Aws Lambda High Availability, Monitoring & Security

The increased migration towards the concept of ‘agility’ is a direct result of serverless architecture. Serverless computing has almost entirely shifted the burden of infrastructure management to the cloud service provider, leaving developers with an immense amount of time, to focus on core competencies. You thought microservices were an upgrade to monolithic architecture, but what happens if the traditional three-tier microservice infrastructure can’t keep up because it’s expensive in time and cost? This is where Serverless comes in. It eliminates processes such as patching; cluster or capacity provisioning; the installation, maintenance and eventual decommission of hardware; and OS maintenance. Serverless computing, among which is AWS Lambda, entails the next sensible stelpin the ‘as a service’ model of delivering compute resources. 


What is AWS Lambda?

AWS Lambda is a serverless service that runs the code in response to specific circumstances and automatically maintains the resources for the infrastructure. AWS Lambda supports multiple platforms such as Java, Go, Ruby, Python, and also provides an API to use any additional programming language to scribe your function. There are multiple ways to invoke Lambda functions from S3 events to Alexa triggers to AWS SDKs triggers as well.

AWS Lambda invokes your user code only when needed and automatically scales to support the rate of incoming requests without requiring the user to configure anything. There is no limit to the number of requests a user code can handle.


Benefits of Lambda Function:

One of the significant benefits of using the Lambda function is cost saving. A company on an average can reduce costs to the tune of 60% or more, by switching their Infrastructure to Serverless Architecture. AWS Lambda can manage multiple activities such as code deploying, database management, maintaining servers, and many more. When you write your initial lambdas, the focus is barely on high performance. You’re caught up in the technicalities and the process of deploying lambdas. But as your lambda usage progresses, it becomes imperative to ensure that Lambdas perform extremely well. In this blog post, we have covered the best practices that can help in maintaining High Availability, Monitoring, and Security of the Lambda function.


Maintaining High Availability of Lambda Function:

1. VPC : When you run a Lambda function, the code by default runs on a VPC, that has Internet access. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPC-specific configuration information that includes private subnet IDs and security group IDs. If a function runs on a Virtual Private cloud managed by Lambda, then Lambda assumes responsibility of ease of operation and on multiple AZs (Availability Zone) of that VPC region.

2. Availability Zones: Distributing your Lambda compute capacity across availability zones makes your Lambdas inherently fault-tolerant in case of any data center failures. Running the Lambda function on VPC, in most use cases, requires access to RDS and alternative VPC resources, which is why AZs become favourable to maintain high availability.

a. Design Lambda for high availability by choosing multiple subnets in several AZs

b. A secondary recommendation is to have backup AZs with the availability of sufficient IP Addresses that can handle concurrent Lambda requests; in case an AZ goes down

3. Stateless: Lambda functions need to be stateless, to allow AWS Lambda to launch as many copies of the function as needed, based on the requirement. This ensures scalability of the Lambda function. While Lambda’s programming model is stateless, the code can be used to access other stateful data. This ensures that there is no connection between the code and the underlying compute infrastructure.


4.Lambda Handler: Another good practice for high availability is to separate your Lambda handler from the core logic of the function. Separating the Lambda handler helps in making a more unit-testable function.


5. Execution Context: The production of your Lambda function can be enhanced by using the Execution Context. Also, make sure any externalized configuration or dependencies that your code retrieves, are stored and referenced locally after initial execution.


Monitoring AWS Lambda Function:

You can monitor and audit Lambda functions using different AWS services such as Amazon CloudWatch, Amazon X-Ray, Amazon CloudTrail, AWS Config. AWS Docs gives you a detailed overview on the monitoring tools, how to use them and what metrics to monitor. In order to ensure that AWS Lambda function doesn't break any codes, it is recommended to follow the best practices to monitor the functions.

Monitor CloudWatch Lambda Metrics:  AWS CloudWatch has different Metrics which are very useful in Monitoring the Lambda functions. Some of the best practices out of these are the following :

1.  CloudWatch Duration Metrics: Using CloudWatch Duration metrics, you can regulate the cost for Lambda functions. The cost incurred increases as the length of the executions increase. Hence, the timeout duration must be fixed based on your requirement, so that you can optimize costs and ensure the running is optimized. Optimization can be enabled by making sure that the above metrics are not working too closely to function timeout.


2. Throttling: Lambda functions have a limit of 1000 concurrent executions, which can lead to Throttling of your Lambda function. To avoid such situations, you need to raise a request in advance with AWS for the limit increase, which can be done using the CloudWatch Throttles metrics. In inverse cases, Throttling enables you to ensure that certain lambda functions are not accidentally invoked beyond a certain limit, leading to skyrocketed costs. 


3. AWS Config: AWS Config allows you to monitor any changes to the configurations of AWS Lambda. With Config, you can track changes to the Lambda function, runtime environments, tags, handler name, code size, memory allocation, timeout settings, and concurrency settings, along with IAM execution role, subnet, security group associations, and whether Lambda prohibits AWS access. This assures that AWS Config is adequately configured for such scenarios.


4. Invocation Metrics: So think of a scenario where you have to measure error tolerance of your Lambda function and get it down to zero or minimal value. For such scenarios, Invocation metrics need to be used in parallel to Error Metrics to determine error tolerance. If Invocations change, alarms on the Errors change as well.


5. IteratorAge: Another situation is one where you are using AWS Kinesis or Dynamo DB data streams to process incoming records using Lambda functions. In order to know whether such records have been processed or not, one needs to use IteratorAge, which also helps to prevent your applications from vulnerable heaps of unprocessed requests.


6. CloudWatch Logs Insight: Lambda logs all the requests handled by your AWS Lambda functions in order to help you through the troubleshooting process. Logging statements can be inserted into your code and Lambda automatically integrates with CloudWatch logs to enable monitoring. It is a platform that can be used to separate logs by patterns and timestamps.


Maintaining Security of Lambda function:

On cloud infrastructure, security is one of the primary concerns. Recently, there have been multiple threats that affected well-known companies, which has made security a point of focus for every CXO. We must have to follow the latest security measures and have to avoid any services which can lead us to trouble in the future. 

We are going to discuss a few steps here which are essential in securing your AWS Lambda functions from outside threats so that one can enjoy Serverless Architecture.

1. AWS Lambda Cross-Account Access Audit: While using AWS Lambda function, you need to ensure that all Lambda functions are configured to allow access only to the trusted AWS accounts which minimizes the risks of unauthorized account access. Allowing unauthorized or untrusted accounts to access Lambda functions can lead to data exposures, data loss, and a surprising rise in the AWS monthly billing cycle.


2. Using separate IAM-Roles for each Lambda functions:  Using a unique IAM (Identity and Access Management) role for each Lambda function can ensure none of the functions are sharing the same role. Using different roles can ensure the Principle of Least Privilege (POLP) by providing all unique function the minimum amount of access needed to perform its tasks. Using the right IAM controls, you can reduce the risk of unauthorized access to the account.


3. Using Tracing feature of AWS X-Ray: AWS X-Ray provides the capability of both monitoring and tracing at the same time. Once tracing mode is enabled for AWS Lambda functions, you can save a lot of time and energy in debugging. Tracing is also essential and helpful in identifying errors, bottlenecks, productions, and timeouts of the Lambda functions by breaking down the latency of functions.


Summary

In the article, we discussed multiple best practices for high availability, monitoring, and security of AWS Lambda function, which can be integrated while designing and deploying your lambda functions. Depending on the platform and the programming language you use, you can reduce costs and increase the code's productivity.






Aws Lambda High Availability, Monitoring & Security

Smart Scheduling at your fingertips

Go from simple to smart, real-time AWS resource scheduling to save cost and increase team productivity.

Learn More
More Posts

You Might Also Like

Cloud Automation
New In: No-code cloud management workflows for Azure, VMware & Private Cloud (in addition to AWS)
At TotalCloud, we’ve been enabling workflow-based cloud management for AWS to make it intuitive, accelerated, and no-code. Instead of programming cloud management use cases or depending on siloed solutions, we built out a platform that gives you building blocks to assemble any cloud management solution. 
September 4, 2020
Sayonee
Cloud Computing
List of Essential Kubernetes Tools
Kubernetes is a Container-as-a-Service with tons of unique tools to choose from. External tools play a role in integrating with different systems or maintaining control over the clusters you deploy. Manual health checks and troubleshooting is not ideal to keep a system in full health.This list of tools will provide ample support to your containers and have enough configuration to leave management flexible...
August 12, 2020
Hrishikesh
AWS Use Case Files
TotalCloud Inventory Actions: Giving a new meaning to Cloud Inventory
Learn how the TotalCloud Inventory Dashboard can become equivalent to your cloud provider’s SDK. Carry out any action on any discovered resource with Inventory Actions.
July 30, 2020
Sayonee
AWS Tips & Tricks
AWS Tutorial: Create an AWS Instance Scheduler with Terraform
Terraform is a popular IaaS tool used by many to create, update, and maintain their AWS architecture. If you use Terraform to provision your AWS architecture, you won’t be disappointed with our new AWS tutorial video.We provide you with the means to set up your own instance scheduler from Terraform...
July 20, 2020
Hrishikesh
Cloud Computing
Azure vs AWS: What you need to know
Companies that have jumped the gun with cloud migration during this time of crisis have committed a fatal mistake. The knowledge gap among businesses that seek to migrate is often underestimated, leading to devastating expenditures and operational inefficiencies...
July 15, 2020
Hrishikesh
AWS Use Case Files
Automating Auto Scaling Group Updates
AWS introduced autoscaling to make EC2 cluster scaling easier. We've seen users constantly make changes to their EC2s and put new policies into play. It’s important to update your Autoscaling group with the new instances so that it doesn’t ignore these machines.
July 6, 2020
Hrishikesh