AWS Lambda

  • Serverless compute
    • Run your code in AWS without provisioning any servers.
    • Lambda takes care of every thing required to run your code, including the runtime environment.
  • Supported languages
    • Java, Go, PowerShell, node JS, C sharp, python and Ruby.
    • Upload your code to lambda and you are good to go.
  • Enterprise features
    • Autoscaling and high availability are already baked into the lambda service.
  • You are charged based on the number of requests, their duration, and the amount of memory used by your lambda function.
    • Requests
      • The first 1 million requests per month are free.
      • 10.20 per month per 1 million requests.
    • Duration
      • You are charged in 1 ms increments.
      • The price depends on the amount of memory you allocate to your lambda function.
    • Price per GB - second
      • $0.00001667 per GB-second.
      • A function that uses 512MB and runs for 100 ms.
      • 0.5GB X 0.1s = 0.05 GB-seconds
      • We will be charged $0.0000000083
      • The first 400,000GB – seconds per month are free.
  • Event driven Architecture
    • Event, Driven
      • Lambda function Can be automatically triggered by other AWS services or called directly from any web or mobile app.
    • Triggered by Events
      • These events can be changes made to data in an S3 bucket, or Dynamo, DB table.
    • Triggered by user requests
      • You can use API gateway to configure an HTTP endpoint, allowing you to trigger your function at any time using an HTTP request.
  • Many Alexa skills run on Lambda, and are triggered by your voice.
  • AWS services that can invoke Lambda functions are as follows.
    • Dynamo, DB
    • Kineses
    • SQS
    • Application load, balancer
    • Api gateway
    • Cloud formation
    • Code commits
    • Alexa
    • Cloud front
    • S3
    • SNS
    • SES
    • Cloud watch
    • Code Pipeline
  • Version control with lambda
    • When we create a lambda function, there is only one version called as $Latest.
      • $Latest label is applied to the latest version of lambda automatically.
    • When you upload a new version of the code to lambda, this version will become $Latest.
    • Managing multiple versions
      • You can create multiple versions of your lambda function code and use aliases to reference the version you want to use.
      • In a development environment, you might want to maintain a few versions of the same function. This is called as use case.
      • An alias points to a specific version of the function code.
      • We refer to a lambda version using its arm:alias.
    • Go to lambda page and perform following actions to create an Alias
      • Create function
      • Author from scratch
      • Give it a name
      • Select runtime and create function
      • Add Code and test your function
      • Select actions section and select publish new version
        • Give a version description, it will give you a numeric version of your function.
        • You can check the version in lambda ARN which was not available before we added version.
          • ARN, which does not contain version is called as an unqualified ARN.
      • Select action and select create Alias
        • Give it a name
        • Give it a description
        • Select the version which will cost want to Alias. Click save
        • The function ARN will now show alias appended to function name.
      • Go back to function, upload/update new code and click save and test.
        • The ARN again goes and unqualified.
        • Again publish new version and create alia of new version.
          • We can also create a weighted Alias now of lambda, which means we can direct traffic to one or more version of lambda based on weightage.
  • Uses
    • Extremely cost-effective.
    • Pay only when your code, executes
    • Continuous Scaling
      • Lambda scales automatically
    • Event Driven
      • Lambda functions are triggered by an event or action.
    • Independent
      • Lambda functions are independent. Each event will trigger a single function.
    • ServerlessTechnology
      • Lambda , API gateway, Dynamo DB, S3, SNS, SQS
    • Lambda triggers
      • There are many services that can trigger a lambda function.
  • Lambda Concurrent executions limit
    • Safety feature to limit the number of concurrent executions across all functions in a given region per account.
    • Number of Functions that can be run simultaneously within a region.
    • Default is thousand per region.
    • Too many requests exception is raised once we hit limit.
      • We see HTTP status code of 429.
    • Request to put limit can be exceeded if needed.
    • Concurrent executions
      • If you have many lambda functions, running in the same region and you suddenly start seeing new invocation requests being rejected, then you may have hit your limit.
      • Request an increase on this limit by submitting a request to the AWS support center.
      • Reserved concurrency guarantees that a set number of executions which will always be available for your critical function, however, this also acts as a limit.
  • Lambda and VPC access
    • Used for functions that needs to access resources in a private VPC.
    • Lambda needs the ability to interact with these resources
      • Read or write to an RDS database.
      • Shut down an EC2 instance in a response to a security alert.
    • To enable above abilities, we need to allow the function to connect to a private Subnet.
    • In order to set this up, we need to provide some configuration information about VPC.
      • VPC - Specify, the VPC that your function need to access.
      • Subnets – select the subnets that lambda will use.
      • Security groups - Choose the security groups that enable the required access.
    • A Lambda uses this information to create its own elastic net work interfaces using IP address from the private Subnet.
    • It uses these IP addresses to communicate with resources within the Subnet.
    • Add the desired policies to lambda under permissions under configuration.
      • These policies may include the permissions, like create log group, create log stream, put log events, create network interface, describe network interface, delete network interface, assign private IP addresses, unassign private IP addresses.
    • We need to connect function to a VPC by setting up VPC under configuration.
      • Edit VPC select VPC, select a Subnet, and select a Security group.
  • Ephemeral and Persistent data storage patterns in lambda.
    • Lambda is stateless
      • Lambda functions are stateless meaning we can’t permanently store any data in the function.
    • Lambda is Ephemeral
      • Not used for applications that need to run for longer than 15 minutes example, a database application or a web-server needs to stay up and running.
    • Lambda persisting data options
      • Native within lambda: /tmp, Lambda layers.
        • /tmp
          • Temporary storage
            • Provided in the execution environment of the lambda function. By default, 512MB, configureable up to 10GB.
          • Like a cached file system.
            • Data can be accessed by multiple invocations of your function, sharing the execution environment in order to optimise performance.
            • Data is not persistent.
              • Available for the lifetime of the execution environment. not a place to store permanent data.
        • Storing lambda libraries
          • Additional libraries needed by the function can be included in your lambda deployment package(the zip file containing your code).
          • This increases your deployment package size.
          • A larger deployment package can slow down deployment.
        • Lambda layers
          • Add libraries and SDK’s as a layer that can be referenced by multiple functions.
          • Large dependencies
            • Import image manipulation libraries, graphic libraries, all a particular version of the AWS SDK.
          • Better performance
            • Deployment will be faster because the zip file containing your code is smaller.
            • If we want to change the version of a library included, you can’t update it dynamically. You need to create a new layer and reinforce that.
      • To persist data, the function must interact with a data store example save it to S3,EFS, or Dynamo DB. These are called as external storage options.
        • Object storage only
          • Allows you to store and retrieve objects. Not a file system.
        • Cannot append data.
          • Cannot directly open and write data to objects stored in S3.
        • Upload a new version
          • If you want to change the data, you need to upload a completely new object.
        • EFS (Elastic File System)
          • Shared file system
            • Acts like a file system, data is persistent, and can be dynamically updated(example, you can open a file and write to it).
            • Based on NFS i.e. network file system protocol.
          • Mounted
            • Needs to be mounted by a function when the execution environment is created. Can be shared across invocations.
          • VPC
            • To Use EFS your lambda function must be in the same VPC as your EFS file system.
    • Lambda environment, variables and parameters
      • Environment variables
        • Allow us to adjust our functions behaviour, without changing code.
        • Allow us to configure our function by passing different environment variables to behave differently in your development environment that it does in production.
        • A pair of strings, a key and a value example key : environment and value: development) i.e it acts as a key value pairs.
        • Environment , variables are locked when a version of our function is published i.e define before your version is published.
        • Examples
          • Referring S3 resources in a bucket using bucket name and object key.
          • Reference an SNS topic
          • Reference a dynamo DB table.
        • Allow us to configure memory, Ephemeral storage or function timeout.
        • We can define triggers i.e. The service or resource that is able to invoke your function.
        • The functions execution role determines the permissions that the function will have.
        • We can define a function URL i.e. an HTTPS end point used to access your function from a web browser.
        • Tags
          • User defined key-value pairs that help to organise our functions example for cost reporting.
        • VPC
          • Allow function to access resources that are in a custom VPC. Example a private VPC.
          • Monitoring and operation tools can be configured like cloud watch, cloud watch logs,X-Ray
        • Concurrency
          • Reserved concurrency ensures that a critical function can always run and restricts other concurrent requests.
          • Provisioned concurrency lets your function scale consistently without any fluctuation in latency.
        • File Systems
          • EFS file system that your function needs to connect to.
          • Your function must be connected to same VPC as the file system.
  • Configuring a lambda function, using environment, variables and parameters
    • Create a lambda function.
    • Configure environment variables.
      • Configured as key value pairs which are defined by user to adjust your functions behaviour without changing your code.
    • Review the configuration tab.
      • The lambda configuration tab lets you define general configuration settings, like memory and ephemeral storage, triggers, permissions, VPC access tags, function URL’s, monitoring, concurrency, and EFS file system access.
  • Handling lambda, event, lifecycle and errors
    • Invocation life-cycle
      • When invoking a function, You can invoke it synchronously or asynchronously.
        • In synchronous invocation Lambda runs the function, waits for a response, and returns the response.
          • The service calling the function will know if the function completed successfully or not.
          • Example API Gateway invoking a function and returning an error code to caller.
        • In asynchronous invocation
          • No acknowledgement to let you know that the invocation has successfully processed.
          • The service calling the function is not notified if the function fail to complete successfully.
          • S3 invoking a function when an object is created.
    • Lambda Retries
      • Errors are handled using lambda retries
        • When a function returns an error, Lambda automatically performs Two retries.
        • Common errors Include something going wrong in the function code, or the function timed out Before processing gets completed.
        • Lambda waits for one minute Before the first retry. If that fails, It will wait 2 minutes Before second retry.
    • Dead letter queues
      • We can configure Dead Letter Queues(DLQ’s)
        • Used to save failed invocations for further processing.
      • Associated with a particular version of a function.
      • Can be an event source for a function, allowing you to re-process events.
      • Handle failures only.
      • We can use either SQS to create a dead letter queue.
        • Holds Failed events in the queue until they are retrieved.
      • We can use SNS to send notifications about failed events to one or more destinations
        • Sends Notifications about failed events to one or multiple destinations.
        • SNS is used to fan out Notifications to multiple destinations, such as sending emails, triggering lambda Or sending notifications to an HTTP endpoint.
    • Lambda destination
      • Optionally configure lambda to send invocation records to another service.
        • Invocation success: Send a record to one destination when the invocation was successfully processed.
          • Send record to anSQS queue If successful.
        • Invocation failure: Send a record to different destination when invocation was failure.
          • Send record to SNS and have it Send an email to the relevant team for investigation.
      • Lambda supports a few different destinations for Example, we can use SQS to send a message containing the error message to an SQS queue for a developer to review.
      • We can use SNS to send a notification to the Support team using email or SMS.
      • We can trigger another lambda function to start an automatic error handling process.
      • A successful response Can be used to trigger an event bridge Event so that successful invocations are tracked.

Comments

Post a Comment

Popular posts from this blog

Effect : Deny vs No Action

No action allows us to provide granular level control over resources operations. For example, if we use effect, deny For all actions in IAM An, then we use effect allow over some actions in IAM then deniable supersede allow. The way to overcome above issue is to use NoAction on all IAM operations And action on Allowed IAM operations. Example { "Version" : "2012-10-17" , "Statement" : [ { "Effect" : "Allow" , "NotAction" : [ "iam:*" , "organizations:*" , "account:*" ], "Resource" : "*" }, { "Effect" : "Allow" , "Action" : [ "iam:CreateServiceLinkedRole" , "iam:DeleteServiceLinkedRole" , "iam:ListRoles" , "organizations:DescribeOrganization" , "account:ListRegions" ,
Read more

AWS Summaries

Database Summary  RDS(OLTP) SQL My SQL Post Gre SQL Oracle Aurora Maria DB Dynamo DB(No SQL) Redshift OLAP Elastic cache Memcached Redis RDS runs on virtual machines We cannot log into this operating systems however Patching of our RDS Operating system and DB is Amazons responsibility. RDS is not server-less. Aurora surverless is seven less which is an exception. Dynamo DB is server-less. There are two types of backups for RDS Automated backups Database snapshots Read replicas Can be multi availability zones. Use to increase performance Must have backups turned on. Can be in different regions. Can be MySQL,PostgreSQL,Maria DB, Oracle, Aurora, SQL Server is not supported. Can be promoted to master, this will break read replica. Multi availability zone Used for DRG only and not performance. You can force a fail over from one availability zone to another by re-booting the RDS instance. Encryption at Rest Is supported for My SQL, Oracle, SQL server, Postgre SQL, Maria DB and Aurora. Encryp
Read more

Infrastructure Setup using Cloud Formation Templates

Services Required to create CICD Code Build Build code and deploy image in jfrog Code Pipeline Has (Continuous Integration Continuous Deployment)CICD flow Cloud Formation To deploy and create infrastructure we use yml files. S3 Store our data packages and yml files which are used by CFT. ECS To deploy our application on fargate servers We can also create our manual EC2 instances from pipeline. Secrets Manager Manages all the secrets. ELB/ALB Elastic/Application Load Balancer To map context paths of different services GitHub Stores our code Jfrog Used to store all the docker images Dockerfile Used to create a customised docker image Scanning for Vulnerabilities free code Sonarcube Checkmarx Twistlock Cloudwatch Used to store logs We create log group for each of instances Lambda Functions Used for serverless technologies. Creating a new Environment Create the YML images of the different resources required in the environment. The CFT templates are stored in S3 or can be uploaded from syst
Read more