Derek Ashmore, profile picture
Uploaded byDerek Ashmore
PDF, PPTX212 views

AWS Lambda: Best Practices and Common Mistakes - Chicago Cloud Conference 2020

The document presents best practices and common mistakes for using AWS Lambda by Derek C. Ashmore at the Chicago Cloud Conference in September 2020. It highlights the benefits of AWS Lambda, such as reduced maintenance and scalability, while addressing the trade-offs like less control and potential cost variability. The presentation also provides practical coding tips, design recommendations, and outlines common pitfalls to avoid when utilizing AWS Lambda in cloud-native applications.

Embed presentation

Download as PDF, PPTX
AWS Lambda: Best Practices and Common Mistakes Given by Derek C. Ashmore Chicago Cloud Conference September 21, 2020 ©2020 Derek C. Ashmore, All Rights Reserved 1
Who am I? • Professional Geek since 1987 • Java/J2EE/Java EE since 1999 • AWS since 2010 • Azure since 2017 • Specialties • Cloud Workshops • Cloud-native Applications • Yes – I still code! ©2020 Derek C. Ashmore, All Rights Reserved 2
Discussion Resources • This slide deck – https://www.slideshare.net/derekashmore/presentations • Sample code on my Github – https://github.com/Derek-Ashmore/ • Slide deck has hyper-links! – Don’t bother writing down URLs ©2020 Derek C. Ashmore, All Rights Reserved 3
Agenda The “What” and “Why” of AWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 4
What are AWS Lambdas? • You provide custom code -> AWS runs it – Java, Node.js, Python, Go, Ruby, .Net Core – Can implement custom runtimes for languages not in the list! • Computing power with less management – AWS manages the hardware – AWS autoscales that hardware – AWS maintains that hardware • Lambdas are event driven – API Gateway (e.g. RESTful Web Service call) – Many more • Lambdas are stateless • Not to be confused with “Lambda Expressions” in Java 8 © 2020 Derek C. Ashmore, All Rights Reserved 5
Lambda Event Sources • API Gateway • SNS Messaging Subscriptions • Schedule • Storage writes – S3, DynamoDB, Kenesis © 2020 Derek C. Ashmore, All Rights Reserved 6 • SES Email receipt • Cloudwatch – Schedule, Events, log entries • Cognito (Security) • CloudFormation – Creation script
What’s the Business Benefit • Less Maintenance Hassle • Unlimited Parallelism • Current cost advantage – Don’t pay for idle – CPU cost currently lower • Free tier – 1 M executions and 400K compute seconds per month – Memory allocated determines allowed free-tier runtime • 20 cents per 1 M executions + memory/runtime cost – Administration cost • No O/S upgrades, server backups, etc. © 2020 Derek C. Ashmore, All Rights Reserved 7
There’s no free lunch • Less control over environment – Harder to tune – Memory and time limits on execution • Few Environment amenities – No connection pooling, session support, caching • Proprietary Interface – Potential Technical Lock-in • No Guarantee that AWS cost will be constant – Potential Business Risk • Modern version of CGI © 2020 Derek C. Ashmore, All Rights Reserved 8
Agenda The “What” and “Why” of AWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 9
What Makes a “Best Practice”? • Makes Support Easier • Increases Reuse • Increases Performance • Minimizes Resource Consumption – Labor – Runtime ©2018 Derek C. Ashmore, All Rights Reserved 10
Let’s start with Low-Hanging Fruit © 2020 Derek C. Ashmore, All Rights Reserved 11
Report Inputs/Env on Exception • Place a Try / Catch in your handler – Python Example – Java Example • Also check your arguments with a clear error message © 2020 Derek C. Ashmore, All Rights Reserved 12 def crossAccountHandler(event, context): try: ……………… except Exception as e: e.args += (event,vars(context)) raise
Check Arguments Up Front • Check your arguments with a clear error message – Python Example – Java Example © 2020 Derek C. Ashmore, All Rights Reserved 13 def crossAccountHandler(event, context): try: if 'Assumed_Role' in event: ………………… else: raise Exception('Assumed_Role not provided as argument') except Exception as e:
Specify Lambda Source Repo • Explicitly put the source repository name in the Lambda comments – In most organizations, the repository name isn’t obvious – Others changing your code need it – You don’t want source control to be out of date © 2020 Derek C. Ashmore, All Rights Reserved 14 """ secretLambda.py …………… Source Control: https://github.com/Derek-Ashmore/AWSDevOpsUtilities """
Separate Lambda from Business Logic • Make business logic reusable – Callable by other applications – Usable on premises • Easier to locally develop and debug – Lambda-specific logic is thin! © 2020 Derek C. Ashmore, All Rights Reserved 15 def startStopHandler(event, context): try: executeStopStart(datetime.datetime.now() , os.getenv('Scheduled_StartTime', ‘’) , os.getenv('Scheduled_StopTime', ‘’) , os.getenv('Scheduled_StartStop_Days', 'M,T,W,R,F’)) …………… return 0;
This is low-hanging fruit that will be appreciated by your fellow developers! ©2018 Derek C. Ashmore, All Rights Reserved 16 • Log All Inputs and Environment on Exception • Check all arguments up front • Document the source repo at the top. • Repo readme can have other developer specifics • Separate Lambda code from business logic • Now let’s talk design and operations….
Agenda The “What” and “Why” of AWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 17
Automate builds and deployments! © 2020 Derek C. Ashmore, All Rights Reserved 18
Lambda Copies Everywhere! • Changes / Bug Fixes need to be deployed everywhere • Solving with automation solves the wrong problem! © 2020 Derek C. Ashmore, All Rights Reserved 19
One Copy for All! • Scalable – only need to add accounts over time • Bugfixes in one place • Configuration usually in common DynamoDB table(s) • Sample in Python here ©2018 Derek C. Ashmore, All Rights Reserved 20
Cross-Account Execution • Algorithm is – Assume a remote-account role using STS • The response has temporary credentials – Create a session using the remote account creds – Do work in the remote account • Example here: Derek-Ashmore/AWSDevOpsUtilities (Github) © 2020 Derek C. Ashmore, All Rights Reserved 21
For workloads over 15 min • Executor that invokes lambda asynchronously for each account • Sample in Python here ©2018 Derek C. Ashmore, All Rights Reserved 22
Limit Custom Nesting to One Level • Debugging with nested executions is – Time consuming and difficult – Can’t do locally – Absolutely requires unique correlation id for the entire transaction • Allows you to tell invocation history for one logical transaction – Instead of deep custom nesting, use AWS Step Functions • Use Step Functions if you need more © 2020 Derek C. Ashmore, All Rights Reserved 23
Nested Calls using AWS Step Functions • AWS Step Functions – Uses a State Machine model • Think turn-style to get access to train – States are “Locked” and “Unlocked” – Locked → Payment input allowed, then “Unlocked” – Unlocked → One person allowed through, then “Locked” – Automatically provides correlation between invocations • Unified logs for the entire transaction – Now supported by X-ray (09/2020) • Execution time and health per Step Function workflow © 2020 Derek C. Ashmore, All Rights Reserved 24
Operations and Design Habits © 2020 Derek C. Ashmore, All Rights Reserved 25 • Automate Builds and Deployments • Only install Lambda’s Once • Limit Lambda nesting to One Level • Step functions if you need more • Now let’s talk dependencies and secrets
Use Configuration Injection • No environment specifics hardcoded in the Lambda deployment • Use Environment Variables on the Lambda Definition – No un-encrypted secrets (e.g. database password) • Use Arguments in the triggering event – No un-encrypted secrets • Anti-Example – Splunk forwarding Lambda with hard-coded Splunk channels © 2020 Derek C. Ashmore, All Rights Reserved 26
Providing Secrets to Lambdas • Secrets are needed items like credentials of any type. • Use IAM Roles to grant permission to read secrets • Options are: – Use KMS • Encrypt credential and base64 encode it – Place encrypted version in environment variable • Sample Lambda and Encryption Script (here) – Use a Digital Vault (e.g. AWS Secrets Manager) • Sample Lambda here © 2020 Derek C. Ashmore, All Rights Reserved 27
AWS Secrets Manager • Use IAM Roles to grant permission to read secrets • You don’t need a “secret” to get a “secret”! © 2020 Derek C. Ashmore, All Rights Reserved 28
Avoid Heavy-Footprint Dependencies • Minimizes load time – Mitigates cold-start problem • Java – Use Guice over Spring • Python – Use AWS provided deps first (list is here) © 2020 Derek C. Ashmore, All Rights Reserved 29
Idempotence • Possible for your Lambda to be invoked multiple times for the same event – Prevent repeat actions from having a different effect. • Options – Record the event id –> Skip repeated events • Most event sources provide a unique request id – Lambda invoking lambda does not! • Negatively affects performance – 1 extra read – 1 extra write • Need to roll-off old events – Insure that the effect is the same each time • Not perfect → You don’t control invocation order © 2020 Derek C. Ashmore, All Rights Reserved 30
Dependency Management • AWS Layers can be used for dependency management – Can upgrade your library dependencies in one location • Provides convenience • Use for custom runtimes! • Beware of unintended consequences – Easies to inadvertently break published lambdas using layers © 2020 Derek C. Ashmore, All Rights Reserved 31
Common Mistakes • Deploying inappropriate workloads as Lambdas – Install full Java web application as Lambda • Required keep-alive lambdas to prevent cold-starts • Not keeping business logic unit-testable • Creating the distributed monolith – Lambdas with extensive nested execution – Lambdas not independently deployable © 2020 Derek C. Ashmore, All Rights Reserved 32
Further Reading • This slide deck – https://www.slideshare.net/derekashmore/presentations • AWS Lambda Reading List – http://www.derekashmore.com/2016/04/aws-lambda-reading-list.html • Amazon’s Published Best Practice List – https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html © 2020 Derek C. Ashmore, All Rights Reserved 33
Questions? • Derek Ashmore: – Blog: www.derekashmore.com – LinkedIn: www.linkedin.com/in/derekashmore • Connect Invites from attendees welcome – Twitter: https://twitter.com/Derek_Ashmore – GitHub: https://github.com/Derek-Ashmore – Book: http://dvtpress.com/ © 2020 Derek C. Ashmore, All Rights Reserved 34

More Related Content

PDF
Implementing DevOps Automation: Best Practices & Common Mistakes - DevOps Eas...
byDerek Ashmore
 
PDF
Terraform best-practices-and-common-mistakes-dev ops-west-2021
byDerek Ashmore
 
PDF
Writing microservices in java java one-2015-10-28
byDerek Ashmore
 
PDF
Writing microservices in Java -- Chicago-2015-11-10
byDerek Ashmore
 
PDF
Refactoring Into Microservices. Chicago Coders Conference 2017-06-26
byDerek Ashmore
 
PDF
Microservices with Terraform, Docker and the Cloud. JavaOne 2017 2017-10-02
byDerek Ashmore
 
PDF
Microservices for java architects schamburg-2015-05-19
byDerek Ashmore
 
PDF
Microservices for java architects it-symposium-2015-09-15
byDerek Ashmore
 
Implementing DevOps Automation: Best Practices & Common Mistakes - DevOps Eas...
byDerek Ashmore
 
Terraform best-practices-and-common-mistakes-dev ops-west-2021
byDerek Ashmore
 
Writing microservices in java java one-2015-10-28
byDerek Ashmore
 
Writing microservices in Java -- Chicago-2015-11-10
byDerek Ashmore
 
Refactoring Into Microservices. Chicago Coders Conference 2017-06-26
byDerek Ashmore
 
Microservices with Terraform, Docker and the Cloud. JavaOne 2017 2017-10-02
byDerek Ashmore
 
Microservices for java architects schamburg-2015-05-19
byDerek Ashmore
 
Microservices for java architects it-symposium-2015-09-15
byDerek Ashmore
 

What's hot

PPTX
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
byChris Kernaghan
 
PDF
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
byTechWell
 
PPTX
Delivering Mobile Apps That Perform
byRuben Goncalves
 
PDF
Calculating the Savings of Moving Your Drupal Site to the Cloud
byAcquia
 
PPTX
Managing Performance in the Cloud
byDevOpsGroup
 
PPTX
BOSE - Josh Steckler - Automating Automation: Build environments, on-demand
byDevOps Enterprise Summit
 
PPTX
Make a Move to the Azure Cloud with SoftNAS
byBuurst
 
PPTX
Greg Maxey - Electric Cloud - Process as Code: An Introduction to the Electri...
byDevOps Enterprise Summit
 
ODP
Zero Downtime JEE Architectures
byAlexander Penev
 
PPTX
Cloudy with a Chance of Databases
byKellyn Pot'Vin-Gorman
 
PDF
Automatic Undo for Cloud Management via AI Planning
byHiroshi Wada
 
PPTX
The Rocky Cloud Road
byGert Drapers
 
PPTX
Embracing Failure - Fault Injection and Service Resilience at Netflix
byJosh Evans
 
PDF
Cleaning Out Your IT Closet - SPSRED 2013
byadamtoth
 
PDF
[India Merge World Tour] Electric Cloud
byPerforce
 
PPTX
Sam Fell - Electric Cloud - Faster Continuous Integration with ElectricAccele...
byDevOps Enterprise Summit
 
PPTX
Picnic Software - Developing a flexible and scalable application
byNick Josevski
 
PPTX
#NetflixEverywhere Global Architecture
byJosh Evans
 
PDF
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
bykevin_donovan
 
PPTX
Sam Fell - Electric Cloud - Automating Continuous Delivery with ElectricFlow
byDevOps Enterprise Summit
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
byChris Kernaghan
 
Flintstones or Jetsons? Jump Start Your Virtual Test Lab
byTechWell
 
Delivering Mobile Apps That Perform
byRuben Goncalves
 
Calculating the Savings of Moving Your Drupal Site to the Cloud
byAcquia
 
Managing Performance in the Cloud
byDevOpsGroup
 
BOSE - Josh Steckler - Automating Automation: Build environments, on-demand
byDevOps Enterprise Summit
 
Make a Move to the Azure Cloud with SoftNAS
byBuurst
 
Greg Maxey - Electric Cloud - Process as Code: An Introduction to the Electri...
byDevOps Enterprise Summit
 
Zero Downtime JEE Architectures
byAlexander Penev
 
Cloudy with a Chance of Databases
byKellyn Pot'Vin-Gorman
 
Automatic Undo for Cloud Management via AI Planning
byHiroshi Wada
 
The Rocky Cloud Road
byGert Drapers
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
byJosh Evans
 
Cleaning Out Your IT Closet - SPSRED 2013
byadamtoth
 
[India Merge World Tour] Electric Cloud
byPerforce
 
Sam Fell - Electric Cloud - Faster Continuous Integration with ElectricAccele...
byDevOps Enterprise Summit
 
Picnic Software - Developing a flexible and scalable application
byNick Josevski
 
#NetflixEverywhere Global Architecture
byJosh Evans
 
Harvard it summit 2016 - opencast in the cloud at harvard dce- live and on-d...
bykevin_donovan
 
Sam Fell - Electric Cloud - Automating Continuous Delivery with ElectricFlow
byDevOps Enterprise Summit
 

Similar to AWS Lambda: Best Practices and Common Mistakes - Chicago Cloud Conference 2020

PDF
AWS Community Day - Derek C. Ashmore - AWS Lambda: Best Practices
byAWS Chicago
 
PDF
AWS Lambda: Best Practices and Common Mistakes - AWS Community Days 2019
byDerek Ashmore
 
PDF
AWS Lambda: Best Practices and Common Mistakes - Dev Ops West 2019
byDerek Ashmore
 
PDF
AWS Lambda: Best Practices and Common Mistakes - DevOps East 2019
byDerek Ashmore
 
PDF
AWS Lambda: Best Practices and Common Mistakes - Chicago Cloud Conference 2019
byDerek Ashmore
 
PDF
Aws lambda best practices - ignite - dev opsdays-charlotte
byDerek Ashmore
 
PDF
AWS Lambda Deployments: Best Practices and Common Mistakes O'Reilly Software...
byDerek Ashmore
 
PDF
AWS Lambda Functions A Comprehensive Guide
byInexture Solutions
 
PDF
AWS Lambda
byAlexander Savchuk
 
PDF
Overview aws-lambda-security
bymustafa sarac
 
PPTX
Containerless in the Cloud with AWS Lambda
byRyan Cuprak
 
PDF
AWS Lambda for Architects - Chicago Coder Conference -2016-06-07
byDerek Ashmore
 
PDF
Aws Lambda for Java Architects - JavaOne -2016-09-19
byDerek Ashmore
 
PDF
Aws Lambda for Java Architects CJug-Chicago 2016-08-30
byDerek Ashmore
 
PDF
Aws Lambda for Java Architects - Illinois JUG-Northwest -2016-08-02
byDerek Ashmore
 
PDF
Aws Lambda for Java Architects - Illinois VJug -2016-05-03
byDerek Ashmore
 
PPTX
AWS Lambda
byMuhammed YALÇIN
 
PDF
A quick introduction to AWS Lambda
byogeisser
 
PDF
How to Use AWS Lambda Layers and Lambda Runtime
byDonnie Prakoso
 
PPTX
Gluecon 2018 - The Best Practices and Hard Lessons Learned of Serverless Appl...
byChris Munns
 
AWS Community Day - Derek C. Ashmore - AWS Lambda: Best Practices
byAWS Chicago
 
AWS Lambda: Best Practices and Common Mistakes - AWS Community Days 2019
byDerek Ashmore
 
AWS Lambda: Best Practices and Common Mistakes - Dev Ops West 2019
byDerek Ashmore
 
AWS Lambda: Best Practices and Common Mistakes - DevOps East 2019
byDerek Ashmore
 
AWS Lambda: Best Practices and Common Mistakes - Chicago Cloud Conference 2019
byDerek Ashmore
 
Aws lambda best practices - ignite - dev opsdays-charlotte
byDerek Ashmore
 
AWS Lambda Deployments: Best Practices and Common Mistakes O'Reilly Software...
byDerek Ashmore
 
AWS Lambda Functions A Comprehensive Guide
byInexture Solutions
 
AWS Lambda
byAlexander Savchuk
 
Overview aws-lambda-security
bymustafa sarac
 
Containerless in the Cloud with AWS Lambda
byRyan Cuprak
 
AWS Lambda for Architects - Chicago Coder Conference -2016-06-07
byDerek Ashmore
 
Aws Lambda for Java Architects - JavaOne -2016-09-19
byDerek Ashmore
 
Aws Lambda for Java Architects CJug-Chicago 2016-08-30
byDerek Ashmore
 
Aws Lambda for Java Architects - Illinois JUG-Northwest -2016-08-02
byDerek Ashmore
 
Aws Lambda for Java Architects - Illinois VJug -2016-05-03
byDerek Ashmore
 
AWS Lambda
byMuhammed YALÇIN
 
A quick introduction to AWS Lambda
byogeisser
 
How to Use AWS Lambda Layers and Lambda Runtime
byDonnie Prakoso
 
Gluecon 2018 - The Best Practices and Hard Lessons Learned of Serverless Appl...
byChris Munns
 

Recently uploaded

PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
apidays Paris 2025 | API Layer7 Security: Real-World Use Cases (BBVA & Nexi)
byapidays
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
final.pdf
byomarbishtawi04
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Workflow and decision Automation with Flowable
bychakib ch
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 

AWS Lambda: Best Practices and Common Mistakes - Chicago Cloud Conference 2020

  • 1.
    AWS Lambda: BestPractices and Common Mistakes Given by Derek C. Ashmore Chicago Cloud Conference September 21, 2020 ©2020 Derek C. Ashmore, All Rights Reserved 1
  • 2.
    Who am I? •Professional Geek since 1987 • Java/J2EE/Java EE since 1999 • AWS since 2010 • Azure since 2017 • Specialties • Cloud Workshops • Cloud-native Applications • Yes – I still code! ©2020 Derek C. Ashmore, All Rights Reserved 2
  • 3.
    Discussion Resources • Thisslide deck – https://www.slideshare.net/derekashmore/presentations • Sample code on my Github – https://github.com/Derek-Ashmore/ • Slide deck has hyper-links! – Don’t bother writing down URLs ©2020 Derek C. Ashmore, All Rights Reserved 3
  • 4.
    Agenda The “What” and “Why” ofAWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 4
  • 5.
    What are AWSLambdas? • You provide custom code -> AWS runs it – Java, Node.js, Python, Go, Ruby, .Net Core – Can implement custom runtimes for languages not in the list! • Computing power with less management – AWS manages the hardware – AWS autoscales that hardware – AWS maintains that hardware • Lambdas are event driven – API Gateway (e.g. RESTful Web Service call) – Many more • Lambdas are stateless • Not to be confused with “Lambda Expressions” in Java 8 © 2020 Derek C. Ashmore, All Rights Reserved 5
  • 6.
    Lambda Event Sources •API Gateway • SNS Messaging Subscriptions • Schedule • Storage writes – S3, DynamoDB, Kenesis © 2020 Derek C. Ashmore, All Rights Reserved 6 • SES Email receipt • Cloudwatch – Schedule, Events, log entries • Cognito (Security) • CloudFormation – Creation script
  • 7.
    What’s the BusinessBenefit • Less Maintenance Hassle • Unlimited Parallelism • Current cost advantage – Don’t pay for idle – CPU cost currently lower • Free tier – 1 M executions and 400K compute seconds per month – Memory allocated determines allowed free-tier runtime • 20 cents per 1 M executions + memory/runtime cost – Administration cost • No O/S upgrades, server backups, etc. © 2020 Derek C. Ashmore, All Rights Reserved 7
  • 8.
    There’s no freelunch • Less control over environment – Harder to tune – Memory and time limits on execution • Few Environment amenities – No connection pooling, session support, caching • Proprietary Interface – Potential Technical Lock-in • No Guarantee that AWS cost will be constant – Potential Business Risk • Modern version of CGI © 2020 Derek C. Ashmore, All Rights Reserved 8
  • 9.
    Agenda The “What” and “Why” ofAWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 9
  • 10.
    What Makes a“Best Practice”? • Makes Support Easier • Increases Reuse • Increases Performance • Minimizes Resource Consumption – Labor – Runtime ©2018 Derek C. Ashmore, All Rights Reserved 10
  • 11.
    Let’s start withLow-Hanging Fruit © 2020 Derek C. Ashmore, All Rights Reserved 11
  • 12.
    Report Inputs/Env onException • Place a Try / Catch in your handler – Python Example – Java Example • Also check your arguments with a clear error message © 2020 Derek C. Ashmore, All Rights Reserved 12 def crossAccountHandler(event, context): try: ……………… except Exception as e: e.args += (event,vars(context)) raise
  • 13.
    Check Arguments UpFront • Check your arguments with a clear error message – Python Example – Java Example © 2020 Derek C. Ashmore, All Rights Reserved 13 def crossAccountHandler(event, context): try: if 'Assumed_Role' in event: ………………… else: raise Exception('Assumed_Role not provided as argument') except Exception as e:
  • 14.
    Specify Lambda SourceRepo • Explicitly put the source repository name in the Lambda comments – In most organizations, the repository name isn’t obvious – Others changing your code need it – You don’t want source control to be out of date © 2020 Derek C. Ashmore, All Rights Reserved 14 """ secretLambda.py …………… Source Control: https://github.com/Derek-Ashmore/AWSDevOpsUtilities """
  • 15.
    Separate Lambda fromBusiness Logic • Make business logic reusable – Callable by other applications – Usable on premises • Easier to locally develop and debug – Lambda-specific logic is thin! © 2020 Derek C. Ashmore, All Rights Reserved 15 def startStopHandler(event, context): try: executeStopStart(datetime.datetime.now() , os.getenv('Scheduled_StartTime', ‘’) , os.getenv('Scheduled_StopTime', ‘’) , os.getenv('Scheduled_StartStop_Days', 'M,T,W,R,F’)) …………… return 0;
  • 16.
    This is low-hangingfruit that will be appreciated by your fellow developers! ©2018 Derek C. Ashmore, All Rights Reserved 16 • Log All Inputs and Environment on Exception • Check all arguments up front • Document the source repo at the top. • Repo readme can have other developer specifics • Separate Lambda code from business logic • Now let’s talk design and operations….
  • 17.
    Agenda The “What” and “Why” ofAWS Lambda Code-Level Tips Operation and Design Habits Summary / Q&A © 2020 Derek C. Ashmore, All Rights Reserved 17
  • 18.
    Automate builds anddeployments! © 2020 Derek C. Ashmore, All Rights Reserved 18
  • 19.
    Lambda Copies Everywhere! •Changes / Bug Fixes need to be deployed everywhere • Solving with automation solves the wrong problem! © 2020 Derek C. Ashmore, All Rights Reserved 19
  • 20.
    One Copy forAll! • Scalable – only need to add accounts over time • Bugfixes in one place • Configuration usually in common DynamoDB table(s) • Sample in Python here ©2018 Derek C. Ashmore, All Rights Reserved 20
  • 21.
    Cross-Account Execution • Algorithmis – Assume a remote-account role using STS • The response has temporary credentials – Create a session using the remote account creds – Do work in the remote account • Example here: Derek-Ashmore/AWSDevOpsUtilities (Github) © 2020 Derek C. Ashmore, All Rights Reserved 21
  • 22.
    For workloads over15 min • Executor that invokes lambda asynchronously for each account • Sample in Python here ©2018 Derek C. Ashmore, All Rights Reserved 22
  • 23.
    Limit Custom Nestingto One Level • Debugging with nested executions is – Time consuming and difficult – Can’t do locally – Absolutely requires unique correlation id for the entire transaction • Allows you to tell invocation history for one logical transaction – Instead of deep custom nesting, use AWS Step Functions • Use Step Functions if you need more © 2020 Derek C. Ashmore, All Rights Reserved 23
  • 24.
    Nested Calls usingAWS Step Functions • AWS Step Functions – Uses a State Machine model • Think turn-style to get access to train – States are “Locked” and “Unlocked” – Locked → Payment input allowed, then “Unlocked” – Unlocked → One person allowed through, then “Locked” – Automatically provides correlation between invocations • Unified logs for the entire transaction – Now supported by X-ray (09/2020) • Execution time and health per Step Function workflow © 2020 Derek C. Ashmore, All Rights Reserved 24
  • 25.
    Operations and DesignHabits © 2020 Derek C. Ashmore, All Rights Reserved 25 • Automate Builds and Deployments • Only install Lambda’s Once • Limit Lambda nesting to One Level • Step functions if you need more • Now let’s talk dependencies and secrets
  • 26.
    Use Configuration Injection •No environment specifics hardcoded in the Lambda deployment • Use Environment Variables on the Lambda Definition – No un-encrypted secrets (e.g. database password) • Use Arguments in the triggering event – No un-encrypted secrets • Anti-Example – Splunk forwarding Lambda with hard-coded Splunk channels © 2020 Derek C. Ashmore, All Rights Reserved 26
  • 27.
    Providing Secrets toLambdas • Secrets are needed items like credentials of any type. • Use IAM Roles to grant permission to read secrets • Options are: – Use KMS • Encrypt credential and base64 encode it – Place encrypted version in environment variable • Sample Lambda and Encryption Script (here) – Use a Digital Vault (e.g. AWS Secrets Manager) • Sample Lambda here © 2020 Derek C. Ashmore, All Rights Reserved 27
  • 28.
    AWS Secrets Manager •Use IAM Roles to grant permission to read secrets • You don’t need a “secret” to get a “secret”! © 2020 Derek C. Ashmore, All Rights Reserved 28
  • 29.
    Avoid Heavy-Footprint Dependencies •Minimizes load time – Mitigates cold-start problem • Java – Use Guice over Spring • Python – Use AWS provided deps first (list is here) © 2020 Derek C. Ashmore, All Rights Reserved 29
  • 30.
    Idempotence • Possible foryour Lambda to be invoked multiple times for the same event – Prevent repeat actions from having a different effect. • Options – Record the event id –> Skip repeated events • Most event sources provide a unique request id – Lambda invoking lambda does not! • Negatively affects performance – 1 extra read – 1 extra write • Need to roll-off old events – Insure that the effect is the same each time • Not perfect → You don’t control invocation order © 2020 Derek C. Ashmore, All Rights Reserved 30
  • 31.
    Dependency Management • AWSLayers can be used for dependency management – Can upgrade your library dependencies in one location • Provides convenience • Use for custom runtimes! • Beware of unintended consequences – Easies to inadvertently break published lambdas using layers © 2020 Derek C. Ashmore, All Rights Reserved 31
  • 32.
    Common Mistakes • Deployinginappropriate workloads as Lambdas – Install full Java web application as Lambda • Required keep-alive lambdas to prevent cold-starts • Not keeping business logic unit-testable • Creating the distributed monolith – Lambdas with extensive nested execution – Lambdas not independently deployable © 2020 Derek C. Ashmore, All Rights Reserved 32
  • 33.
    Further Reading • Thisslide deck – https://www.slideshare.net/derekashmore/presentations • AWS Lambda Reading List – http://www.derekashmore.com/2016/04/aws-lambda-reading-list.html • Amazon’s Published Best Practice List – https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html © 2020 Derek C. Ashmore, All Rights Reserved 33
  • 34.
    Questions? • Derek Ashmore: –Blog: www.derekashmore.com – LinkedIn: www.linkedin.com/in/derekashmore • Connect Invites from attendees welcome – Twitter: https://twitter.com/Derek_Ashmore – GitHub: https://github.com/Derek-Ashmore – Book: http://dvtpress.com/ © 2020 Derek C. Ashmore, All Rights Reserved 34