AWS Lambda accelerates and simplifies how teams develop and maintain software. It eliminates the need for users to manage servers and automates operational procedures and complex application components, known as serverless infrastructure.
AWS Lambda’s main resources are Lambda functions, which contain a granular piece of code that performs a specific task. Functions can initiate using multiple mechanisms, such as the AWS SDK, HTTP endpoints or configurable events from other AWS services. This delivers flexibility to make functions for various application scenarios or automation tasks.
Follow this walkthrough to launch Lambda functions using the AWS console, and learn how to use AWS Serverless Application Model (SAM).
How to launch Lambda functions from the AWS console
There are many ways to launch Lambda functions. The simplest one uses AWS Management Console. Developers specify the source code using the integrated development environment in the UI. From here, configure multiple settings, such as Identity and Access Management (IAM) permissions, memory allocation and environment variables.
Prerequisite
Ensure the IAM user that performs this task in the console has admin permissions for the Lambda service — i.e., Create, Update, Delete, Get and Invoke operations — and iam:PassRole. This specifies the execution IAM role users assign to their Lambda function.
Step 1. Create function
To create an AWS Lambda function, use the Create function button on the Lambda console.
The console method suits early stages of development rather than applications in production.
Step 2. Examine options for the function’s code
After clicking the Create function button, the next screen shows several options for the function’s code. Examine the following options to work with Lambda functions:
- Author from scratch. Create unique code from a Hello World example.
- Use a blueprint. AWS’ code blueprints include built-in AWS integrations with other services and common use cases. These blueprints can save a significant amount of time when developing Lambda functions.
- Use a container image. Container images stored in Amazon Elastic Container Registry are also useful for launching new Lambda functions.
This example uses Author from scratch to create the function.
Step 3. Choose function name, runtime, architecture and permissions
Let’s proceed with a Lambda function built from scratch. The basic configuration fields include function name, runtime and permissions.
Supported runtimes
These include programming languages such as the following:
Lambda also supports custom runtimes, which developers can implement in any language compiled in the Amazon Linux OS. Be aware that AWS adds new runtimes and versions to this list on an ongoing basis.
Architecture
Lambda supports two types of computer processor architectures: x86_64 and Arm64. X86_64 is the default, and Arm64 uses AWS Graviton2 processors. While Graviton2 delivers higher performance and lower cost, ensure that the application code supports the chosen architecture before selecting.
Permissions
IAM roles grant permissions to Lambda functions. The default option is limited to writing data to Amazon CloudWatch logs. If a Lambda function requires permissions to call other AWS APIs, grant sufficient IAM permissions for other AWS services.
Step 4. Explore additional configurations
The additional configurations section displays configurations such as code signing, encryption, function URL, tags and VPC.
Code signing
Code signing adds an extra layer of security to the Lambda code, preventing alteration from a given point in time.
Encryption
While Lambda uses an AWS-managed Key Management Service key to encrypt the deployment package, it also provides an option to configure a KMS customer-managed encryption key, which delivers additional flexibility in key rotation.
Function URL
If the function URL feature is enabled, the function can deploy through an HTTP client — i.e., a web browser, curl command, etc. For security reasons, this feature also supports IAM or custom-logic authorization, as well as cross-origin resource sharing.
Tags
Lambda also supports AWS tags, which assign one or more key-value pairs to a function. This is a useful feature to restrict access, monitor cost or provide relevant context regarding a particular Lambda function.
VPC
VPC configurations enable serverless developers to deploy Lambda functions in a VPC with access to private resources. One example is Amazon Relational Database Service instances with public access disabled. Another example is Amazon ElastiCache clusters only accessible through a VPC and DynamoDB tables with VPC endpoints enabled.
Once users create their Lambda function, they can add any other settings in the console. Options include triggers, permissions, database connections, concurrency environment variables and destinations.
Step 5. Perform tests
Once users deploy their function, they need to be able to test it. This can be done from the Lambda console. It supports the configuration of custom test events and returns the function execution status. It also logs records and relevant metrics, such as duration, billed duration, Init duration and memory utilization.
How to use AWS SAM
The console is a quick way to get started with functions, but it’s not recommended for production-grade applications. The console doesn’t provide a consistent, automated way to launch and maintain Lambda functions across different deployment stages. It also lacks an easy way to track code versioning and handle potential rollback scenarios at scale.
AWS SAM is a recommended framework for deploying and maintaining Lambda functions. SAM offers a mechanism to develop, test, configure and deploy functions using infrastructure as code. SAM’s framework defines functions using a template in YAML format. The function tests and deployment occur using the CLI. This approach enables application teams to follow CI/CD best practices. The configuration parameters mentioned above can go in a SAM template.
Follow these best practices in the SAM approach:
- Group functions in one template. To deploy functions using SAM, group all functions and other relevant components, such as API gateway, REST APIs and DynamoDB tables, in the same template.
- Test applications locally. SAM delivers useful tools to develop and test Lambda functions from a local workstation, which simplifies the development process.
- Use native tools for automation. Automate deployment of Lambda functions using services such as AWS CodeBuild and AWS CodePipeline. GitOps features available in many Git repositories are compatible with SAM.
- Integrate Lambda functions. To separate code from application configuration, integrate Lambda functions with services such as AWS Secrets Manager or AWS Systems Manager Parameter Store. The developer uses the Lambda function to fetch relevant parameters from these AWS services instead of hardcoding information into the application or enabling nonsecure access.
- Manage application-level configurations. Consider the AWS AppConfig Lambda extension to manage application-level configurations.
Lambda functions are a relevant component in modern cloud deployments, and AWS delivers an easy way to get started with them and many advanced features that comply with CI/CD and automation best practices for production-grade deployments.
Lambda key takeaways for configuration
Finding the right balance among cost, performance and reliability is critical, based on application requirements. Here are some key takeaways to remember when configuring parameters.
Source code
Developers provide the source code to deploy a Lambda function. The code must be compatible with supported runtimes. In some situations, code must go through a build process where developers provide a deployment package in zip format.
Triggers
Users can configure functions to execute automatically when trigger events and conditions occur from other AWS services, such as DynamoDB and Kinesis. Configure asynchronous invocations to automatically send results to a destination AWS resource on success and failure scenarios.
Execution quotas
Each AWS account has a Lambda concurrent executions quota, which limits the amount of Lambda executions that can occur simultaneously. Users can increase this quota at the account level and assign a value for reserved concurrency to a specific function.
Performance
The Provisioned Concurrency configuration initializes a dedicated number of concurrent executions, eliminating the cold start for each execution. This is an important consideration when planning for performance. The SnapStart feature is also an option that accelerates a function’s initialization period.
Version control
When applying new code or configuration updates to a Lambda function, the service allocates a new sequential version number. As with any application component, it is important to have a way to manage versions and deployment stages. Lambda supports layers, versions and aliases. Layers are entities managed by the Lambda service, which contain a versioned code package that developers manage. This package can be referenced by Lambda functions using the layer identifier and version. Use this feature to access common libraries within multiple Lambda functions.
Aliases
The service also supports aliases, which are text-based labels that point to a specific version. Aliases simplify the code release process since they help teams link a specific function version to relevant deployment labels within the organization — i.e., deployment stages, release identifiers, etc.
It is important to be aware of and calculate the cost effect for each configuration parameter.
Editor’s note: This article was updated to reflect changes in the best practices for creating an AWS Lambda function.
Ernesto Marquez is owner and project director at Concurrency Labs, where he helps startups launch and grow their applications on AWS. He enjoys building serverless architectures, building data analytics solutions, implementing automation and helping customers cut their AWS costs.
