Lambda & SAM Flashcards
AWS SAM Template Anatomy
Sections of SAM Template
- Transform (reqd)
- Globals (optional)
- Description (optional)
- Resources section. (reqd)
- Metadata (optional)
- Parameters (optional)
- Mappings (optional)
- Conditions (optional)
- Outputs (optional)
AWS SAM resources
AWS::Serverless::Api AWS::Serverless::Application AWS::Serverless::Function AWS::Serverless::HttpApi AWS::Serverless::LayerVersion AWS::Serverless::SimpleTable AWS::Serverless::StateMachine
AWS::Serverless::Api
Creates a collection of Amazon API Gateway resources and methods that can be invoked through HTTPS endpoints.
AWS::Serverless::Application
Embeds a serverless application from the AWS Serverless Application Repository or from an Amazon S3 bucket as a nested application
AWS::Serverless::Function
Creates a Lambda function, IAM execution role, and event source mappings that trigger the function.
AWS::Serverless::HttpApi
Creates an API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs
AWS::Serverless::LayerVersion
Creates a Lambda LayerVersion that contains library or runtime code needed by a Lambda Function.
AWS::Serverless::SimpleTable
Creates a DynamoDB table with a single attribute primary key. It is useful when data only needs to be accessed via a primary key.
AWS::Serverless::StateMachine
Creates an AWS Step Functions state machine, which you can use to orchestrate Lambda functions and other AWS resources to form complex and robust workflows.
Deploying Serverless Applications Gradually
Steps Involved in built-in with CodeDeploy to provide gradual Lambda deployments
- Deploys new versions of your Lambda function, and automatically creates aliases that point to the new version.
- Gradually shifts customer traffic to the new version until you’re satisfied that it’s working as expected, or you roll back the update.
- Defines pre-traffic and post-traffic test functions to verify that the newly deployed code is configured correctly and your application operates as expected.
- Rolls back the deployment if CloudWatch alarms are triggered.
Deployment Preference Types
Canary: Traffic is shifted in two increments. You can choose from predefined canary options. The options specify the percentage of traffic that’s shifted to your updated Lambda function version in the first increment, and the interval, in minutes, before the remaining traffic is shifted in the second increment.
Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic that’s shifted in each increment and the number of minutes between each increment.
All-at-once: All traffic is shifted from the original Lambda function to the updated Lambda function version at once.
Canary
Canary: Traffic is shifted in two increments. You can choose from predefined canary options. The options specify the percentage of traffic that’s shifted to your updated Lambda function version in the first increment, and the interval, in minutes, before the remaining traffic is shifted in the second increment.
Linear
Linear: Traffic is shifted in equal increments with an equal number of minutes between each increment. You can choose from predefined linear options that specify the percentage of traffic that’s shifted in each increment and the number of minutes between each increment.
All-at-once
All-at-once: All traffic is shifted from the original Lambda function to the updated Lambda function version at once.
Deployment Preference Type
Canary10Percent30Minutes
Canary10Percent5Minutes
Canary10Percent10Minutes
Canary10Percent15Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
Linear10PercentEvery2Minutes
Linear10PercentEvery3Minutes
AllAtOnce
SAM / Controlling Access to API Gateway APIs
Lambda authorizers.
Amazon Cognito user pools.
IAM permissions.
API keys.
Resource policies.
Lambda authorizers.
Lambda authorizer is a Lambda function that you provide to control access to your API. When your API is called, this Lambda function is invoked with a request context or an authorization token that is provided by the client application.
Amazon Cognito user pools.
Amazon Cognito user pools are user directories in Amazon Cognito. A client of your API must first sign a user in to the user pool, and obtain an identity or access token for the user. Then your API is called with one of the returned tokens. The API call succeeds only if the required token is valid
IAM permissions.
You can control who can invoke your API using IAM permissions. Users calling your API must be authenticated with IAM credentials. Calls to your API only succeed if there is an IAM policy attached to the IAM user that represents the API caller, an IAM group that contains the user, or an IAM role that is assumed by the user.
API keys.
API keys are alphanumeric string values that you distribute to application developer customers to grant access to your API.
Resource policies.
Resource policies are JSON policy documents that you can attach to an API Gateway API to control whether a specified principal (typically an IAM user or role) can invoke the API
