Emulating Lambda to speed up development Kevin Epstein CTO CorpInfo AWS Premier Partner
What is Lambda? Scalable, Highly Available, Stateless, event driven computing Fully managed runtime environment Python Node.js Java
Why emulate Lambda? Lambda functions are usually relatively small, discreet pieces of code, so why emulate Lambda? So what? Just because Lambda functions are small pieces of code doesn t mean we should treat this code any differently to any other. Test your Lambda code locally. Automate testing - Integrate with your CI/CD Not a completely foreign idea to emulate AWS Services. DynamoDB has a local environment for testing too.
But I can test my Lambda locally sort of #!/usr/bin/python def lambda_handler(event, context): # Lambda execution entry point print "Hello World!" if name == ' main ': # Local testing entry point print "Hello World!"
But I can test my Lambda locally sort of The problem with this approach is we don t fully test Lambda functionality. Passing events to the Lambda function aren t easily testing. Context cannot be testing. Doesn t test IAM Packaging your code and uploading becomes painful quickly! http://docs.aws.amazon.com/lambda/latest/dg/eventsources.html http://docs.aws.amazon.com/lambda/latest/dg/python-context-object.html
Emulambda Emulabda is an opensource project that attempts to emulate the Lamdba environment as closely as possible. Test your Lambda locally without packaging and deploying to AWS Lambda. Shorten your feedback loops on lambda execution Some basic execution profiling. Supports IAM Lambda Execution Roles pip install -e git+https://github.com/fugue/emulambda#egg=emulambda
A practical example Development of a simple Amazon Alexa Skill If you want your skill published in the Skills portal, you need to test, test, test! Every interaction is called an Intent Every time you add new intents you have to resubmit for approval Skills can have lots of intents they all need to be tested. We want to make sure we get expected responses We want to evaluate the session state of the skill. Pair BATS (Bash Automated TestingSystem) with Emulambda
Using Emulambda to test an Alexa Skills Demo
Configuring a Lambda Function to Access Resources in an Amazon VPC Punitha Atluru Cloud Engineer CorpInfo AWS Premier Partner
Introduction AWS service resources, such as Redshift, ElastiCache, RDS or any other services running on EC2 instances are created inside Amazon Virtual Private Cloud (Amazon VPC) so that they cannot be directly accessed over the public Internet. Lambda functions are deployed outside of any VPC by default, restricting access to the private resources. Lambda function might require Internet access to fetch resources from public internet and inject into AWS services that don't have VPC endpoints, such as Amazon Kinesis or RDS
What To Do? VPC-specific configuration information (VPC subnet IDs and security group IDs) must be provided in order to enable your Lambda function to access resources inside your private VPC. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC. Note: Lambda function execution role must have permissions to create ENIs. AWS Lambda provides a predefined/managed policy, AWSLambdaVPCAccessExecutionRole giving the function access to CloudWatch Logs, and ec2 ENI related permissions
Problem ENI's attached to a Lambda functions do not get Elastic IP's. So even if we were to deploy the Lambda ENI into the public subnet, the function will not be able to reach the internet because the default route in a public subnet is the Internet Gateway.
Solution If your Lambda function needs access to private resources and Internet, choose to deploy the Lambda function in private subnets that have NAT (NAT instance or an Amazon VPC NAT gateway) as a default route to reach internet.
GOTCHA s Consider provisioning dedicated private subnets for your lambda functions. Especially if you anticipate very high concurrency a /24 subnet can only support 254 concurrent lambda executions. /23 would support 510 concurrent lambda executions, etc. Dedicated subnets for Lambda also gives you some protections. You have greater control over what the function can communicate with. You can leverage both NACL s and SG s. If you put your lambda function in the same subnet as your database, you cannot use NACL s. Reference security groups not IP s to give lambda functions access. The security group governing RDS should have a rule that references the security group-id of the lambda function.
CloudWatch Events
CloudWatch Events New Service announced in January 2016 Near real-time stream of system events that describe changes in Amazon Web Services Comprised of three main components Events Based on resource state changes Rules Match events to targets for processing Targets Process events and are specified in the rules (Current supported targets are SNS topics, SQS queues, Kinesis steams, Lambda functions, and built-in targets
Demo Demo Time Demonstrate an event (new instance being launched) Rules matches a new instance being run Target is a Lambda function which adds tags to the new instance
Use Cases Scheduled Execution of Lambda scripts (such as for EBS volume backups) Watching EC2 health to trigger functions to take corrective actions Lambda function that can debug application Public to SNS topic to notify a distribution list Public to SQS queue to inspect health-check statuses Publish autoscaling events to CloudWatch logs using Lambda
Relaunch Instance in 5 Minutes Rick Winkler Lead Solutions Architect CorpInfo AWS Premier Partner
Relaunch Instance in 5 Minutes Need to modify instance after it has launched? IAM Role Dedicated Host Subnets Etc? Creating an AMI from snapshots takes too long?
Relaunch Instance in 5 Minutes Overview Source Instance New Instance EBS Volumes
Relaunch Instance in 5 Minutes DEMO
Relaunch Instance in 5 Minutes Repository: https://github.com/corpinfo/relaunch_with_disks