Lambda

Question 1

What programming languages are supported by Lambda?

Answer 1

Python Node.js C# Go Java Ruby Powershell Custom Runtime API Lambda Container Image - Must implement the lambda runtime API - Don’t run any container that does not use the lambda runtime api

Question 2

How can a lambda function be invoked?

Answer 2

Synchronously and Asynchronously

Question 3

What defines Lambda Synchronous invocation?

Answer 3

Called by e.g. SDK, CLI, API Gateway, or an ALB.

Result is retuned rightaway.

Error handling happens on client side

Question 4

Which services call lambda synchronously?

Answer 4

User invoked:

CLoudFront@Edge

ALB

API Gateway

S3 batch

Service invoked:

Cognito

Step functions

Other services:

Alexa

Lex

Kinesis Data Firehose

Question 5

How can Lambda be exposed to the internet?

Answer 5

ALB & API Gateway

Question 6

How does Client to ALB to Lambda work?

Answer 6

CLient sends http-request that ALB picks up.

ALB transforms the http-request into json that is readable by lambda. Especially each querystring will appear in the json document.

Lambda then sends it json response to the ALB.

The ALB transforms the json back to http and sends it to the client.

Question 7

What are ALB multi-header values and how to enable them?

Answer 7

The http request contains multiple querystrings with the same key.

Then the http headers and the querystrings will be converted to an array in the json send to lambda.

This setting has to enabled on ALB side.

Question 8

What is Lambda@edge?

Answer 8

Enables to deploy lambda globally alongside a CloudFront distribution.

Question 9

Why use Lmabda@edge?

Answer 9

more responsive apps

globally deployed

customize CDN content

pay for what you use

Question 10

What CLoudFront requests and responses can be modified by lambda?

Answer 10

viewer(client) request

viewer response

origin(lambda) request

origin response

Question 11

What defines Lambda Asynchronous invocation?

Answer 11

Called by e.g. SNS, S3, CLoudWatch Events, codecommit, codepipeline, cloudformation, config

Events are placed in an event queue

3 retries on failures

indempotent processing

SNS or SQS can be defined as dead letter queue (permission required)

better if we don’t need to wait for the result

some services can only call asynchronously

Question 12

WHich services utilize lambda event source mapping?

Answer 12

Kinesis Data Stream

SQS & SQS fifo stream

dynamodb streams

function is invoked synchronuosly

UNDERSTAND IN PROPERLY

Question 13

What is lambda destinations?

Answer 13

DO NOT UNDERSTAND

Question 14

What role do roles play in lambda invocations?

Answer 14

DO NOT ASK ME - NO CLUE

Question 15

Lambda - Logging & Montoring

Answer 15

CloudWatch Logs:

Stores lambda execution logs

Requires lambda function to assume role with IAM policy that authorizes writing cloudwatch logs

CLoudWatch Metrics:

Invocations, durations, concurrent exeutions

error count, success rate, throttles

async delivery failures

iterator age (Kinesis & dynamodb streams)

Question 16

How to use tracing with Lambda?

Answer 16

Lambda Tracing with X-Ray:

enable in lambda configuration (Active Tracing)

Use X-Ray SDK in code

Ensure Lambda has service role with policy called AWSxraydaemonwriteaccess

env vars to communicate with x ray:

_X_AMZN_TRACE_ID: contains tracing header

AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR

AWS_XRAY_DAEMON_ADDRESS: the x ray daemon IP_ADDRESS_PORT

Question 17

Who “owns” the VPC that lambda runs on?

Answer 17

AWS, not we.

THerefore, it cannot access resources in our VPC.

Question 18

Can Lambda be deployed to our VPC?

Answer 18

Yes, define VPC ID, subnets, and security groups.

Lambda will create an ENI in our subnets.

Managed Policy AWSLambdaVPCAccessExecutionRole – Permission to manage elastic network interfaces to connect your function to a virtual private cloud (VPC) is required

Question 19

Deploying a lambda function to a public subnet surely makes the function publicly accessable, right?

Answer 19

No.

Instead, deploy the lambda function to a private subnet and give it access to an NAT Gateway Instance that itself is deployed in a public subnet

Also, we can configure a VPC endpoint in the private subnet, such that lmabda can communicate with all AWS resources in my VPC (VPCs?)

Question 20

Lambda Function Configuration

Answer 20

RAM:

From 128 MB to 3008 MB in 64 MB increments

vCPU credits automatically increase with chosen RAM

At 1792 MB, we get 1 vCPU

After 1792 MB RAM the code has to make use of multi-threading to benefit from more vCPU

TImeOut:

Default 3 secs, max 900 secs (15 min)

Question 21

What is the Lambda Execution Context?

Answer 21

Execution context is a temporary runtime environment that initializes any external dependencies of our lambda code.

Great for db connections, http clients and SDK clients

If another lambda function is called again quickly enough, then the execution context can be re-used, improving performance.

Execution context includes the /tmp directory. 512 MB, good for downloads or code execution. Same /tmp folder remains if execution context is re-invoked (transient cache)

Put anything that takes time to initialize outside of the function handler

Question 22

Lambda Concurrency and Threading

Answer 22

Up to 1000 concurrent executions (Support TIcket for more).

Use “reserved concurrency” to limit the number of concurrent executions.

After that limit Throttling is invoked.

Throttle behaviour:

Synchronous invocation: ThrottleError 429

Asynchronous invocation: auto retry and then DLQ

Question 23

Does the Lambda concurrency limit apply to all function in my account?

Answer 23

YES.

Question 24

What are Cold Start and Provisioned Concurrency?

Answer 24

Cold Start:

First request served by new instances has higher latency (Improved a lot though since fall 2019).

If init is large, e.g.

Provision Concurrency:

Concurrency is allocated before the function is invoked.

All requests have low latency

Application Auto Scaling can manage concurrency (target and scheduled)

Question 25

Checkout provisioned vs reserved concurrency

Question 26

How to get external code dependencies into Lambda (like pip)?

Answer 26

Install the packages (where?) zip them and upload them to Lambda

50 MB max otherwise use S3

AWS SDK exists by default, however e.g. AWS X Ray SDK does not

Question 27

How to define Lambda in CloudFormation?

Answer 27

Inline as a Resource:

CodeZipFile-propety must be used for the code, but external libraries cannot be imported that way.

Through S3:

For that upload lambda zip to S3 and reference S3-location with Code-property. Lambda function is still a resource.

Question 28

What is possible with Lambda Layers?

Answer 28

Custom Runtimes:

C++

Rust

Externalize dependencies and re-use them:

Hard drive heavy dependencies can be put into layers, which are then referenced by the lambda function, keeping the function itself lightweight.

Question 29

What are Lambda Container Images?

Answer 29

Deploy Lambda Functions as Container Images up to 10 gigs in ECR

COntainer’s base images HAS to use a Lambda Runtime API

COntainer can be tested locally using the Lambda Runtime Interface Emulator

Question 30

How do Lambda Versions work?

Answer 30

Working version if referred to as $LATEST (mutable).

First published version is V1 (immutable)

Each version has their own ARN

BUT, what if we want to provide a stable endpoint?

Use Aliases, which can be pointed to specific version. Aliases are mutable.

Aliases enable Green/Blue deployment, e.g. PROD-alias points 90% to V2 and 10% to V3.

Aliases also have their own ARNs

Question 31

Lambda and CodeDeploy

Answer 31

CodeDeploy can help with traffic shift to Aliases.

Feature is integrated with SAM framework

Linear & Canary & AllAtOnce

Question 32

Lambda Limits per region:

Answer 32

Execution:

Memory allocation: 128 MB to 10 GB (64 MB increments)

Maximum Execution Time: 900 secs aka 15 min

Env Vars: 4kb

Disk capacity: 512 mb in /tmp

1000 concurrent execs

Deployment:

Lambda deployment size (zip): 50 mb

Env vars: 4 kb

Size of uncompressed deployent code with dependencies: 250 mb

Use /tmp folder’s 512 mb for big externals