© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Presenter: Vyom Nagrani, Sr. Product Manager, AWS LambdaQ&A Moderator: Ajay Nair, Sr. Product Manager, AWS LambdaFebruary 25th, 2016
Essentials: Introducing VPC Support for AWS Lambda
AWS Lambda: A compute service that runs your code in response to events Lambda functions: Serverless, trigger-based code execution
Triggered by events: Direct Sync and Async invocations Put to an Amazon S3 bucket Call to an API Gateway endpoint And many more …
Makes it easy to Perform data-driven auditing, analysis, and notification Build back-end services that perform at scale
2) Continuous Scaling 1) No Servers to ManageAWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely
with the size of the workload.
3) Subsecond Metering With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is
triggered. You don't pay anything when your code isn't running.
AWS Lambda automatically runs your code without requiring you to provision or manage servers. Just write the code
and upload it to Lambda.
Benefits of AWS Lambda for building a server-less data processing engine
AWS Lambda – how it works
Bring your own code Node.JS, Java, Python Java = Any JVM based
language such as Scala, Clojure, etc.
Bring your own libraries
Simple resource model Select memory from 128MB
to 1.5GB in 64MB steps CPU & Network allocated
proportionately to RAM Reports actual usage
Flexible invocation paths Event or RequestResponse
invoke options Existing integrations with
various AWS services
Fine grained permissions Uses IAM role for Lambda
execution permissions Uses Resource policy for
AWS event sources
AWS Lambda – how it works
Deployment options Author directly using the
console WYSIWYG editor Package code as a ZIP and
upload to Lambda or to S3
Stateless functions Persist data using S3 /
DynamoDB / ElastiCache No affinity to infrastructure
(can’t “log in to the box”)
Authoring functions AWS SDK built in Handle inbound traffic Use processes, threads,
/tmp, sockets
Monitoring and Logging Metrics in Amazon
CloudWatch – Requests, Errors, Latency, Throttles
Logs in CloudWatch Logs
AWS Lambda - Key scenarios and use-cases for AWS Lambda
Data processingStateless processing of discrete
or streaming updates to your data-store or message bus
Control systemsCustomize responses and
response workflows to state and data changes within AWS
App backend development
Execute server side backend logic in a cross platform fashion
New functionality: Accessing resources in a VPC from a Lambda function
Description: Access Resources within a VPC using AWS Lambda
Benefit: Your Lambda functions can now access Amazon RDS databases, Amazon Redshift data warehouses, Amazon ElasticCache nodes, and other endpoints that are accessible only from within a particular VPC (e.g. web service running on EC2).
How it works: You must provide additional VPC-specific configuration information such as VPC subnet IDs and security group IDs in order to enable your Lambda functions to access resources in an Amazon VPC
Documentation: http://docs.aws.amazon.com/lambda/latest/dg/vpc.html
Quick walkthrough VPC basics before getting started
VPC subnet VPC subnet
NAT 0.0.
0.0/
0
0.0.0.0/0
172.31.0.0/16
172.31.0.0/24 172.31.1.0/24
IGW
How AWS Lambda works with Amazon VPC
AWS Lambda functions always execute securely inside a VPC by default … even if you don’t explicitly specify VPC configuration settings … but this VPC is not in your account, so you cannot connect to it directly
You need to configure Lambda to access resources inside your private VPC e.g. Amazon Redshift data warehouses, Amazon ElastiCache clusters, or Amazon RDS
instances
You can add a VpcConfig parameter when creating or updating the Lambda function Includes list of VPC Subnets and a Security Group
AWS Lambda creates ENIs in your account and takes Private IPs from your subnets to allow your Lambda function to access resources in your VPC
Today’s demo workflow: Reading off a cache behind a VPC from a Lambda function
AWS Lambda Amazon ElastiCache
Amazon DynamoDB
Invoke Lambda function
First, try to fetch from cache
On cache-miss, fetch from main table and
update cache
Amazon VPC
Best practices for enabling VPC configuration for Lambda functions Ensure your account has enough ENIs
ENIs used = Projected peak concurrent executions * (Memory in GB / 1.5GB)
Don’t delete/rename ENIs created by Lambda
Ensure your VPC subnets have enough IP addresses
Total IPs used across all subnets = number of ENIs
Specify at least one subnet in each Availability Zone
This enables Lambda to run in high-availability mode
Things to remember when configuring Lambda functions to connect to resources behind a VPC Functions configured for VPC access lose Internet access
… even if you have “Auto Assign Public IP” enabled
… even if you have an Internet Gateway setup in your VPC
… even if your security group allows all outbound traffic
… even if all you want to do is call other AWS service endpoints (other than S3)
However, you can access peered VPCs and VPN endpoints directly
For your function to connect to any external endpoint, you need to create a Managed
NAT or a NAT instance inside the VPC
Three Next Steps
1. Create and test your first Lambda function. With AWS Lambda, there are no new languages, tools, or frameworks to learn. You can use any third party library, even native ones. And every month, the first 1M invokes are on us!
2. Connect your Lambda function to resources inside Amazon Virtual Private Cloud by configuring the ‘VpcConfig’ parameter either at the time you create a Lambda function or by adding it to the existing Lambda function configuration.
3. Create a Network Address Translation (NAT) instance inside the VPC to enable your Lambda function to connect to both resources inside the VPC as well as endpoints on the public internet.
Thank you!
Visit http://aws.amazon.com/lambda, the AWS Compute blog, and the Lambda forum to learn more and get started using Lambda.
AWS Summit – Chicago: An exciting, free cloud conference designed to educate and inform new customers about the AWS platform, best practices and new cloud services.
Details• April 18-19, 2016 • Chicago, Illinois• @ McCormick Place
Featuring• New product launches• 50+ sessions, labs, and bootcamps• Executive and partner networking
Register Now• Go to aws.amazon.com/summits• Click on The AWS Summit - Chicago … then register.• Come and see what AWS and the cloud can do for you.
Chicago – April 18-19