Serverless Services in AWS include:
Kinesis Data Firehose
exam tests heavily on serverless knowledge!
virtual functions – server to manage
limited by time – short execution processes
runs on demand only, only billed when you are actually using it
the scaling is automated
the benefits of Lambda:
easy pricing – pay per request and compute time
free tier covers 1 million Lambda requests and 400k of GB compute time
integrated with all AWS services and programming languages
easy monitoring via CloudWatch
easy to allocate more resources per function –
up to 10GB of RAM! possible
also, increasing RAM improves CPU and network
Lambda language support:
c .net core
custom runtime api eg rust
the Lambda container image — this must implement the Lambda runtime api
note that ecs and fargate are preferred for running arbitrary docker images
Lambda integrates with
cloudwatch events and eventbridge
sns and sqs
cognito – reacts when a user logs in eg to a database
Lambda’s maximum execution time is 15 minutes. If you need longer, you can run your code somewhere else such as an EC2 instance or use Amazon ECS.
Lambda use case:
thumbnail image creation
new image uploaded to s3 then triggers a Lambda function to generate a thumbnail of the image
this is pushed to s3 and meta data to dynamo db.
a very useful practical example….
a serverless CRON job to run jobs
but for cron you usually need to have a server running, but with Lambda you can do this without a server! – this saves having to implement an EC2 instance for this.
eg cloudwatch events or eventbridge every hour triggers a Lambda function, this is instead of the cronjob!
pay per calls first 1mill requests are free
then 20c per 1 mill requests
pay per duration in increments of 1 ms
400k GBseconds of compute time per month is free, charges thereafter on rising scale
very cheap to run Lambda so it is very popular
you can run jobs using many different program languages
you enter your code in Lambda web console and Lambda then runs the code for you.
you can have Lambda respond to events from various sources – eg data processing, streaming analytics, mobile or iot backends
Lambda takes care of scaling for your load, you don’t have to do anything here!
ie seamless scaling
to create a Lambda function you have 4 possibilities:
author from scratch
use a blueprint – these are pre-configured functions
browse serverless app repository
Lambda Limits per region
important for exam…
mem allocation 128 mb to 10 gb in 1mb increments
max exec time is 900 secs
env variables 4kb
disk capacity in the function container in /tmp is 512 mb
concurrency executions 1000 – can be increased
function deployment size compressed .zip is 50mb but size of uncompressed deployment code plus dependencies is 250mb
can use the /tmp to load other files at startup
size of env variables is 4kb
the exam may ask you question to see if you think Lambda can be used or not acc to the requirement for the task… you need to know these above limits in order to judge suitability of Lambda for the task.
if you are deploying a CloudFront cdn and you want to deploy Lambda globally
how to implement request filtering
you can use Lambda@edge for this
you deploy it alongside each region in your cloudfront cdn
you can use Lambda to modify the viewer/origin requests and responses of cloudfront:
this can be:
after cloud front receives a request – viewer request
before cloud front forwards the request to the origin – origin request
after cloudfront receives the response from the origin – origin response
before cloudfront forwards the response to the viewer – viewer response
plus, you can also generate responses to viewers without having to send a request to the origin!
important to know this high level overview for exam.
dynamic web application at the Edge
intelligent routing across origins and data centers
bot mitigation at the Edge
real-time image transformation
user authentication and authorization
user tracking and analytics
Lambda in VPC
by default Lambda functions are launched in an internal AWS VPC – not in one of your own VPCs.
an important consequence of that is that resources in your own VPC CANNOT BE ACCESSED! – exam q!
If you want that functionality, then you have to launch Lambda in your own VPC…
you define the VPC ID,, subnets and security groups
Lambda will create an ENI – Elastic Network Interface in your subnets..
this gives private connectivity in your own VPC.
a typical use case for this is using Lambda with an RDS Proxy.
but – this can open a very large no of connections under high loads on your database leading to timeouts and other problems
RDS Proxy for Lambda
to avoid this you can create an RDS Proxy, Lambda functions then connect to the proxy and then to your RDS DB.
improves scalability and availability
you can enforce iam authentication and store credentials in secrets manager
remember though the rds proxy is NEVER PUBLICLY accessible,, only private,
and so the Lambda function must therefore to use this proxy always be deployed in your own aws VPC and not in the AWS own VPC.