• With Lambda functions, you are able to configure runtime, resource allocations and how it runs, either via invocations or response to certain AWS or external events.
  • You should aim to create a small and specialised but robust piece of function that would receive an input and provide an output. You should not have Lambda performing more than 1 activity.
  • How it works
    • Lambda packages your code with Lambda runtime (suppose Python) and installs in an isolated Sandbox environment. Sandbox is specific to a specific function but able to execute in the future as well.
    • A Lambda worker is a physical compute unit which provides capacity to execute Sandboxes which are the environments that functions operate within. Therefore, they can be warm or cold. Provisioning a sandbox takes time, so ideally aim for sandbox reuse as much as possible.
  • New Architecture of Lambda: There is a shared component which consists of hardware, host OS and hypervisor. You don’t have anything dedicated to the account but now you have Amazon Micro VM (Firecracker) that are all dedicated to the specific functions. Every single function is isolated at that level.
  • They do operate outside of the VPC. However, they can go inside the VPC as well but then will be subjected to the restrictions caused by the configurations.
  • Concurrency: Suppose you do upload thousands of pictures to an S3 bucket, you might want to limit the concurrency of the function at an account level.
  • Lambda needs IAM execution role to perform actions on other AWS services.
  • Lambda Layers
    • Historically you would use additional libraries and all the dependencies needed for the runtime library when you work with deployment packages, anything not included in the standard runtime within sandbox.
    • Layers provide additional runtime support, package that into a layer and share with any account or even public. Layers are immutable, cannot be changed. You can only have versions, specific versions for a specific layer. Layers can be used to store commonly used libraries and other software dependencies. Layers are extracted into the /opt folder of the execution environment.

API Gateway

  • CORS (Cross Origin Resource Sharing): This is a browser security feature that restricts HTTP requests that are initiated from scripts running in the browser. We need to enable CORS to allow requests to our API from a web app hosted in a different domain such as an application hosted on an EC2 server whereas API in AWS API Gateway.