Lambda

Question 1

How much RAM can you provision for a function?

Answer 1

Up to 10GB

Question 2

What affect does RAM have on CPU and network?

Answer 2

If you increase the amount of RAM, you will also improve CPU and network.

Question 3

How can you run a container on Lambda? What should you do for other non-Lambda containers?

Answer 3

Container must implement the Lambda Runtime API
- Other containers should be run on ECS/Fargate

Question 4

How does Lambda pricing work?

Answer 4

Pay per calls:
- First 1,000,000 requests are free, 20 cents per million after
Pay per duration:
- First 400,000 GB-seconds of compute time free (this means 400,000 seconds if RAM is 1GB, 3,200,000 seconds if 128MB)
- 1 dollar per 600,000 GB seconds after

Question 5

What are the key sections of the request payload when converting HTTP to JSON for ALB to Lambda?

Answer 5

• Query String Parameters as Key/Value pairs
• Headers as Key/Value pairs
• Body (for POST, PUT…) & isBase64Encoded

Question 6

What are the key sections of the response when converting HTTP to JSON for ALB to Lambda?

Answer 6

• Headers as Key/Value pairs
• Body & isBase64Encoded

Question 7

How can you use ALB Multi-Header Values with Lambda?

Answer 7

Enable the ALB setting for Multi-Header values
- This will allow you to pass in multiple HTTP headers or query string parameters with the same key, which will be shown as an array within the AWS Lambda event

Question 8

How does Lambda handle Asynchronous Invocations? What considerations should be made because of this?

Answer 8

Events are placed in an Event Queue
- Lambda attempts to retry on errors up to 3 times
- Make sure processing is idempotent
- Use a DLQ for failed processing

Question 9

What services invoke Lambda Asynchronously?

Answer 9

S3, SNS, CloudWatchEvents/EventBridge

Question 10

What sources does Lambda have to poll data from? Is this sync or async?

Answer 10

Kinesis Data Stream, SQS & FIFO queue, DynamoDB Streams
- Sync

Question 11

How does an event source mapping work for Streams (Kinesis and DDB)?

Answer 11

Creates an iterator for each shard and processes items in order
- processed items aren’t removed from the stream (other consumers can read them)

Question 12

How could you set up event source mapping for streams at low and high traffic?

Answer 12

Low: use batch window to accumulate records before processing
High: process multiple batches in parallel - up to 10 batches per shard, with in-order processing still guaranteed for each partition key

Question 13

How does an error affect batch processing for event source mapping of streams?

Answer 13

By default, an error causes the entire batch to be reprocessed until the function succeeds or the items in the batch expire
- to maintain in-order processing, processing for the affected shard is paused until the error is resolved

Question 14

How can you configure event source mapping re. errors for streams?

Answer 14

• Discard old events
• Restrict number of retries
• Split batch on error (to work around Lambda timeout issues)
  Discarded events can go to a Destinatation

Question 15

How can you set up event source mapping for SQS?

Answer 15

• ESM will pool SQS (Long polling)
• Specify batch size
• Recommended to set queue visibility timeout to 6x the timeout of the lambda function
• To uses a DLQ, set it up in SQS, NOT in Lambda (Lambda DLQ is only for async invocations)

Question 16

How does Lambda scale with FIFO SQS Queues?

Answer 16

Scales up to the number of active message groups

Question 17

How does an error for Lambda and Queues affect batches?

Answer 17

Errors cause batches to be returned to the queue as individual items that might be processed in a different grouping than the original batch

Question 18

How many stream batches can be processed per shard?

Answer 18

If you use parallelization, up to 10 batches per shard.

Question 19

What is the difference between the Lambda Event and Context Objects?

Answer 19

Event Object:
- JSON formatted document contains data for the function to process

Context Object:
- Metadata around the invocations, function and runtime environment, provided by Lambda at runtime

Question 20

What is the purpose of Lambda Destinations? Why are they recommended over DLQ?

Answer 20

Configure Lambda to send result (can decide for both success or failure) of function to a Destination (useful for asynchronous invocations)
- SQS, SNS, Lambda and EventBridge
DLQ is only for SQS, but Destinations have a range of options

Question 21

Where can you route failed event batches to from an Event Source mapping?

Answer 21

SQS or SNS
- Can send to DLQ directly from SQS

Question 22

Why might a failed S3 event processing in a Lambda function not appear in the destination straight away?

Answer 22

S3 events are sent asynchronously - Lambda retries processing 3 times for asynchronous events.

Question 23

What are the differences in IAM roles regarding Lambda?

Answer 23

• Resource-based policies allow the Lambda function to be invoked by other services
• Policies attached to the Lambda execution IAM role allow the Lambda function to invoke other services

Question 24

What three environment variables allow Lambda to communicate with X-Ray?

Answer 24

_X_AMZN_TRACE_ID - contains the tracing header
AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR
AWS_XRAY_DAEMON_ADDRESS: the X-Ray Daemon IP_ADDRESS:PORT

Question 25

What is an Edge function? What are the two varieties?

Answer 25

Code that you write and attach to CloudFront distributions
- CloudFront runs these functions close to your users to minimize latency
- CloudFront functions and Lambda@Edge

Question 26

What is a use-case of a CloudFront function?

Answer 26

• Cache key normalizations (transform request attributes) to create an optimal cache key
• Header manipulation (insert/delete HTTP headers)
• URL rewrites or redirects
• Request authentication/authorization (create and validate user-generated tokens)

Question 27

Why might you want to use a Lambda@Edge function over a CloudFront function?

Answer 27

• Longer execution time (up to seconds)
• Adjustable CPU or memory
• Code can depend on 3rd Party libraries)
• Network access to use external services for processing
• File system access or access to the body of HTTP requests

Question 28

Describe CloudFront functions.

Answer 28

• Lightweight functions written in JavaScript
• For high-scale, latency sensitive CDN customizations
• Sub-ms startup times, millions of requests/second
• Used to change Viewer requests and responses (i.e., those between client and CloudFront, as opposed to those between CloudFront and Origin)
• Native feature of CloudFront (manage code entirely within CloudFront)

Question 29

Describe Lambda@Edge functions.

Answer 29

• Lambda functions written in NodeJs or Python
• Scales to 1000s of requests/second
• Can change both View and Origin requests/responses
• Author your functions in one AWS Region, then CloudFront replicates to its locations

Question 30

How do you give a Lambda function VPC access?

Answer 30

• Define VPC ID, Subnets and Security groups
• Lambda will create an ENI (Elastic Network Interface) in your subnets
• Lambda function must have the AWSLambdaVPCAccessExecutionRole

Question 31

How can you give a Lambda function internet access (or a public IP)?

Answer 31

Cannot simply deploy to a public subnet
- Deploy to a private subnet that has a NAT Gateway / Instance

Question 32

How can you access AWS services from a Lambda within a VPC / private subnet?

Answer 32

Use VPC endpoints

Question 33

How would you improve the performance of a computation heavy Lambda function?

Answer 33

Computation heavy means CPU-bound - increase RAM to gain more vCPU.

Question 34

Why should you declare database connection code outside of a function call?

Answer 34

If it is within the function, DB connection will be established at every invocation.
If is is outside the function, the connection will be established once and reused in subsequent invocations, due to the execution context of lambda functions (temporary runtime environment).

Question 35

How can you improve performance of a lambda function that requires large files?

Answer 35

Use the /tmp directory - 10GB directory (can be used as a transient cache for multiple invocations - helpful to checkpoint your work)

Question 36

How can you encrypt content within the /tmp directory?

Answer 36

Generate KMS Data Keys in order to encrypt content.

Question 37

What are Lambda layers?

Answer 37

Externalized dependencies that can be used across multiple functions (dependencies do not have to be packaged with the code).

Question 38

How can a Lambda function access EFS file systems within a VPC?

Answer 38

Configure Lambda to mount EFS file systems to local directory during initialization
- use EFS Access Points

Question 39

What are the limitations of connecting Lambda to EFS?

Answer 39

EFS connection limits: One function instance = one connection
Connection burst limits: may be hit if many functions request connections at once

Question 40

How can you limit the number of concurrent Lambda executions?

Answer 40

Set the “reserved concurrency” at the function level.

Question 41

What is the Lambda behaviour if the reserved concurrency limit is exceeded?

Answer 41

Synchronous invocation: return ThrottleError 429
Asynchronous invocation: retry automatically and then go to DLQ

Question 42

What can happen if you don’t reserve concurrency and you exceed the default limit?

Answer 42

If you exceed 1000 (new default may be 50) concurrent executions, all executions of all functions in your account get throttled.

Question 43

How can you reduce the impact of cold starts?

Answer 43

Use Provisioned Concurrency:
- Concurrency is allocated before the function is invoked (i.e., lambda execution environments are created in advance)
- Can use application auto scaling to manage concurrency (schedule or target utilization)

Question 44

How do you include external dependencies in a lambda function (for example AWS X-Ray SDK, Database Clients, etc.)?

Answer 44

Install the packages alongside you code and zip it together
-> Upload the zip straight to Lambda if less than 50mb (otherwise to S3)

Question 45

How would you allow multiple accounts to access Lambda code stored in S3 for use in CloudFormation?

Answer 45

Use a bucket policy (using the Allow Principal: [Accounts ID…]), and create a CloudFormation execution role to allow it to access S3.

Question 46

How can you deploy a Lambda function from ECR?

Answer 46

• Can deploy a docker container image from ECR up to 10GB large
• Can use base image or custom as long as it implements the Lambda Runtime API
• Pack complex/large dependencies into the container

Question 47

What are some strategies for optimizing container images?

Answer 47

• Use AWS-provided base images (cached by Lambda service)
• Use multi-stage builds (code is built in larger preliminary images - then copy only the artifacts you need in your final container image and discard the preliminary steps)
• Build from Stable to Frequently Changing (make frequently occurring changes as late in Dockerfile as possible)
• Use a single repo for functions with large layers (avoid uploading and storing duplicate layers)

Question 48

How are Lambda aliases useful for deployments?

Answer 48

Can enable Canary deployment by assigning weights to lambda function aliases (e.g., 95% to v1, 5% to v2)

Question 49

How do aliases work (and what can they not do)?

Answer 49

‘Pointers’ to Lambda function versions (NOT to other aliases)

Question 50

What file would you use to deploy a lambda function via CodeDeploy, and what parameters are required?

Answer 50

AppSpec.yml
- Name, Alias, CurrentVersion, TargetVersion

Question 51

What is the memory allocation limit for lambda?

Answer 51

128MB to 10GB (1MB increments)

Question 52

What is the maximum execution time limit for lambda?

Answer 52

15 minutes

Question 53

What is the environment variables size limit?

Answer 53

4KB

Question 54

What is the max disk capacity in the function container (/tmp)?

Answer 54

512MB to 10GB

Question 55

What is the max number of concurrent executions?

Answer 55

1000

Question 56

What is the max lambda function deployment size for compressed zip files?

Answer 56

50MB

Question 57

What is the max lambda function deployment size for the uncompressed zip files?

Answer 57

250MB

Question 58

What are best practices for lambda initialization?

Answer 58

Perform heavy-duty work outside of your function handler
- Connect to databases
- Initialize AWS SDK
- Pull in dependencies or datasets

Question 59

What are best practices for environment variables?

Answer 59

Use for data connection strings, S3 bucket, etc.
- Passwords, sensitive values, etc. can be encrypted with KMS

Question 60

What are best practices for minimizing deployment package size?

Answer 60

Reduce to runtime necessities
- Break down function if need be
- Remember AWS Lambda limits
- Use layers where necessary

Question 61

How do you declare a Lambda function in a CloudFormation template?

Answer 61

Upload all the code as a zip file to an S3 bucket and refer to the object in AWS::Lambda::Function block

Question 62

How would you allow a Lambda function to be used with an Application Load Balancer?

Answer 62

Register the Lambda function with a Target Group