AWS Lambda Concepts: Difference between revisions
(→Action) |
|||
Line 81: | Line 81: | ||
=Relationship to a VPC= | =Relationship to a VPC= | ||
{{External|https://docs.aws.amazon.com/lambda/latest/dg/vpc.html Configuring a Lambda Function to Access Resources in an Amazon VPC]}} | |||
The function may want to connect to resources in a VPC, and for that, the function configuration allows configuring VPC connectivity, in form of [https://docs.aws.amazon.com/lambda/latest/dg/vpc.html VPC settings]. These include a list of security groups and subnets in the VPC. When a function is connected to the VPC, it can only access resources and the internet through that VPC. The update requires no interruption. | The function may want to connect to resources in a VPC, and for that, the function configuration allows configuring VPC connectivity, in form of [https://docs.aws.amazon.com/lambda/latest/dg/vpc.html VPC settings]. These include a list of security groups and subnets in the VPC. When a function is connected to the VPC, it can only access resources and the internet through that VPC. The update requires no interruption. | ||
When a VPC relationship is declared, <font color=darkgray>CloudFormation might not be able to delete the stack if another resource in the template, such as a security group, requires the attached ENI to be deleted before it can be deleted. It is recommended to run CloudFormation with the ec2:DescribeNetworkInterfaces permission, which enables CloudFormation to monitor the state of the ENI and to wait up to 40 minutes for Lambda to delete the ENI. | When a VPC relationship is declared, <font color=darkgray>CloudFormation might not be able to delete the stack if another resource in the template, such as a security group, requires the attached ENI to be deleted before it can be deleted. It is recommended to run CloudFormation with the ec2:DescribeNetworkInterfaces permission, which enables CloudFormation to monitor the state of the ENI and to wait up to 40 minutes for Lambda to delete the ENI. |
Revision as of 20:32, 4 April 2019
Internal
Function Name
If no name is specified when the function is declared, a name will be generated. If a name is specified, no updates that require replacement of this function can be performed. The only updates that can be performed are those that require no or some interruption. To replace the function, a new name must be specified.
Code
It represents the code for the lambda function. The code for all runtimes can be specified by the location of the deployment package, as an S3 location. For Node.js and Python, the code can be specified in-line. The code specification is required. To update the code, the function requires no interruption. However, changes to a deployment package in Amazon S3 are not detected automatically. To update the function code, the object key can be changed, or use object versioning and change the version number in the template.
Function Code
Handler Code
The handler is the function AWS Lambda calls to start execution of the function code. The handler is identified when the lambda function is created. When a Lambda function is invoked, AWS Lambda starts executing your code by calling the handler function. AWS Lambda passes any event data to this handler as the first parameter. Your handler should process the incoming event data and may invoke any other functions/methods in your code.
Runtime
The runtime specifies the programming language for the function. A required configuration parameter. Requires no interruption on update. All runtimes share the execution environment, which provides additional libraries and environment variables that can be accessed from the function code. A runtime can support a single version of a language, multiple versions of a language, or multiple languages.
The runtime identifiers are available here. Examples:
- java-1.8.0-openjdk
Runtime Interface
Custom Runtime
Custom runtimes can be implemented.
Execution Environment
When a function is invoked, AWS Lambda attempts to re-use the execution environment from a previous invocation, if one is available. This saves time preparing the execution environment, and allows to save resources like database connections and temporary files in the execution context. The execution environment is shared by all runtimes and provides additional libraries and environment variables that you can access from the function code.
The execution environment provides a runtime interface for getting invocation events and sending responses.
Execution Context
The execution context is a temporary runtime environment that initializes any external dependencies of the Lambda function code, such as database connections or HTTP endpoints. Setting up the execution context is known as "bootstrapping", which is a process that takes some time and consequently introduces latency in the lambda function execution. After a Lambda function is executed, AWS Lambda maintains the execution context for some time - the context is "frozen" after the execution completes, and its thawed for reuse. This approach has the following implications:
- Any declaration in the function code - outside the handler code - remains initialized. For example, if a function establishes a database connection, the original connection is used in subsequent invocations.
- Each execution context provides 512MB of additional disk space in the /tmp directory. The directory content remains when the execution context is frozen, providing transient cache that can be sued for multiple invocations.
- Background processes or callbacks initiated by the function that did not complete when the function ended resume if the execution context is reused.
However, reusing the execution context is an optimization, and it is not guaranteed. When you write your Lambda function code, do not assume that AWS Lambda automatically reuses the execution context for subsequent function invocations. Other factors may dictate a need for AWS Lambda to create a new execution context, which can lead to unexpected results, such as database connection failures.
Environment Variables
Environment variables that are accessible from function code during execution can be listed in the function declaration. Updates require no interruption. For an example see Creating a Lambda Function with CloudFormation.
Layer
Action
CreateFunction
Invoke
The function-invoking action of the Lambda service.
It may serve as integration endpoint for Amazon API Gateway Lambda function integration.
Relationship to a VPC
- https://docs.aws.amazon.com/lambda/latest/dg/vpc.html Configuring a Lambda Function to Access Resources in an Amazon VPC]
The function may want to connect to resources in a VPC, and for that, the function configuration allows configuring VPC connectivity, in form of VPC settings. These include a list of security groups and subnets in the VPC. When a function is connected to the VPC, it can only access resources and the internet through that VPC. The update requires no interruption.
When a VPC relationship is declared, CloudFormation might not be able to delete the stack if another resource in the template, such as a security group, requires the attached ENI to be deleted before it can be deleted. It is recommended to run CloudFormation with the ec2:DescribeNetworkInterfaces permission, which enables CloudFormation to monitor the state of the ENI and to wait up to 40 minutes for Lambda to delete the ENI.