AWS Lambda – AWS Security Fundamentals – SCS-C02 Study Guide

AWS Lambda

AWS Lambda is a serverless compute service that allows you to run your code as a function without needing to set up or provision any servers or orchestrate any containers. Rather than being classified as the usual IaaS or PaaS, it falls under the category of Function as a Service (FaaS). It automatically scales up and down based on the number of requests it receives. Customers are charged based on the number of invocations and the amount of compute and memory they have allocated for their functions.

Any function being written and run on the AWS Lambda platform must be able to conform to the following parameters of the AWS Lambda service:

  • 75 GB storage for .zip files
  • 10 GB function size as a Docker image
  • 250 ENIs per VPC
  • Memory limitations of 128 MB to 10.240 GB
  • Code must run and complete within 15 minutes
  • Six vCPU cores
  • 1,000 concurrent invocations

One of the primary reasons that Lambda has become so popular is that customers are only charged for the number of invocations performed per month rather than for the time the service runs. This is in direct contrast to the EC2 and ECS/EKS services.

Use Cases for AWS Lambda

Optimal use cases for function-based compute in place of an application running on an EC2 instance or container are vast, and the AWS community comes up with new ideas on how to use this service almost every day. Here are some of the more common examples that will help you better utilize Lambda:

  • File Processing: Before the advent of FaaS, customers had one or more dedicated EC2 instances that would be used as the backend processors to process and analyze files before placing them in their next location. With the Lambda service, the processing can be run on demand without the need to manage any servers.
  • Security Alerts: Using a library such as the boto3 library, you can trigger a Lambda function to send out either a Simple Notification Service (SNS) or Simple Email Service (SES) if a violation has been found based on events monitored either in CloudWatch logs or CloudTrail logs.
  • Serverless Websites: Combining static content stored in S3, along with backend logic on AWS lambda with HTTP(S) endpoints served by API Gateway, allows customers to create more advanced websites without the need to spin up EC2 instances and autoscaling groups since the Lambda service can automatically scale out based on the number of requests.
  • Compliance Remediation: Combining the power of Lambda functions with the power of the AWS Config service allows you to perform automatic remediations on resources in your account that fall out of compliance based on the rules you specify.
  • Document Conversion: If you serve documents to your end users (especially those from dynamic websites), a Lambda function can convert those raw documents to PDF before delivery to the end user.