Lambda Flashcards
1
Q
What is Serverless?
A
- Serverless is a new paradigm in which the developers don’t have to manage servers anymore…
- They just deploy code
- They just deploy… functions!
- Initially… Serverless == FaaS (Function as a Service)
- Serverless was pioneered by AWS Lambda but now also includes anything that’s managed: “databases, messaging, storage, etc.”
- Serverless does not mean there are no servers… it means you just don’t manage / provision / see them
2
Q
What are the Serverless services in AWS?
A
- AWS Lambda
- DynamoDB
- AWS Cognito
- AWS API Gateway
- Amazon S3
- AWS SNS & SQS
- AWS Kinesis Data Firehose
- Aurora Serverless
- Step Functions
- Fargate
3
Q
What platform is not for Lambda?
A
Docker
4
Q
Apart from the supported programming languages by Lambda, what else can you do?
A
Custom Runtime API (community supported, example Rust)
5
Q
What is Lambda pricing by call?
A
Pay per calls:
o First 1,000,000 requests are free
o $0.20 per 1 million requests thereafter ($0.0000002 per request)
6
Q
What is Lambda pricing by duration?
A
Pay per duration: (in increment of 100ms, round up)
o 400,000 GB-seconds of compute time per month if FREE
o == 400,000 seconds if function is 1GB RAM
o == 3,200,000 seconds if function is 128 MB RAM
o After that $1.00 for 600,000 GB-seconds
7
Q
How is calculated the duration of your Lambda?
A
To the nearest multiple of 100 ms, rounded up. This means that if your function ran in 1 ms you are billed for 100 ms
8
Q
What is the Lambda Handler?
A
Handler = name of the file + “.” + name of the function
9
Q
What is Lambda Execution Role?
A
A role to interact with the necessary services, it should allow you at least to upload logs to CloudWatch logs because each function invocation will create a new log stream in CloudWatch
10
Q
What is best practice regarding to Lambda functions and the Role executions?
A
It is best practice to maintain 1 role per function.
11
Q
How are Lambda invocations?
A
Sync and Asyc
12
Q
What are the main service that invoke Lambda sync?
A
o ALB o API Gateway o CloudFront (Lambda@Edge) o CLI o SDK o Cognito o Step Functions
13
Q
How can you expose a Lambda function as an HTTP(S) endpoint?
A
Using an ALB or API Gateway
14
Q
What you must do to expose Lambda as an HTTP(S) endpoint using ALB?
A
The Lambda function must be registered in a target group
15
Q
What particularity has ALB health checks for Lambda?
A
Health checks if enabled count as a Lambda function request
16
Q
How is the comunication between the ALB and Lambda?
A
HTTP request is translated to JSON
17
Q
What is the main information sent by an ALB to Lambda?
A
- ELB information
- HTTP method
- Path
- Query String Params (Key/Value)
- Headers (Key/Value)
- Body (for POST, PUT…)
- isBase64Encoded (flag)
18
Q
What is the main information sent by Lambda to an ALB?
A
- Status Code
- Description
- Headers (Key/Value)
- Body
- isBase64Encoded (flag)
19
Q
What is ALB multi-header setting?
A
/path?name=foo&name=bar
20
Q
What happens when you enable ALB multi-headers in Lambda?
A
When you enable multi-headers, HTTP headers and query string parameters that are sent with multiple values are shown as arrays within the AWS Lambda event and response objects
21
Q
What is Lambda@Edge?
A
Run a global AWS Lambda alongside your CDN
22
Q
What is useful for Lambda@Edge?
A
You can use Lambda to change CloudFront requests and responses:
o After CloudFront receives a request from a viewer (viewer request)
o Before CloudFront forwards the request to the origin (origin request)
o After CloudFront receives the response from the origin (origin response)
o Before CloudFront forwards the response to the viewer (viewer response)
You can also generate responses to viewers without ever sending the request to the origin
23
Q
What are Lambda@Edge use cases?
A
Lambda@Edge: Use Cases • Website Security and Privacy • Dynamic Web Application at the Edge • Search Engine Optimization (SEO) • Intelligently Route Across Origins and Data Centers • Bot Mitigation at the Edge • Real-time Image Transformation • A/B Testing • User Authentication and Authorization • User Prioritization • User Tracking and Analytics
24
Q
What are the main services that invoke Lambda async?
A
- S3 Event Notifications
- SNS
- CloudWatch Events / EventBridge
- CodeCommit (CodeCommit Trigger: new branch, new tag, new push)
- CodePipeline (invoke a Lambda function during the pipeline, Lambda must callback)
25
Where are async calls placed in Lambda?
The events are placed in an Event Queue
26
What happens when Lambda fails processing an async call?
Lambda attempts to retry on errors 3 times
| o 1-minute wait after 1st, then 2 minutes wait
27
How can you realize that Lambda has retryied an async call?
If the function is retried, you will see duplicate logs entries in CloudWatch Logs with the same request id
28
What you need to make sure in your Lambda function to handle retries successfuly?
Make sure the processing is idempotent, that way in case of retries the result is the same
29
What can you use for failed async invoked Lambda functions?
Can define a DLQ (dead-letter queue) – SNS or SQS – for failed processing (need correct IAM permissions)
30
What you must use from the CLI when invoking a Llambda function async?
From the CLI you must use --invocation-type Event
31
What is the response received in the CLI when invoking a Lambda function async?
the response StatusCode will be 202, synonym of asynchronous invocation
32
What you need to do in EventBridge to async invoke a Lambda function?
You need to create a rule and define an Event pattern or a Schedule
33
What services do Lambda polls records from them?
* Kinesis Data Streams
* SQS & SQS FIFO queue
* DynamoDB Streams
34
What is used by Lambda to poll records?
Event Source Mapping
35
How is your Lambda function invoked by the Lambda Event Source Mapping?
Your Lambda function is invoked synchronously
36
How does work the Lambda Event Source Mapping with Kinesis?
An event source mapping creates an iterator for each shard, processes items in order.
Start with new items, from the beginning or from timestamp
37
What happens to items in a kinesis stream that were read by the Lambda Event Source Mapping?
Processed items aren't removed from the stream (other consumers can read them)
38
What can you do if the traffic in Kinesis is low and a Lambda Event Source Mapping is poling it?
Use batch window to accumulate records before processing.
39
How is error handling in Lambda when polling data from streams?
By default, if your function returns an error, the entire batch is reprocessed until the function succeeds, or the items in the batch expire
40
What does Lambda do to ensure in order processing while polling data from streams?
To ensure in-order processing, processing for the affected shard is paused until the error is resolved
41
How can you configure the Lambda Event Source Mapping for error handling?
o discard old events
o restrict the number of retries
o split the batch on error (to work around Lambda timeout issues)
42
Where can discarded events by the Lambda Event Source Mapping go?
to a Destination
43
How would Lambda Event Souce Mapping poll from SQS and SQS FIFO?
Using Long Polling, specifying a batch size in the range (1-10)
44
What is the recommended visibility timeout for SQS when a Lambda Event Source Mapping is polling from it?
Set the queue visibility timeout to 6x the timeout of your Lambda function
45
What is the best option to use if you need a DLQ while polling data from SQS using a Lambda Event Source Mapping?
To use a DLQ set-up on the SQS queue, not Lambda (DLQ for Lambda is only for async invocations) or use a Lambda destination for failures
46
How does Lambda scale while reading SQS queues?
* Up to the number of active message groups. Messages with the same GroupID will be processed in order
* Lambda scales up to process a standard queue as quickly as possible, up to 1000 batches of messages processed simultaneously
47
What could happen occasionally in the Lambda Event Source Mapping while polling SQS even if no function error occurred?
Occasionally, the event source mapping might receive the same item from the queue twice, even if no function error occurred
48
How does Lambda scale when polling stream shards?
o One Lambda invocation per stream shard
| o If you use parallelization, up to 10 batches processed per Shard simultaneously
49
What is recommended to use over Lambda DLQs?
AWS recommends you use destinations instead of DLQ now (but both can be used at the same time).
50
What is the difference between Lambda destinations and Lambda DLQs?
Lambda destinations provide several destinations and you can send your successful events as well
51
How are used Lambda destinations for async invocations?
```
can define destinations for successful and failed processing events:
o Amazon SQS
o Amazon SNS
o AWS Lambda
o Amazon EventBridge bus
```
52
How are used Lambda destinations for Event Source Mappings?
for discarded event batches
o Amazon SQS
o Amazon SNS
Note: you can send events to a DLQ directly from SQS when using Event Source Mapping
53
What is the Lambda Execution Role?
Grants the Lambda function permissions to AWS services / resources.
When you use an event source mapping to invoke your function, Lambda uses the execution role to read event data
54
What are main managed policies for Lambda Execution Role?
o AWSLambdaBasicExecutionRole – Upload logs to CloudWatch.
o AWSLambdaKinesisExecutionRole – Read from Kinesis
o AWSLambdaDynamoDBExecutionRole – Read from DynamoDB Streams
o AWSLambdaSQSQueueExecutionRole – Read from SQS
o AWSLambdaVPCAccessExecutionRole – Deploy Lambda function in VPC
o AWSXRayDaemonWriteAccess – Upload trace data to X-Ray.
55
What is best practice for Lambda Execution Role?
create one Lambda Execution Role per function
56
What are Lambda Resource Based Policies?
Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources
• Similar to S3 bucket policies for S3 bucket
57
How can you adjust your Lambda function behavior without updating code?
Using Lambda Environment Variables
58
What can you do with secrets in Lambda?
Use environment variables to store secrets (encrypted by KMS). Secrets can be encrypted by the Lambda service key, or your own CMK
59
What you need to do to to make sure that Lambda logs are stored?
o AWS Lambda execution logs are stored in AWS CloudWatch Logs
o Make sure your AWS Lambda function has an execution role with an IAM policy that authorizes writes to CloudWatch Logs
60
Where are Lambda metrics available?
In CloudWatch Metrics
61
How can you integrate X-Ray to lambda?
Enabling it in the Lambda Configuration (Active Tracing)
62
How can you write traces to X-Ray from your Lambda function?
* Use AWS X-Ray SDK in Code
| * Ensure Lambda Function has a correct IAM Execution Role
63
What are the environment variables used by Lambda to communicate with X-Ray?
o _X_AMZN_TRACE_ID: contains the tracing header
o AWS_XRAY_CONTEXT_MISSING: by default, LOG_ERROR
o AWS_XRAY_DAEMON_ADDRESS: the X-Ray Daemon IP_ADDRESS:PORT (most important)
64
Where are my Lambda functions launched?
* By default, your Lambda function is launched outside your own VPC (in an AWS-owned VPC)
* Therefore, it cannot access resources in your VPC (RDS, ElastiCache, internal ELB…)
65
What you need to do to communicate i.e. with a RDS DB in a VPC from your Lambda?
You must define the VPC ID, the Subnets and the Security Groups
66
What happens to a Lambda function in a public subnet?
does not have internet access
67
What you must do to provide internet access to a Lambda function in a VPC?
Deploying a Lambda function in a private subnet gives it internet access if you have a NAT Gateway / Instance
68
What can Lambda use to privately access AWS services?
You can use VPC endpoints to privately access AWS services without a NAT
69
What is RAM in Lambda?
From 128MB to 3,008MB in 64MB increments
70
How can you add vCPU to your Lambda?
By adding RAM
71
At how much RAM does your Lambda have 1 vCPU?
o At 1,792 MB, a function has the equivalent of one full vCPU
o After 1,792 MB, you get more than one CPU, and need to use multi-threading in your code to benefit from it
72
What is Lambda timeout value?
default 3 seconds, maximum is 900 seconds (15 minutes)
73
What is the Lambda execution context?
The execution context is a temporary runtime environment that initializes any external dependencies of your lambda code
74
What is great for the Lambda execution context?
Great for database connections, HTTP clients, SDK clients…
75
How does work the Lambda execution context?
* The execution context is maintained for some time in anticipation of another Lambda function invocation
* The next function invocation can “re-use” the context to execution time and save time in initializing connections objects
* The execution context includes the /tmp directory
76
What is max size allowed in Lambda tmp directory?
512 MB
77
What can be used for the tmp directory in Lambda?
* If your Lambda function needs to download a big file to work…
* If your Lambda function needs disk space to perform operations…
78
What can you use for permanent persistence of object in Lambda?
S3
79
What is Lambda concurrency limit?
1000. The limit is shared by all your functions in the region, so no matter how many applications are using your lambda function. If one application reaches the limit, the other applications will throttle.
80
What is Lambda Throttle behavior?
Throttle behavior:
o If synchronous invocation => return ThrottleError - 429
o If asynchronous invocation => retry automatically and then go to DLQ
81
What you need to do if you need to go over your Lambda limits?
open a support ticket
82
What can you set about concurrency at the function level?
A reserved concurrency
83
What can you set about concurrency at the function level?
A reserved concurrency
84
What is done by Lambda if the function does not have enough concurrency available for async invocations?
* If the function doesn't have enough concurrency available to process all events, additional requests are throttled.
* For throttling errors (429) and system errors (500-series), Lambda returns the event to the queue and attempts to run the function again for up to 6 hours.
85
What is the retry policy used by Lambda?
The retry interval increases exponentially from 1 second after the first attempt to a maximum of 5 minutes
86
What is Lambda Cold Start?
First request served by new instances has higher latency than the rest. If the init is large (code, dependencies, SDK…) this process can take some time.
87
What is Provisioned Concurrency?
o Concurrency is allocated before the function is invoked (in advance)
o So, the cold start never happens and all invocations have low latency
88
What can you do if your Lambda function depends on external libraries?
You need to install the packages alongside your code and zip it together
• Native libraries work: they need to be compiled on Amazon Linux
• AWS SDK comes by default with every Lambda function
89
How can you define Lambda functions in CloudFormation?
- Inline
| - Through S3
90
What property is used in CloudFormation for defining inline Lambda function?
Use the Code.ZipFile property
91
What can't you include in CloudFormation defined Lambda function?
You cannot include function dependencies with inline functions
92
Hoes does work CloudFormation defined Lambda functions thorugh S3?
* You must store the Lambda zip in S3
* You must refer the S3 zip location in the CloudFormation code
* S3Bucket
* S3Key: full path to zip
* S3ObjectVersion: if versioned bucket
93
What might happen if you update the code of a Lambda function in S3 that is referenced by CloudFormation?
If you update the code in S3, but don’t update S3Bucket, S3Key or S3ObjectVersion, CloudFormation won’t update your function
94
How can you use a Lambda Custom Runtime?
Using Lambda Layers
95
What is a Lambda Layer?
Externalize Dependencies to re-use them:
96
What caracteristic have Lambda Versions?
- immutable
- increasing version numbers
- own ARN
97
What are Lambda Aliases?
* Aliases are ”pointers” to Lambda function versions
| * We can define a “dev”, ”test”, “prod” aliases and have them point at different lambda versions
98
What caracteristic have Lambda Aliases?
- mutable
| - own ARN
99
What enables Lambda Aliases?
* Aliases enable Blue / Green deployment by assigning weights to lambda functions
* Aliases enable stable configuration of our event
100
What cannot do Lambda Aliases?
reference aliases
101
What can help you to automate traffic shift for Lambda Aliases?
CodeDeploy deployment configurations
102
What CodeDeploy deployment configurations are integrated with Lambda?
- Linear
- Canary
- AllAtOnce
103
How does work CodeDeploy Linear configuration?
grow traffic every N minutes until 100%
o Linear10PercentEvery3Minutes
o Linear10PercentEvery10Minutes
104
How does work CodeDeploy Canary configuration?
try X percent then 100%
o Canary10Percent5Minutes
o Canary10Percent30Minutes
105
How does work CodeDeploy AllAtOnce configuration?
immediate
106
What can you do to check the health of a Lambda function deployed using CodeDeploy?
Can create Pre & Post Traffic hooks to check the health of the Lambda function
107
What is the max size of Environment Variables in Lambda?
4 KB
108
What is the max size of Lambda zip file?
50 MB
109
What is the max size of Lambda uncompressed deployment (code + dependencies)?
250 MB
110
What you must avoid in Lambda functions code?
recursive code
111
What does Lambda do when you specify the VPC configuration?
* Lambda will create an ENI (Elastic Network Interface) in your subnets
* Your Lambda function needs AWSLambdaVPCAccessExecutionRole
112
What else you need to do to access RDS from your Lambda besides specifying the VPC configuration?
RDS security group must allow access from Lambda Security Group
