AWS Lambda – Certification

AWS Lambda

  • AWS Lambda offers Serverless computing that allows you to build and run applications and services without thinking about servers, which are managed by AWS
  • Lambda lets you run code without provisioning or managing servers, where you pay only for the compute time when the code is running.
  • Lambda is priced on a pay per use basis and there are no charges when the code is not running
  • Lambda allows you to run code for any type of application or backend service with zero administration
  • Lambda performs all the operational and administrative activities on your behalf, including capacity provisioning, monitoring fleet health, applying security patches to the underlying compute resources, deploying code, running a web service front end, and monitoring and logging the code.
  • Lambda provides easy scaling and high availability to your code without additional effort on your part.
  • Lambda does not provide access to the underlying compute infrastructure
  • Lambda is designed to process events within milliseconds. Latency will be higher immediately after a Lambda function is created, updated, or if it has not been used recently.
  • Lambda is designed to use replication and redundancy to provide high availability for both the service itself and for the Lambda functions it operates. There are no maintenance windows or scheduled downtimes for either.
  • Lambda stores code in S3 and encrypts it at rest and performs additional integrity checks while the code is in use.
  • Lambda supports code written in Node.js (JavaScript), Python, Java (Java 8 compatible), and C# (.NET Core)
  • All calls made to AWS Lambda must complete execution within 300 seconds. The default timeout is 3 seconds, but you can set the timeout to any value between 1 and 300 seconds.

Lambda Functions & Event Sources

Core components of Lambda are Lambda functions and event sources.

  • An event source is the AWS service or custom application that publishes events
  • Lambda function is the custom code that processes the events

Lambda Functions

  • Each Lambda function has associated configuration information, such as its name, description, entry point, and resource requirements
  • Lambda functions should be stateless, to allow AWS Lambda launch as many copies of the function as needed as per the demand. State can be maintained externally in DynamoDB or S3
  • Each Lambda function receives 500MB of non-persistent disk space in its own /tmp directory.
  • Lambda functions have the following restrictions
    • Inbound network connections are blocked by AWS Lambda
    • Outbound connections only TCP/IP sockets are supported
    • ptrace (debugging) system calls are blocked
    • TCP port 25 traffic is also blocked as an anti-spam measure.
  • Lambda automatically monitors Lambda functions, reporting real-time metrics through CloudWatch, including total requests, latency, error rates, and throttled requests
  • Lambda automatically integrates with Amazon CloudWatch logs, creating a log group for each Lambda function and providing basic application lifecycle event log entries, including logging the resources consumed for each use of that function
  • Each AWS Lambda function has a single, current version of the code and there is no versioning of the same function. However, versioning can be implemented using Aliases.
    • Each Lambda function version has a unique ARN and after it is published it is immutable (that is, it can’t be changed).
    • Lambda supports creating aliases for each Lambda function versions.
    • Conceptually, an AWS Lambda alias is a pointer to a specific Lambda function version, but it is also a resource similar to a Lambda function, and each alias has a unique ARN.
    • Each alias maintains an ARN for a function version to which it points
    • An alias can only point to a function version, not to another alias
    • Unlike versions, which are immutable, aliases are mutable (that is, they can be changed) and can be updated to point to different versions
  • For failures, Lambda functions being invoked asynchronously are retried twice. Events from Kinesis and DynamoDB streams are retried until the Lambda function succeeds or the data expires. Kinesis and DynamoDB Streams retain data for a minimum of 24 hours.

Lambda Event Sources

Refer Blog Post – Lambda Event Source

Lambda Best Practices

  • Lambda function code should be stateless, and ensure there is no affinity between the code and the underlying compute infrastructure.
  • Instantiate AWS clients outside the scope of the handler to take advantage of connection re-use.
  • Make sure you have set +rx permissions on your files in the uploaded ZIP to ensure Lambda can execute code on your behalf.
  • Lower costs and improve performance by minimizing the use of startup code not directly related to processing the current event.
  • Use the built-in CloudWatch monitoring of your Lambda functions to view and optimize request latencies.
  • Delete old Lambda functions that you are no longer using.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Your serverless architecture using AWS API Gateway, AWS Lambda, and AWS DynamoDB experienced a large increase in traffic to a sustained 400 requests per second, and dramatically increased in failure rates. Your requests, during normal operation, last 500 milliseconds on average. Your DynamoDB table did not exceed 50% of provisioned throughput, and Table primary keys are designed correctly. What is the most likely issue?
    1. Your API Gateway deployment is throttling your requests.
    2. Your AWS API Gateway Deployment is bottlenecking on request (de)serialization.
    3. You did not request a limit increase on concurrent Lambda function executions. (Refer link – AWS API Gateway by default throttles at 500 requests per second steady-state, and 1000 requests per second at spike. Lambda, by default, throttles at 100 concurrent requests for safety. At 500 milliseconds (half of a second) per request, you can expect to support 200 requests per second at 100 concurrency. This is less than the 400 requests per second your system now requires. Make a limit increase request via the AWS Support Console.)
    4. You used Consistent Read requests on DynamoDB and are experiencing semaphore lock.

AWS Lambda Event Source – Certification

AWS Lambda Event Source

  • Core components of Lambda are Lambda functions and event sources.
    • An AWS Lambda event source is the AWS service or custom application that publishes events
    • Lambda function is the custom code that processes the events
  • An event source is an AWS service or developer-created application that produces events that trigger an AWS Lambda function to run
  • Supported event sources refer to those AWS services that can be preconfigured to work with AWS Lambda for e.g., S3, SNS, SES etc
  • Event sources can be either AWS Services or Custom applications

Lambda Event Source Mapping

  • Lambda Event source mapping refers to the configuration which maps an event source to a Lambda function.
  • Event source mapping enables automatic invocation of the Lambda function when events occur.
  • Each event source mapping identifies the type of events to publish and the Lambda function to invoke when events occur
  • AWS supported event sources can grouped into
    • Regular AWS services
      • also referred to as Push model
      • includes services like S3, SNS, SES etc.
      • event source mapping maintained on their side
      • as the event sources invoke the Lambda function, resource-based policy should be used to grant the event source necessary permissions
    • Stream-based event sources
      • also referred to as Pull model
      • includes services like DynamoDB & Kinesis streams
      • need to have the event source mapping maintained on the Lambda side

Lambda Supported Event Sources

AWS Lambda can be configured as an event source for multiple AWS services

Amazon S3

  • S3 bucket events, such as the object-created or object-deleted events can be processed using Lambda functions for e.g., Lambda function can be invoke when a user uploads a photo to a bucket to read the image and create a thumbnail
  • S3 bucket notification configuration feature can be configured for the event source mapping, to identify the S3 bucket events and the Lambda function to invoke.
  • Error handling for a given event source depends on how Lambda is invoked.
  • S3 invokes your Lambda function asynchronously.

AWS Lambda S3

Amazon DynamoDB

  • Lambda functions can be used as triggers for DynamoDB table to take custom actions in response to updates made to the DynamoDB table.
  • Trigger can be created by
    • First enabling Amazon DynamoDB Streams for the table.
    • Lambda then polls the stream and the Lambda function processes any updates published to the stream.
  • DynamoDB is a stream-based event source and with stream based service, the event source mapping is created in Lambda, identifying the stream to poll and which Lambda function to invoke.
  • Error handling for a given event source depends on how Lambda is invoked.

Amazon Kinesis Streams

  • AWS Lambda can be configured to automatically poll the Kinesis stream periodically (once per second) for new records
  • Lambda can then process any new records such as website click streams, financial transactions, social media feeds, IT logs, and location-tracking events.
  • Kinesis Streams is a stream-based event source and with stream based service, the event source mapping is created in Lambda, identifying the stream to poll and which Lambda function to invoke.
  • Error handling for a given event source depends on how Lambda is invoked.

AWS Lambda Kinesis

Amazon Simple Notification Service

  • Simple Notification Service notifications can be process using Lambda
  • When a message is published to an SNS topic, the service can invoke Lambda function by passing the message payload as parameter, which can then process the event
  • Lambda function can be triggered in response to CloudWatch alarms and other AWS services that use Amazon SNS.
  • SNS via topic subscription configuration feature can be used for the event source mapping, to identify the SNS topic and the Lambda function to invoke.
  • Error handling for a given event source depends on how Lambda is invoked.
  • SNS invokes your Lambda function asynchronously.

Amazon Simple Email Service

  • SES can be used to receive messages and can be configured to invoke Lambda function when messages arrive, by passing in the incoming email event as parameter
  • SES using the rule configuration feature can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • SES invokes your Lambda function asynchronously.

Amazon Cognito

  • Cognito Events feature enables Lambda function to run in response to events in Cognito for e.g. Lambda function can be invoked for the Sync Trigger events, that is published each time a dataset is synchronized.
  • Cognito event subscription configuration feature can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • Cognito is configured to invoke a Lambda function synchronously

AWS CloudFormation

  • Lambda function can be specified as a custom resource to execute any custom commands as a part of deploying CloudFormation stacks and can be invoked whenever the stacks are created, updated or deleted.
  • CloudFormation using stack definition can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • CloudFormation invokes the Lambda function asynchronously

Amazon CloudWatch Logs

  • Lambda functions can be used to perform custom analysis on CloudWatch Logs using CloudWatch Logs subscriptions.
  • CloudWatch Logs subscriptions provide access to a real-time feed of log events from CloudWatch Logs and deliver it to the AWS Lambda function for custom processing, analysis, or loading to other systems.
  • CloudWatch Logs using the log subscription configuration can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • CloudWatch Logs invokes the Lambda function asynchronously

Amazon CloudWatch Events

  • CloudWatch Events help respond to state changes in the AWS resources. When the resources change state, they automatically send events into an event stream.
  • Rules that match selected events in the stream can be created to route them to the Lambda function to take action for e.g., Lambda function can be invoked to log the state of an EC2 instance or AutoScaling Group
  • CloudWatch Events by using a rule target definition can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • CloudWatch Events invokes the Lambda function asynchronously

AWS CodeCommit

  • Trigger can be created for an CodeCommit repository so that events in the repository will invoke a Lambda function for e.g., Lambda function can be invoked when a branch or tag is created or when a push is made to an existing branch.
  • CodeCommit by using a repository trigger can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • CodeCommit Events invokes the Lambda function asynchronously

Scheduled Events (powered by Amazon CloudWatch Events)

  • AWS Lambda can be invoke regularly on a scheduled basis using the schedule event capability in CloudWatch Events.
  • CloudWatch Events by using a rule target definition can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • CloudWatch Events invokes the Lambda function asynchronously

AWS Config

  • Lambda functions can be used to evaluate whether the AWS resource configurations comply with custom Config rules.
  • As resources are created, deleted, or changed, AWS Config records these changes and sends the information to the Lambda functions, which can then evaluate the changes and report results to AWS Config. AWS Config can be used to assess overall resource compliance
  • AWS Config by using a rule target definition can be used for the event source mapping
  • Error handling for a given event source depends on how Lambda is invoked.
  • AWS Config invokes the Lambda function asynchronously

Amazon API Gateway

  • Lambda function can be invoked over HTTPS by defining a custom REST API and endpoint using Amazon API Gateway.
  • Individual API operations, such as GET and PUT, can be mapped to specific Lambda functions. When an HTTPS request to the API endpoint is received, the Amazon API Gateway service invokes the corresponding Lambda function.
  • Error handling for a given event source depends on how Lambda is invoked.
  • Amazon API Gateway is configured to invoke a Lambda function synchronously.

Other Event Sources: Invoking a Lambda Function On Demand

  • Lambda functions can be invoked on demand without the need to preconfigure any event source mapping in this case.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.

References

AWS_Lambda_Developer_Guide