Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

February 2016 Webinar Series - Introducing VPC Support for AWS Lambda


Published on

You can now access resources within a Virtual Private Cloud (VPC) using AWS Lambda.

In this webinar, we will show how you can enable your AWS Lambda functions to access resources in a VPC. We will walk through the configuration details on how to set up this functionality, and we will demonstrate two sample scenarios. We will also discuss best practices of how to use AWS Lambda in a VPC and sample application designs.

Learning Objectives:
Learn how to access resources in a VPC with AWS Lambda
Who Should Attend:

Published in: Technology

February 2016 Webinar Series - Introducing VPC Support for AWS Lambda

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Presenter: Vyom Nagrani, Sr. Product Manager, AWS Lambda Q&A Moderator: Ajay Nair, Sr. Product Manager, AWS Lambda February 25th, 2016 Essentials: Introducing VPC Support for AWS Lambda
  2. 2. AWS Lambda: A compute service that runs your code in response to events Lambda functions: Serverless, trigger-based code execution  Triggered by events:  Direct Sync and Async invocations  Put to an Amazon S3 bucket  Call to an API Gateway endpoint  And many more …  Makes it easy to  Perform data-driven auditing, analysis, and notification  Build back-end services that perform at scale
  3. 3. 2) Continuous Scaling1) No Servers to Manage AWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely with the size of the workload. 3) Subsecond Metering With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is triggered. You don't pay anything when your code isn't running. AWS Lambda automatically runs your code without requiring you to provision or manage servers. Just write the code and upload it to Lambda. Benefits of AWS Lambda for building a server-less data processing engine
  4. 4. AWS Lambda – how it works Bring your own code  Node.JS, Java, Python  Java = Any JVM based language such as Scala, Clojure, etc.  Bring your own libraries Simple resource model  Select memory from 128MB to 1.5GB in 64MB steps  CPU & Network allocated proportionately to RAM  Reports actual usage Flexible invocation paths  Event or RequestResponse invoke options  Existing integrations with various AWS services Fine grained permissions  Uses IAM role for Lambda execution permissions  Uses Resource policy for AWS event sources
  5. 5. AWS Lambda – how it works Deployment options  Author directly using the console WYSIWYG editor  Package code as a ZIP and upload to Lambda or to S3 Stateless functions  Persist data using S3 / DynamoDB / ElastiCache  No affinity to infrastructure (can’t “log in to the box”) Authoring functions  AWS SDK built in  Handle inbound traffic  Use processes, threads, /tmp, sockets Monitoring and Logging  Metrics in Amazon CloudWatch – Requests, Errors, Latency, Throttles  Logs in CloudWatch Logs
  6. 6. AWS Lambda - Key scenarios and use-cases for AWS Lambda Data processing Stateless processing of discrete or streaming updates to your data-store or message bus Control systems Customize responses and response workflows to state and data changes within AWS App backend development Execute server side backend logic in a cross platform fashion
  7. 7. New functionality: Accessing resources in a VPC from a Lambda function Description: Access Resources within a VPC using AWS Lambda Benefit: Your Lambda functions can now access Amazon RDS databases, Amazon Redshift data warehouses, Amazon ElasticCache nodes, and other endpoints that are accessible only from within a particular VPC (e.g. web service running on EC2). How it works: You must provide additional VPC-specific configuration information such as VPC subnet IDs and security group IDs in order to enable your Lambda functions to access resources in an Amazon VPC Documentation:
  8. 8. Quick walkthrough VPC basics before getting started VPC subnet VPC subnet NAT IGW
  9. 9. How AWS Lambda works with Amazon VPC  AWS Lambda functions always execute securely inside a VPC by default  … even if you don’t explicitly specify VPC configuration settings  … but this VPC is not in your account, so you cannot connect to it directly  You need to configure Lambda to access resources inside your private VPC  e.g. Amazon Redshift data warehouses, Amazon ElastiCache clusters, or Amazon RDS instances  You can add a VpcConfig parameter when creating or updating the Lambda function  Includes list of VPC Subnets and a Security Group  AWS Lambda creates ENIs in your account and takes Private IPs from your subnets to allow your Lambda function to access resources in your VPC
  10. 10. Today’s demo workflow: Reading off a cache behind a VPC from a Lambda function AWS Lambda Amazon ElastiCache Amazon DynamoDB Invoke Lambda function First, try to fetch from cache On cache-miss, fetch from main table and update cache Amazon VPC
  11. 11. Best practices for enabling VPC configuration for Lambda functions  Ensure your account has enough ENIs  ENIs used = Projected peak concurrent executions * (Memory in GB / 1.5GB)  Don’t delete/rename ENIs created by Lambda  Ensure your VPC subnets have enough IP addresses  Total IPs used across all subnets = number of ENIs  Specify at least one subnet in each Availability Zone  This enables Lambda to run in high-availability mode
  12. 12. Things to remember when configuring Lambda functions to connect to resources behind a VPC  Functions configured for VPC access lose Internet access  … even if you have “Auto Assign Public IP” enabled  … even if you have an Internet Gateway setup in your VPC  … even if your security group allows all outbound traffic  … even if all you want to do is call other AWS service endpoints (other than S3)  However, you can access peered VPCs and VPN endpoints directly  For your function to connect to any external endpoint, you need to create a Managed NAT or a NAT instance inside the VPC
  13. 13. Three Next Steps 1. Create and test your first Lambda function. With AWS Lambda, there are no new languages, tools, or frameworks to learn. You can use any third party library, even native ones. And every month, the first 1M invokes are on us! 2. Connect your Lambda function to resources inside Amazon Virtual Private Cloud by configuring the ‘VpcConfig’ parameter either at the time you create a Lambda function or by adding it to the existing Lambda function configuration. 3. Create a Network Address Translation (NAT) instance inside the VPC to enable your Lambda function to connect to both resources inside the VPC as well as endpoints on the public internet.
  14. 14. Thank you! Visit, the AWS Compute blog, and the Lambda forum to learn more and get started using Lambda.
  15. 15. AWS Summit – Chicago: An exciting, free cloud conference designed to educate and inform new customers about the AWS platform, best practices and new cloud services. Details • April 18-19, 2016 • Chicago, Illinois • @ McCormick Place Featuring • New product launches • 50+ sessions, labs, and bootcamps • Executive and partner networking Register Now • Go to • Click on The AWS Summit - Chicago … then register. • Come and see what AWS and the cloud can do for you. Chicago – April 18-19