The document provides an in-depth overview of AWS Lambda, a serverless computing service that allows developers to run code in response to events without provisioning servers. It discusses the features of Lambda, including event handling, programming languages supported, pricing models, security measures, and integration with other AWS services like API Gateway and Amazon Cognito. Additionally, it outlines challenges, best practices, and use cases, emphasizing the benefits of a containerless approach in cloud application development.

1. Containerless in the
Cloud with AWS Lambda
RYAN CUPRAK

2. Containers
Containers provide execution environment.

3. Containers + Cloud
EC2
Tomcat / Java EE
Container
EC2
Tomcat / Java EE
Container
EC2
JMS Server
RDS
SQL Database

4. Containers = Platform Lock-in
Language
Tool Chain
Ecosystem

5. Container Drawbacks
 Overkill for many types of applications
 Hard to ‘automatically’ scale
 Complex programming models
 Significant skills investment:
 Security
 Configuration
 Technology stack

6. Traditional App Drawbacks
 Servers
 Data Centers
 Software
 Monitoring tools
 Test environments
 IT support
 Service contracts
 Data Replication & Policies
 Approvals

7. Container Challenge
QUICKLY develop a web and mobile application:
 Registration and authentication (OAuth)
 HTTPS
 SMS notifications
 RESTful endpoints
 Automatic scalability across the globe
 Native code for both iOS and Android
 Versioning
 Real-time monitoring
Time to go: Containerless and Serverless

8. What is Amazon Lambda?

9. What is Lambda?
IaaS
• Infrastructure as a Service
PaaS
• Platform as a Service
SaaS
• Software as a Service
FaaS
• Function as a Service

10. What is Lambda?
Code Deploy Run

11. What is Lambda?
 Lambda is a stateless function
 Executes in response to an event
 Executes in an isolated environment
 Can be implemented using:
 JavaScript
 Java
 Python
 C#
 Dependencies (executables/libraries) can be packaged
with a library.

12. Example Function: 1
exports.handler = function(event,context) {
context.succeed('Hello ConFoo!');
};
Handler
Function
Data passed to function
(converted from JSON)
Lambda runtime

13. Example Function: 2
exports.handler = function(event,context) { context.succeed('Hello
' + event.firstName + ' ' + event.lastName + ' you are at ConFoo!');
};
Parsed Parameters
{
"firstName": "Ryan",
"lastName": "Cuprak”
}

14. Demo

15. Lambda Pricing
 Requests
 First 1 million requests are FREE
 $0.20 per each million requests thereafter
 Duration:
 Charged $0.00001667 for every gigabyte second used
 Free Tier
Memory (MB) Free sec/month Price / 100 ms ($)
128 3,200,000 0.000000208
192 2,133,333 0.000000313
256 1,600,000 0.000000417
…. … …

16. Cost Scenarios
Executions Memory Execution Time Cost
50,000 128 1 second $0.11
100,000 128 1 second $0.23
500,000 128 1 second $1.14
1,000,000 128 1 second $2.28
50,000 256 1 second $0.21
100,000 256 1 second $0.42
500,000 256 1 second $2.08
1,000,000 256 1 second $4.17
50,000 128 2 second $0.21
100,000 128 2 second $0.42
500,000 128 2 second $2.08
1,000,000 128 2 second $4.17
Not Including Free Tier – add other services

17. Lambda Basics
 Security provided by IAM – Identity & Access
Management.
 Lambda functions can start threads, access the disk,
access other AWS services.
 Default safety threshold of 100 concurrent executions per
region.
 Can be increased per request.
 AWS will attempt to invoke a Lambda function 3 times.
 External libraries should be bundled with Lambda function
(zip/jar)

18. Execution Environment
Runtime versions:
 Node.js v4.3.2
 Old, current Node.js release: 6.10.0
 Java – Java 8 (OpenJDK)
 Python 2.7
 .NET Core (1.0.1 C#)
Libraries available in execution environment:
 AWS SDK for JavaScript (2.16.0)
 AWS SDK for Python
 AWS build of OpenJDK 8

19. Execution Environment…
 Lambda environment based on:
amzn-ami-hvm-2016.03.3.x86_64-gp2
 Linux kernel: 4.4.35-33.55.amzn1.x86_64
 Only 64 bit binaries are supported.

20. Environment Variables
Variable Variable
LAMBDA_TASK_ROOT AWS_LAMBDA_FUNCTION_VERSION
AWS_EXECUTION_ENV PATH
LAMBDA_RUNTIME_DIR LANG
AWS_REGION LD_LIBRARY_PATH
AWS_DEFAULT_REGION NODE_PATH
AWS_LAMBDA_LOG_GROUP_NAME PYTHON_PATH
AWS_LAMBDA_LOG_STREAM_NAME • AWS_ACCESS_KEY
• AWS_ACCESS_KEY_ID
• AWS_SECRET_KEY
• AWS_SECRET_ACCESS_KEY
• AWS_SESSION_TOKEN
• AWS_SECURITY_TOKEN
AWS_LAMBDA_FUNCTION_NAME
AWS_LAMBDA_FUNCTION_MEMORY_S
IZE

21. Versioning
 New lambda function = $LATEST version
 ARN = Amazon Resource Number – uniquely
identifies an Amazon resource
 Two ARNs associated with a lambda function:
 Qualified ARN
 arn:aws:lambda:aws-region:acct-id:function:helloworld:$LATEST
 Unqualified ARN
 arn:aws:lambda:aws-region:acct-id:function:helloworld
 New versions must be explicitly published

22. Logging
 Node.js
 Console.log/error/warn/info()
 Java
 log4j 1.2 (LambdaLogger.log())
 System.out/err – each line separate event
 C#
 Console.Write/WriteLine
 Lambda.Log()
 Via context object: context.Logger.log()
 Python
 Print statements
 Logger functions in logger module: logging.Logger.info

23. Logging
View in CloudWatch:

24. Failures & Errors
 Lambda function can fail for the following reasons:
 Function doesn’t complete before time limit
 Input data fails to parse
 Runs out of memory
 Failure handling depends upon how it was invoked:
 Non-stream based
 Synchronous – Error 429 is returned, client responsible to
retries.
 Asynchronous – Retry twice with a time delay, DLQ.
 Stream-based:
 Will attempt to re-process until it succeeds to data expires.
 No new records will be processed

25. Availability Regions
 Northern Virginia
 Ohio
 Oregon
 Northern California
 Montreal
 São Paulo
 GovCloud
 Iceland
 Frankfurt
 London
 Signapore
 Tokyo
 Sydney
 Seoul
 Mumbai
 Beijin

26. Resource Limits
Resource Default Limit
Ephemeral disk capacity ("/tmp" space) 512 MB
Number of file descriptors 1024
Number of processes and threads (combined total) 1024
Maximum execution duration per request 300 seconds
Invoke request body payload size (RequestResponse) 6 MB
Invoke request body payload size (Event) 128 K
Invoke response body payload size (RequestResponse) 6 MB

27. Deployment Limits
Item Default Limit
Lambda function deployment package
size (.zip/.jar file)
50 MB
Total size of all the deployment
packages that can be uploaded per
region
75 GB
Size of code/dependencies that you can
zip into a deployment package
(uncompressed zip/jar size)
250 MB
Total size of environment variables set 4 KB

28. Power of Lambda

29. Event Sources
 Invocations: Asynchronous or Synchronous
 Events sources from AWS services:
 Amazon S3
 Kinesis
 DynamoDB
 CloudTrail
 SNS
 Code Commit
 HTTPS – via Amazon API Gateway
 Custom app sources (ex. Android)
 Scheduled events

30. Use Cases
 S3 + Lambda – image processing, filter, document
analysis, indexing.
 Kinesis + Lambda – transaction order processing,
auditing.
 SNS + Lambda – alarm response, auditing, event
processing.
 DynamoDB + Lambda – data validation, data processing,
filter, notification.
 Alexa + Lambda – automated voice responses (Amazon
Echo).

31. Blueprints

32. Exposing/Securing Lambda
Cognito
Lambda
API-
Gateway

33. Amazon API-Gateway

34. API-Gateway
 Build, deploy, manage RESTful APIs
 Supports throttling and protection against DDoS
 Supporting versioning and staging
 Auto-generates client implementations:
 Java, JavaScript, Android, Object-C, Swift
 Flexible authorization model – ties in with Amazon
Cognito.
HTTPS
Restful Invokes

35. API-Gateway
http://swagger.io/

36. API-Gateway
Demo

37. API-Gateway

38. API-Gateway

39. API-Gateway
Invoking service (webpage/app):

40. API-Gateway
 Published an API – now
what?
 APIs can be sold!
 Two concepts:
 Usage Plan
 API Key
 Steps:
 Create usage plan
 Associate a key
 Associate a key on the
service

41. Amazon Cognito

42. Amazon Cognito
Three ways to secure an API-Gateway:
1. API-Keys
 Appropriate for service-to-service communication
 Risky to place secret key on client for long periods of time
2. Identity & Access Management
 Inter-application communication
 Within an organization – IAM integrated
3. Amazon Cognito
 Appropriate for third-party integration

43. Amazon Cognito
 User/identity authentication service.
 Support storage of user data in the cloud (mobile app
preferences and state).
 Authenticate users against federated identity providers
(Facebook/Google).
 Manage custom identity/user pool.
 Sync functionality to synchronize user profile data across
devices.

44. Amazon Cognito

45. User Pools
 Federated Managing “own” user directory/sign-ups etc.
 Support multi-factor authentication (MFA)
 Users can start anonymous and then register
 Password recovery (SNS/email/etc.)
 Collect maintain user meta-information

46. User Pools

47. User Pools

48. Federated Identities
 Create unique identities for your users and federate them
with identity providers.
 Supported providers:
 Amazon, Facebook, Google, Twitter/Digits
 Amazon Cognito User Pools
 Open ID Connect Providers
 SAML Identity Provider
 Developer Authenticated Identities

49. Federated Identities

50. Federated Identities

51. Cognito + API Gateway
Amazon
Cognito API-Gateway
Identity
Provider
Client
Login
Get Id
Validation
Invoke Web Service

52. Cognito + API Gateway
JavaScript client: Invoking secured API - config

53. Cognito + API Gateway
JavaScript client: Invoking secured API - config

54. Java & Lambda

55. Lambda using Java
1. Loading a method directly without implementing an
interface.
outputType handler-name(inputType, Context ) {
...
}
 inputType – event data or custom object
 context – Java object containing executing environment
information
 outputType – result for synchronous calls
2. Implementing a standard interface provided by aws-
lambda-java-core:
 RequestHandler – custom input/output objects:
 getters/setters/no arg constructor
 Serialized to JSON automatically
 RequestStreamHandler – input/output stream responses

56. Java Example
JSON converted to Java
Objects using Jackson

57. Java Example

58. Dependencies

59. Uber JAR

60. Java Demo
Demo

61. Java vs. JavaScript
 Hello World Java:
 167.63 ms (Billed 200 ms)
 43 MB
 Hello World JavaScript:
 2.05 ms
 31 MB

62. Java EE vs AWS
 Java EE is a standard with several implementations.
 AWS is a set of ready-to-use services:
 SQS + SNS ~ JMS (roughly!)
 Kinesis ~ Apache Kafka
 Elastic Search ~ Lucene
 Lambda ~ Stateless Session Beans
 Transactions?
 Injection?
 S3 Buckets – No equivalent
 DynamoDB ~ MongoDB/Couchbase
 AWS cloud spans regions/data centers
 Data automatically mirrored

63. Technical
 Distributed transactions
 Long running tasks
 Report Generation
 Compute intensive tasks
 Rules engines
 Third party dependencies
applications
 Integration with legacy
systems
 Websockets (bi-directional
communication)
Legal
 Estimating and controlling
costs
 Third party licenses
 Regulatory requirements
 Snapshots for security
instances
Reason to use Java EE

64. Example Architecture
EC2
Java EE Container
RDS
SQL
Database
Amazon API Gateway
EC2
Java EE
Container
Amazon Lambda
Java JS Python
Amazon SQS Elastic Search
DynamoDB S3
Amazon SNS

65. Conclusion

66. Challenges
• Documentation!
• Testing
• Debugging
• Tooling support
• Error handling
• AWS Code Commit integration
• Node.js version lagging

67. Best Practices
 Small archives containing code
 Don’t include the entire application!
 Minimize startup costs
 Periodically invoke lambdas to keep “warm”
 Monitor logs for failures

68. Resources
 AWS Compute Blog
 https://aws.amazon.com/blogs/compute/
 AWS Forums
 https://forums.aws.amazon.com/forum.jspa?forumID=
186
 AWS Pet Store
 https://github.com/awslabs/api-gateway-secure-pet-
store
 http://tinyurl.com/z3qyefg
 Authentication/Cognito
 https://goo.gl/auEWLl
 FAQ
 https://aws.amazon.com/lambda/faqs/

69. Q&A
 Twitter: @ctjava
 Email: rcuprak@gmail.com
 Blog: cuprak.info