Lambda is a FaaS (Function as a Service) product where you can upload your code and create functions. Functions are invoked by events and can be executed for up to 15 minutes.
AWS Lambda lets you run code – for virtually any type of application or backend service – without provisioning or managing servers. You pay only for the compute time you consume—there is no charge when your code is not running. You can set up your code to automatically trigger from other AWS services, or you can call it directly from any web or mobile app.
- Lambda is a serverless computing platform, which you can run code without managing server
- Lambda is highly available, fault-tolerant, and scalable – scales out (not up) automatically-.
- Lambda functions are triggered by events or user requests.
- Events can be triggered by many AWS Services such as S3, DynamoDB, SQS, CloudWatch, CodeCommit, etc…
- For example, many Alexa skills are handled by Lambda triggered by your voice.
- Stateless and Independent
- Each event will trigger a single function.
- Functions are stateless – each run is clean.
- There is 15-minute timeout.
- Execution Role is assumed by Lambda and temporary security credentials are available via STS.
- You can specify the Environment variables, which can be retrieved through the event object.
- Functions can trigger other functions. The architecture can be complicated. AWS X-ray can debug the function.
You are charged based on the duration and the number of requests.
- Compute time
- Pay Only when your code is running
- The minimum billing duration is 100ms.
- The number of requests
- Charged whenever the code starts execution (even the test invokes from the console)
- The first 1 million requests per month is free.
- The amount of memory
Lambda Function Configurations
- You can import code to Lambda in 3 ways:
- Uploading a zip file, uploading a file from S3, and editing inline code
- It Supports popular programming languages.
- Node.js, .Net Core (C#/PowerShell), Java, Python, Ruby, and Go.
- Memory Allocation: CPU scales with memory.
Running a Lambda from Scratch
- Implement the logic in a supported programming language.
- Create a function, which has a unique name in a region in your account.
- Need to select the proper runtime to run the function.
- Proper permissions are needed: run the Lambda function, access CloudWatch’s log, and any necessary permission to access other services if required.
Invoking Lambda Functions
Lambda functions are triggered by events.
- API Gateway – used to expose HTTP endpoint
- S3 file uploads
- CloudWatch scheduled events
- DynamoDB Streams change
- Direct Invocations using SDK or CLI
- Elastic Load Balancing (Application Load Balancer)
- Amazon Cognito
- Amazon Lex
- Amazon Alexa
- Amazon API Gateway
- Amazon CloudFront (Lambda@Edge)
- Amazon Kinesis Data Firehose
- Amazon Simple Storage Service (S3)
- Amazon Simple Notification Service (SNS)
- Amazon Simple Email Service (SES)
- AWS CloudFormation
- Amazon CloudWatch Logs
- Amazon CloudWatch Events
- AWS CodeCommit
- AWS Config
Lambda will poll the following services, retrieve data, and invoke functions.
- Amazon Kinesis
- Amazon SQS
- Amazon DynamoDB Streams
There is a limit to the number of concurrent executions across all functions in a given region per account.
- The default is 1,000 per region.
- If you exceed the limit, you will get “TooManyRequestException” error (HTTP 429).
- The remedy is to get the limit raised by AWS support.
- Reserved concurrency guarantees a set number of concurrent executions are always available to a critical function.
You can create multiple versions of the code.
- $LATEST points to the most recent code you updated (the last version).
- You can access different versions of the same function using the ARN (Amazon Resource Name) or an alias.
Enabling Lambda to access VPC resources
There might be some use cases in which you need to access the resource in a private VPC from your lambda function, such as accessing EC2 instances.
- Lambda sets up ENIs (Elastic Network Interfaces) using an available IP address from your private subnet using the “Private subnet ID” and “Security Group ID” with required access.