@@ -1348,6 +1348,163 @@ about the change
13481348
13491349----------------------------------------------
13501350
1351+ # AWS Lambda
1352+ ## AWS Lambda language support
1353+ - Node.js (JavaScript)
1354+ - Python
1355+ - Java (Java 8 compatible)
1356+ - C# (.NET Core)
1357+ - Golang
1358+ - C# / Powershell
1359+ - Ruby
1360+ - Custom Runtime API (community supported, example Rust)
1361+
1362+ ## AWS Lambda Pricing: example
1363+ - You can find overall pricing information here: https://aws.amazon.com/lambda/pricing/
1364+ - Pay per calls :
1365+ - First 1,000,000 requests are free
1366+ - $0.20 per 1 million requests thereafter ($0.0000002 per request)
1367+ - Pay per duration: (in increment of 100ms)
1368+ - 400,000 GB-seconds of compute time per month if FREE
1369+ - == 400,000 seconds if function is 1GB RAM
1370+ - == 3,200,000 seconds if function is 128 MB RAM
1371+ - After that $1.00 for 600,000 GB-seconds
1372+
1373+ ## Lambda – Synchronous Invocations
1374+ - Synchronous: CLI, SDK, API Gateway, Application Load Balancer
1375+ - Results is returned right away
1376+ - Error handling must happen client side (retries, exponential backoff, etc…)
1377+
1378+ ## Lambda - Synchronous Invocations - Services
1379+ - User Invoked:
1380+ - Elastic Load Balancing (Application Load Balancer)
1381+ - Amazon API Gateway
1382+ - Amazon CloudFront (Lambda@Edge)
1383+ - Amazon S3 Batch
1384+ - Service Invoked:
1385+ - Amazon Cognito
1386+ - AWS Step Functions
1387+ - Other Services:
1388+ - Amazon Lex
1389+ - Amazon Alexa
1390+ - Amazon Kinesis Data Firehose
1391+
1392+ ## Lambda – Asynchronous Invocations
1393+ - S3, SNS, CloudWatch Events…
1394+ - The events are placed in an Event Queue
1395+ - Lambda attempts to retry on errors
1396+ - 3 tries total
1397+ - 1 minute wait after 1st , then 2 minutes wait
1398+ - Make sure the processing is idempotent (in case of retries)
1399+ - If the function is retried, you will see duplicate logs entries in CloudWatch Logs
1400+ - Can define a DLQ (dead-letter queue) – SNS
1401+ or SQS – for failed processing (need correct IAM permissions)
1402+ - Asynchronous invocations allow you to speed
1403+ up the processing if you don’t need to wait for
1404+ the result (ex: you need 1000 files processed)
1405+
1406+ ## Lambda - Asynchronous Invocations - Services
1407+ - Amazon Simple Storage Service (S3)
1408+ - Amazon Simple Notification Service (SNS)
1409+ - Amazon CloudWatch Events / EventBridge
1410+ - AWS CodeCommit (CodeCommit Trigger: new branch, new tag, new push)
1411+ - AWS CodePipeline (invoke a Lambda function during the pipeline, Lambda must callback)
1412+ ----- other -----
1413+ - Amazon CloudWatch Logs (log processing)
1414+ - Amazon Simple Email Service
1415+ - AWS CloudFormation
1416+ - AWS Config
1417+ - AWS IoT
1418+ - AWS IoT Events
1419+
1420+ ## Lambda@Edge
1421+ - You have deployed a CDN using CloudFront
1422+ - What if you wanted to run a global AWS Lambda alongside?
1423+ - Or how to implement request filtering before reaching your application?
1424+ - For this, you can use Lambda@Edge:
1425+ deploy Lambda functions alongside your CloudFront CDN
1426+ - Build more responsive applications
1427+ - You don’t manage servers, Lambda is deployed globally
1428+ - Customize the CDN content
1429+ - Pay only for what you use
1430+
1431+ ## Lambda Execution Role (IAM Role)
1432+ - Grants the Lambda function permissions to AWS services / resources
1433+ - Sample managed policies for Lambda:
1434+ - AWSLambdaBasicExecutionRole – Upload logs to CloudWatch.
1435+ - AWSLambdaKinesisExecutionRole – Read from Kinesis
1436+ - AWSLambdaDynamoDBExecutionRole – Read from DynamoDB Streams
1437+ - AWSLambdaSQSQueueExecutionRole – Read from SQS
1438+ - AWSLambdaVPCAccessExecutionRole – Deploy Lambda function in VPC
1439+ - AWSXRayDaemonWriteAccess – Upload trace data to X-Ray.
1440+ - When you use an event source mapping to invoke your function, Lambda uses the execution role to read event data.
1441+ - Best practice: create one Lambda Execution Role per function
1442+
1443+ ## Lambda Resource Based Policies
1444+ - Use resource-based policies to give other accounts and AWS services permission to use your Lambda resources
1445+ - Similar to S3 bucket policies for S3 bucket
1446+ - An IAM principal can access Lambda:
1447+ - if the IAM policy attached to the principal authorizes it (e.g. user access)
1448+ - OR if the resource-based policy authorizes (e.g. service access)
1449+ - When an AWS service like Amazon S3 calls your Lambda function, the resource-based policy gives it access.
1450+
1451+ ## Lambda Environment Variables
1452+ - Environment variable = key / value pair in “String” form
1453+ - Adjust the function behavior without updating code
1454+ - The environment variables are available to your code
1455+ - Lambda Service adds its own system environment variables as well
1456+ - Helpful to store secrets (encrypted by KMS)
1457+ - Secrets can be encrypted by the Lambda service key, or your own CMK
1458+
1459+ ## Lambda Functions /tmp space
1460+ - If your Lambda function needs to download a big file to work…
1461+ - If your Lambda function needs disk space to perform operations…
1462+ - You can use the /tmp directory
1463+ - Max size is 512MB
1464+ - The directory content remains when the execution context is frozen,
1465+ providing transient cache that can be used for multiple invocations
1466+ (helpful to checkpoint your work)
1467+ - For permanent persistence of object (non temporary), use S3
1468+
1469+ ## Lambda Function Dependencies
1470+ - If your Lambda function depends on external libraries: for example AWS X-Ray SDK, Database Clients, etc…
1471+ - You need to install the packages alongside your code and zip it together
1472+ - For Node.js, use npm & “node_modules” directory
1473+ - For Python, use pip --target options
1474+ - For Java, include the relevant .jar files
1475+ - Upload the zip straight to Lambda if less than 50MB, else to S3 first
1476+ - Native libraries work: they need to be compiled on Amazon Linux
1477+ - AWS SDK comes by default with every Lambda function
1478+
1479+ ## AWS Lambda Limits to Know - per region
1480+ - Execution:
1481+ - Memory allocation: 128 MB – 3008 MB (64 MB increments)
1482+ - Maximum execution time: 900 seconds (15 minutes)
1483+ - Environment variables (4 KB)
1484+ - Disk capacity in the “function container” (in /tmp): 512 MB
1485+ - Concurrency executions: 1000 (can be increased)
1486+ - Deployment:
1487+ - Lambda function deployment size (compressed .zip): 50 MB
1488+ - Size of uncompressed deployment (code + dependencies): 250 MB
1489+ - Can use the /tmp directory to load other files at startup
1490+ - Size of environment variables: 4 KB
1491+
1492+ ## AWS Lambda Best Practices
1493+ - Perform heavy-duty work outside of your function handler
1494+ - Connect to databases outside of your function handler
1495+ - Initialize the AWS SDK outside of your function handler
1496+ - Pull in dependencies or datasets outside of your function handler
1497+ - Use environment variables for:
1498+ - Database Connection Strings, S3 bucket, etc… don’t put these values in your code
1499+ - Passwords, sensitive values… they can be encrypted using KMS
1500+ - Minimize your deployment package size to its runtime necessities.
1501+ - Break down the function if need be
1502+ - Remember the AWS Lambda limits
1503+ - Use Layers where necessary
1504+ - Avoid using recursive code, never have a Lambda function call itself
1505+
1506+ ----------------------------------------------
1507+
13511508# API Gateway
13521509## API Gateway -- Integrations High Level
13531510- Lambda Function
0 commit comments