aws-lambda-cheatsheet

by srcecde

AWS Lambda cheatsheet.

212 Stars 62 Forks Last release: Not found MIT License 23 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

AWS Lambda Cheatsheet

This cheatsheet is probably based on Python


Runtime Versions
Type Versions
Node.js v8.10, v6.10 and v4.3 (Deprecated)
Java Java 8
Python v2.7, v3.6, v3.7
Ruby Ruby 2.5
.NET Core .NET Core 1.0 (C#), .NET Core 2.0 (C#) and .NET Core 2.1 (C#/PowerShell Core 6.0)
Go Go 1.x

Available library for Python Execution Envionment
OS - Amazon Linux
AMI - amzn-ami-hvm-2017.03.1.20170812-x8664-gp2
Linux Kernel - 4.14.62-84.118.amzn2.x8664
AWS SDK for Python 2.7 (Boto 3) version 3-1.7.74 botocore-1.10.74
AWS SDK for Python 3.6 (Boto 3) version 3-1.7.74 botocore-1.10.74
AWS SDK for Python 3.7 – boto3-1.9.42 botocore-1.12.42
AWS SDK for JavaScript version 2.290.0

Settings | Limits
Writable Path & Space /tmp/ 512 MB
Default Memory & Execution Time 128 MB Memory
3 Second Timeout
Max Memory & Execution Time 3008 MB Memory
15 Minutes Timeout
Number of processes and threads (Total) 1024
Maximum deployment package size 50 MB
Maximum deployment package size for console editor 3 MB
Total size of deployment package per region 75 GB
Maximum size of environment variables set 4 KB
Maximum function Layers 5 layers
VPC When you enable VPC, your Lambda function will lose default internet access. If you require external internet access for your function, ensure that your security group allows outbound connections and that your VPC has a NAT gateway
Concurrency Concurrent Execution refers to the execution of number of function at a given time.
By default the limit is 1000 across all function within a given region. AWS Lambda keeps 100 for the unreserved function.
So, if there are 1000 then you can select from 900 and reserve concurrency for selected function and rest 100 is used for the unreserved function.
DLQ (Dead Letter Queue) Failed Lambda is invoked twice by default and the event is discarded. DLQ instruct lamnda to send unprocessed events to AWS SQS or AWS SNS. DLQ helps you troubleshoot and examine the unprocessed request.
Throttle Throttle will set reserved concurrency of the function to zero and it will throttle all future invocation. If the function is throttled then it will fail to run. (If the fucntion is ran from Lambda console then it will throw "Calling the Invoke API failed with message: Rate Exceeded.")

Execution Role (Common Execution Role Available)
AWSLambdaBasicExecutionRole Grants permissions only for the Amazon CloudWatch Logs actions to write logs.
AWSLambdaKinesisExecutionRole Grants permissions for Amazon Kinesis Streams actions, and CloudWatch Logs actions.
AWSLambdaDynamoDBExecutionRole Grants permissions for DynamoDB streams actions and CloudWatch Logs actions.
AWSLambdaVPCAccessExecutionRole Grants permissions for Amazon Elastic Compute Cloud (Amazon EC2) actions to manage elastic network interfaces (ENIs).
AWSXrayWriteOnlyAccess Grants permission for X-ray to to upload trace data to debug and analyze.

Add new permission
import boto3
client = boto3.client('lambda')

Role ARN can be found on the top right corner of the Lambda function

response = client.add_permission( FunctionName='string', StatementId='string', Action='string', Principal='string', SourceArn='string', SourceAccount='string', EventSourceToken='string', Qualifier='string' )


Execution | Invoke | Tweaks
A Lambda can invoke another Lambda Yes
A Lambda in one region can invoke another lambda in other region Yes
A Lambda can invoke same Lambda Yes
Exceed 5 minutes execution time Yes (Can Tweak around)
How to exceed 5 minutes execution time Self-Invoke , SNS, SQS
Asynchronous Execution Yes (Async Exec)
Invoke same Lamba with different version Yes
Invoke Request Max Payload Size (RequestResponse/synrchronous invocation) 6 MB
Invoke Request Max Payload Size (Event/asynchronous invocation) 128 KB

Setting Lambda Invoke Max Retry attempt to 0
import boto3, botocore
config = botocore.config.Config(connect_timeout=300, read_timeout=300)
invokeLam = boto3.client('lambda', region_name='us-east-1', config=config)
invokeLam.meta.events._unique_id_handlers['retry-config-lambda']['handler']._checker.__dict__['_max_attempts'] = 0


Triggers Description Requirement
API Gateway Trigger AWS Lambda function over HTTPS API Endpoint name
API Endpoint Deployment Stage
Security Role
AWS IoT Trigger AWS Lambda for performing specific action by mapping your AWS IoT Dash Button (Cloud Programmable Dash Button) DSN (Device Serial Number)
Alexa Skill Kit Trigger AWS Lambda to build services that give new skills to Alexa --
Alexa Smart Home Trigger AWS Lambda with desired skill Application ID (Skill)
Application Load Balancer Trigger AWS Lambda from ALB Application Load Balancer
Listener (It is the port that ALP receivce traffice)
Host
Path
CloudFront Trigger AWS Lambda based on difference CloudFront event. CloudFront distribution, Cache behaviour, CloudFront event (Origin request/response, Viewer request/response).
To set CloudFront trigger, one need to publish the version of Lambda.
Limitations:
Runtime is limited to Node.js 6.10
/tmp/ space is not available
Environment variables, DLQ & Amazon VPC's cannot be used
CloudWatch Events Trigger AWS Lambda on desired time interval (rate(1 day)) or on the state change of EC2, RDS, S3, Health. Rule based on either Event Pattern (time interval)
Schedule Expression (Auto Scaling on events like Instance launch and terminate
AWS API call via CloudTrail
CloudWatch Logs Trigger AWS Lambda based on the CloudWatch Logs Log Group Name
Code Commit Trigger AWS Lambda based on the AWS CodeCommit version control system Repository Name
Event Type
Cognito Sync Trigger Trigger AWS Lambda in response to event, each time the dataset is synchronized Cognito Identity Pool dataset
DynamoDB Trigger AWS Lambda whenever the DynomoDB table is updated DynamoDB Table name
Batch Size(The largest number of records that AWS Lambda will retrieve from your table at the time of invoking your function. Your function receives an event with all the retrieved records)
Kinesis Trigger AWS Lambda whenever the Kinesis stream is updated Kinesis Stream
Batch Size
S3 Trigger AWS Lambda in response to file dropped in S3 bucket Bucket Name
Event Type (Object Removed, Object Created)
SNS Trigger AWS Lambda whenever the message is published to Amazon SNS Topic SNS Topic
SQS Trigger AWS Lambda on message arrival in SQS SQS queue
Batch size
Limitation: It only works with Standard queue and not FIFO queue

Troubleshooting
Error Possible Reason Solution
File "/var/task/lambdafunction.py", line 2, in lambdahandler
return event['demoevent']
KeyError: 'demoevent'
Event does not have the key 'demoevent' or either misspelled Make sure the event is getting the desired key if it is receiving the event from any trigger.
Or if the not outside event is passed than check for misspell.
Or check the event list by printing event.
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetParameters operation: User: arn:aws:dummy::1234:assumed-role/role/ is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:dummy Lacks Permission to access Assign appropriate permission for accessibility
ImportError: Missing required dependencies [‘module'] Dependent module is missing Install/Upload the required module
sqlalchemy.exc.OperationalError: (psycopg2.OperationalError) could not translate host name "host.dummy.region.rds.amazonaws.com" to address: Name or service not known RDS Host is unavailable Make sure the RDS instance is up and running.
Double check the RDS hostname
[Errno 32] Broken pipe Connection is lost (Either from your side or may be some problem from AWS)
While invoking another Lambda, if the payload size exceed the mentioned limit
Make sure if you are passing the payload of right size.
Check for the connection.
Unable to import module ‘lambdafunction/index’ No module named ‘lambdafunction' Handler configuration is not matching the main file name Update the handler configuration as per your filename.function_name
OperationalError: (psycopg2.OperationalError) terminating connection due to administrator command SSL connection has been closed unexpectedly RDS/Database System has been rebooted.
In a typical web application using an ORM (SQLAlchemy) Session, the above condition would correspond to a single request failing with a 500 error, then the web application continuing normally beyond that. Hence the approach is “optimistic” in that frequent database restarts are not anticipated.
Give second try
Error code 429 The function is throttled. Basically the reserved concurrency is set to zero or it have reach the account level throttle.
(The function that is invoked synchronous and if it is throttled then it will return 429 error. If the lambda function is invoked asynchronously and if it is throttled then it will retry the throttled event for upto 6 hours.)
Check for the reserved concurrency limit or throttle status for the individual function. Or check for the account level concurrent execution limit

AWS Lambda CLI commands


Add Permission

It add mention permission to the Lambda function

Syntax

  add-permission
--function-name 
--statement-id 
--action 
--principal 
[--source-arn ]
[--source-account ]
[--event-source-token ]
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

add-permission --function-name functionName --statement-id role-statement-id --action lambda:CreateFunction --principal s3.amazonaws.com


Create Alias

It creates alias for the given Lambda function name

Syntax

  create-alias
--function-name 
--name 
--function-version 
[--description ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

create-alias --function-name functionName --name fliasName --function-version version


Create Event Source Mapping

It identify event-source from Amazon Kinesis stream or an Amazon DynamoDB stream

  create-event-source-mapping
--event-source-arn 
--function-name 
[--enabled | --no-enabled]
[--batch-size ]
--starting-position 
[--starting-position-timestamp ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

create-event-source-mapping --event-source-arn arn:aws:kinesis:us-west-1:1111 --function-name functionName --starting-position LATEST


Create Function

It creates the new function

Syntax

  create-function
--function-name 
--runtime 
--role 
--handler 
[--code ]
[--description ]
[--timeout ]
[--memory-size ]
[--publish | --no-publish]
[--vpc-config ]
[--dead-letter-config ]
[--environment ]
[--kms-key-arn ]
[--tracing-config ]
[--tags ]
[--zip-file ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

create-function --function-name functionName --runtime python3.6 --role arn:aws:iam::account-id:role/lambda_basic_execution
 --handler main.handler


Delete Alias

It deletes the alias

Syntax

  delete-alias
--function-name 
--name 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

delete-alias --function-name functionName --name aliasName


Delete Event Source Mapping

It deletes the event source mapping

Syntax

  delete-event-source-mapping
--uuid 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

delete-event-source-mapping --uuid 12345kxodurf3443


Delete Function

It will delete the function and all the associated settings

Syntax

  delete-function
--function-name 
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

delete-function --function-name FunctionName


Get Account Settings

It will fetch the user’s account settings

Syntax

  get-account-settings
[--cli-input-json ]
[--generate-cli-skeleton ]


Get Alias

It returns the desired alias information like description, ARN

Syntax

  get-alias
--function-name 
--name 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

get-alias --function-name functionName --name aliasName


Get Event Source Mapping

It returns the config information for the desired event source mapping

Syntax

  get-event-source-mapping
--uuid 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

get-event-source-mapping --uuid 12345kxodurf3443


Get Function

It returns the Lambda Function information

Syntax

  get-function
--function-name 
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

get-function --function-name functionName


Get Function Configuration

It returns the Lambda function configuration

Syntax

  get-function-configuration
--function-name 
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

  get-function-configuration --function-name functionName


Get Policy

It return the linked policy with Lambda function

Syntax

  get-policy
--function-name 
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

get-policy --function-name functionName


Invoke

It invoke the mention Lambda function name

  invoke
--function-name 
[--invocation-type ]
[--log-type ]
[--client-context ]
[--payload ]
[--qualifier ]

Example

invoke --function-name functionName


List Aliases

It return all the aliases that is created for Lambda function

Syntax

  list-aliases
--function-name 
[--function-version ]
[--marker ]
[--max-items ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

  list-aliases --function-name functionName


List Event Source Mappings

It return all the list event source mappings that is created with create-event-source-mapping

Syntax

  list-event-source-mappings
[--event-source-arn ]
[--function-name ]
[--max-items ]
[--cli-input-json ]
[--starting-token ]
[--page-size ]
[--generate-cli-skeleton ]

Example

  list-event-source-mappings --event-source-arn arn:aws:arn --function-name functionName


List Functions

It return all the Lambda function

Syntax

  list-functions
[--master-region ]
[--function-version ]
[--max-items ]
[--cli-input-json ]
[--starting-token ]
[--page-size ]
[--generate-cli-skeleton ]

Example

  list-functions --master-region us-west-1 --function-version ALL


List Tags

It return the list of tags that are assigned to the Lambda function

Syntax

  list-tags
--resource 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

  list-tags --resource arn:aws:function


List Versions by functions

It return all the versions of the desired Lambda function

Syntax

  list-versions-by-function
--function-name 
[--marker ]
[--max-items ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

list-versions-by-function --function-name functionName


Publish Version

It publish the version of the Lambda function from $LATEST snapshot

Syntax

  publish-version
--function-name 
[--code-sha-256 ]
[--description ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

  publish-version --function-name functionName


Remove Permission

It remove the single permission from the policy that is linked with the Lambda function

Syntax

 remove-permission
--function-name 
--statement-id 
[--qualifier ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

 remove-permission --function-name functionName --statement-id role-statement-id


Tag Resource

It creates the tags for the lambda function in the form of key-value pair

Syntax

  tag-resource
--resource 
--tags 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

tag-resource --resource arn:aws:arn --tags {‘key’: ‘pair’}


Untag Resource

It remove tags from the Lambda function

Syntax

 untag-resource
--resource 
--tag-keys 
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

untag-resource --resource arn:aws:complete --tag-keys [‘key1’, ‘key2’]


Update Alias

It update the alias name of the desired lambda function

Syntax

  update-alias
--function-name 
--name 
[--function-version ]
[--description ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

update-alias --function-name functionName --name aliasName


Update Event Source Mapping

It updates the event source mapping incase you want to change the existing parameters

Syntax

  update-event-source-mapping
--uuid 
[--function-name ]
[--enabled | --no-enabled]
[--batch-size ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

update-event-source-mapping --uuid 12345kxodurf3443


Update Function Code

It updates the code of the desired Lambda function

Syntax

  update-function-code
--function-name 
[--zip-file ]
[--s3-bucket ]
[--s3-key ]
[--s3-object-version ]
[--publish | --no-publish]
[--dry-run | --no-dry-run]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

update-function-code --function-name functionName


Update Function Configuration

It updates the configuration of the desired Lambda function

Syntax

  update-function-configuration
--function-name 
[--role ]
[--handler ]
[--description ]
[--timeout ]
[--memory-size ]
[--vpc-config ]
[--environment ]
[--runtime ]
[--dead-letter-config ]
[--kms-key-arn ]
[--tracing-config ]
[--cli-input-json ]
[--generate-cli-skeleton ]

Example

update-function-configuration --function-name functionName


References


For queries or issues, feel free to contact or open an issue

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.