© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Presenter: Vyom Nagrani, Sr. Product Manager, AWS LambdaQ&A Moderator: Ajay Nair, Sr. Product Manager, AWS LambdaFebruary 25th, 2016

Essentials: Introducing VPC Support for AWS Lambda

AWS Lambda: A compute service that runs your code in response to events Lambda functions: Serverless, trigger-based code execution

Triggered by events: Direct Sync and Async invocations Put to an Amazon S3 bucket Call to an API Gateway endpoint And many more …

Makes it easy to Perform data-driven auditing, analysis, and notification Build back-end services that perform at scale

2) Continuous Scaling 1) No Servers to ManageAWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely

with the size of the workload.

3) Subsecond Metering With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is

triggered. You don't pay anything when your code isn't running.

AWS Lambda automatically runs your code without requiring you to provision or manage servers. Just write the code

and upload it to Lambda.

Benefits of AWS Lambda for building a server-less data processing engine

AWS Lambda – how it works

Bring your own code Node.JS, Java, Python Java = Any JVM based

language such as Scala, Clojure, etc.

Bring your own libraries

Simple resource model Select memory from 128MB

to 1.5GB in 64MB steps CPU & Network allocated

proportionately to RAM Reports actual usage

Flexible invocation paths Event or RequestResponse

invoke options Existing integrations with

various AWS services

Fine grained permissions Uses IAM role for Lambda

execution permissions Uses Resource policy for

AWS event sources

AWS Lambda – how it works

Deployment options Author directly using the

console WYSIWYG editor Package code as a ZIP and

upload to Lambda or to S3

Stateless functions Persist data using S3 /

DynamoDB / ElastiCache No affinity to infrastructure

(can’t “log in to the box”)

Authoring functions AWS SDK built in Handle inbound traffic Use processes, threads,

/tmp, sockets

Monitoring and Logging Metrics in Amazon

CloudWatch – Requests, Errors, Latency, Throttles

Logs in CloudWatch Logs

AWS Lambda - Key scenarios and use-cases for AWS Lambda

Data processingStateless processing of discrete

or streaming updates to your data-store or message bus

Control systemsCustomize responses and

response workflows to state and data changes within AWS

App backend development

Execute server side backend logic in a cross platform fashion

New functionality: Accessing resources in a VPC from a Lambda function

Description: Access Resources within a VPC using AWS Lambda

Benefit: Your Lambda functions can now access Amazon RDS databases, Amazon Redshift data warehouses, Amazon ElasticCache nodes, and other endpoints that are accessible only from within a particular VPC (e.g. web service running on EC2).

How it works: You must provide additional VPC-specific configuration information such as VPC subnet IDs and security group IDs in order to enable your Lambda functions to access resources in an Amazon VPC

Documentation: http://docs.aws.amazon.com/lambda/latest/dg/vpc.html

Quick walkthrough VPC basics before getting started

VPC subnet VPC subnet

NAT 0.0.

0.0/

0

0.0.0.0/0

172.31.0.0/16

172.31.0.0/24 172.31.1.0/24

IGW

How AWS Lambda works with Amazon VPC

AWS Lambda functions always execute securely inside a VPC by default … even if you don’t explicitly specify VPC configuration settings … but this VPC is not in your account, so you cannot connect to it directly

You need to configure Lambda to access resources inside your private VPC e.g. Amazon Redshift data warehouses, Amazon ElastiCache clusters, or Amazon RDS

instances

You can add a VpcConfig parameter when creating or updating the Lambda function Includes list of VPC Subnets and a Security Group

AWS Lambda creates ENIs in your account and takes Private IPs from your subnets to allow your Lambda function to access resources in your VPC

Today’s demo workflow: Reading off a cache behind a VPC from a Lambda function

AWS Lambda Amazon ElastiCache

Amazon DynamoDB

Invoke Lambda function

First, try to fetch from cache

On cache-miss, fetch from main table and

update cache

Amazon VPC

Best practices for enabling VPC configuration for Lambda functions Ensure your account has enough ENIs

ENIs used = Projected peak concurrent executions * (Memory in GB / 1.5GB)

Don’t delete/rename ENIs created by Lambda

Ensure your VPC subnets have enough IP addresses

Total IPs used across all subnets = number of ENIs

Specify at least one subnet in each Availability Zone

This enables Lambda to run in high-availability mode

Things to remember when configuring Lambda functions to connect to resources behind a VPC Functions configured for VPC access lose Internet access

… even if you have “Auto Assign Public IP” enabled

… even if you have an Internet Gateway setup in your VPC

… even if your security group allows all outbound traffic

… even if all you want to do is call other AWS service endpoints (other than S3)

However, you can access peered VPCs and VPN endpoints directly

For your function to connect to any external endpoint, you need to create a Managed

NAT or a NAT instance inside the VPC

Three Next Steps

1. Create and test your first Lambda function. With AWS Lambda, there are no new languages, tools, or frameworks to learn. You can use any third party library, even native ones. And every month, the first 1M invokes are on us!

2. Connect your Lambda function to resources inside Amazon Virtual Private Cloud by configuring the ‘VpcConfig’ parameter either at the time you create a Lambda function or by adding it to the existing Lambda function configuration.

3. Create a Network Address Translation (NAT) instance inside the VPC to enable your Lambda function to connect to both resources inside the VPC as well as endpoints on the public internet.

Thank you!

Visit http://aws.amazon.com/lambda, the AWS Compute blog, and the Lambda forum to learn more and get started using Lambda.

AWS Summit – Chicago: An exciting, free cloud conference designed to educate and inform new customers about the AWS platform, best practices and new cloud services.

Details• April 18-19, 2016 • Chicago, Illinois• @ McCormick Place

Featuring• New product launches• 50+ sessions, labs, and bootcamps• Executive and partner networking

Register Now• Go to aws.amazon.com/summits• Click on The AWS Summit - Chicago … then register.• Come and see what AWS and the cloud can do for you.

Chicago – April 18-19