Tags Archives: lambda@edge

AWS Lambda

Serverless Services in AWS include:

 

Lambda
DynamoDB
Cognito
API Gateway
S3
SNS/SQS
Kinesis Data Firehose
Aurora Serverless
Step Functions
Fargate

 

exam tests heavily on serverless knowledge!

 

AWS Lambda

 

features:

 

virtual functions – server to manage
limited by time – short execution processes
runs on demand only, only billed when you are actually using it
the scaling is automated

 

the benefits of Lambda:

 

easy pricing – pay per request and compute time

 

free tier covers 1 million Lambda requests and 400k of GB compute time

 

integrated with all AWS services and programming languages
easy monitoring via CloudWatch
easy to allocate more resources per function –
up to 10GB of RAM! possible

 

also, increasing RAM improves CPU and network

 

Lambda language support:

 

node.js – javascript
python
java 8
c .net core
golang
c powershell
ruby
custom runtime api eg rust

 

the Lambda container image — this must implement the Lambda runtime api

 

note that ecs and fargate are preferred for running arbitrary docker images

 

 

Lambda integrates with

 

api gateway
kinesis
dynamodb
s3

 

cloudfront
cloudwatch events and eventbridge

 

cloudwatch logs
sns and sqs
cognito – reacts when a user logs in eg to a database

 

 

REMEMBER:

 Lambda’s maximum execution time is 15 minutes. If you need longer, you can run your code somewhere else such as an EC2 instance or use Amazon ECS.

 

Lambda use case:

 

thumbnail image creation

 

new image uploaded to s3 then triggers a Lambda function to generate a thumbnail of the image
this is pushed to s3 and meta data to dynamo db.

 

another example:

 

a very useful practical example….

 

a serverless CRON job to run jobs

 

but for cron you usually need to have a server running, but with Lambda you can do this without a server! – this saves having to implement an EC2 instance for this.

 

eg cloudwatch events or eventbridge every hour triggers a Lambda function, this is instead of the cronjob!

 

 

Lambda Pricing

 

 

pay per calls first 1mill requests are free

 

then 20c per 1 mill requests

 

pay per duration in increments of 1 ms

 

400k GBseconds of compute time per month is free, charges thereafter on rising scale

 

very cheap to run Lambda so it is very popular

 

 

you can run jobs using many different program languages

 

you enter your code in Lambda web console and Lambda then runs the code for you.

 

you can have Lambda respond to events from various sources – eg data processing, streaming analytics, mobile or iot backends

 

Lambda takes care of scaling for your load, you don’t have to do anything here!
ie seamless scaling

 

 

to create a Lambda function you have 4 possibilities:

 

author from scratch
use a blueprint – these are pre-configured functions
container image
browse serverless app repository

 

 

 

 

Lambda Limits per region

 

important for exam…

 

for execution:

 

mem allocation 128 mb to 10 gb in 1mb increments

 

max exec time is 900 secs

 

env variables 4kb

 

disk capacity in the function container in /tmp is 512 mb

 

concurrency executions 1000 – can be increased

 

for  deployment:

 

function deployment size compressed .zip is 50mb but size of uncompressed deployment code plus dependencies is 250mb

 

can use the /tmp to load other files at startup

 

size of env variables is 4kb

 

the exam may ask you question to see if you think Lambda can be used or not acc to the requirement for the task… you need to know these above limits in order to judge suitability of Lambda for the task.

 

 

Lambda@Edge

 

if you are deploying a CloudFront cdn and you want to deploy Lambda globally

 

how to implement request filtering

 

you can use Lambda@edge for this

 

you deploy it alongside each region in your cloudfront cdn

 

you can use Lambda to modify the viewer/origin requests and responses of cloudfront:

 

this can be:

 

after cloud front receives a request – viewer request
before cloud front forwards the request to the origin – origin request

 

after cloudfront receives the response from the origin – origin response
before cloudfront forwards the response to the viewer – viewer response

 

plus, you can also generate responses to viewers without having to send a request to the origin!

 

important to know this high level overview for exam.

 

use cases:

 

website security/privacy

 

dynamic web application at the Edge

SEO

 

intelligent routing across origins and data centers

bot mitigation at the Edge

 

real-time image transformation
a/b testing
user authentication and authorization

 

user prioritization
user tracking and analytics

 

 

Lambda in VPC

 

important!
by default Lambda functions are launched in an internal AWS VPC – not in one of your own VPCs.

 

an important consequence of that is that resources in your own VPC CANNOT BE ACCESSED! – exam q!

 

If you want that functionality, then you have to launch Lambda in your own VPC…

 

this requires

 

you define the VPC ID,, subnets and security groups

 

Lambda will create an ENI – Elastic Network Interface in your subnets..

 

this gives private connectivity in your own VPC.

 

a typical use case for this is using Lambda with an RDS Proxy.

 

but – this can open a very large no of connections under high loads on your database leading to timeouts and other problems

 

RDS Proxy for Lambda

 

to avoid this you can create an RDS Proxy, Lambda functions then connect to the proxy and then to your RDS DB.

 

improves scalability and availability

 

you can enforce iam authentication and store credentials in secrets manager

 

remember though the rds proxy is NEVER PUBLICLY accessible,, only private, 

and so the Lambda function must therefore to use this proxy always be deployed in your own aws VPC and not in the AWS own VPC.

 

 

 

Continue Reading