LAmbda Flashcards

1
Q

Lambda Execution Context

TMP Space

A

Large files can be written into a /tmp space, max is 512MB. These files can be used for multiple invocations.
Permeant persistence should be S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How Throttling helps Lambda Concurrency ThrottlingReserved

A

QOS for lambda functions, limited bandwidth between different use bases. Multiple functions will use the same bandwith of concurrency limit, so if one function uses all 1000, like a ALB, then other items will be sluggish or be throttled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Concurrency : Asnychronous

A

ExampleS3 Bucket upload triggering a Lambda Function, more than 1000 that occur will cause a error. Attempt to retry for 6 hoursretry interval goes from 1 second to 5 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lambda Tracing
1 _X_AMZN_TRACE_ID
2 AWS_XRAY_CONTENT_MISSING
3 AWS_XRAY_DAEMON_ADDRESS

A

environment variables to communicate with XRAYENABLE ACTIVE TRACING IN XRAY SECTION TO ALLOW

1 Containing tracing header
2 Log_error
3 XRAY daemon ip addressport

Policy and permissions:

happens automatically after enable active tracing.

in execution role
Xray:
PuttracesegmentsXray
PuttelemertrySegments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Lambda Access VPC, normally outside, can be done inside a VP

A

Lambda must be made in VPC
1. Define VPC ID, subnet and security group-Lamda will have its own ENI interface inside a subnet

  1. Lambda enters via ENI
  2. Need AWSLambdaExecutionRole
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lambda and Internet access

A
Default, no internet access
Need Permissions to create ENI, Policy: 
AWSlambdaENIManagmentAccess::
ec2:Createnetworkinterface
ec2:describenetworkinterface
ec2:deletenetworkinterfaceDeploy in Public subnet, 

will not give it internet access or a public IP. NEEDS TO BE DEPLOYED IN PRIVATE SUBNET WITH A NAT GATEWAY OR INSTANCE

Lambda must be placed in private subnet, can be routed online via a NAT gateway which needs to be located in separate public subnet

Public resources access from online, S3 or DynamoDB etc. These can be accessed via a VPC endpoint,

-S3 and Dynamo are Gateway endpoint-all others via a interface endpoint private link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lambda Function Configuration:RAM

A

Ram must be increased to get more VCPU
1792 MB ram for each VCPU
More than one VCPU needs Multi-threading

MORE CPU HEAVY PROCESSES NEED MORE RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cold start and Provision concurrency Init

A

Cold Start:
New instance, code is loaded outside handler run (init)

Initialization plus code will need to occur first at a cold start

Provisioned Concurrency helps reduce latency by creating execution environments ahead of invocations.

This combination helps to provide a consistent execution time even during special events that cause usage peaks. It also helps to optimize cost by limiting the time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Lambda Execution Context

A

Creates temporary runtime environment for any external dependencies of your code

Execution context includes /tmp directory.

Allows this runtime to be maintained to allow repeated invocations. saves time.

ALLOWS connections to be established outside handler and be used between function calls*

Top has the DB connection part of the function, to run the request each time, initiate many connections. the next allows one connection to DB to be used by many invocations.

——-def

connect to DBcall
db get itemsend

========
——–
connect to DB

def
call db get items
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Lambda Function Dependencies

DEPLOYMENT PACKAGE

A

Dependencies may be required to run code, this needs to be zipped into Lambda.

Less than 50MB goes to lambda
Else to S3

Node.js (Node_modules)
Python PIP (–target)
Java (.jar files)

Native libraries need to be compiled into AWS linux
SDK, comes by default.

in Lambda, Code entry type, Upload a Zip file
needs to be saved and wait until zip is uploaded and seen in directory tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lambda and Cloudformation

A
Works with cloudformation
Inline:
Simple code only
Code.Zipfile property is used
Cannot use function dependancies

or Zip file and S3
Zip stored in S3
S3 Zip location must be reference in code via following parameters in cloud formation

Cloud formation parameters
S3Bucket
S3Key: Full path to Zip
S3ObjectVersion, if bucket is versioned

If you update code in S3, but do not update above, then cloud formation wont update your function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Lambda Layers

A

Custom Runtimes
C++
Rust

Externalize Dependencies
Package heavy portions of function library files into layers, that can be referenced by separate functions.

Function 1 and function 2 will both reference layer that contains heavy library file 1.**

*Layer is underneath function lambda code middle section. you will select a layer or provide one.

**ALLOWS IMPORTING CODE THAT YOU CANNOT RUN NATIVELY, USE A LAYER FOR THIS ALSO!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Lambda Versions And Aliases

A

$Latest (mutable)
V1 : Immutable

Each version get their own ARN, the version is a code and configuration. Each version and latest should be able to be accessed.

Aliases, they point to different lambda versions
EXAMPLE: Can define a Dev/Test/prod aliases and have them point to different lambda versions. These aliases are mutable!

Use case:
Blue Green deployment, allows traffic to be directed based on weight to make sure function works before full traffic switches

Own ARN
Cannot reference other aliases

LAB:

Qualifiers: show information about version and aliases
Actions: We can publish versions
Next to both we then can switch to the version we like, which is immutable.

Aliases, action can allow creation of aliases which will point to specific versions.

Blue Green deployment, Under Alias configuration, you can another version and assign a weighting on the alternative version.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cold start and Provision concurrencyInit

A

Cold Start:
New instance, code is loaded outside handler run (init)

Initialization plus code will need to occur first at a cold start

Provisioned Concurrency helps reduce latency by creating execution environments ahead of invocations.

This combination helps to provide a consistent execution time even during special events that cause usage peaks. It also helps to optimize cost by limiting the time period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Lambda Reserved and Provisioned Capacity

A

How to manage bandwidth of 1000 invocations at a time.
When a function has reserved concurrency, no other function can use that concurrency. … By allocating provisioned concurrency before an increase in invocations, you can ensure that all requests are served by initialized instances with very low latency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lambda Function Dependances

A

Dependencies may be required to run code, this needs to be zipped into Lambda.

Less than 50MB goes to lambda
Else to S3

Node_modules Node.js
Python PIP –target
Java .jar files

Native libraries need to be compiled into AWS linux
SDK, comes by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Lambda and Cloudformation

A
Works with cloudformation
Inline:
Simple code only
Code.Zipfile property is used
Cannot use function dependancies

or Zip file and S3
Zip stored in S3
S3 Zip location must be reference in code via following terms

S3Bucket
S3Key: Full path to Zip
S3ObjectVersion, if bucket is versioned

If you update code in S3, but do not update above, then cloud formation wont update your function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Lambda Layers

A

Custom Runtimes
C++
Rust

Externalize Dependencies
Package heavy portions of function library files into layers, that can be referenced by separate functions.

Function 1 and function 2 will both reference layer that contains heavy library file 1.**

*Layer is underneath function lambda code middle section. you will select a layer or provide one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Lambda Versions And Aliases

A

$Latest (mutable)
V1 : Immutable

Each version get their own ARN, the version is a code and configuration. Each version and latest should be able to be accessed.

Aliases, they point to different lambda versions
EXAMPLE: Can define a Dev/Test/prod aliases and have them point to different lambda versions. These aliases are mutable!

Use case:
Blue Green deployment, allows traffic to be directed based on weight to make sure function works before full traffic switches

Own ARN
Cannot reference other aliases

20
Q

LAMBDA integration main ones

A
API gateway
Kinesis
DynamoDB
S3
Cloudfront
Cloudwatch events eventbridge
Cloudwatch logs
SNS
SQS 
cognito
21
Q

LAMBDA PRICE

A

Per Call
first million free
.20$ per first million, then very small per

Per duration
400K GB/s Free
meaning 800k for 500mb ram etc

after its 1.00 for 600kGB/s

22
Q

Lambda SYNCHRONOUS INVOCATION

origins

A

Origin
CLI, SDK, API gateway, Application Load balance

Results are returned right away
Error handling must happen at client side
- retry, exponential backoff, etc. Client takes onus

SDK: Invoke lambda, LAMBDA: responds back

23
Q

Lambda SYNCHRONOUS INVOCATION SERVICES
User invoked:
Service invoked
Other services

A
User invoked:
s3 Batch
Elastic Load balance
API gateway
Cloudfront (LAMBDA EDGE)

Service invoked
Cognito
Step functions

Other
LEX
ALEXA
Kinesis data firehose

24
Q

Lambda and ALB

what is it used for
where do the messages go and return back from
ALB configuration

A

SYNCHRONOUS
App load Balancer
*expose a Lambda Function as HTTPS endpoint done via 2 ways

  1. ALB / API gateway
  2. Lambda must be registered as “TARGET GROUP” for the ALB

Client: HTTPS to ALB
ALB invoke SYNC with Target group which contains lambda

25
ALB to Lambda: How HTTP gets to lambda
SYNCHRONOUS HTTP to JSON *in JSON document 1. ELB information: target group 2. HTTP Method and Path Method is Get, path is lambda 3. Query String Parameters : seen as key value pairs, each query string appears in document 4. Headers are translated into key value pairs 5. BODY for (post/put etc) is Base64Encoded HTTP request to JSON Query string/Header : Key value pair Body: Base64 conversion REVIEW FOR YOUR INFO ABOUT HTTPS Method - action we need Path - resource to be used Query String - data to be used Body - message The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI
26
Lambda to ALB response: How to get JSON to HTTP
``` SYNCHRONOUS Information Status code: If successful or not Description: What the success means Headers: Seen as key value pair, Information about the response/request Body: the actual response and request ``` Header: Key value pair Body: Base64 Encoded.
27
Lambda, ALB multiheader values
SYNCHRONOUS ALB can support multi header values :setting on ALB can accomplish this HTTP shows http://e.com/Path?name=foo&name=Bar on JSON it will show "QueryStringParameters": "Name":["Foo","bar"] This JSON will not go to Lambda Thus allowing HTTP header and Query string parameters sent with multiple values to be seen as ARRAYS inside the Lambda event and response objects.
28
Lambda Edge | Use cases
``` SYNCHRONOUS Build responsive apps dont manage servers deploy local Customize CDN content pay for usage. ```
29
``` Lambda Edge Viewer request origin request origin response viewer response ``` examples global application use cases
SYNCHRONOUS types of request you can change Viewer request: going to CF origin request: From CF to Origin origin response: From origin to CF: viewer response: Response from CF to client * CAN also generate response without sending request to origin also. Example: Global Application HTML website has users that make: DYNAMIC API REQUEST to CF CF will trigger Lambda function which will query DynamoDB and return data back without sending request all the way back home. BASAL ROOT GANGLION , a computer to process request locally. ``` Use case: Website security and privacy dynamic web app at edge search engine optimization user tracking analytics etc ```
30
Lambda Asynchronous Invocation Event Queue how many retries Idempotent
Lambda Service will have the Event Queue along with lambda function Lambda service receives request from example service : S3, these requests are held within the "EVENT QUEUE" where they will be read by "LAMBDA" . If failure does occur then it is re-read up to "THREE TIMES" . It immediately is retried, then after 1 min, then 2 mins After repeated failures, the third failure triggers DLQ filing procedure and the message is moved outside lambda service into a DLQ, SQS/SNS is used to handle this and send a message out if needed. * retry will cause multiple cloudwatch logs entries * Make sure function is IDEMPOTENT in case of multiple retries. ( in case of retry, result is same)
31
Lambda Asynchronous Invocation | SERVICES
Main S3 , s3 event notifications SNS Cloudwatch Events, Cloudwatch EVENTS BRIDGE ``` alt codecommit codepipeline cloudwatch logs simple email service cloudformation config IOT , IOT events. ```
32
Lambda Integration: Asynchronous Cloudwatch Events/ Events Bridge two method to trigger lambda
1. CRON/ Rate Job: Event Bridge rule Triggers lambda every one hour to perform task 2. Codepipeline: Eventbridge Rule Trigger on state changes for Lambda to perform task
33
Lambda Integration: Asynchronous S3 EVENT NOTIFICATIONS filtering versioning
S3: TO SNS: FANOUT TO SQS: TO LAMBDA S3 API S3:ObjectCreated S3:ObjectRemoved S3:ObjectRestore S3:Replication Filter by prefix / suffix, object name filtering --this allows only certain items to trigger event. Allowing lambda to store items in same bucket and not trigger infinitely * Typically deliver in seconds, may take longer * If you want to ensure event notification is sent after every write then enable versioning, so that one event happens and with one notification, not one event is processed twice with two notifications.
34
Lambda Event Source Mapping: Overview Where records come from How lambda is invoked where is the event source mapping
Within Lambda service: Event Source mapping is the Queue that polls a data stream and returns a batch of information Sources are: Kinesis Data streams SQS SQS fifo DynamoDB streams Lambda is then INVOKED SYNCHRONOUSLY
35
Streams and Lambda Lambda Event Source Mapping Kinesis and DynamoDB Creation of iterator and what unit it corresponds to How many batches total In order in what method?
EVENT source mapping creates a separate iterator for each shard, processing them in order. Start with new items from beginning or a specific timestamp Processed items ARE NOT REMOVED FROM STREAM Record processor will process each data point on Shard based on Partition key and assign them to separate batcher per Partition key. IN ORDER PROCESSING IS PER PARTITION KEY. Batcher groups will group data points via Partition key and each invoke a separate LAMBDA function. this allows parallel processing 10 Batches PER SHARD MAX LOW traffic: Use batch window to accumalate records before processing
36
Streams and Lambda : ERROR Lambda Event Source Mapping this relates to what type of event source mapping does it stop? why would it do so?
EVENT source mapping creates a separate iterator for each shard, processing them in order. Start with new items from beginning or a specific timestamp DEFAULT: Function returns error, ENTIRE batch is reprocessed until the function succeeds or items in batch EXPIRE To ensure IN ORDER processing, the processing for shard is STOPPED until error resolved ``` RESOLUTION: Configure event source mapping to discard old events restrict number of retries SPLIT BATCH ON ERROR ```
37
Lambda Event Source Mapping: SQS, SQS FIFO SQS vs Event source mapping sync vs async, which is which? recommended visibility timeout is? Failure paths
Will POLL SQS : Long poll Batch size is 1-10Messages Event source mapping will poll SQS and return batch items, then invoke with EVENT batch the Lambda function. this is Synchronous. Recommended to set Queue Visibility timeout 6x longer than lambda function. Failures: DLQ: This is Synchronous, not async like sqs usually is. This means that DLQ not used on event source mapping. Because DLQ needs async the dlq only can be on SQS and not the SYNC invocations of Event source mapping Lambda destination: alternative failure path
38
Queues and Lambda Event Source Mapping Standard queue and scaling FIFO and scaling ACTIVE MESSAGE GROUPS Errors Idempotency and how many times event source mapping gets items What happens to item in SQS queue once processed Errored items?
Standard Queue: Not processed in order, lambda scales to process as quickly as possible. FIFO: Active message groups are linked via Group ID. Scaling can occur up to the number of ACTIVE MESSAGE GROUPS Errors: Batches are returned to queue as single items and may be processed in different grouping than original batch. Sometimes event source mapping may receive the same item twice. even if no error occurs. BEST TO HAVE IDEMPOTENT PROCESSING: doesn't affect situation if processed twice. * LAMBDA DELETES item from Queue if processed correctly * Source SQS queue can send to DLQ if not processed correctly.
39
Lambda Event Source Mapping Scaling
Kinesis/ Data Streams and DynamoDB streams One Lambda invocation per SHARD Parallel batches, max 10 batches per Shard seperation via Partition key SQS standard Lambda adds 60 more instances per minute to scale up to 1000 batches of messages processed together SQS FIFO Messages with same GroupID will be processed in order. "actives message group" Lambda function scales to number of active message groups "groupID"
40
``` Lambda Destinations: Sync or Async two types of sources what is it used for? where can each go? ```
Retreive data of Async invocation or failure of event mapper to a location for debugging 1. Asynchronous Invocations: Destination of failed or successful events ``` SQS SNS Lambda EventBridge Bus *Use destinations instead of DLQ, Destination is better because its newer and have more targets, can send both success and failures. DLQ is sqs only ``` 2. EVENT source MAPPING: For discarded event batches SQS SNS Example: Kinesis data stream goes through event source mapping, the batch of one partition key of the shard can fail. Failed events can be sent to a destination Sent events to destination or send events to DLQ directly from SQS.
41
Lambda Permissions: Execution role whats this for how does it involve event source mapping
Grants permisssions for lambda to access service and resources ``` Sample managed policies not custom AWSLambda"service"execution role AWSLambda"basic"execution role: UPLOAD TO CLOUDWATCH AWSLambda"daemonwrite"execution role: UPLOAD TO XRAY AWSLambda"kinesis"execution role AWSLambda"dynamodb"execution role AWSLambda"sqsqueue"execution role AWSLambda"vpcaccess"execution role ``` When using EVENT SOURCE MAPPING to invoke function, lambda uses execution role to read event data BEST TO CREATE ONE LAMBDA EXECUTION ROLE PER FUNCTION
42
Lambda Permissions: RESOURCE BASED POLICY what is it access to? user access service access
Similar to S3 bucket policy Resource based policies to give other accounts or aws services ACCESS TO LAMBDA IAM principal can access lambda: 1. IAM policy attached to principal gives lambda access USER ACESS person requests access to lambda 2. Resource policy authorizes SERVICE ACCESS S3 requests access to lambda
43
Lambda Monitor Logging tracing: Cloudwatch logs Cloudwatch metrics
1. Cloudwatch Logs: AWS lambda execution logs are stored in CLOUDWATCH LOGS * need to make sure function has proper execution role and IAM policy that authorizes writes to cloud watch ``` 2. Cloudwatch metrics metrics displayed to metrics invocations, durations, concurrent execution error count, success rate, throttle async delivery failure iterator age (Kinesis and dynamoDB) ```
44
Lambda Monitor Logging tracing: Tracing Xray execution role environment variables.
Enable in Lambda configuration Console: ACTIVE TRACING Runs X-ray Daemon for you USE AWS XRAY SDK IN CODE! Ensure proper IAM execution role, Managed policy is called AWSXRayDaemonWriteAccess This allows lambda to write to Xray directly. Enviroment variables to communicate to Xray _X_AMZN_TRACE_ID: Tracing header contained here AWS_XRAY_CONTEXT_MISSING: Log_error by default AWS_XRAY_DAEMON_ADDRESS: xray daemon ip_address:port
45
Lambda VPC: Default Lambda in VPC
By default lambda function is launched outside VPC Cannot access resources inside like RDS elasticache ELB etc. Lambda IN VPC Must define: VPC ID, Subnet, Security Groups Lambda will create ENI, which is inside Private subnet Inside VPC: Lambda Security group will contain ENI, this is portal for access inside VPC PERMISSIONS: execution role AWSLambdaVPCAccessExecutionRole
46
Lambda VPC: Accessing public internet default in private/public subnet resolution
Lambda needs security group with ENI: Even if inside Public subnet this ENI will not have PUBLIC INTERNET ACCESS. it wont have a public IP or public internet access Resolution: Deploy in private subnet Use NAT gateway/instance to make it public *Access to DynamoDB extra: Through public route, or use VPC endpoints PRIVATELINK to access vpc endpoint in the private subnet to access.
47
Lambda Function config: RAM ram and vcpu timeout
1: RAM 128MB to 3008MB Ram max in 64mb increments MORE RAM MEANS MORE VCPU, at 1792 equals ONE FULL VCPU, after this you will need MULTITHREADING for benefit of increased RAM * for cpu heavy loads make sure you have high RAM * Timeout: 3 seconds default, 900 max 15 minutes 15+ fargate, ecs, ec2