What is serverless computing model?

• Users will be focusing on their business objectives without worrying about the infrastructure hassle, as the responsibility is offloaded to the provider
• Pay based on usage of resources
• Auto scaling services when demand arises

AWS Lambda - Functions

• Execute code without provisioning a server, it works like a microservice style function
• Functions run on Highly available infrastructure
• Compute resource administration is managed for you.

Options to work with Lambda

• AWS Management Console -
• AWS CLI
• AWS SDKs
• AWS CloudFormation
• AWS SAM (Serverless application model)

Invoking a lambda function

• AWS Lambda API - Manual way to call the function
• Events from other aws services - automated way to call the function

Using lambda function

• create functions
• configure settings
  • basic settings
• Protecting Information
  • Securing sensitive information
  • Environment variable encryption (not to store any sensitive information in the function), so the data is encrypted at rest and transit.
  • Function code portability (same code can be deployed to multiple env, ex: dev/test/stage)

Working with Functions

• Best practice to use VPC (Virtual Private Cloud) Connections
  • It helps you to isolate various systems into a specific subnet, so that no need to expose all the systems, it can be put behind the subnet and only the selected systems can be exposed. (ex: database proxies)
• Code Signing in the lambda to allow the trusted provider to execute the code.

Versions and Aliases

• New copy of Function code and dependencies deployed in each version

• Settings and environment variables are kept with the version

• Amazon Resource Name (ARN) - resource identified, generated for each version of function

• Aliases identify function versions, acts as pointers to function version, it is globally unique

Lambda Layer

• Layer is a zip file archive, contains runtime, lib, configuration files, data

• Code sharing and separation of responsibility

• Layer is helpful to package image efficiently. It allows to package only code modifications instead of packing everything again

• Multiple lambdas can use the same layer, which means, you can use common configurations, runtime, data

• Functions deployed as zip archive (compiled code put into the zip, which then gets deployed)

• Function deployed as container images as well

• Function memory allocated between (128mb to 10gb)

• VPC

  • Its a good practice to run lambda function with VPCs to isolate the resources, in case function needs to access private resources
  • When to configure VPC is, if you want to ensure the lambda function not accessible for public users, then keep the lambda within vpc
  • Create a specific interface VPC endpoint - in order to allow the resources to access the lambda within vpc
  • Use Elastic network interfaces to manage the traffic in the vpc by aws

• Invocation methods

  • Lambda functions don't run continuously, it needs to be invoked to run the function
  • Ways to invoke Lambda
    1. Lambda Console
    2. Lambda API
    3. AWS SDK
    4. AWS CLI
    5. AWS Toolkits
  • Was to execute Lambda
    • Synchronously - Waiting for function execution, Direct Invocation
    • Asynchronously - no need to wait for completion
    • Triggers - when certain condition is met
    • Event source mapping (ex: trigger lambda function to execute automatically when an entry is added to s3 database)

• Other Considerations

  • Monitoring function state, monitor the compute time of the fns (whether fns completing the operation within the intended time or not, if it runs long time, then it will incur more cost, hence the fn is inefficient)
  • Function scaling (keep the function simple, make the function do one thing and on thing well rather than a large function doing multiple things)
  • Error handling and retries (if a fn fails, let it fail gracefully and log the exception)
  • Lambda Extensions - to add additional things (ex: security)
  • Invoking function as container images

AWS Lambda Applications

• It is a resource in aws, it consists of 1 or more lambda function, it is more than a function, it uses event sources to invoke those functions
• Lambda application is deployed as a package just like the standard lambda function, it packages all components of the application as package
• Integration with developer tools such as AWS CodePipeline, AWS CloudFormation to deploy the lambda application straight from code repository

Deploying Lambda Applications

• AWS Serverless application repository
• AWS CloudFormation
• AWS CLI and SAM CLI
• Git repos

Rolling deployment using CI&CD

Common Lambda Application Types

• File Processing
• Websites - apis that consist of many functions
• Data and analytics -
• Mobile applications

Best practices for lambda functions

• Function Code - Separate out the handler code and business logic
• Configuration - validate and manage configurations for handling load
• Metrics & Alarms - to know when somethings go wrong with function
• Streams - Events

Runtimes support

Run lambda using following ways

• Function defined as container images
• Zip file archives

AWS Lambda Execution Lifecycle

• Step1: Initialization - Retrieving the code and any associated layers, Finding and attaching it to the appropriate runtime, Prepping Extensions and running any initialization code you might have in the code. If the function is already ran then init will be faster in subsequent calls else it would take little bit more time to process.
• Step2: Invoke - Once the function code is ramped up then the invocation happens
• Step3: Shutdown - Can happen if the runtime is idle for long time

Lambda APIs

• Runtime API
• Extensions API
• Logs API

API, Service, Resource Permissions

• Identity based policy - Every Lambda function has execution role which can be assigned Using IAM

• Resource based policy or Lambda managed or Custom Policies using IAM

• Lambda Execution Role

  • Function Permissions are assigned when it is created automatically

• Resource Based Policies

  • To allow specific resource permissions to allow other resources access your lambda function
  • Permission based on resources
  • Permission to invoke or manage functions
  • Access can be assigned to multiple accounts

• Identity Based IAM Policies

  • Users can Fully manage lambda fn using AWSLambda_FullAccess
  • Users can fully read lmbda fn using AWSLambda_ReadOnlyAccess
  • Users can invoke lambda fn using AWSLambdaRole

Quiz

Who is responsible for managing the physical servers in a serverless compute model? Ans: Cloud Provider

Which best describes an AWS Lambda blueprint? Ans: A “getting started” package with a functional AWS Lambda function

Which are example features of AWS Lambdas?

Which aspect of an AWS CodePipeline includes the details of the integration step?

Which AWS service can be used to manage CI/CD for an AWS Lambda application?

Which are examples of configurable aspects of an API Gateway stage?

Which best describes the relationship between Lambda versions and aliases?

Which tool would be used to invoke a Lambda function from the command line?

Which are examples of supported runtimes for AWS Lambda?

Which built-in identity profile grants the ability to delete Lambda functions?

About how many AWS service integrations are available for mocking with the AWS Step Functions feature?

Which file is required when creating a custom runtime for an AWS Lambda function?

Which best describes the criteria upon which AWS Lambdas are invoiced?

Which best describes an Amazon Resource Name (ARN)?