Lambda Networking Flashcards
How does AWS Lambda interact with public networks?
AWS Lambda functions can access resources in the public internet by default. However, they do not have public IP addresses, so inbound connectivity from the internet to Lambda functions is not possible directly.
What changes when you configure a Lambda function to access a VPC?
When configured to access a VPC, Lambda functions are enabled to access resources within a VPC but lose default internet access unless a NAT gateway or NAT instance is set up in the VPC.
What is the role of ENIs in Lambda functions within VPCs?
Elastic Network Interfaces (ENIs) are used by Lambda functions to securely connect to resources within a VPC. Lambda creates and manages these ENIs when functions are configured to access VPC resources, attaching them temporarily during execution.
How can AWS Lambda functions access both VPC resources and the public internet?
To enable a Lambda function to access resources in a VPC and the public internet, the VPC must be configured with a properly routed NAT gateway or NAT instance in a public subnet.
What are the best practices for security in AWS Lambda?
Best practices include following the principle of least privilege by granting only the necessary permissions to the Lambda execution role, using AWS Identity and Access Management (IAM) to control access, and securing function environment variables using encryption.
How is logging handled in AWS Lambda?
AWS Lambda automatically integrates with Amazon CloudWatch Logs, where it sends execution logs. Users can view these logs to monitor and debug Lambda function executions.
How do you monitor the performance and usage of Lambda functions?
Performance and usage of Lambda functions can be monitored using Amazon CloudWatch, which provides metrics such as invocation counts, errors, execution duration, and concurrent executions.
What types of IAM policies are relevant to AWS Lambda?
IAM policies relevant to Lambda include function policies for resource-based permissions, execution role policies for function execution permissions, and invocation role policies for event source permissions.
How does encryption work with AWS Lambda?
AWS Lambda supports encryption at rest for Lambda functions and their environment variables through AWS KMS keys. It also supports encryption in transit when invoking functions or when functions access AWS services and resources over HTTPS.
What considerations should be made for concurrency and scalability in Lambda?
When configuring concurrency settings for Lambda, consider the balance between performance and cost, and ensure that the function’s scaling behavior is aligned with the downstream resource limits to prevent throttling.
