Powered by AWS Firecracker MicroVM, an open source lightweight virtual machine
Settings
Memory size
Function computational power is decided by memory size, computational power is proportional to the memory size you choose
Larger the memory, larger the per 100ms cost
128MB to 3GB
Timeout
Function time out up to 15 mins, longer ones should be broken down with orchestrations or workflow
Cold Start
Cold start“Warm start”
Lambda service receives a request, locates a resource spot on a bare-metal server, creates a Firecracker VM, downloads user code from S3, sets up the environment, bootstraps the runtime, sends the request to the runtime, receives response, sends response back, pause the VM
When new requests come, if there are paused VMs available, one of them will be resumed and handle the requests thus preventing a long cold start
One VM can only handle one request at a time, if a second request comes in and all VMs are busy, then concurrency will happen and a new VM is started thus another cold start
Use Provisioned Concurrency user can keep a pool of VMs always ready to handle requests thus keep the initialization latency low
When a function (code, RAM, etc.) is updated, all paused VMs expire and new VMs with updated setting will be provisioned
Concurrency
A function instance can handle one request per time
When all instances are busy then new instance is provisioned, thus concurrency
When existing function instances has finish running they will be ready to receive events again
Runtime
On a warm Lambda instance, server runs an infinite loop and wait for requests from Lambda control panel
Predefined runtimes available: NodeJS, .NET, Java, C#, etc.
For runtimes that require compilation, the code must be compiled into executables before uploading to Lambda
Custom runtime can be implemented to support any programming language
Layers
Lambda code should contain all necessary dependencies
Dependency needed by multiple functions can be stored in a Layer, uploaded separately, and referenced by functions
Security
Lambda uses resource policies to grant access to invokers
When Lambda needs to access other AWS services like CloudWatch, it uses Execution Role
Execution Role is a fancy name for an IAM Role attached to a particular function and managed by Lambda meta service
It is virtually the same as Instance Profile of EC2
Execution Role permissions are cached as a token on Lambda, if you change the role permissions but did not update the function (thus force all paused VMs to expire), previously paused VMs will still have the cached permissions, creating bugs or vulnerabilities
Environment
Environment variables can be used to differentiate stages, environments, etc. 🎓
Lambda instances get 500MB temporary storage at /tmp
Note every Lambda instance has its own /tmp
Your request may be fulfilled by different instances even they are milliseconds away
Scalability
Scale down to zero. When no function instances available, the Lambda dispatcher holds there until a function instance is provisioned.
Comparing to traditional instance / container scaling which normally requires at least 1 running instance to scale (by metrics).
Scale up rapidly.
Firecracker VMs start very quickly. Most of the time, Firecracker VMs are already started and in standby state, time is only spent on downloading and running user code.
The AWS Blog 