What are the three main types of Lambda invocation?
- Synchronous (RequestResponse), 2. Asynchronous (Event), 3. Event Source Mapping (Poll-based).
What happens to asynchronous events that fail after all retries?
They are sent to a Dead Letter Queue (SQS or SNS) or a Lambda Destination (SQS, SNS, another Lambda, or EventBridge).
What is the default retry behavior for an Asynchronous Lambda invocation?
2 retries over a period of up to 6 hours.
What two services can be used as a Dead Letter Queue (DLQ) for Lambda?
SQS (Queue) and SNS (Topic).
When a Lambda is triggered by an SQS Queue, who manages retries?
The Lambda Event Source Mapping manages the retries; the SQS queue will handle the message’s visibility timeout and redelivery until it reaches the queue’s Redrive Policy (DLQ).
What is a “Cold Start” in AWS Lambda?
The time taken for Lambda to download the code and initialize the runtime and execution environment before running the handler function.
How do you minimize cold starts for a critical Lambda function?
Configure Provisioned Concurrency. This keeps a specified number of execution environments initialized and ready to respond.
What is the difference between Reserved Concurrency and Provisioned Concurrency?
Reserved: A hard limit on the maximum concurrent executions for a function (prevents throttling).
Provisioned: Keeps environments warm and ready (solves cold starts).
What is a Lambda Layer?
A ZIP file archive containing supplementary code, libraries, or custom runtimes that can be shared across multiple Lambda functions.
What is required for a Lambda function to access resources inside a VPC?
The function must be configured with the appropriate VPC Subnets and Security Groups.
If a VPC-configured Lambda needs to access the public internet (e.g., S3 or a public API), what is required?
It must route traffic through a Private Subnet → NAT Gateway → Internet Gateway.
What service is used to manage and rotate database credentials for a Lambda function?
AWS Secrets Manager
What is the best way to secure a secret (like a database connection string) used by a Lambda function?
Store it in AWS Secrets Manager or SSM Parameter Store (SecureString), and grant the Lambda Execution Role permissions to decrypt/retrieve it.
What is the use case for AWS Lambda Reserved Concurrency?
To protect downstream resources from overload
What is the use case for AWS Lambda Provisioned Concurrency?
Eliminate cold starts for critical, low-latency functions
Suppose you have a lambda triggered by an SQS queue. Where do you configure sending messages to a DLQ after X failures?
In SQS (NOT Lambda!)
A developer wants to debug a Lambda function using the AWS CLI. They invoke the function with ‘RequestResponse’ invocation type. How can they view the logs in the CLI response?
Use the --log-type Tail parameter.
What AWS CLI command retrieves the error message from a failed Lambda invocation?
You must decode the x-amz-function-error header.
What is the maximum size of the deployment package for a Lambda function (zipped)?
50 MB
What is the maximum size of the deployment package for a Lambda function (unzipped)?
250MB
You have a Lambda function configured with 128 MB of memory. The function is CPU bound and performing slowly. How can you increase the CPU power allocated to the function?
Increase the allocated memory.
In Lambda, CPU power is allocated proportionally to memory. Increasing memory automatically increases CPU.
A developer wants to ensure that their Lambda function has access to the /tmp directory with a size of 2 GB. How can this be configured?
Configure the Ephemeral Storage setting in the function configuration.
You can configure ephemeral storage (/tmp) between 512 MB and 10 GB.
You have a Lambda function that consumes messages from an SQS FIFO queue. What is the maximum concurrency limit for this function?
It is equal to the number of active Message Groups in the queue.
For FIFO queues, Lambda scales up to the number of active message groups to ensure order is preserved per group.
-
IAM 10118
-
S3 10174
-
S3 Object Lock8
-
S3 Performance10
-
S3 Sharing Buckets Across Accounts4
-
S3 Encryption and Versioning16
-
S3 Select and Glacier Select4
-
[Solutions Architect] S3 Storage Gateways14
-
[Solutions Architect] AWS Organizations7
-
CloudFront15
-
DataSync5
-
EC2 10134
-
AMI 10110
-
VPC Security Groups12
-
EBS 10117
-
Types of EBS Volumes18
-
ENI/ENA/EFA22
-
Encrypted Root Device Volumes7
-
Spot Instances and Spot Fleets15
-
EC2 Hibernate10
-
EC2 CloudWatch8
-
EC2 Misc.11
-
EFS11
-
[Solutions Architect] FSx5
-
[Solutions Architect] EC2 Placement Groups16
-
EC2 HPC5
-
AWS WAF6
-
Databases 10138
-
RDS48
-
DynamoDB40
-
Redshift15
-
Aurora17
-
Cacheing and Elasticache15
-
Advanced IAM16
-
DNS / Route 5333
-
Route53 Routing Policies11
-
VPCs48
-
NAT Instances and NAT Gateways16
-
Network ACLs8
-
VPC Flow Logs8
-
Load Balancers / High Availability 10127
-
ASGs4
-
Bastion Host and On-Premises High Availability7
-
SQS24
-
SWF6
-
SNS3
-
Elastic Transcoder2
-
API Gateway6
-
Kinesis 1017
-
Web Identity Federation and Cognito7
-
Event Processing Patterns5
-
Security23
-
Lambda19
-
Miscellaneous12
-
Containers and VMs38
-
[DEVELOPER] Advanced Lambda23
-
[DEVELOPER] Advanced SQS + SNS37
-
[DEVELOPER] Advanced Kinesis38
-
[DEVELOPER] Elasticache and Advanced RDS / Aurora3
-
[Developer] Advanced Database Topics49
-
[Developer] Advanced Analytics Topics18
-
[Developer] Monitoring Services6
-
[DEVELOPER] Advanced Storage Topics10
-
[DEVELOPER] Advanced Networking and Content Delivery26
-
[DEVELOPER] AI and ML20
-
[DEVELOPER] Developer tools14
-
[Developer] Step Functions13
-
[Developer] AWS Amplify11
-
[DEVELOPER] Advanced EC29
-
[DEVELOPER] Developer Security7
-
[DEVELOPER] Advanced API Gateway27
-
[Solutions Architect] Organizational Security15
-
[Solutions Architect] Active Directory22
-
[DEVELOPER] CloudTrail11
-
[Developer] X-Ray13
-
[Developer] SAM11
-
[Developer] Deployment Services40
