Lambda

Question 1

We are looking to roll out a new version of our lambda function to production using code deploy. we are confident with our testing, but we don’t want to do a big bang approach. What three methods can we use to do a deployment of a lambda function using code deploy and which one would we NOT use?

Answer 1

Linear traffic shift: switch 10% of traffic to the new function every 3 or 10 minutes

Canary: Switch X% of traffic to new version for 5 or 30 minutes and switch the rest after that time

All at Once: Switch everything immediately.

We probably wouldn’t use all at once in this case.

Question 2

What is a Lambda Destination? Do they apply to Synchronous or asynchronous invocations and what services can be used as a destination (4). How does this differ from a DLQ and which is reccomended?

Answer 2

Lambda destinations allow the result of a successful asynchronous invocation, or a failure to another service. For instance, we could send notification of successful processing to one destination, and notification of a failure to another.

A message can be sent to
SQS
SNS
lambda
AWS  EVENT BRIDGE BUS

This differs from a DLQ as a DLQ can only send notifications to SNS or SQS. Destinations are the preferred method for asynch interactions. They can’t be used for Event Mappings as these are synchronous.

Question 3

Does lambda have an out of the box caching feature?

Answer 3

No. API gateway will provide this functionality in parallel with lambda.

Question 4

We have a heavily CPU bound function, which we have allocated 2.5GB of RAM to. This has helped somewhat, but not as much as expected. Why is this? Is there a ‘magic number’ that we need to be aware of?

Answer 4

When you increase RAM past 1792MB you are using more than one vCPU. To benefit from this the code will need to be multi-threaded.

Question 5

If I have a lambda function consuming a STANDARD SQS queue, how many functions will be invoked to process the queue PER MINUTE and is there a LIMIT? What order will messages be processed in?

Answer 5

Messages will be processed based on best effort ordering and lambda will scale the amount of functions out to process the queue as quickly as possible at a rate of 60/per minute up to 1000 concurrent functions.

Question 6

If I want to do a rolling deployment of updated lambda functions in my environment using code pipeline - would I use code build or code deploy and why?

Answer 6

You configure a rolling deployment by using AWS CodeDeploy and AWS SAM. CodeDeploy is a service that automates application deployments to Amazon COMPUTING platforms such as Amazon EC2 and AWS Lambda.

Question 7

Where would I be able to find data on how many times my lambda function has been called, the duration of the execution and how many concurrent executions there have been?

Answer 7

Lambda Metrics contains this data

Question 8

Your lambda function is invoked asynchronously and some events fail from being processed after 3 retries. You’d like to collect and analyze these events later on. What should do you?

• Create a DLQ and send to SNS
• Create a DLQ and send to SQS

Answer 8

Create a DLQ and send to SQS - we wont use SNS in this case as we wanrt to hold the message for some days so we have time to consume it

Question 9

I have a batch process that currently executes nightly on an EC2 instance between midnight and 01:30. We’re looking to save costs on this execution and lambda has been mooted as a solution. Is this appropriate?

Answer 9

No, lambda functions have a maximum timeout duration of 15 minutes, so lambda will not be a suitable platform to run the batch on.

Question 10

I need to pass sensitive data to my lambda function to allow connectivity to a database. What is the MOST secure way of acheiving this?

Answer 10

You would pass KMS encrypted variables to your function using environment variables

Question 11

By default, for an asynchronous lambda invocation how many times will lambda attempt retry a failed function and what is the delay between each attempt?

Answer 11

2 times, with a 1 minute and then a 2 minute delay

Question 12

What is the maximum memory that can be allocated to a lambda function (GB)? Does increasing RAM have any impact on CPU or Network? Whats the default timeout for lambda?

Answer 12

3GB. Assigning more RAM to a function will also increase CPU and network bandwidth.
Default timeout is 3seconds

Question 13

If an asynchronous lambda function exceeds its concurrency limits, over what time period will it attempt to retry over and what is the maximum time between retries

Answer 13

The function will retry automatically for up to 6 hours using exponential back off from 1 second to a maximum of 5 minute intervals. If this fails, it will go to a DLQ.

Question 14

I have a VPC with a public and a private subnet. My private subnet routes traffic to 0.0.0.0/0 to a NAT gateway in my public subnet, which in turn routes to an IGW. When I deploy my lambda function, where would I deploy it to allow access to the internet - in the public or private subnet?

Answer 14

You would deploy your function in the PRIVATE subnet. Traffic then gets routed to the NAT and then IGW. This is the only way that a lambda function can communicate with the public web.

Question 15

What is the function of the “Execution Context” for Lambda?

Answer 15

The execution context is a temporary runtime environment for initialising external dependencies in your lambda code (such as DB connections). This context is temporary, but it does persist for a time in the anticipation of another lambda function starting. It exists above the def handler.

Question 16

What is the total size for all environment variables in Lambda?

Answer 16

The total size of all environment variables can’t exceed 4 KB.

Question 17

If we are using Lambda event source mapping configured with a SQS queue, in event that something goes wrong with the lambda function processing data - where would we set up the DLQ, on SQS or Lambda and why?

Answer 17

The Queue would need to be set up on the SQS side as Event Source Mapping is a synchronous pattern so setting up a DLQ on lambda won’t work as this can only be done with an asynch pattern.

Question 18

I have a application which makes heavy use of lambda. There are three interaction channels that it uses, one is for public user access via an application load balancer, one is via API gateway for B2B functions and finally there is a channel for internal applications via the SDK.. Currently there is no form of reserved concurrency set on any of my functions. What risks do I have under this setup?

Answer 18

Lambda allows 1000 concurrent executions for all functions in your account. If reserved concurrency is not set, it means that sudden spikes in load (such as over the public interface) will use up this 1000 concurrent requests limit and then other lambda functions will be throttled.

Question 19

We are implementing X-Ray in our lambda function. How would we pass the X-Ray Daemon IP address and port to our lambda function so we don’t need to hard code it?

Answer 19

We would use environment variables to pass X-Ray config information to our function. AWS-XRAY-DAEMON-ADDRESS

Question 20

Assume we have an Event source configured for a Kinesis stream consisting of 10 shards. If my lambda function returns an error when processing a batch then what will happen to that batch, and how will in order processing be ensured? If I am using a DLQ - what two services could I send the notification to?

Answer 20

By default, if your function returns an error, the entire batch is reprocessed until the function succeeds, or the items in the batch expire. To ensure in-order processing, processing for the affected shard is paused until the error is resolved. Notifications can be sent to SQS or SNS.

Question 21

What sort of policy allows an ALB to invoke a lambda function - Resource or Role based?

Answer 21

A resource based policy grants permissions for a ALB to invoke a lambda function.

Question 22

I have a lambda function set up with an event mapping to a Dynamo DB stream. I want to find how far my function is lagging behind processing versus the amount of data being fed into Dynamo. What built in feature of lambda event mappings could I use to find this and where would I look? (hint - its something to do with the iterator)

Answer 22

Lambda metrics will provide the iterator age metric which will indicate how far behind you are in reading from the stream.

Question 23

When you deploy a lambda function behind an ALB, where is the function registered with respect to the ALB? (Hint: think in terms of scaling)

Answer 23

The lambda function must be registered in a target group for the ALB

Question 24

You are uploading your lambda bundle to production. This contains your function code and all required dependencies. How big can the zip file be, and what is the maximum allowable size for your code and dependencies when uncompressed?

Answer 24

50MB Compressed, 250MB uncompressed.

Question 25

In terms of security - what sort of IAM policy is used when:

• A Lambda Function Calls an AWS Service
• An AWS service calls a lambda function?

Hint: Think in terms of roles and policies

Answer 25

When a lambda function calls an AWS service it uses an execution role.

When a service calls a lambda function, it uses a resource based policy

Question 26

You are looking in Cloudwatch logs for lambda and you see three entries for a lambda function with the SAME EXACT message ID. What happened and what invocation was used?

Answer 26

The lambda function was invoked asynchronously and has failed. Lambda has retried execution 2 additional times.

Question 27

What do you need to do to enable AWS X-Ray for your lambda function - i.e what features do you need to enable, what code changes and permissions roles need to be set?

Answer 27

1. Enable X-Ray for your lambda function
2. Ensure you are using the XRay SDK in your lambda code
3. make sure you have the correct IAM Execution role

Question 28

You have a lambda function which need to write data out during execution. What is the maximum amount you can write and how long does it persist?

Answer 28

512Mb and persists for the duration of your function or if the execution context is frozen

Question 29

We have a lambda function which is heavily CPU bound when it is executing. What would you need to do to increase the amount of vCPU available to this function?.

Answer 29

Increase the amount of RAM available to your function will increase the vCPU credits. You can’t assign credits manually

Question 30

In Lambda event source mapping HOW ARE items read from a stream or queue ?

Answer 30

Items are read from a stream or a queue in batches.

Question 31

I have a lambda function which needs to process a CSV file of data. Often, but not always this file can grow up to 300MB. Can I store this data anywhere and what would happen to it if I needed to re-invoke the function?

Answer 31

You can use the /tmp directory for up to 512MB of non persistent storage. If the lambda function is stopped and re-invoked, this storage and its contents are still available for the lifetime of the function.

Question 32

Consider the following call chain:
Client ALB Lambda
What format is data in at each stage of the request?

Answer 32

ClientALB : HTTP

ALB Lambda: JSON with the ALB responsible for transforming format to format.

Question 33

Can you run docker on Lambda

Answer 33

No.

Question 34

If you deploy a lambda function inside a public subnet, will this function have access to internet?

Answer 34

No. If you deploy a lambda instance inside a public subnet it will not have a public IP or internet access.

Question 35

I have an SQS FIFO queue set up with 10 message groups. How many lambda functions will be scaled out to read this queue? In a FIFO queue, what order would lambda process messages in?

Answer 35

10 - 1 per message group. Messages will be processed in order with a FIFO queue

Question 36

Assuming we have lambda@edge deployed on cloudfront, can we change requests and responses between the origin and the viewer (i.e. the user)?

Answer 36

Yes. Lambda@edge can change a request before it is sent to the origin, after its been sent by the origin, after its been sent to the viewer and before it is received by the viewer.

Question 37

What is the role of a Dead Letter Queue with respect to lambda and what two services can be used provide DLQ functionality? What sort of Lambda Invocation does a DLQ apply to?

Answer 37

A DLQ applies to a lambda asynchronous invocation and can use either SNS or SQS as a destination. When a lambda function is invoked asynchronously incoming events are placed in a queue before being sent to the function. If the function returns an error, Lambda retries up to two times and if that fails it will discard the message unless a DLQ is set up, in which case it will write to that so you can investigate what went wrong.

Question 38

Which core services must lambda interact with asynchronously (3)?

Answer 38

S3
SNS
CloudWatch events

Question 39

A Lambda function invoked by S3 Events has been doing some duplicate logging into CloudWatch Logs with the same request ID. Why?

Answer 39

The lambda function has failed and has been retried.

Question 40

We have just recieved a massive bill for a lambda function that we have just deployed. Looking in the Lambda Metrics, we can see the function has been called millions of times. What could be the issue?

Answer 40

The function could have a recursive reference to itself - lambda functions should never be called recursively

Question 41

How can I have more than 1000 concurrent lambda functions if required

Answer 41

You need to raise a service request with AWS to get this limit increased

Question 42

Where are Lambda logs stored and how are they grouped for each invocation of a lambda function? What permissions are needed?

Answer 42

Lambda logs are stored Cloud watch Logs. Each invocation has its own log stream. The lambda function needs IAM permissions to create and write to cloudwatch log streams.

Question 43

I have a situation where I have a dev and a test versions of a function in Lambda. The test version appears to be stable, but I would like to undertake a blue/green deployment routing 95% of my traffic to the existing version and 5% of the traffic to the new version. How would I achieve this in Lambda?

Answer 43

Blue/Green deployments in lambda can be achieved using Lambda aliases. These allow me to send traffic to TWO lambda functions based on a weighting

Question 44

Can a lambda alias reference another alias?

Answer 44

No

Question 45

What is the maximum concurrency for a lambda function - i.e. how many will be able to run at the same time?

Answer 45

1000

Question 46

I have a lambda function written in Java. Its been reported that startup times on this function are very high when its first invoked. I’ve moved key database setup tasks into the Execution context, but the initial invocation of the function is still slow. What is this issue known as, and what setting can I use in lambda to resolve the issue (hint: concurrency)

Answer 46

This is known as a ‘cold start’ where lambda needs to initialize your function for the first time. To reduce the impacts of a cold start we can use Provisioned Concurrency to ensure that a number of functions are constantly kept in the initialised state.

Question 47

Your lambda function is interacting with a database. Its highly likely that the URL for this database will change at some stage. What can you do to accommodate this without re-writing your function?

Answer 47

Use environment variables to pass the updated URL to your function

Question 48

Which of the following service does NOT require an event source mapping?
DynamoDB
Kinesis Streams
SQS
SNS
?

Answer 48

SNS

Question 49

I see my lambda function is throwing a ThrottleError - 429. What does this mean and does this error apply to a synchronous or asynchronous function?

Answer 49

ThrottleError - 429 means that we have exceeded our concurrency limits for a Synchronous Lambda invocation

Question 50

When using a parallelization factor for a Kinesis Shard or DynamoDB stream, what is the maximum number of batches per shard/stream?

Answer 50

10

Question 51

What is an Event Source Mapping with respect to Lambda?

Answer 51

An event source mapping is an AWS Lambda resource that reads from an event source and invokes a Lambda function. You can use event source mappings to process items from a stream or queue in services that don’t invoke Lambda functions directly.

Question 52

I have a lambda function which initialises a connection to an RDS instance. Where would I be best placed to implement the connection code?

Answer 52

In the Execution context. That way we can initialise the db connection and have that same connection available for other functions.

Question 53

You are using an ALB infront of your lambda function. The way requests are structured is that we have multiple values for the same name in a query string - such as:
request.com/path?name=foo&name=bar
What would you need to enable on your ALB to allow your lambda function to process these and what does it do?

Answer 53

You need to enable ALB multi-header values on the ALB which will create a JSON array for your query string:
“queryStringParameters”:{“name”:[“foo”,”bar”]}

Question 54

How many lambda functions can you have executing concurrently and is this limit per function or for all functions in your account

Answer 54

1000 concurrent executions for ALL functions in your account.

Question 55

I have a lambda function with a dependency on a native Linux library. Can I include native linux libraries in a lambda bundle or am I limited to language libraries? What must the be compiled on?

Answer 55

You can include native Linux libraries but they must be compiled on AWS Linux

Question 56

What components would you use to create a serverless CRON? What is the advantage of a serverless cron over EC2? Would this be a synchronous or asynchronous pattern?

Answer 56

You would use AWS event bridge to trigger an event based on your schedule, and then use this event to trigger an asynch lambda function. The advantage of the serverless cron is that we do not need to have an EC2 instance running all the time to trigger the cron.

Question 57

I have a VPC with a public and a private subnet. My private subnet routes traffic to 0.0.0.0/0 to a NAT gateway in my public subnet, which in turn routes to an IGW. My lambda function is deployed in the private subnet, but I also want to access a Dynamo DB database. What are the two ways this can be done with this configuration?

Answer 57

1. I can access DynamoDB over the public web by routing out through the NAT and IGW and then back in to Dynamo DB
2. I can use a VPC endpoint to send traffic privately from lambda in my private subnet to Dynamo.

Question 58

I have a set of 3 lambda functions which require a significant set of library dependencies, totaling approximately 30Mb. Each function requires the same set of dependencies. Rather than having to bundle the dependencies with each individual function, what could you do to do allow each function to be able to access the same libraries?

Answer 58

This can be done with Lambda layers. This feature of Lambda allows you to create a layer containing a common set of libraries which each of your lambda functions can reference. layers can also be used to provide language functionality which is not supported out of the box in lambda (such as RUST or C++)

Question 59

We have a globally distributed application which we want to implement some intelligent filtering on the inbound requests BEFORE they hit the application stack. How could we do this?

Answer 59

Lambda@Edge allows lambda functions to be distributed by CloudFront. This can be used for request filtering as well as bot detection.

Question 60

In lambda event source mappings, are items read synchronously or asynchronously?

Answer 60

Synchronously

Question 61

We have a lambda project for which we need a test, dev and production environments. Our dev environment uses $latest. When development is finished the code gets published to version to test, and after its passed testing it gets published to production. Are the published version numbers mutable or immutable? How do we provide a stable entry point to each of the lambda versions ?

Answer 61

Versioned lambda functions are immutable - the cannot be changed after being published. $latest is mutable. To provide a stable end point to the function we would use a lambda aliases - one for dev, test and prod. Aliases are mutable.

Question 62

You have two potential ways in using an event source mapping to speed up processing when you have a lambda function processing Kinesis shards or Dynamo DB streams. One of these is to increase the number of shard and have lambda scale to 1 function per shard or stream. There is a more flexible way however based on the partition key within the shard. What is it?

Answer 62

You can now use the new Parallelization Factor to specify the number of concurrent batches that Lambda polls from a single shard. You can have up to 10 batches processed per shard and processing is based on the partition key so record processing order will still be maintained.

Question 63

We have a lambda function which needs to connect to a database using a user ID and password. How would you pass these variables to your lambda function and how would you secure them?

Answer 63

You would pass these using environment variables and encrypt using KMS.

Question 64

When using Lambda Event Source Mapping , is this a synchronous or asynchronous interaction? Can you use a Lambda DLQ for functions using Event Source Mapping ?

Answer 64

Event Source Mapping is a Synchronous interaction. As such, you can’t use a LAMBDA DLQ as these are only for asynchronous operations.