AWS/Terraform Workshop #5: AWS Lambda Functions
This post is part of our AWS/Terraform Workshops series that explores our vision for Service Oriented Architecture (SOA) and closely examines AWS Simple Storage Service, Terraform Remote State, and Identity Access Management. To learn more, check out our introductory workshop and new posts at Smartling Engineering Blog.
Prerequisites
- Go through Workshop #1, #2, #3 and #4
- Amazon AWS Lambda Introduction
Preface
AWS Lambda is a compute service where you can upload your code and the application will run it on your behalf using AWS infrastructure. Once code is uploaded as a Lambda function, AWS will take care of provisioning and managing the servers which will be used to run it. There are three languages currently supported: Node.js, Python 2.7 and Java.
A common application of Lambda is for event-driven compute service where code is executed in response to events, such as changes to data in an S3 bucket, message in SNS topic, CloudWatch event etc.
Lambda function consists of code, associated dependencies and configuration. In configuration you specify how much memory should be allocated, the execution timeout, and the IAM role that Lambda will assume to execute code on your behalf. For Lambda function it is also required to specify a handler (that is, a filename and name of method/function in your code) where AWS Lambda can begin executing your code.
Notice: CPU power cannot be specified in Lambda configuration. AWS Lambda allocates it proportionally to allocated memory.
Notice: 1536 MB is the maximum memory that can be allocated to Lambda function, with a max execution duration of 300 seconds. More limits can be found here.
Event sources publish events that cause the Lambda function to be invoked. You associate an event source with your Lambda function using an event source mapping. List of event sources supported by AWS Lambda (push invocation model) includes: SNS (when you push a new message to an Amazon SNS topic, it can trigger a Lambda function), scheduled events (you can set up AWS Lambda to invoke your code on a regular, scheduled basis using the schedule event capability in CloudWatch), and S3 (you can configure notification on an Amazon S3 bucket to publish bucket events, such as when objects are created or deleted, to AWS Lambda and invoke a Lambda function to respond to these events).
Notice: Scheduled event sources are defined as CloudWatch (event rules specify expression for schedules).
Notice: Scheduled CloudWatch event sources support a minimum interval of 5 minutes. If you wish to trigger Lambda function faster you’ll need to write your own scheduler so that it will invoke Lambda with the desired frequency.
In addition to invoking Lambda functions using event sources, you can also invoke your Lambda function over HTTPS. You can do this by defining a custom REST API and endpoint using Amazon API Gateway. This is beyond the scope of this workshop , and you can find more info here.
Execution role — IAM role must grant the permissions that your Lambda function needs (e.g. read objects in S3, read messages in SNS, permissions to modify AWS resources according to code).
Notice: Execution role specifies permissions for Lambda function itself but not permissions for those entities which trigger Lambda function. So in order to make it possible for S3, SNS or CloudWatch to trigger Lambda function you should use AddPermission API call to add those permissions (or use terraform aws_lambda_permission resource instead).
Notice: IAM role specified as execution role for Lambda function must include AWS Lambda service in its trust policy to allow the function to assume this role.
Lambda function execution metrics and logs. AWS Lambda automatically monitors Lambda functions on your behalf, reporting metrics through Amazon CloudWatch. To help you troubleshoot failures in a function, Lambda logs all requests handled by your function and also automatically stores logs generated by your code through Amazon CloudWatch Logs.
Notice: In order to allow Lambda function to create logs IAM role specified in function’s configuration must have corresponding permissions to CloudWatch.
Hands On
1. Go to w5 directory in cloned Smartling/aws-terraform-workshops git repository.2. Create Autoscaling group (ASG), attach ELB to ASG.a. Finish incomplete terraform configuration and be prepared to fix mistakes.
b. Attach ELB to ASG (do not enable ELB checks for ASG, keep default EC2).c. terraform plan, terraform apply:$ aws-profile yourteam-dev terraform plan
$ aws-profile yourteam-dev terraform applyd. Check AWS resources created in this step.e. Make sure ELB DNS name can be opened with browser -- it should show nginx welcome page.3. Create SNS topic, subscribe your email to it.4. Create Lambda function for monitoring nginx behind ELB, it will send check the results to SNS (and to your mailbox).a. Finish incomplete terraform configuration to create Lambda function triggered by CloudWatch events every 5 minutes.b. terraform plan, terraform apply.c. Go to AWS Lambda console and change check URL and SNS in Lambda function’s code:Note: Make sure you specified actual DNS name of your ELB (it can be found in AWS web console or in tfstate file)d. Try to trigger Lambda function in console manually, consider what should be changed in case lambda execution fails.e. Check lambda function execution logs in CloudWatch.5. Simulate service outage by stopping nginx at instance in ASG.a. Options:i. Go to instance via SSH and run ‘sudo service docker stop’ command to shutdown container with nginx.ii. Adjust rules in ec2 security group in terraform configuration to prevent ELB from communicating with instance.b. Check that ELB doesn’t show nginx welcome page in browser anymore.c. Wait until Lambda function is executed by Cloudwatch schedule.
Make sure your received email about failed web check to your mailbox.6. Destroy aws resources by corresponding terraform command.(optional) 7. Change code of Lambda function to send custom metrics into CloudWatch e.g. 1 when web check succeeded and 0 when it failed.
Introductory story:
Series of workshops:
