CHAPTER 19

Developing Serverless Applications with Lambda

In this chapter, you will learn

• Lambda functions

• Lambda applications

• Lambda layers

This chapter will discuss how to develop serverless functions and applications using AWS Lambda.

AWS Lambda

AWS Lambda is a serverless compute service where you just provide your code to execute without having to provision any servers and pay only for the execution time. AWS Lambda manages the provision, scaling, and termination of servers automatically and charges only when your code is running. AWS Lambda supports Go, Node.js, Java, C#, Ruby, Python, and PowerShell to write your code for any application or backend services without the need for any underlying tasks, including code monitoring, logging, scaling, capacity provisioning, and server and operating system maintenance.

AWS Lambda can be automatically triggered based on events like data changes in an Amazon DynamoDB table, or changes to an Amazon S3 bucket, or AWS SDK API calls, or HTTP requests from the Amazon API Gateway, or data streaming data in Kinesis. You can also create your own serverless application or service composed of functions that can be triggered by events.

AWS Lambda Functions

The AWS Lambda function is an event-driven compute service that uses your code, chosen memory, timeout period, IAM role, and AWS service event to trigger the execution. The following are some of the key concepts that you need to understand before building your first serverless function and application:

• Runtime   This allows functions in various languages to use the same execution environment. You can use the runtime provided by Lambda or build your own runtime that sits in between the Lambda service and your function code, relaying responses between the two and invocating events.

• Event   Function uses the event, which is a JSON-format document to process, and then runtime converts it and sends it back to your function. The structure and contents of the event can be determined when invoking the function. For example, a custom event for timestamp data is as follows:

• Concurrency   This is the number of requests that a function can serve at any given time. Lambda provisions an instance when your function is invoked to process the event. The instance can process another event request when the current function is finished; if not, then another instance is provisioned to process the concurrent request. You can configure a specific level of concurrency to limit this.

• Trigger   This is a configuration that invokes your Lambda function, including any AWS service events, custom application events, or event source mapping, that reads from a stream or queue to invoke the function.

• Versioning   You can leverage versioning to store new code and configuration of your Lambda function. It will be used along with aliases to perform rolling or blue/green deployments.

• Scaling   Scaling is automatically handled by Lambda when your function receives a concurrent request while it’s processing a request by launching another instance to handle the increased load.

• High availability   When you create your Lambda function to connect to a Virtual Private Cloud (VPC) and specify subnets in more than one Availability Zones, Lambda runs your function in multiple Availability Zones to ensure high availability.

• Reserved concurrency   You can reserve concurrency to handle additional requests, but you cannot exceed the specified number of concurrent invocations, which ensures that you have available concurrency when needed.

• Retries   Lambda retries the execution automatically, with delays between each invocation triggered by AWS services and other clients.

• Dead-letter queue   Lambda can be configured to send failed retry requests to a dead-letter queue, which can be an Amazon SQS queue or Amazon SNS topic that will be used for reprocessing or troubleshooting.

Let us create a function that logs the message pushed to the SNS topic.

1. Log in to your AWS Management Console and select Services from top-left screen. Choose AWS Lambda. The AWS Lambda console page will appear, as shown here.

2. Click on the Create Function button that will take you to the AWS Lambda Create Function screen.

3. Now select the s3-get-object-python function from the blueprint that will take you to the Basic Information page. Here you need to enter a name for your function, choose AWS Policy Templates, and then provide a role name. Choose Policy Templates from the dropdown and choose the S3 and SNS policies.

4. Now you need to configure the S3 trigger that can be run each time the defined event occurs. Choose your existing bucket from the dropdown menu, and select All Object Create Events. Provide the Prefix and Suffix as appropriate, and choose Enable Trigger.

5. The last part is Lambda function code, which is preconfigured by the blueprint and can be updated after the function is created. This function uses Python 3.7. Click on the Create Function button.

Your first AWS Lambda is successfully created, and you can explore testing different values and updating the code based on your need. This is the beginning of your exciting serverless journey. Explore many blueprint functions to quickly get started with creating and deploying AWS Lambda functions.

AWS Lambda Applications

An AWS Lambda application consists of Lambda functions, events, and triggers that work as a single package that you can deploy and manage as one resource. Lambda applications can be integrated with developer tools like the AWS SAM CLI. In addition, a collection of Lambda applications can be deployed easily with AWS CodePipeline for your projects. AWS CloudFormation, along with AWS SAM, provides a local testing platform for serverless application development by defining your application’s resources and managing the application as a stack. This allows you to safely add and modify resources and roll back to the previous state of your application stack.

AWS Lambda Layers

A Lambda function can be configured to pull additional code in a ZIP archive format that contains a custom runtime, libraries, and content in the form of layers—up to five layers at a time. Custom layers, AWS, or third-party AWS customer published layers can be used like libraries in your function without including them in your deployment package. Resource-based policies can be used to grant layer usage permissions to specific AWS accounts or AWS organizations. The runtime uses libraries in a different location, under /opt, where layers are extracted in the function execution environment depending on the language. AWS SAM can be used to manage layers and its configurations.

AWS Lambda Security

AWS Lambda follows the AWS shared responsibility model, including compliance and regulations for data protection. AWS recommends using multifactor authentication (MFA) and SSL/TLS to communicate, capturing all user activity logging with AWS CloudTrail. AWS strongly recommends not using any sensitive identifying information in function names and freeform tags, since the metadata might get picked up in diagnostic logs, and never include external URL credential information.

All Lambda communication is encrypted with TLS, and the Lambda API endpoint supports only HTTPS secure connections. The environment variables can be used to store secrets securely because they are encrypted at rest. Environment variable values can be encrypted on the client side from the Lambda console before sending them to Lambda, which prevents secrets from being displayed unencrypted in the Lambda console or in the function configuration that’s returned by the Lambda API. You can use customer-managed key to encrypt data in Amazon CloudWatch logs and AWS X-Ray, where the data is encrypted by default using the AWS-managed keys. All files that you upload are encrypted by default in Lambda, including deployment packages and layer archives.

Chapter Review

This chapter began by explaining AWS Lambda, which is a serverless compute service where you execute your code without provisioning any servers and pay only for the execution time. It manages the provision, scaling, and termination of servers and supports Go, C#, Ruby, Python, Node.js, Java, and PowerShell to write your code for serverless functions and applications. AWS Lambda handles all the administration of underlying tasks, including code monitoring, logging, scaling, capacity provisioning, and server and operating system maintenance. The AWS Lambda function is an event-driven compute service that uses your code, chosen memory, timeout period, IAM role, and AWS service event to trigger the execution. You can use the runtime provided by Lambda or build your own runtime that sits in between the Lambda service and your function code, relaying responses between the two and invocating events.

AWS Lambda applications can be created from the AWS Management Console using the AWS SAM CLI, AWS CodeBuild, or AWS CodePipeline. An AWS Lambda application is a collection of Lambda applications that can be deployed easily with AWS CodePipeline for your projects. AWS CloudFormation, along with AWS SAM, provides a local testing platform for serverless application development by defining your application’s resources and managing the application as a stack. A Lambda function can be configured with custom layers, AWS, or third-party AWS customer published layers, which can be used like libraries in your function without including them in your deployment package. Resource-based policies can be used to grant layer usage permissions to specific AWS accounts or AWS organizations. The runtime uses libraries in a different location, under /opt, where layers are extracted in the function execution environment depending on the language.

Exercise

The following exercise will help you practice creating an AWS Lambda serverless application using development tools. You need to create an AWS account, as explained earlier, before performing the exercises. You can use the Free Tier when launching AWS resources, but make sure to terminate them at the end.

Exercise 19-1: Create a AWS Lambda Serverless Application Using the AWS Management Console

1. Use your AWS account e-mail address and password to sign in and then navigate to the AWS Lambda console at https://console.aws.amazon.com/lambda/.

2. Verify the AWS region by using the Region selector in the upper-right corner of the page.

3. From the navigation pane on the left, choose Applications and click on the Create Application button.

4. The Create A Lambda application page has a few sample applications. I encourage you to create and test a few sample AWS Lambda applications before your exam. In this exercise, I chose Queue Processing, which uses Lambda to process messages from your Amazon SQS queue.

5. This sample AWS Lambda application uses Node.js and CodeCommit for source control. It uses CodeBuild for build and test and CodePipeline for continuous delivery. AWS CloudFormation is used in the background to deploy as an application template stack.

6. In the Configure Your Application screen, enter my-lambda-queue for the application name and provide a description. For Runtime, choose Node.js and choose CodeCommit for source control. For the Repository Name, type my-lambda-queue. Also select Permissions to create an appropriate role and execute this AWS serverless application.

7. When you click on the Create button, AWS Lambda starts provisioning all the resources you will need for this serverless application and shows you the progress.

8. In a few minutes, all the resources will be provisioned and the Application Created message appears.

9. From the previous illustration, you can observe that four resources are created in addition to nine infrastructures for you, as shown at the bottom. On the Code tab, you can see the CodeCommit repository and option to clone the URL and SSH.

10. Now navigate to the Deployments tab, where you can find the CodePipeline application pipeline and its status, along with the SAM template that was used to create this serverless application.

11. Now navigate to the Monitoring tab where you can see a couple of Dashboards, one for AWS Lambda, which has invocations, errors, duration, and concurrent executions as different charts.

12. From the dropdown, choose Amazon SQS, which has charts for messages sent, received, deleted, visible, not visible, delayed, etc. You can create a queue and start seeing this serverless application in action, but do not forget to delete this once all the resources are completed.

Questions

The following questions will help you gauge your understanding of the contents in this chapter. Read all the answers carefully because there might be more than one correct answer. Choose the best response for each question.

1. You have batch jobs that run every day and use a dedicated server on-premises. Your manager asked you to explore a AWS service that can be leveraged to replace the batch server and run all your jobs without provisioning any server in your cloud environment. Which of the following services satisfies your requirement?

A. Amazon S3

B. AWS Lambda

C. Amazon EC2

D. Amazon Athena

2. Your company asks you to stop and start your lower environment AWS EC2 instances and RDS databases during nonwork hours to save costs. Which AWS service can you leverage to create jobs that stop and start your instances and databases?

A. Amazon SageMaker

B. Amazon Kinesis

C. AWS Amplify

D. AWS Lambda

3. Which of the following languages are supported in AWS Lambda? (Choose all that apply.)

A. Go

B. Node.js

C. Java

D. C#

4. AWS Lambda provisioned an instance to execute your code, and before it finishes, you trigger the Lambda function again. What will happen in this scenario?

A. Lambda will wait for the process to complete

B. Lambda will fail

C. Lambda will send a warning message

D. Lambda will provision another instance to the handle additional request

5. What is the easiest way to develop, test locally, and deploy serverless applications in the AWS environment?

A. Upload your code to Amazon S3

B. Use the AWS Serverless Application Model (SAM)

C. Provision an EC2 instance and develop your serverless application

D. You can use the AWS Fargate service

6. Your serverless application is having issues, and you need to troubleshoot by tracing. Which AWS service will help you in this scenario?

A. AWS X-Ray

B. AWS Batch

C. AWS Config

D. Amazon CodeCommit

7. You created a serverless application using Python. Which of the following runtimes can you choose? (Choose all that apply.)

A. Python 3.8

B. Python 3.7

C. Python 3.6

D. Python 2.7

8. You have an Amazon S3 bucket that stores sensitive information. You need to monitor any changes to the bucket and send an alert to your security team. How can you achieve this cost-effectively?

A. Create an AWS Lambda that can be triggered as soon as any changes to this bucket occur

B. Hire an AWS engineer to monitor this Amazon bucket

C. Use the Amazon SQS queue to monitor the Amazon S3 bucket

D. Use the Amazon CloudSearch service to monitor it

9. Your company receives data from multiple sources that needs to be formatted before being stored in an OLTP database. The frequency of incoming data can be very low to high, depending on the day of the week and time of the day. What is an efficient way to format the data cost-effectively?

A. Create new table and store unformatted data

B. Ask your SQL developer to write a query to format the data

C. Provision an EC2 instance and process the data using it

D. Use AWS Lambda to format the data before storing it in the database

10. How do you provision instances for your AWS Lambda functions?

A. Run your code, and AWS Lambda takes care of provisioning and managing the instances

B. Provision the first instance, and AWS Lambda manages the rest of provisioning

C. It is serverless, so it does not need any instance to run your code

D. Select the auto-provision option

Answers

1. B. You can create AWS Lambda functions to run batch jobs.

2. D. AWS Lambda functions, along with Amazon CloudWatch, can be used to create, start, and stop jobs.

3. A, B, C, D. The supported languages are Go, Node.js, Java, and C# in addition to Ruby, Python, and PowerShell.

4. D. Lambda will provision another instance to handle the additional request concurrently.

5. B. The AWS SAM can be used to easily develop and test your serverless applications locally.

6. A. AWS X-Ray can be used to run tracing on your Lambda functions to troubleshoot.

7. A, B, C, D. Python 3.8, Python 3.7, Python 3.6, and Python 2.7 can be used as runtimes.

8. A. You can create an AWS Lambda that can be triggered as soon as any changes to this bucket occur.

9. D. You can use AWS Lambda to format the data before storing it in the database.

10. A. AWS Lambda takes care of all the provisioning and managing of instances.

Additional Resources

• AWS Lambda   The recommended documentation for any AWS services, including Amazon Lambda, is the official AWS documentation, where you can get the most up-to-date information.

• AWS Lambda Blog   This is the official blog for AWS Lambda, which has all the latest information in one place for useful functions.

• AWS SAM Blog   This blog has all the latest information in one place for AWS SAM.