Lambda Cheat Sheet

Overview

  • Serverless compute, function-as-a-service
  • Billing by execution duration (100ms increments)
  • Powered by AWS Firecracker MicroVM, an open source lightweight virtual machine

Settings

  • Memory size
    • Function computational power is decided by memory size, computational power is proportional to the memory size you choose
    • Larger the memory, larger the per 100ms cost
    • 128MB to 3GB
  • Timeout
    • Function time out up to 15 mins, longer ones should be broken down with orchestrations or workflow

Cold Start

Lambda cold start and execution
Cold start
Lambda warm start
“Warm start”
  • Lambda service receives a request, locates a resource spot on a bare-metal server, creates a Firecracker VM, downloads user code from S3, sets up the environment, bootstraps the runtime, sends the request to the runtime, receives response, sends response back, pause the VM
  • When new requests come, if there are paused VMs available, one of them will be resumed and handle the requests thus preventing a long cold start
  • One VM can only handle one request at a time, if a second request comes in and all VMs are busy, then concurrency will happen and a new VM is started thus another cold start
  • Use Provisioned Concurrency user can keep a pool of VMs always ready to handle requests thus keep the initialization latency low
  • When a function (code, RAM, etc.) is updated, all paused VMs expire and new VMs with updated setting will be provisioned

Concurrency

  • A function instance can handle one request per time
  • When all instances are busy then new instance is provisioned, thus concurrency
Lambda auto scaling
When existing function instances has finish running they will be ready to receive events again

Runtime

  • On a warm Lambda instance, server runs an infinite loop and wait for requests from Lambda control panel
  • Predefined runtimes available: NodeJS, .NET, Java, C#, etc.
  • For runtimes that require compilation, the code must be compiled into executables before uploading to Lambda
  • Custom runtime can be implemented to support any programming language

Layers

  • Lambda code should contain all necessary dependencies
  • Dependency needed by multiple functions can be stored in a Layer, uploaded separately, and referenced by functions

Security

  • Lambda uses resource policies to grant access to invokers
  • When Lambda needs to access other AWS services like CloudWatch, it uses Execution Role
    • Execution Role is a fancy name for an IAM Role attached to a particular function and managed by Lambda meta service
    • It is virtually the same as Instance Profile of EC2
    • Execution Role permissions are cached as a token on Lambda, if you change the role permissions but did not update the function (thus force all paused VMs to expire), previously paused VMs will still have the cached permissions, creating bugs or vulnerabilities

Environment

  • Environment variables can be used to differentiate stages, environments, etc. 🎓
  • Lambda instances get 500MB temporary storage at /tmp
    • Note every Lambda instance has its own /tmp
    • Your request may be fulfilled by different instances even they are milliseconds away

Best Practices

  • Avoid recursion 🎓

AWS Geek Infographics