Мониторинг Lambda в AMP (Amazon Managed Service for Prometheus) с помощью ADOT (AWS Distro for OpenTelemetry):
https://aws.amazon.com/blogs/opensource/aws-lambda-metrics-support-for-amazon-managed-service-for-prometheus-now-available-in-aws-distro-for-opentelemetry/
#Lambda #AMP #ADOT #OpenTelemetry
https://aws.amazon.com/blogs/opensource/aws-lambda-metrics-support-for-amazon-managed-service-for-prometheus-now-available-in-aws-distro-for-opentelemetry/
To support generating, collecting, and exporting application metrics from AWS Lambda to Prometheus, we extended the OpenTelemetry Lambda layer to ensure end-to-end support for the metric pipeline. In addition to supporting Prometheus, a separate layer is also able to support exporting metrics to Amazon Managed Service for Prometheus (AMP).
#Lambda #AMP #ADOT #OpenTelemetry
Параллелизация в Лямбде:
https://medium.com/@harrisaaron/multithreading-in-lambda-youll-need-to-use-this-much-memory-1ad7d257fbb3
#Lambda
https://medium.com/@harrisaaron/multithreading-in-lambda-youll-need-to-use-this-much-memory-1ad7d257fbb3
#Lambda
Medium
Multithreading in Lambda? You’ll need to use this much memory
Lambda is a funny AWS service. When it comes to provisioning how powerful you want your compute, you need to select how much memory you…
Лямбда-
https://aws.amazon.com/blogs/aws/aws-lambda-functions-powered-by-aws-graviton2-processor-run-your-functions-on-arm-and-get-up-to-34-better-price-performance/
Для Лямбд без зависимостей простое переключение на ARM даст неплохую экономию.
🎉 Сразу с поддержкой в CloudFormation и CDK (хотя этого на момент написания поста нет в документации) — просто добавляем параметр
p.s. Отдельно интересно, что архитектура задаётся как
Updated, спасибо за пример @geekexport:
#Lambda #Graviton2
arm64
на Graviton2 — быстрее и дешевле:https://aws.amazon.com/blogs/aws/aws-lambda-functions-powered-by-aws-graviton2-processor-run-your-functions-on-arm-and-get-up-to-34-better-price-performance/
Lambda functions powered by Graviton2 are designed to deliver up to 19 percent better performance at 20 percent lower cost.
Для Лямбд без зависимостей простое переключение на ARM даст неплохую экономию.
x86 128 MB $0.0000000021
arm64 128 MB $0.0000000017
🎉 Сразу с поддержкой в CloudFormation и CDK (хотя этого на момент написания поста нет в документации) — просто добавляем параметр
Architectures: [arm64]
в AWS::Lambda::Function
.p.s. Отдельно интересно, что архитектура задаётся как
list
, a не string
, что может указывать на возможность задания сразу нескольких архитектур в будущем.Updated, спасибо за пример @geekexport:
LambdaArmExample:
Type: AWS::Serverless::Function
Properties:
Handler: ./dist/index.handler
Timeout: 30
MemorySize: 1024
Architectures:
- arm64
#Lambda #Graviton2
Amazon
AWS Lambda Functions Powered by AWS Graviton2 Processor – Run Your Functions on Arm and Get Up to 34% Better Price Performance…
December 13, 2022: Post updated to include all the AWS Regions where Lambda Functions can be powered by the Graviton2 Processor. June 19, 2023: List of AWS Regions updated. Many of our customers (such as Formula One, Honeycomb, Intuit, SmugMug, and Snap Inc.)…
Сравнение производительности Lambda-
https://blog.thundra.io/a-performance-perspective-for-graviton-based-lambda-functions
#Lambda #cost_optimization
x86
vs Lambda-arm64
:https://blog.thundra.io/a-performance-perspective-for-graviton-based-lambda-functions
In conclusion, we can see the benefit of AWS Graviton2 for both price and performance.
#Lambda #cost_optimization
Поддержка Lambda-
https://github.com/aws/aws-sam-cli/releases/tag/v1.33.0
#Lambda #SAM
arm64
в AWS SAM:https://github.com/aws/aws-sam-cli/releases/tag/v1.33.0
sam init --architecture arm64
#Lambda #SAM
GitHub
Release Release 1.33.0 - AWS Lambda ARM Support · aws/aws-sam-cli
Changes:
3a5d36f - Revert "Revert "fix: ECR URI for China regions (#3280)" (#3302)" (#3303)
61ab648 - chore: Update Lambda Builders, SAM, and SAM CLI Versions (#3317)
d1024fa - ...
3a5d36f - Revert "Revert "fix: ECR URI for China regions (#3280)" (#3302)" (#3303)
61ab648 - chore: Update Lambda Builders, SAM, and SAM CLI Versions (#3317)
d1024fa - ...
IAM Permissions Boundary на защите Лямбда инфраструктуры:
https://www.iampulse.com/t/control-the-blast-radius-of-your-lambda-functions-with-an-iam-permissions-boundary
#IAM #Lambda #security
https://www.iampulse.com/t/control-the-blast-radius-of-your-lambda-functions-with-an-iam-permissions-boundary
▪️ Problem 1: IAM is hard and application developers aren’t IAM experts
▪️ Problem 2: Traditional organisational policy may disallow IAM role creation by application teams
An IAM permissions boundary allows us to get the best of both worlds:
▫️ Application team retains ownership of granular permissions in per-function roles and can ship independently 👍
▫️ Platform team can continue to enforce a maximum blast radius (equal to the EC2Application role) on the application, regardless of how developers specify their function policies 👍
#IAM #Lambda #security
Публичный слой для Лямбда + AWS Lambda Powertools for Python:
https://awslabs.github.io/aws-lambda-powertools-python/latest/
Теперь добавить поддержку AWS Lambda Powertools for Python можно просто добавив одну строчку в код Лямбды:
#Lambda
https://awslabs.github.io/aws-lambda-powertools-python/latest/
Теперь добавить поддержку AWS Lambda Powertools for Python можно просто добавив одну строчку в код Лямбды:
MyLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Layers:
- arn:aws:lambda:us-east-1:017000801446:layer:AWSLambdaPowertoolsPython:3
#Lambda
Как избежать бесконечного вызова (рекурсии) Лямбды при работе с S3:
https://aws.amazon.com/blogs/compute/avoiding-recursive-invocation-with-amazon-s3-and-aws-lambda/
Способы:
#Lambda
https://aws.amazon.com/blogs/compute/avoiding-recursive-invocation-with-amazon-s3-and-aws-lambda/
Способы:
(1) Using a prefix or suffix in the S3 event notification
(2) Using object metadata to identify the original S3 object
(3) Using an Amazon DynamoDB table to filter duplicate events
1 2 3
Output uses the same bucket Y Y Y
Output uses the same key N Y Y
User-defined metadata N Y N
Lambda invocations per object 1 2 1-2
#Lambda
Amazon
Avoiding recursive invocation with Amazon S3 and AWS Lambda | Amazon Web Services
It's best practice to store the output of the Lambda function in a different bucket or AWS resource than the source bucket. In cases where you need to store the processed object in the same bucket, I show three different designs to help minimize the risk…
Записи EPAM AWS RU Community Meetup от 21.10.21:
🔹 Николай Пойда @mykola7799 объявил победителей EPAM AWS WordPress Challenge.
🔹 Александр Бармин сделал доклад по теме Writing serverless app with AWS SAM.
🔹 Роман Бойко (Serverless Specialist Solution Architect, AWS) подробно рассказал про внутренности Лямбды — AWS Lambda deep dive.
#video #serverless #Lambda
🔹 Николай Пойда @mykola7799 объявил победителей EPAM AWS WordPress Challenge.
🔹 Александр Бармин сделал доклад по теме Writing serverless app with AWS SAM.
🔹 Роман Бойко (Serverless Specialist Solution Architect, AWS) подробно рассказал про внутренности Лямбды — AWS Lambda deep dive.
#video #serverless #Lambda
В дополнение по теме Serverless отмечу обязательное к просмотру видео Романа Бойко (Serverless Specialist Solutions Architect, AWS) с разбором подкапотной работы Лямбды:
https://www.youtube.com/watch?v=I0BWfDmGj0Q
Тот вариант видео, что нужно добавить в закладки и периодически пересматривать.
#Lambda
https://www.youtube.com/watch?v=I0BWfDmGj0Q
Тот вариант видео, что нужно добавить в закладки и периодически пересматривать.
#Lambda
Lambda Function URL: 🎉
https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/
Each function URL is globally unique and can be associated with a function’s alias or the function’s unqualified
For example, if you map a function URL to your
Lambda Function URL vs. API Gateway
Function URLs are best for use cases where you must implement a single-function microservice with a public endpoint that doesn’t require the advanced functionality of API Gateway, such as request validation, throttling, custom authorizers, custom domain names, usage plans, or caching.
Pricing
Function URLs are included in Lambda’s request and duration pricing. (So it's FREE!💪)
▪️
▪️
▫️
▪️
Timeout (seconds)
▪️
▪️
▫️
▪️
#Lambda
https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/
Each function URL is globally unique and can be associated with a function’s alias or the function’s unqualified
ARN
, which implicitly invokes the $LATEST
version.For example, if you map a function URL to your
$LATEST
version, each code update will be available immediately via the function URL.Lambda Function URL vs. API Gateway
Function URLs are best for use cases where you must implement a single-function microservice with a public endpoint that doesn’t require the advanced functionality of API Gateway, such as request validation, throttling, custom authorizers, custom domain names, usage plans, or caching.
Pricing
Function URLs are included in Lambda’s request and duration pricing. (So it's FREE!💪)
▪️
Rest API (first 333 mil) = $3.5
▪️
HTTP API (first 300 mil) = $1.0
▫️
Lambda URL = Free
▪️
CloudFront proxying to Lambda URL = ~ $1.0 to $1.2
Timeout (seconds)
▪️
Rest API = 29
▪️
HTTP API = 30
▫️
Lambda URL = 900
▪️
CloudFront proxying to Lambda URL = 60 (by default)
#Lambda
🆕 Lambda + Node.js 18.x: 🎉
https://aws.amazon.com/blogs/compute/node-js-18-x-runtime-now-available-in-aws-lambda/
🔹 Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of
🔸 For existing Node.js functions, review your code for compatibility with Node.js 18, including deprecations, then migrate to the new runtime by changing the function’s runtime configuration to
#Lambda
https://aws.amazon.com/blogs/compute/node-js-18-x-runtime-now-available-in-aws-lambda/
🔹 Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of
nodejs18.x
to get started building with Node.js 18.🔸 For existing Node.js functions, review your code for compatibility with Node.js 18, including deprecations, then migrate to the new runtime by changing the function’s runtime configuration to
nodejs18.x
.#Lambda
Amazon
Node.js 18.x runtime now available in AWS Lambda | Amazon Web Services
Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of nodejs18.x to get started building with Node.js 18.
🆕 Lambda SnapStart:
https://aws.amazon.com/blogs/aws/new-accelerate-your-lambda-functions-with-lambda-snapstart/
✻ Lambda SnapStart can improve startup performance for latency-sensitive applications by up to 10x at no extra cost, typically with no changes to your function code. The largest contributor to startup latency (often referred to as cold start time) is the time that Lambda spends initializing the function, which includes loading the function's code, starting the runtime, and initializing the function code.
✻ With SnapStart, Lambda initializes your function when you publish a function version. Lambda takes a Firecracker microVM snapshot of the memory and disk state of the initialized execution environment, encrypts the snapshot, and caches it for low-latency access. When you invoke the function version for the first time, and as the invocations scale up, Lambda resumes new execution environments from the cached snapshot instead of initializing them from scratch, improving startup latency.
⚠️ Important
➣ If your applications depend on uniqueness of state, you must evaluate your function code and verify that it is resilient to snapshot operations. For more information, see Handling uniqueness with Lambda SnapStart.
SnapStart supports:
✅ Java 11 runtime
SnapStart does not support:
❌ provisioned concurrency
❌ arm64
❌ Lambda Extensions
❌ EFS
❌
ℹ️ You can't use SnapStart on a function's unpublished version (
SnapStart vs Provisioned Concurrency
👉 Use Provisioned Concurrency if your application has strict cold start latency requirements.
👉 SnapStart helps you improve startup performance by up to 10x at no extra cost.
❗ You can't use both SnapStart and Provisioned Concurrency on the same function version.
#Lambda
https://aws.amazon.com/blogs/aws/new-accelerate-your-lambda-functions-with-lambda-snapstart/
✻ Lambda SnapStart can improve startup performance for latency-sensitive applications by up to 10x at no extra cost, typically with no changes to your function code. The largest contributor to startup latency (often referred to as cold start time) is the time that Lambda spends initializing the function, which includes loading the function's code, starting the runtime, and initializing the function code.
✻ With SnapStart, Lambda initializes your function when you publish a function version. Lambda takes a Firecracker microVM snapshot of the memory and disk state of the initialized execution environment, encrypts the snapshot, and caches it for low-latency access. When you invoke the function version for the first time, and as the invocations scale up, Lambda resumes new execution environments from the cached snapshot instead of initializing them from scratch, improving startup latency.
⚠️ Important
➣ If your applications depend on uniqueness of state, you must evaluate your function code and verify that it is resilient to snapshot operations. For more information, see Handling uniqueness with Lambda SnapStart.
SnapStart supports:
✅ Java 11 runtime
SnapStart does not support:
❌ provisioned concurrency
❌ arm64
❌ Lambda Extensions
❌ EFS
❌
> 512 MB
ephemeral storageℹ️ You can't use SnapStart on a function's unpublished version (
$LATEST
).SnapStart vs Provisioned Concurrency
👉 Use Provisioned Concurrency if your application has strict cold start latency requirements.
👉 SnapStart helps you improve startup performance by up to 10x at no extra cost.
❗ You can't use both SnapStart and Provisioned Concurrency on the same function version.
#Lambda
Amazon
New – Accelerate Your Lambda Functions with Lambda SnapStart | Amazon Web Services
Update (December 7, 2022) – Added additional information about pricing. Our customers tell me that they love AWS Lambda for many reasons. On the development side they appreciate the simple programming model and ease with which their functions can make use…
⚒️
https://github.com/ljacobsson/lambda-debug
🏠 Local debugging: Set breakpoints in your code and step through your functions invocations locally on native events triggered in the cloud.
👍 No code changes: No need to modify your code to enable debugging. Just add some dev dependencies and some configuration.
🔐 Same IAM permissions: Your functions will run with the same IAM permissions as they do in the cloud.
⚡ Fast iterations: No need to deploy your code to the cloud to test changes. Just save your code and invoke your functions in the cloud.
#Lambda
lambda-debug
is a tool that enables you to invoke Lambda functions in the cloud from any event source and intercept the requests with breakpoints locally.https://github.com/ljacobsson/lambda-debug
🏠 Local debugging: Set breakpoints in your code and step through your functions invocations locally on native events triggered in the cloud.
👍 No code changes: No need to modify your code to enable debugging. Just add some dev dependencies and some configuration.
🔐 Same IAM permissions: Your functions will run with the same IAM permissions as they do in the cloud.
⚡ Fast iterations: No need to deploy your code to the cloud to test changes. Just save your code and invoke your functions in the cloud.
#Lambda
Lambda + Python 3.11
https://aws.amazon.com/blogs/compute/python-3-11-runtime-now-available-in-aws-lambda/
#Lambda
https://aws.amazon.com/blogs/compute/python-3-11-runtime-now-available-in-aws-lambda/
#Lambda
Amazon
Python 3.11 runtime now available in AWS Lambda | Amazon Web Services
You can build and deploy functions using Python 3.11 using the AWS Management Console, AWS CLI, AWS SDK, AWS SAM, AWS CDK, or your choice of Infrastructure as Code (IaC). You can also use the Python 3.11 container base image if you prefer to build and deploy…
🆕 Lambda x12 faster scaling! 🚀
https://aws.amazon.com/blogs/aws/aws-lambda-functions-now-scale-12-times-faster-when-handling-high-volume-requests/
#Lambda
https://aws.amazon.com/blogs/aws/aws-lambda-functions-now-scale-12-times-faster-when-handling-high-volume-requests/
Lambda function now scales by 1,000 concurrent executions every 10 seconds until the aggregate concurrency across all functions reaches the account’s concurrency limit.
#Lambda
Amazon
AWS Lambda functions now scale 12 times faster when handling high-volume requests | Amazon Web Services
Now AWS Lambda scales up to 12 times faster. Each synchronously invoked Lambda function now scales by 1,000 concurrent executions every 10 seconds until the aggregate concurrency across all functions reaches the account’s concurrency limit. In addition, each…
Добрая пятничная история
Пару недель назад AWS выкатил поддержку CloudFront OAC для Lambda function URLs, чтобы можно было удобно ходить в приватные Лямбды.
Сначала все обрадовались, полезное дело, безопасности, все дела, но после выяснилось, что работают лишь GET запросы, а на POST/PUT отдаётся ошибка.
Потом все расстроились, потому что зря обрадовались — ведь это не фича, а баг.
Но один хороший человек упоролся и выяснил, что если посчитать SHA256 хэш и добавить его в заголовок
https://twitter.com/rooToTheZ/status/1788606025265975505
Он написал запрос на обновление AWS документации для CloudFront и теперь там:
ℹ️ Note
If you use PUT or POST methods with your Lambda function URL, your user must provide a signed payload to CloudFront. Lambda doesn't support unsigned payloads.
В итоге расстроились и те, кто обрадовался, когда другие расстроились, потому что рано обрадовались.
Какая же здесь мораль? Документация — важна. Грамотно задокументированный баг всегда можно сделать фичей.
#CloudFront #Lambda
Пару недель назад AWS выкатил поддержку CloudFront OAC для Lambda function URLs, чтобы можно было удобно ходить в приватные Лямбды.
Сначала все обрадовались, полезное дело, безопасности, все дела, но после выяснилось, что работают лишь GET запросы, а на POST/PUT отдаётся ошибка.
Потом все расстроились, потому что зря обрадовались — ведь это не фича, а баг.
Но один хороший человек упоролся и выяснил, что если посчитать SHA256 хэш и добавить его в заголовок
x-amz-content-sha256
, то и POST/PUT тоже работают.https://twitter.com/rooToTheZ/status/1788606025265975505
Он написал запрос на обновление AWS документации для CloudFront и теперь там:
ℹ️ Note
If you use PUT or POST methods with your Lambda function URL, your user must provide a signed payload to CloudFront. Lambda doesn't support unsigned payloads.
В итоге расстроились и те, кто обрадовался, когда другие расстроились, потому что рано обрадовались.
Какая же здесь мораль? Документация — важна. Грамотно задокументированный баг всегда можно сделать фичей.
#CloudFront #Lambda
X (formerly Twitter)
David Behroozi (@rooToTheZ) on X
My wayward sons! Remember that CloudFront Lambda OAC release we were super sad about because it didn't support PUT/POST? IT ACTUALLY DOES! You just need to calculate the SHA256 hash of the body client side and set the x-amz-content-sha256 header to it. I…