Lambda - What is it?
A unit of code with a single entry point that you upload to AWS managed compute resources and execute on-demand or in response to events (e.g. object loaded to S3, data arrived in a Kinesis Stream, etc.).API Gateway - What is it?
API Gateway exposes Internet-accessible endpoints. The API requests received can be routed to another Internet endpoint (HTTP Proxy), to Lambda, and to another compute resource on EC2.
- Mock integration allows API to return canned responses to aid in development.
- AWS Congnito can be used to manage user-based access control.
- Variables can be defined at API level when deployed to a given "stage". These variables can be passed to the back end (which can use to look up configuration or change behavior).
- Request/Response templates can be used to filter/format data to pass to the back end.
- Full control of HTTP code and response returned.
- Swagger import/export to specify/source control the API definition.
- API Gateway calls can be throttled via config to protect back-end resources.
- Passes data as JSON object to Lambda. Can use mapping template to transform.
- Use template to transform (uses Velocity Template Language). Better to use capabilities in gateway than in lambda (timed execution).
- Url path parameters can also be passed to Lambda. "apiname/{action}" will be passed as {"action" : "getcustomers"} for apiname/getcustomers
- Information from HTTP request can be used in creating a RESTful API. URL parameter values can used to identify the resource (e.g. Customer, Product) and the operation to perform can deduced from HTTP method.
- API Gateway can create client-side SDK (JavaScript, iOS, and Android)
Lambda Available Resources
- Memory - Specify 128 MB to 1.5GB, affects performance of CPU and Network
- Compute time - Specify when to timeout the function. Up to 300 seconds.
- Temporary storage: 500MB as /tmp
- The assigned IAM role dictates the permissions of Lambda to other AWS resources
Lambda Implementation
- Can be coded in Java, NodeJS, or Python.
- The entry point function retrieves the event (data associated with event such as S3 event or custom event; all in JSON format) and context (memory limit in MB, functionName, functionVersion, functionARN, requestId, streamName, LogGroupName, clientContext, identity, remaining time in milliseconds, logger).
- IAM assigned to Lambda dictates which resources Lambda can use (use least privilege).
- Function alias is useful in creating another level of indirection, for example, when mapping API Gateway to Lambda functions.
- External configuration can be stored in DynamoDB (can use information provided in Context such as API Gateway stage passed to lambda function as the key to the configuration information).
- The Context passed to function has a logger that writes to Cloudwatch logs.
- Can have one big lambda function that performs a group of related tasks.
Trace Data Passed to Lambda
'use strict';
console.log('Loading function');
exports.handler = (event, context, callback) => {
var eventJson = JSON.stringify(event, null, 2);
var contextJson = JSON.stringify(context, null, 2);
console.log('Event:', eventJson);
console.log('Context:', contextJson);
// return received data
// callback(Error error, Object result);
callback(null, {event: event, context: context});
};
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
console.log('Loading function');
exports.handler = (event, context, callback) => {
var eventJson = JSON.stringify(event, null, 2);
var contextJson = JSON.stringify(context, null, 2);
console.log('Event:', eventJson);
console.log('Context:', contextJson);
// return received data
// callback(Error error, Object result);
callback(null, {event: event, context: context});
};
Minimum Permission Required for IAM
// must be able to write to CloudWatch in order log error messages{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
Lambda Deployment
- AWS takes of deployment and transition to new code uploaded.
- Automate it (CLI, Jenkins build, CloudFormation)
- Functions can be versioned - the calls to lambda can reference a particular version. New version can be loaded but the deployment will continue to use the referenced version. In code, reference the lambda with the desired version. Without version specification, latest version is executed.
- Can create alias for a version of lambda. Can repoint the alias to a different version at any time. In code, reference the lambda by its alias (functionname:alias).
Lambda Invocation
- Lambda can be invoke in response to AWS events such S3, SNS, CloudWatch, and Kinesis.
- An API Gateway endpoint can be placed in front of a Lambda function. The function can then be invoked from the Internet.
- Lambda can be invoked using the AWS SDK. For example, to save processing time on an EC2 instance, call lambda to do the work.
- Use naming conventions to tie Lambda function, API Gateway Resource, IAM role name, API stage names (helps in automation).
- Instances may be reused on subsequent calls. Large Java functions may take sometime to load up.
- There is a warm-up time for a lambda. Invoke lambda every 9 minutes to keep the warmed instance alive. Set a generous timeout. First invocations may take a while. Keep the function size small so it loads faster.
- IP of the lambda function is indeterminate.
Example of a generic Lambda Custom Event
{
"metadata" : {}, // invokers IP address, hostname, user agent, action to perform etc.
"data" : {}
}
