<div style="text-align: justify"> # AWS Lambda best practices Best practice rules for AWS Lambda https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/Lambda/ also best practices, has some advices https://aws.plainenglish.io/aws-lambda-best-practices-7454da49314d --> Since serverless computing has its own set of disadvantages, it may not be appropriate for everyone or every use case. When it comes to developing Lambda code, knowing how a lambda function works may help us identify some of the best practices to follow when utilizing lambda functions, as well as the value of each best practice. Function code and dependencies, function configuration, logging and monitoring are among the key practices described below. ### 1. The lambda handler should be separated from service logic It is recommended that the business logic be written in a separate service layer rather than in the handler function itself. It's because it makes it much simpler to write more readable and intelligible code, as well as unit-testable code for the business logic. For example, the handler function will be an entry point for a lambda function and let's say that multiple variables are passed into the mentioned handler function. It may get problematic if each lambda triggers an event with the first parameter containing all information about the triggering event. ### 2. The execution environment should be reused Lambda workers will be utilized as long as they are up and operating, even if they terminate after a certain length of time. As a result, ensuring that the most of this reusability is taken may result in significantly reduced execution times. It is crucial not to save any sensitive data in the execution environment when reusing it. If these settings or environments are reused, there is a risk of data leakage, which can cause plenty of issues. ### 3. Environment variables should be used to manage operational parameters Other operational parameters can be managed using variables whose values are set outside of the program. A name for an S3 bucket, for example, may be an environment variable rather than a hard-coded value. Lambda functions may be deployed into diverse environments without modifying the code by using env variables. *SSM Parameter Store* is an AWS service that saves variables and makes managing parameters for various environments or serverless architectures easier. ### 4. Common code should be deployed to a lambda layer A Lambda layer represents an archive that contains any additional code, such as libraries, dependencies, or custom runtimes. [reference](https://aws.amazon.com/blogs/compute/using-lambda-layers-to-simplify-your-development-process/) Lambda will extract archive's data in the layer to the execution environment's `/opt` directory when setting up the exec. environment. Code and dependencies may be readily shared across numerous functions using lambda layers. The lambda function package size may also be lowered by adding heavy dependencies like AWS SDK, which will likely be reused in multiple lambda functions, resulting in faster deployments. ### 5. Pay attention to the package size The size of lambda packages is expected to rise in conjunction with the expansion of the company, applications, and their logic. As package size rises, it has an impact on deployment time and, more critically, it can significantly increase the lambda function's cold start time. The cold start refers to the time it takes to set up the execution environment (extracting or installing dependencies, etc.). In short, the time required rises as the package size grows larger; thus it's critical to keep the package size under control. ### 6. Recursive code should be avoided When code is written to recursively call the lambda function until a condition is met, it might result in a huge number of function calls and increased expenses. When compared to an EC2 instance for simple REST API use cases, lambda functions are far less expensive. However, when faced with extended execution periods, lambda functions may be very expensive. ### 7. One lambda should use one IAM role 1:1 mapping should be maintained between lambda and Identity and Access Management (IAM) roles at all times. When one function is allowed access to an AWS KMS key using IAM roles, any other function that utilizes the same IAM role will have access to the Key Management Systems (KMS) rule as well, possibly opening it up to exploitation. Also, while defining lambda roles, the least privilege model should be used at all times, and no lambda should have more permissions than it needs. ### 8. VPC access for lambda should be controlled Lambda functions operate in a shared Virtual Private Cloud (VPC) at all times and may send network requests to any address on the internet, including other AWS APIs. Private VPCs are also used to ensure that specific resources are operated in a secure manner and that other services may access these private resources in a restricted way. As a result, it's critical to ensure that only lambda functions that require access to these resources have VPC access enabled. It's also worth noting that once the function is VPC enabled, any traffic generated by the lambda function is subject to the VPC's routing rules. ### 9. Concurrency for critical functions should be reserved The default concurrent execution limit for Lambda functions is 1000 across all functions in a particular region, which is a soft limit and can be adjusted. If this limit is reached, lambda functions will begin to reject inbound requests. And this can lead to the failure of certain extremely important company functions, resulting in revenue loss. Consequently, reserved concurrency can be a good way to ensure that crucial functions don't fail because of the concurrent limit. To ensure that a set amount of concurrent requests is reserved for a wanted business-critical Lambda function, a specific quantity of concurrent requests may be stored for a specific Lambda function. The reserved limit will not be utilized by other function invocations and will be accessible for the chosen business-critical function even if the concurrent limit is reached. ### 10. The right balance between memory and execution time should be found The CPU for Lambda is proportionately given to the RAM allocated to the lambda function. As a result, giving extra memory to a function might generally help it run quicker and save money. However, as memory grows, so do expenses, and it's crucial to notice that at a certain point, the reduction in execution becomes significantly less significant in comparison to cost growth. Therefore, finding the right balance between memory and execution time is essential to ensuring lambda runs in the highest suitable environment. ### 11. AWS CloudWatch logs could be useful Although this is arguable when it comes to best practices, application logs are often created and accessed on the application server on which the application is deployed. This is not feasible with lambda since the application developers do not have access to a server. As a result, AWS has put up a method for lambda functions to store logs to [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/), and application developers must ensure that lambda functions have the required permissions to save logs to CloudWatch. This may be further improved by utilizing CloudWatch triggers to set up alerts for any essential logs, such as production errors. ### 12. Setting up cloud watch alarms for concurrent requests Lambda functions are set up to automatically scale to handle incoming requests. While concurrency limitations may have an impact on the application's availability, the large number of invocations can also result in greater expenses. As a result, it's critical to keep a watch on when a large number of concurrent invocations is received, as this might indicate a malicious operation. Therefore, configuring cloud watch alerts to monitor ConcurrentExecutions can substantially aid in early detection of such threats, as well as monitoring lambda costs. ### 13. AWS X-Ray When enabled, AWS X-Ray may provide an end-to-end view of requests as they move through the application, allowing lambda-based apps to be analyzed and debugged. As a consequence, performance issues and errors may be identified, which can assist considerably in the long term to ensure lambda is working in an optimum environment. ### 14. AWS Config AWS Config may or may not immediately improve the performance or security of a lambda function. However, AWS Config can log changes to a lambda function's settings, such as runtime environment data, handler name, code size, security groups, IAM roles, and so on. <br> Using the best practices stated above when setting application logic should result in a business application environment that is optimized and safe. <hr> [reference](https://aws.plainenglish.io/aws-lambda-best-practices-7454da49314d) ## Use cases https://www.techmagic.co/blog/14-use-cases-for-aws-lambda-how-to-make-the-most-of-it/ https://www.simform.com/blog/serverless-examples-aws-lambda-use-cases/ 7 companies that use serverless/aws lambda https://www.techmagic.co/blog/7-top-companies-using-serverless/ Customer case studies for AWS Lambda (AWS documentation) https://aws.amazon.com/lambda/resources/customer-case-studies/ </div>