Skip to content

AWS Lambda

AWS Lambda Overview

  • Definition: AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. It executes code in response to events and automatically scales, charging only for the compute time used.
  • Key Features:
    • Supports multiple languages (e.g., Python, Node.js, Java, Go, .NET).
    • Triggered by events from AWS services (e.g., S3, DynamoDB, API Gateway) or custom sources.
    • Scales automatically, handles millions of requests, and supports concurrency controls.
    • Integrates with VPC, IAM, CloudWatch, and other AWS services for networking, security, and monitoring.
    • Offers features like provisioned concurrency, response streaming, and function URLs.
  • Use Cases: Web APIs, data processing, real-time file processing, automation, microservices, event-driven applications.
  • Key Updates (2024–2025):
    • Response Streaming: Enables streaming responses for large payloads (October 2024).
    • Enhanced Observability: Improved CloudWatch metrics and Lambda Insights (March 2024).
    • Function URLs: Simplified HTTP endpoints without API Gateway (January 2025).
    • FIPS 140-2 Compliance: Available for Lambda in AWS GovCloud (October 2024).

1. Lambda Core Concepts

Components

  • Function:
    • The executable code deployed to Lambda, written in a supported runtime (e.g., Python 3.12).
    • Includes handler (entry point), configuration (memory, timeout), and dependencies.
    • Explanation: E.g., Python function triggered by S3 to process uploaded files.
  • Event Source:
    • AWS service or custom application that triggers the function.
    • Types:
      • Push: Services (e.g., S3, SNS) send events to Lambda.
      • Pull: Lambda polls streams (e.g., Kinesis, DynamoDB Streams).
    • Explanation: E.g., API Gateway pushes HTTP requests to Lambda.
  • Trigger:
    • Configured mapping between an event source and a Lambda function.
    • Explanation: E.g., S3 bucket event triggers function on file upload.
  • Execution Environment:
    • Isolated runtime environment (micro-VM) for function execution.
    • Includes memory (128 MB–10,240 MB), ephemeral storage (/tmp, up to 10 GB), and runtime.
    • Explanation: E.g., 512 MB function with 1 GB /tmp for file processing.
  • Concurrency:
    • Number of function instances running simultaneously.
    • Reserved Concurrency: Limits function concurrency.
    • Provisioned Concurrency: Pre-warms instances for low latency.
    • Explanation: E.g., set 100 reserved concurrency for API function.

Key Concepts

  • Event-Driven Architecture:
    • Functions respond to events (e.g., HTTP request, S3 upload, SNS message).
    • Asynchronous (e.g., S3) or synchronous (e.g., API Gateway) invocation.
    • Explanation: E.g., Lambda processes DynamoDB stream updates.
  • Timeout and Memory:
    • Timeout: Max execution time (1 second–15 minutes, default 3 seconds).
    • Memory: Controls CPU and performance (128 MB–10,240 MB).
    • Explanation: E.g., 5-minute timeout for data processing function.
  • Layers:
    • Reusable code or dependencies (e.g., libraries, runtimes) shared across functions.
    • Up to 5 layers per function, max 250 MB unzipped.
    • Explanation: E.g., layer with pandas library for Python functions.
  • Function URLs:
    • Built-in HTTPS endpoints for invoking functions without API Gateway.
    • Supports IAM or public access (new 2025).
    • Explanation: E.g., function URL for simple web API.

Key Notes:

  • Exam Relevance: Understand functions, triggers, concurrency, and event sources.
  • Mastery Tip: Compare Lambda vs. EC2 vs. ECS for compute scenarios.

2. Lambda Performance Features

Lambda optimizes serverless performance.

Low Latency

  • Purpose: Fast response for event-driven apps.
  • Features:
    • Provisioned concurrency pre-warms instances to reduce cold starts.
    • Response streaming enables progressive responses (new 2024).
    • Explanation: E.g., provisioned concurrency for API with 100 ms latency.
  • Exam Tip: Use provisioned concurrency for latency-sensitive APIs.

High Throughput

  • Purpose: Handle high request volumes.
  • Features:
    • Scales to thousands of concurrent executions per Region.
    • Automatic scaling based on event load (e.g., S3 uploads).
  • Explanation: E.g., process 1 million S3 events in parallel.
  • Exam Tip: Highlight auto-scaling for bursty workloads.

Scalability

  • Purpose: Support growing workloads.
  • Features:
    • Default account concurrency limit: 1,000 (adjustable).
    • Scales per trigger (e.g., 1,000 concurrent executions per S3 bucket).
    • Explanation: E.g., scale to 10,000 executions for Kinesis stream.
  • Exam Tip: Use reserved concurrency to manage scaling.

Response Streaming:

  • Purpose: Handle large payloads efficiently.
  • Features:
    • Streams responses (e.g., large files, real-time data) without buffering.
    • Reduces latency for HTTP or async invocations (new 2024).
  • Explanation: E.g., stream 1 GB file from Lambda to client.
  • Exam Tip: Know streaming for web and data apps.

Key Notes:

  • Performance: Auto-scaling + provisioned concurrency + streaming = high-performance serverless.
  • Exam Tip: Emphasize Lambda for event-driven, scalable apps.

3. Lambda Resilience Features

Resilience ensures reliable function execution.

Automatic Retries

  • Purpose: Handle transient failures.
  • Features:
    • Synchronous: Client retries (e.g., API Gateway).
    • Asynchronous: Lambda retries twice, then sends to Dead Letter Queue (DLQ).
    • Stream-based: Retries until success or expiry (e.g., Kinesis).
    • Explanation: E.g., async S3 event retries twice, then sent to SQS DLQ.
  • Exam Tip: Configure DLQ for async failures.

Dead Letter Queue (DLQ):

  • Purpose: Capture failed events.
  • Features:
    • Sends unprocessed async events to SQS or SNS.
    • Configurable per function.
  • Explanation: E.g., failed DynamoDB stream event sent to SQS for analysis.
  • Exam Tip: Use DLQ for debugging and recovery.

Multi-AZ Execution:

  • Purpose: Survive AZ failures.
  • Features:
    • Lambda runs in multiple AZs by default, no configuration needed.
    • Integrates with multi-AZ services (e.g., ELB, RDS).
  • Explanation: E.g., Lambda processes S3 events even if us-east-1a fails.
  • Exam Tip: Highlight default HA for Lambda.

Monitoring and Failover:

  • Purpose: Detect and respond to issues.
  • Features:
    • CloudWatch metrics: Invocations, Errors, Duration, Throttles.
    • Lambda Insights: Enhanced observability (CPU, memory, network) (new 2024).
    • Alarms for high error rates or throttling.
  • Explanation: E.g., alarm if ErrorCount > 10 for 5 minutes.
  • Exam Tip: Use CloudWatch and Insights for monitoring.

Key Notes:

  • Resilience: Retries + DLQ + multi-AZ + CloudWatch = reliable serverless.
  • Exam Tip: Design resilient apps with DLQ and multi-AZ triggers.

4. Lambda Security Features

Security aligns with SAA-C03’s secure architecture focus.

Access Control

  • IAM:
    • Execution role grants Lambda permissions to AWS services (e.g., S3, DynamoDB).
    • Resource-based policies control who can invoke the function.
    • Example: {"Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/*"}.
  • Function URLs:
    • Supports IAM authentication or public access (new 2025).
    • Explanation: E.g., restrict function URL to IAM role.
  • Exam Tip: Practice execution role and resource-based policies.

Encryption

  • In Transit:
    • HTTPS for API Gateway, function URLs, and AWS service triggers.
    • VPC traffic uses TLS (e.g., Lambda to RDS).
    • Explanation: E.g., HTTPS endpoint for function URL.
  • At Rest:
    • Code and environment variables encrypted with KMS.
    • Ephemeral storage (/tmp) encrypted by default.
    • Explanation: E.g., KMS key for sensitive environment variables.
  • Exam Tip: Use KMS for sensitive data in Lambda.

VPC Integration

  • Purpose: Secure private resource access.
  • Features:
    • Deploy Lambda in VPC to access private resources (e.g., RDS, ElastiCache).
    • Requires subnets, security groups, and ENI allocation.
    • Explanation: E.g., Lambda in private subnet accesses RDS.
  • Exam Tip: Configure VPC for private resource access.

Compliance

  • Certifications: HIPAA, PCI, SOC, ISO, GDPR, FIPS 140-2 (GovCloud).
  • Explanation: E.g., deploy Lambda for PCI-compliant API.

Key Notes:

  • Security: IAM + encryption + VPC = robust protection.
  • Exam Tip: Configure execution roles, VPC, and KMS for secure Lambda.

5. Lambda Cost Optimization

Cost efficiency is a key exam domain.

Pricing

  • Compute:
    • $0.00001667/GB-second (us-east-1).
    • Billed for duration and memory (e.g., 512 MB function for 1 second = 0.5 GB-second).
  • Requests:
    • $0.20/million requests.
  • Ephemeral Storage:
    • $0.0000000309/GB-second (above 512 MB, up to 10 GB).
  • Provisioned Concurrency:
    • $0.000004167/GB-second (higher than regular compute).
  • Example:
    • 1 million invocations, 512 MB, 1-second duration:
      • Requests: 1M × $0.20/1M = $0.20.
      • Compute: 1M × 0.5 GB × 1s × $0.00001667 = $8.335.
      • Total: $8.535/month.
    • Add 100 provisioned concurrency: 100 × 0.5 GB × 24 × 30 × 3600 × $0.000004167 = $1,800/month.
  • Free Tier:
    • 1 million requests/month, 400,000 GB-seconds/month.

Cost Strategies

  • Optimize Memory and Timeout:
    • Use minimal memory for workload (e.g., 128 MB for lightweight tasks).
    • Set appropriate timeout to avoid overrunning.
    • Explanation: E.g., reduce from 512 MB to 256 MB for simple API.
  • Avoid Provisioned Concurrency:
    • Use only for latency-sensitive apps to avoid high costs.
    • Explanation: E.g., skip provisioned concurrency for batch processing.
  • Minimize Requests:
    • Batch events (e.g., S3 batch operations) to reduce invocations.
    • Explanation: E.g., process 100 S3 files in one invocation.
  • Use Ephemeral Storage Efficiently:
    • Keep /tmp usage under 512 MB to avoid extra charges.
    • Explanation: E.g., stream data to S3 instead of /tmp.
  • Tagging:
    • Use cost allocation tags to track Lambda costs.
    • Explanation: E.g., tag function with “Project:API”.
  • Monitor Usage:
    • Use CloudWatch to optimize duration and memory allocation.
    • Explanation: E.g., reduce memory if Duration is low.

Key Notes:

  • Cost Savings: Minimal memory + no provisioned concurrency + batching = lower costs.
  • Exam Tip: Calculate costs for compute, requests, and provisioned concurrency.

6. Lambda Advanced Features

Response Streaming:

  • Purpose: Handle large or real-time responses.
  • Features:
    • Streams data progressively (e.g., file downloads, live data).
    • Supported for HTTP and async invocations (new 2024).
  • Explanation: E.g., stream log data to client without buffering.
  • Exam Tip: Know streaming for web and data apps.

Function URLs:

  • Purpose: Simplify HTTP access.
  • Features:
    • Built-in HTTPS endpoints, no API Gateway needed.
    • IAM or public access, configurable CORS (new 2025).
  • Explanation: E.g., function URL for public webhook.
  • Exam Tip: Use URLs for cost-effective APIs.

Provisioned Concurrency:

  • Purpose: Reduce cold starts.
  • Features:
    • Pre-warms instances for predictable latency.
    • Configurable per function version/alias.
  • Explanation: E.g., 50 provisioned concurrency for API Gateway trigger.
  • Exam Tip: Use for latency-sensitive workloads.

Lambda Layers:

  • Purpose: Reuse code and dependencies.
  • Features:
    • Share libraries, custom runtimes across functions.
    • Up to 5 layers, 250 MB unzipped.
  • Explanation: E.g., layer with AWS SDK for multiple functions.
  • Exam Tip: Use layers for modular code.

Monitoring Enhancements:

  • Purpose: Detailed function insights.
  • Features:
    • Lambda Insights: CPU, memory, network metrics (new 2024).
    • CloudWatch Logs Insights for log analysis.
  • Explanation: E.g., monitor cold starts with Insights.
  • Exam Tip: Use Insights for performance tuning.

Key Notes:

  • Flexibility: Streaming + URLs + layers = advanced serverless.
  • Exam Tip: Know streaming, URLs, and Insights for modern apps.

7. Lambda Use Cases

Understand practical applications.

Web APIs

  • Setup: Lambda with API Gateway or function URL, DynamoDB.
  • Features: Scalable, low-latency HTTP endpoints.
  • Explanation: E.g., REST API for e-commerce app.

Data Processing

  • Setup: Lambda triggered by S3, processes to DynamoDB.
  • Features: Real-time file processing, auto-scaling.
  • Explanation: E.g., resize images uploaded to S3.

Stream Processing

  • Setup: Lambda polls Kinesis or DynamoDB Streams.
  • Features: Real-time data processing, retries.
  • Explanation: E.g., process IoT sensor data from Kinesis.

Automation

  • Setup: Lambda triggered by CloudWatch Events/Scheduler.
  • Features: Scheduled tasks, no servers.
  • Explanation: E.g., nightly backup of RDS to S3.

8. Lambda vs. Other Compute Services

Feature Lambda EC2 ECS
Type Serverless Compute Virtual Servers Container Orchestration
Workload Event-driven, short-lived Long-running apps Containerized apps
Management Fully managed User-managed Partially managed
Scaling Automatic, per event Auto Scaling groups Auto Scaling, Fargate
Cost Pay-per-use, GB-second Pay-per-hour Pay-per-task/hour
Use Case APIs, data processing Web servers, databases Microservices, batch

Explanation:

  • Lambda: Serverless, event-driven, no server management.
  • EC2: Full control, long-running, customizable.
  • ECS: Containerized apps, flexible orchestration.

9. Detailed Explanations for Mastery

  • Response Streaming:
    • Example: Stream 1 GB file from Lambda via function URL.
    • Why It Matters: Large payload handling—new for 2024.
  • Function URLs:
    • Example: Public URL for webhook without API Gateway.
    • Why It Matters: Cost-effective APIs—new for 2025.
  • Lambda Insights:
    • Example: Monitor CPU usage for cold start optimization.
    • Why It Matters: Enhanced observability—new for 2024.

10. Quick Reference Table

Feature Purpose Key Detail Exam Relevance
Lambda Function Serverless code Handler, runtime, memory/timeout Core Concept
Event Source/Trigger Invoke function S3, API Gateway, Kinesis, etc. Core Concept
Concurrency Scale executions Reserved, provisioned concurrency Performance, Scalability
Response Streaming Large/real-time responses Progressive streaming (2024) Flexibility
Function URLs Simplified HTTP access IAM/public endpoints (2025) Flexibility, Cost
VPC Integration Private resource access Subnets, security groups, ENI Security
Lambda Insights Enhanced observability CPU, memory, network metrics (2024) Resilience, Performance