Lambda Flashcards
What programming languages are supported by Lambda?
Python Node.js C# Go Java Ruby Powershell Custom Runtime API Lambda Container Image - Must implement the lambda runtime API - Don’t run any container that does not use the lambda runtime api
How can a lambda function be invoked?
Synchronously and Asynchronously
What defines Lambda Synchronous invocation?
Called by e.g. SDK, CLI, API Gateway, or an ALB.
Result is retuned rightaway.
Error handling happens on client side
Which services call lambda synchronously?
User invoked:
CLoudFront@Edge
ALB
API Gateway
S3 batch
Service invoked:
Cognito
Step functions
Other services:
Alexa
Lex
Kinesis Data Firehose
How can Lambda be exposed to the internet?
ALB & API Gateway
How does Client to ALB to Lambda work?
CLient sends http-request that ALB picks up.
ALB transforms the http-request into json that is readable by lambda. Especially each querystring will appear in the json document.
Lambda then sends it json response to the ALB.
The ALB transforms the json back to http and sends it to the client.
What are ALB multi-header values and how to enable them?
The http request contains multiple querystrings with the same key.
Then the http headers and the querystrings will be converted to an array in the json send to lambda.
This setting has to enabled on ALB side.
What is Lambda@edge?
Enables to deploy lambda globally alongside a CloudFront distribution.
Why use Lmabda@edge?
more responsive apps
globally deployed
customize CDN content
pay for what you use
What CLoudFront requests and responses can be modified by lambda?
viewer(client) request
viewer response
origin(lambda) request
origin response
What defines Lambda Asynchronous invocation?
Called by e.g. SNS, S3, CLoudWatch Events, codecommit, codepipeline, cloudformation, config
Events are placed in an event queue
3 retries on failures
indempotent processing
SNS or SQS can be defined as dead letter queue (permission required)
better if we don’t need to wait for the result
some services can only call asynchronously
WHich services utilize lambda event source mapping?
Kinesis Data Stream
SQS & SQS fifo stream
dynamodb streams
function is invoked synchronuosly
UNDERSTAND IN PROPERLY
What is lambda destinations?
DO NOT UNDERSTAND
What role do roles play in lambda invocations?
DO NOT ASK ME - NO CLUE
Lambda - Logging & Montoring
CloudWatch Logs:
Stores lambda execution logs
Requires lambda function to assume role with IAM policy that authorizes writing cloudwatch logs
CLoudWatch Metrics:
Invocations, durations, concurrent exeutions
error count, success rate, throttles
async delivery failures
iterator age (Kinesis & dynamodb streams)
How to use tracing with Lambda?
Lambda Tracing with X-Ray:
enable in lambda configuration (Active Tracing)
Use X-Ray SDK in code
Ensure Lambda has service role with policy called AWSxraydaemonwriteaccess
env vars to communicate with x ray:
_X_AMZN_TRACE_ID: contains tracing header
AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR
AWS_XRAY_DAEMON_ADDRESS: the x ray daemon IP_ADDRESS_PORT
Who “owns” the VPC that lambda runs on?
AWS, not we.
THerefore, it cannot access resources in our VPC.
Can Lambda be deployed to our VPC?
Yes, define VPC ID, subnets, and security groups.
Lambda will create an ENI in our subnets.
Managed Policy AWSLambdaVPCAccessExecutionRole – Permission to manage elastic network interfaces to connect your function to a virtual private cloud (VPC) is required
Deploying a lambda function to a public subnet surely makes the function publicly accessable, right?
No.
Instead, deploy the lambda function to a private subnet and give it access to an NAT Gateway Instance that itself is deployed in a public subnet
Also, we can configure a VPC endpoint in the private subnet, such that lmabda can communicate with all AWS resources in my VPC (VPCs?)
Lambda Function Configuration
RAM:
From 128 MB to 3008 MB in 64 MB increments
vCPU credits automatically increase with chosen RAM
At 1792 MB, we get 1 vCPU
After 1792 MB RAM the code has to make use of multi-threading to benefit from more vCPU
TImeOut:
Default 3 secs, max 900 secs (15 min)
What is the Lambda Execution Context?
Execution context is a temporary runtime environment that initializes any external dependencies of our lambda code.
Great for db connections, http clients and SDK clients
If another lambda function is called again quickly enough, then the execution context can be re-used, improving performance.
Execution context includes the /tmp directory. 512 MB, good for downloads or code execution. Same /tmp folder remains if execution context is re-invoked (transient cache)
Put anything that takes time to initialize outside of the function handler
Lambda Concurrency and Threading
Up to 1000 concurrent executions (Support TIcket for more).
Use “reserved concurrency” to limit the number of concurrent executions.
After that limit Throttling is invoked.
Throttle behaviour:
Synchronous invocation: ThrottleError 429
Asynchronous invocation: auto retry and then DLQ
Does the Lambda concurrency limit apply to all function in my account?
YES.
What are Cold Start and Provisioned Concurrency?
Cold Start:
First request served by new instances has higher latency (Improved a lot though since fall 2019).
If init is large, e.g.
Provision Concurrency:
Concurrency is allocated before the function is invoked.
All requests have low latency
Application Auto Scaling can manage concurrency (target and scheduled)
