommended to set Queue Visibility timeout 6x longer than lambda function.

Failures:
DLQ:
This is Synchronous, not async like sqs usually is. This means that DLQ not used on event source mapping. Because DLQ needs async the dlq only can be on SQS and not the SYNC invocations of Event source mapping
Lambda destination: alternative failure path

38
Q

Queues and Lambda Event Source Mapping

Standard queue and scaling
FIFO and scaling
ACTIVE MESSAGE GROUPS

Errors
Idempotency and how many times event source mapping gets items

What happens to item in SQS queue once processed

Errored items?

A

Standard Queue: Not processed in order, lambda scales to process as quickly as possible.

FIFO: Active message groups are linked via Group ID. Scaling can occur up to the number of ACTIVE MESSAGE GROUPS

Errors: Batches are returned to queue as single items and may be processed in different grouping than original batch.

Sometimes event source mapping may receive the same item twice. even if no error occurs. BEST TO HAVE IDEMPOTENT PROCESSING: doesn’t affect situation if processed twice.

  • LAMBDA DELETES item from Queue if processed correctly
  • Source SQS queue can send to DLQ if not processed correctly.
39
Q

Lambda Event Source Mapping Scaling

A

Kinesis/ Data Streams and DynamoDB streams
One Lambda invocation per SHARD
Parallel batches, max 10 batches per Shard seperation via Partition key

SQS standard
Lambda adds 60 more instances per minute to scale
up to 1000 batches of messages processed together

SQS FIFO
Messages with same GroupID will be processed in order. “actives message group”
Lambda function scales to number of active message groups “groupID”

40
Q 
Lambda Destinations:
Sync or Async
two types of sources
what is it used for?
where can each go?
A

Retreive data of Async invocation or failure of event mapper to a location for debugging

  1. Asynchronous Invocations: Destination of failed or successful events
SQS
SNS
Lambda
EventBridge Bus 
*Use destinations instead of DLQ, Destination is better because its newer and have more targets, can send both success and failures. DLQ is sqs only
  1. EVENT source MAPPING: For discarded event batches
    SQS
    SNS

Example: Kinesis data stream goes through event source mapping, the batch of one partition key of the shard can fail. Failed events can be sent to a destination

Sent events to destination or send events to DLQ directly from SQS.

41
Q

Lambda Permissions:
Execution role

whats this for
how does it involve event source mapping

A

Grants permisssions for lambda to access service and resources

Sample managed policies not custom
AWSLambda"service"execution role
AWSLambda"basic"execution role: UPLOAD TO CLOUDWATCH
AWSLambda"daemonwrite"execution role: UPLOAD TO XRAY
AWSLambda"kinesis"execution role
AWSLambda"dynamodb"execution role
AWSLambda"sqsqueue"execution role
AWSLambda"vpcaccess"execution role

When using EVENT SOURCE MAPPING to invoke function, lambda uses execution role to read event data

BEST TO CREATE ONE LAMBDA EXECUTION ROLE PER FUNCTION

42
Q

Lambda Permissions:
RESOURCE BASED POLICY

what is it access to?
user access
service access

A

Similar to S3 bucket policy

Resource based policies to give other accounts or aws services ACCESS TO LAMBDA

IAM principal can access lambda:

  1. IAM policy attached to principal gives lambda access USER ACESS
    person requests access to lambda
  2. Resource policy authorizes SERVICE ACCESS
    S3 requests access to lambda
43
Q

Lambda Monitor Logging tracing:
Cloudwatch logs
Cloudwatch metrics

A
  1. Cloudwatch Logs:
    AWS lambda execution logs are stored in CLOUDWATCH LOGS
    * need to make sure function has proper execution role and IAM policy that authorizes writes to cloud watch
2. Cloudwatch metrics
metrics displayed to metrics
invocations, durations, concurrent execution
error count, success rate, throttle
async delivery failure
iterator age (Kinesis and dynamoDB)
44
Q

Lambda Monitor Logging tracing:
Tracing Xray
execution role
environment variables.

A

Enable in Lambda configuration Console: ACTIVE TRACING

Runs X-ray Daemon for you
USE AWS XRAY SDK IN CODE!

Ensure proper IAM execution role, Managed policy is called
AWSXRayDaemonWriteAccess
This allows lambda to write to Xray directly.

Enviroment variables to communicate to Xray
_X_AMZN_TRACE_ID: Tracing header contained here
AWS_XRAY_CONTEXT_MISSING: Log_error by default
AWS_XRAY_DAEMON_ADDRESS: xray daemon ip_address:port

45
Q

Lambda VPC:
Default
Lambda in VPC

A

By default lambda function is launched outside VPC
Cannot access resources inside like RDS elasticache ELB etc.

Lambda IN VPC
Must define: VPC ID, Subnet, Security Groups
Lambda will create ENI, which is inside Private subnet

Inside VPC:
Lambda Security group will contain ENI, this is portal for access inside VPC

PERMISSIONS: execution role
AWSLambdaVPCAccessExecutionRole

46
Q

Lambda VPC:
Accessing public internet
default in private/public subnet
resolution

A

Lambda needs security group with ENI: Even if inside Public subnet this ENI will not have PUBLIC INTERNET ACCESS.
it wont have a public IP or public internet access

Resolution:
Deploy in private subnet
Use NAT gateway/instance to make it public

*Access to DynamoDB extra:
Through public route, or use VPC endpoints PRIVATELINK to access vpc endpoint in the private subnet to access.

47
Q

Lambda Function config: RAM
ram and vcpu
timeout

A

1: RAM
128MB to 3008MB Ram max in 64mb increments
MORE RAM MEANS MORE VCPU,

at 1792 equals ONE FULL VCPU, after this you will need MULTITHREADING for benefit of increased RAM

  • for cpu heavy loads make sure you have high RAM
  • Timeout: 3 seconds default, 900 max 15 minutes

15+ fargate, ecs, ec2

AWS DEV (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions