Stanley Chan's Note🧠

Search

SearchSearch

AWS Lambda

Aug 16, 20253 min read

AWS Lambda

  • Overview

    Untitled.png

    • Function-as-a-service (FaaS) - short running & focused (Serverless!)
    • a deployment package - a piece of code with specific runtime (Python 3.8) in a runtime env.
    • scaled automatically
    • env. has a direct memory + indirect CPU allocation, CPU scales with memory
    • billed for the duration that a function runs
    • as default, each time you run lambda function it is in a new env.
    • 15 mins function timeout
    • common uses
      • serverless applications (S3, API gateway, Lambda)
      • file processing (S3, S3 event, lambda)
      • database triggers (dynamoDB, Streams, lamda)
      • serverless CRON (event brdge/ CWEvents + lambda)
      • real time stream data processing (kinesis+lambda)

  • Two Network mode

    1. public lambda Untitled 1.png

    2. Private Lambda Untitled 2.png

      • network is created along with lambda functions
      • If same subnet and security group are used, 1 ENI is only needed. ⇒ scalable

  • Security

    Untitled 3.png

    • execution role needs to be provided with trust policy, assumed by lambda
    • temporary credential is created for Lambda function to interact with other resources
    • Lambda also have resource policy controlling what services and accounts can invoke it

  • Logging

    • via Cloudwatch, cloudwatch logs & X-ray
    • logs from lambda executions - cloudwatchlogs recording metrics (success/ failure, retries, latency…)
    • integrated with X-ray fro distributed tracing
    • Cloudwatch logs requires permission via execution role

  • Invocation

    1. Synchronous Invocation
    • client wait data to be return

    Untitled 4.png

    1. Asynchronous Invocation
    • not waiting, but order sent out and done
    • lambda function responsible for retries (configurable)
    • need to be Idempotent (no matter how many time the function has run, result is the same like run once)
      • not additive/ subtractive, to achieve a state

    Untitled 5.png

    1. Event source mapping

    Untitled 6.png

    • Kinesis data sent out data in batch to event source mapping
    • Execution role is needed even Lamda doesn’t recieve data directly from Kinesis

  • Version

    • a version is the code + configuration of lambda function
    • immutable & has its own ARN
    • $Latest points at latest version
    • can use Aliases point at a version, which can be changed

  • Starting time

    • 1st time ⇒ cool start is needed
    • invoke again ⇒ warm start
    • Provisioned concurrency ⇒ create and keep X context warm and ready to use
    • temp space is to pre-download things, eg database connection. But have to maintain clean

Untitled 7.png

# to add required package into lambda


# linux
mkdir -p python
pip install requests -t python/
zip -r requests_layer.zip python

# window
mkdir python
pip install -r requirements.txt -t python
Compress-Archive -Path lambda_function\* -DestinationPath lambda_function.zip -force
powershell Compress-Archive -Path python -DestinationPath requests_layer.zip

# make a folder named python
# -t flag = install package inside the folder instead of default site-packages
# make a zip up folder that recursively include all files and subdirectories

Graph View

Backlinks