- Cloud history: Data Centre => IaaS (EC2, 2016) => PaaS => Containers => Serverless
- Concept came up with Faas (Function as a Service) = Lambda
- Today the definition includes anything that's managed where you developers don't see / provision / manage servers.
- In AWS: Lambda & Step Functions, DynamoDB, AWS Cognito, AWS API Gateway, S3, SNS & SQS, Kinesis, Aurora Serverless...
- Serverless application examples:
- Users -> Rest API -> API Gateway -> Lambda -> DynamoDB with log in function from Amazon Cognito.
- Serverless thumbnail creation
- User uploads image to S3
- S3 triggers lambda function to create a thumbnail
- Lambda
- Creates & pushes thumbnail image into S3
- Saves metadata in DynamoDB
-
Lambda vs EC2
EC2 Lambda Virtual servers in the cloud Virtual functions -> no servers to manage! Limited by RAM and CPU Limited by time - short executions Continuously running Run on-demand Scaling means intervention to add / remove servers Scaling is automated -
#
- Pay per calls.
- Pay per duration (in increment of 100ms)
- E.g. you get 400.000 GBs of FREE compute time
- = 400.000 seconds if function is 1 GB RAM
- = 3.200.000 seconds if function is 128 MB RAM
- E.g. you get 400.000 GBs of FREE compute time
-
Integrations
- Almost whole AWS Stack can trigger it: API Gateway, Kinesis, DynamoDB, S3, AWS IoT, CloudWatch Events, CloudWatch Logs, AWS SNS, AWS Cognito, Amazon SQS and more.
-
Can use different programming languages: Node.js (JavaScript), Python, Java, C# (.NET CORE), Golang, C# / PowerShell, C++ and more.
-
Lambda like EC2 and ECS supports hyper-threading on one or more virtual CPUs.
-
Lambda@Edge lets you run lambda functions in edge locations.
-
Blueprints are code templates for writing Lambda functions.
-
You can test lambdas directly on portal by configuring & sending test events in the Console
-
Security
- IAM role must be attached to it.
- Deployed within a VPC as default.
- To enable your Lambda function to access resources inside your private VPC:
- Give subnet IDs and security group IDs
- Lambda uses those IDs to set up ENIs.
- AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.
- 💡 In your subnet you need enough available IP / ENI's otherwise you get
EC2ThrottledExceptionfor concurrent execution.
- To enable your Lambda function to access resources inside your private VPC:
- Lambda can have Security Groups.
- Auditing and compliance through CloudTrail logging.
-
Configurations
- Timeout: Default 3 seconds, 📝max of 15 minutes
- Function fails directly after timeout
- Environment variables that can be accessed directly from the code.
- Allocated memory (128MB to 10 GB)
- 💡 Increasing RAM will also improve CPU and network!
- 📝Scaling is automated.
- Lambda DLQ
- Debugging and error handling through dead letter queues
- Can be SNS or SQS queue
- Encryption
- Encryption helpers to pass secure credentials in an encrypted manner.
- Prevents other developer who has access to console from seeing the credentials.
- Timeout: Default 3 seconds, 📝max of 15 minutes
-
Scaling
- ❗ Concurrency limits how many lambda functions can be executed simultaneously.
- For initial burst between 500-3000 depending on region.
- Later: 500 per minute until limit is reached.
- Concurrency limit starts from 1000 (soft limit)
- ❗ Concurrency limits how many lambda functions can be executed simultaneously.
-
💡 Architectures can get complicated -> AWS X-ray allows you to debug what's happening.
- Trace and analyse keywords.
-
❗📝 Limitations
- RAM: Up to 10GB
- Deployment
- Max size 250 MB or 50 MB (zipped)
- 💡 Overcome limit: use
/tmpdirectory to load other files at startup
- 💡 Overcome limit: use
- Size of environment variables: 4 KB
- Max size 250 MB or 50 MB (zipped)
- Execution
- Memory allocation: 128 MB - 10 GB (64 MB increments)
- Maximum execution time: 15 minutes
- Disk capacity in the "function container" (in
/tmp): 512 MB - Concurrency limits: 1000 (soft limit)