• [AWS


    Lambda Execution Role (IAM Role)

    • Lambda -> other serivce
    • Grants the Lambda function permissions to AWS servcies / resources
    • For example, when you want to send message to SQS, you need to have "AWSLambdaSQSQueueExecutionRole"
    • Best Practice: create one Lambda Execution Role per function

    '

    Lambda Resource Based Policies

    • Other services -> Lambda
    • Give other account or AWS service to inovke your Lambda function.

    Lambda with X-Ray

    • AWS_XRAY_DAEMON_ADDRESS

     

    When you enable "Active Tracing", AWS will include X-Ray Daemon automacticlly. But you do need to check IAM permission.

    Lambda with VPC

    • By default, Lambda is outside your own VPC, but inside AWS VPC
    • So Lambda cannot access resouces inside your VPC, such as RDS, ElasticCache, internal ELB...)
    • But Lambda can access public www, can access global DynamoDB

    Lambda in VPC

    • If you want to deploy Lambda incide your own VPC
    • You must define VPC ID, the Subnets and the Security Gorups
    • Under the hood, Lambda will create an ENI (Elastic Network interface) in your subnets, and through this ENI, Lambda able to communicate with RDS in your VPC
    • Also need to attach: AWSLambdaVPCAccessExecutionRole, AWSLambdaENIManagementAccess

    Lambda in VPC - Internet Acces

    • If you have deployed your Lambda inside VPC, by default, you don't have access to public internet anymore.
    • Also deploying a Lambda function in a PUBLIC SUBNET does NOT give it internet access or public IP.
    • To get internet access, you need to deploy Lambda function in a private subnet and give it internet access if have a NAT Gateway / instance.
    • NAT will talk to Internet Gateway of VPC, then you can access public internet.
    • The same thing happens to Lambda in VPC to access DynamoDB
    • Also need to via NAT-> IGW -> DynamoDB
    • Or you can use VPC endpoints to privately access AWS service without NAT

    Lambda Limitations

    • If you application is computation heavy... CPU-bound, you can increase RAM to solve performance issue
    • Timeout: default 3 secound, maximum 900 second (15 mins). So any computation longer than 15 mins is not suitable for Lambda. Considering using ECS, Fragate, EC2... 
    • RAM:
      • From 128MB to 3008MB in 64 MB increments
      • More RAM you add, the more vCPU credits you get, add more memory for LAMBDA is one way to increase the performance
      • At 1792MB, a function has the quivalent of one full vCPU
      • After 1792 MB, you get more than one CPU, and need to use multi-threading in your code to benefit from it

     Lambda Concurrcy and Throttling

    • Concurrency limit: up to 1000 concurrent execution
    • If y ou need a higher limit, open a support ticket
    • 1000 means for all your lambda function, NOT single lambda function!
    • Therefore if you have one Lambda function has a high peak reach the limit, then other Lambda function will be throttled

    You can set "reserved concurrency" at the function level.

    • If set to 0, == throttling, will throw error
    • Each invocation over the concurrency limit will trigger a "Throttle"
    • If synchronous invocation => return ThrottleError - 429
    • If asynchronous invocation => retry automatically and then go to DLQ

    Cold Start Problem

    You can enabled "Provisioned Concurrency" to solve the code start problem

    • Appliation deps should be bundled into the zip file

    Lambda with CloudFormation

     

    • You can package your Lambda function code and dependencies as a container image, using tools such as the Docker CLI.
    • You can then upload the image to your container registry hosted on Amazon Elastic Container Registry (Amazon ECR).
    • Note that you must create the Lambda function from the same account as the container registry in Amazon ECR.
    • Test your application locally using the runtime interface emulator.
    • These base images include a runtime interface client to manage the interaction between Lambda and your function code.

    • Alias enable stable configuration of our event triggers / event source mappings
    • Aliases cannot ref aliaes

     

    weighted traffic

    Max 250mb unzipped, zipped 50 mb max

    Enviornment variable 4 KB max

    • To ensure that a function can always reach a certain level of concurrency, you can configure the function with reserved concurrency. When a function has reserved concurrency, no other function can use that concurrency.
    • More importantly, reserved concurrency also limits the maximum concurrency for the function, and applies to the function as a while, including versions and aliaes.
    • Provisioned concurrency to enable your function to scale without fluctuations in latency. By allocating provisioned concurrency before an increase in invocations, you cna ensure that all requests are served by initialized instances with very low latency. 
    • Provisioned concurency is not used to limit the maximum concurrency for a given Llambda function.
  • 相关阅读:
    爬虫基础
    设计BBS
    中间件和auth模块
    git
    分页器与form表单
    cookie与session
    springboot2.x基础教程:@Enable原理
    springboot2.x基础教程:@Scheduled开启定时任务及源码分析
    springboot2.x基础教程:@Async开启异步任务
    springboot2.x基础教程:JRebel实现SpringBoot热部署
  • 原文地址:https://www.cnblogs.com/Answer1215/p/14845620.html
Copyright © 2020-2023  润新知