- Compute›
- AWS Lambda›
- FAQs
AWS Lambda FAQs
Page topics
GeneralGeneral
Q: What is AWS Lambda?
Q: What is serverless computing?
Serverless computing allows you to build and run applications and services without thinking about servers. With serverless computing, your application still runs on servers, but all the server management is done by AWS. At the core of serverless computing is AWS Lambda, which lets you run your code without provisioning or managing servers.
Q: What events can trigger an AWS Lambda function?
Please see our documentation for a complete list of event sources.
Q: When should I use AWS Lambda versus Amazon EC2?
Amazon Web Services offers a set of compute services to meet a range of needs.
Amazon EC2 offers flexibility, with a wide range of instance types and the option to customize the operating system, network and security settings, and the entire software stack, allowing you to easily move existing applications to the cloud. With Amazon EC2 you are responsible for provisioning capacity, monitoring fleet health and performance, and designing for fault tolerance and scalability. AWS Elastic Beanstalk offers an easy-to-use service for deploying and scaling web applications in which you retain ownership and full control over the underlying EC2 instances. Amazon EC2 Container Service is a scalable management service that supports Docker containers and allows you to easily run distributed applications on a managed cluster of Amazon EC2 instances.
AWS Lambda makes it easy to execute code in response to events, such as changes to Amazon S3 buckets, updates to an Amazon DynamoDB table, or custom events generated by your applications or devices. With Lambda, you do not have to provision your own instances; Lambda performs all the operational and administrative activities on your behalf, including capacity provisioning, monitoring fleet health, applying security patches to the underlying compute resources, deploying your code, running a web service front end, and monitoring and logging your code. AWS Lambda provides easy scaling and high availability to your code without additional effort on your part.
Q: What kind of code can run on AWS Lambda?
Q: What languages does AWS Lambda support?
Q: Can I access the infrastructure that AWS Lambda runs on?
Q: How does AWS Lambda isolate my code?
Q: How does AWS Lambda secure my code?
Q: What AWS regions are available for AWS Lambda?
Please refer to the AWS Global Infrastructure Region Table.
AWS Lambda Functions
Q: What is an AWS Lambda function?
Q: Will AWS Lambda reuse function instances?
To improve performance, AWS Lambda may choose to retain an instance of your function and reuse it to serve a subsequent request, rather than creating a new copy. To learn more about how Lambda reuses function instances, visit our documentation. Your code should not assume that this will always happen.
Q: What if I need scratch space on disk for my AWS Lambda function?
You can configure each Lambda function with its own ephemeral storage between 512MB and 10,240MB, in 1MB increments. The ephemeral storage is available in each function’s /tmp directory.
Each function has access to 512MB of storage at no additional cost. When configuring your functions with more than 512MB of ephemeral storage, you will be charged based on the amount of storage you configure, and how long your function runs, metered in 1ms increments. For comparison, in the US East (Ohio) region, the AWS Fargate ephemeral storage price is $0.000111 per GB-hour, or $0.08 per GB-month. Amazon EBS gp3 storage volume pricing in US East (Ohio) is $0.08 per GB-month. AWS Lambda ephemeral storage pricing is $0.0000000309 per GB-second, or $0.000111 per GB-hour and $0.08 per GB-month. To learn more, see AWS Lambda Pricing.
Q: How do I configure my application to use AWS Lambda ephemeral storage?
Q: Is AWS Lambda ephemeral storage encrypted?
Q: What metrics can I use to monitor my AWS Lambda ephemeral storage usage?
You can use AWS CloudWatch Lambda Insight metrics to monitor your ephemeral storage usage. To learn more, see the AWS CloudWatch Lambda Insights documentation.
Q: When should I use Amazon S3, Amazon EFS, or AWS Lambda ephemeral storage for my serverless applications?
If your application needs durable, persistent storage, consider using Amazon S3 or Amazon EFS. If your application requires storing data needed by code in a single function invocation, consider using AWS Lambda ephemeral storage as a transient cache. To learn more, please see Choosing between AWS Lambda data storage options in web apps.
Q: Can I use ephemeral storage while Provisioned Concurrency is enabled for my function?
Yes. However, if you application needs persistent storage, consider using Amazon EFS or Amazon S3. When you enable Provisioned Concurrency for your function, your function's initialization code runs during allocation and every few hours, as running instances of your function are recycled. You can see the initialization time in logs and traces after an instance processes a request. However, initialization is billed even if the instance never processes a request. This Provisioned Concurrency initialization behavior may affect how your function interacts with data you store in ephemeral storage, even when your function isn’t processing requests. To learn more about Provisioned Concurrency, please see the relevant documentation.
Q: How do I configure my application to use AWS Lambda ephemeral storage?
Q: Is AWS Lambda ephemeral storage encrypted?
Q: What metrics can I use to monitor my AWS Lambda ephemeral storage usage?
You can use AWS CloudWatch Lambda Insight metrics to monitor your ephemeral storage usage. To learn more, see the AWS CloudWatch Lambda Insights documentation.
Q: Why must AWS Lambda functions be stateless?
Q: Can I use threads and processes in my AWS Lambda function code?
Q: What restrictions apply to AWS Lambda function code?
Q: How do I create an AWS Lambda function using the Lambda console?
If you are using Node.js or Python, you can author the code for your function using code editor in the AWS Lambda console, which lets you author and test your functions, and view the results of function executions in a robust, IDE-like environment. Go to the console to get started.
You can also package the code (and any dependent libraries) as a ZIP and upload it using the AWS Lambda console from your local environment or specify an Amazon S3 location where the ZIP file is located. Uploads must be no larger than 50MB (compressed). You can use the AWS Eclipse plugin to author and deploy Lambda functions in Java. You can use the Visual Studio plugin to author and deploy Lambda functions in C#, and Node.js.
Q: How do I create an AWS Lambda function using the Lambda CLI?
You can package the code (and any dependent libraries) as a ZIP and upload it using the AWS CLI from your local environment, or specify an Amazon S3 location where the ZIP file is located. Uploads must be no larger than 50MB (compressed). Visit the Lambda Getting Started guide to get started.
Q: Does AWS Lambda support environment variables?
Yes. You can easily create and modify environment variables from the AWS Lambda Console, CLI, or SDKs. To learn more about environment variables, see the documentation.
Q: Can I store sensitive information in environment variables?
For sensitive information, such as database passwords, we recommend you use client-side encryption using AWS Key Management Service and store the resulting values as ciphertext in your environment variable. You will need to include logic in your AWS Lambda function code to decrypt these values.
Q: How can I manage my AWS Lambda functions?
You can adjust and secure the resources associated with your Lambda function using the Lambda API or console. To learn more about it, see the documentation.
Q: Can I share code across functions?
Yes, you can package any code (frameworks, SDKs, libraries, and more) as a Lambda Layer and manage and share them easily across multiple functions.
Q: How do I monitor an AWS Lambda function?
AWS Lambda automatically monitors Lambda functions on your behalf, reporting real-time metrics through Amazon CloudWatch, including total requests, account-level and function-level concurrency usage, latency, error rates, and throttled requests. You can view statistics for each of your Lambda functions via the Amazon CloudWatch console or through the AWS Lambda console. You can also call third-party monitoring APIs in your Lambda function.
Visit Troubleshooting CloudWatch metrics to learn more. Standard charges for AWS Lambda apply to use Lambda’s built-in metrics.
Q: How do I troubleshoot failures in an AWS Lambda function?
AWS Lambda automatically integrates with Amazon CloudWatch logs, creating a log group for each Lambda function and providing basic application lifecycle event log entries, including logging the resources consumed for each use of that function. You can easily insert additional logging statements into your code. You can also call third-party logging APIs in your Lambda function. Visit Troubleshooting Lambda functions to learn more. Amazon CloudWatch Logs rates will apply.
Q: How do I scale an AWS Lambda function?
Q: How are compute resources assigned to an AWS Lambda function?
In the AWS Lambda resource model, you choose the amount of memory you want for your function, and are allocated proportional CPU power and other resources. For example, choosing 256MB of memory allocates approximately twice as much CPU power to your Lambda function as requesting 128MB of memory and half as much CPU power as choosing 512MB of memory. To learn more, see our Function Configuration documentation.
You can set your memory from 128MB to 10,240MB.
Q: When should I use AWS Lambda functions with more than 3008 MB of memory?
Q: How long can an AWS Lambda function execute?
Q: How will I be charged for using AWS Lambda functions?
AWS Lambda is priced on a pay-per-use basis. Please see the AWS Lambda pricing page for details.
Q: Can I save money on AWS Lambda with a Compute Savings Plan?
Q: Does AWS Lambda support versioning?
Yes. By default, each AWS Lambda function has a single, current version of the code. Clients of your Lambda function can call a specific version or get the latest implementation. Please read our documentation on versioning Lambda functions.
Q: How long after uploading my code will my AWS Lambda function be ready to call?
Q: Can I use my own version of a supported library?
Q: How does tiered pricing work?
AWS Lambda offers discounted pricing tiers for monthly on-demand function duration above certain thresholds. Tiered pricing is available for functions running on both x86 and Arm architectures. Lambda pricing tiers are applied to aggregate monthly on-demand duration of your functions running on the same architecture (x86 or Arm, respectively), in the same region, within the account. If you’re using consolidated billing in AWS Organizations, pricing tiers are applied to the aggregate monthly duration of your functions running on the same architecture, in the same region, across the accounts in the organization. For example, if you are running x86 Lambda functions in the US East (Ohio) region, you will pay $0.0000166667 for every GB-second for the first 6 billion GB-seconds per month, $0.0000150000 for every GB-second for the next 9 billion GB-seconds per month, and $0.0000133334 for every GB-second over 15 billion GB-seconds per month, in that region. Pricing for Requests, Provisioned Concurrency, and Provisioned Concurrency Duration remains unchanged. For more information, please see AWS Lambda Pricing
Q: Can I take advantage of both tiered pricing, and Compute Savings Plans?
Yes. Lambda usage that is covered by your hourly savings plan commitment is billed at the applicable CSP rate and discount. The remaining usage that is not covered by this commitment will be billed at the rate corresponding to the tier your monthly aggregate function duration falls in.
Using AWS Lambda to process AWS events
Q: What is an event source?
Q: What event sources can be used with AWS Lambda?
Please see our documentation for a complete list of event sources.
Q: How are events represented in AWS Lambda?
Events are passed to a Lambda function as an event input parameter. For event sources where events arrive in batches, such as Amazon SQS, Amazon Kinesis, and Amazon DynamoDB Streams, the event parameter may contain multiple events in a single call, based on the batch size you request. To learn more about Amazon S3 event notifications, visit Configuring Notifications for Amazon S3 Events. To learn more about Amazon DynamoDB Streams, visit the DynamoDB Stream Developers Guide. To learn more about invoking Lambda functions using Amazon SNS, visit the Amazon SNS Developers Guide. For more information on Amazon Cognito events, visit Amazon Cognito. For more information on AWS CloudTrail logs and auditing API calls across AWS services, see AWS CloudTrail.
Q: How do I make an AWS Lambda function respond to changes in an Amazon S3 bucket?
Q: How do I make an AWS Lambda function respond to updates in an Amazon DynamoDB table?
Q: How do I use an AWS Lambda function to process records in an Amazon Kinesis stream?
Q: How does AWS Lambda process data from Amazon Kinesis streams and Amazon DynamoDB Streams?
Q: How should I choose between AWS Lambda and Amazon Kinesis Data Analytics for my analytics needs?
AWS Lambda allows you to perform time-based aggregations (such as count, max, sum, average, etc.) over a short window of up to 15 minutes for your data in Amazon Kinesis or Amazon DynamoDB Streams over a single logical partition such as a shard. This gives you the option to easily set up simple analytics for your event-based application without adding architectural complexity, as your business and analytics logic can be located in the same function. Lambda allows aggregations over a maximum of a 15-minute tumbling window, based on the event timestamp. Amazon Kinesis Data Analytics allows you to build more complex analytics applications that support flexible processing choices and robust fault-tolerance with exactly-once processing without duplicates, and analytics that can be performed over an entire data stream across multiple logical partitions. With KDA, you can analyze data over multiple types of aggregation windows (tumbling window, stagger window, sliding window, session window) using either the event time or the processing time.
AWS Lambda | Amazon KDA | |
---|---|---|
Tumbling Window | Yes | Yes |
Stagger Window | No | Yes |
Sliding Window | No | Yes |
Session Window | No | Yes |
Enrichment | No | Yes |
Joint input and reference tables | No | Yes |
Split input stream | No | Yes |
Exactly-once processing | No | Yes |
Maximum time window | 15 mins | No limit |
Aggregation scope | Partition/shard | Stream |
Time semantics | Event time | Event time, Processing time |
Q: How do I use an AWS Lambda function to respond to notifications sent by Amazon Simple Notification Service (SNS)?
Q: How do I use an AWS Lambda function to respond to emails sent by Amazon Simple Email Service (SES)?
Q: How do I use an AWS Lambda function to respond to Amazon CloudWatch alarms?
First, configure the alarm to send Amazon SNS notifications. Then from the AWS Lambda console, select a Lambda function and associate it with that Amazon SNS topic. See the Amazon CloudWatch Developer Guide for more on setting up Amazon CloudWatch alarms.
Q: How do I use an AWS Lambda function to respond to changes in user or device data managed by Amazon Cognito?
From the AWS Lambda console, you can select a function to trigger when any datasets associated with an Amazon Cognito identity pool are synchronized. This same functionality is also available through the AWS SDK and CLI. Visit Amazon Cognito for more information on using Amazon Cognito to share and synchronize data across a user’s devices.
Q: How can my application trigger an AWS Lambda function directly?
You can invoke a Lambda function using a custom event through AWS Lambda’s invoke API. Only the function owner or another AWS account that the owner has granted permission can invoke the function. Visit the Lambda Developers Guide to learn more.
Q: What is the latency of invoking an AWS Lambda function in response to an event?
Q: How do I create a mobile backend using AWS Lambda?
You upload the code you want AWS Lambda to execute and then invoke it from your mobile app using the AWS Lambda SDK included in the AWS Mobile SDK. You can make both direct (synchronous) calls to retrieve or check data in real time, as well as asynchronous calls. You can also define a custom API using Amazon API Gateway and invoke your Lambda functions through any REST compatible client. To learn more about the AWS Mobile SDK, visit the AWS Mobile SDK page. To learn more about Amazon API Gateway, visit the Amazon API Gateway page.
Q: How do I invoke an AWS Lambda function over HTTPS?
Q: How can my AWS Lambda function customize its behavior to the device and app making the request?
Q: How can my AWS Lambda function personalize its behavior based on the identity of the end-user of an application?
Q: How do I create an Alexa skill using AWS Lambda?
Q: What happens if my function fails while processing an event?
Using AWS Lambda to build applications
Q: What is a serverless application?
Q: How do I deploy and manage a serverless application?
Q: How can I discover existing serverless applications developed by the AWS community?
You can choose from a collection of serverless applications published by developers, companies, and partners in the AWS community with the AWS Serverless Application Repository. After finding an application, you can configure and deploy it straight from the Lambda console.
Q: How do I automate deployment for a serverless application?
You can automate your serverless application release process using AWS CodePipeline and AWS CodeDeploy. CodePipeline is a continuous delivery service that enables you to model, visualize and automate the steps required to release your serverless application. CodeDeploy provides a deployment automation engine for your Lambda-based applications. CodeDeploy lets you orchestrate deployments according to established best-practice methodologies such as canary and linear deployments, and helps you establish the necessary guardrails to verify that newly-deployed code is safe, stable, and ready to be fully released to production.
To learn more about serverless CI/CD, visit our documentation.
Q: How do I get started on building a serverless application?
To get started, visit the AWS Lambda console and download one of our blueprints. The file you download will contain an AWS SAM file (which defines the AWS resources in your application) and a .ZIP file (which includes your function code). You can then use AWS CloudFormation commands to package and deploy the serverless application that you just downloaded. For more details, visit our documentation.
Q: How do I coordinate calls between multiple AWS Lambda functions?
You can use AWS Step Functions to coordinate a series of AWS Lambda functions in a specific order. You can invoke multiple Lambda functions sequentially, passing the output of one to the other, and/or in parallel, and Step Functions will maintain state during executions for you.
Q: How do I troubleshoot a serverless application?
You can enable your Lambda function for tracing with AWS X-Ray by adding X-Ray permissions to your Lambda function execution role and changing your function “tracing mode” to “active. ” When X-Ray is enabled for your Lambda function, AWS Lambda will emit tracing information to X-Ray regarding the Lambda service overhead incurred when invoking your function. This will provide you with insights such as Lambda service overhead, function init time, and function execution time. In addition, you can include the X-Ray SDK in your Lambda deployment package to create your own trace segments, annotate your traces, or view trace segments for downstream calls made from your Lambda function. X-Ray SDKs are currently available for Node.js and Java. Visit Troubleshooting Lambda-based applications to learn more. AWS X-Ray rates will apply.
Q. Can I build serverless applications that connect to relational databases?
Yes. You can build highly scalable, secure, Lambda-based serverless applications that connect to relational databases using Amazon RDS Proxy, a highly available database proxy that manages thousands of concurrent connections to relational databases. Currently, RDS Proxy supports MySQL and Aurora databases. You can begin using RDS Proxy through the Amazon RDS console or the AWS Lambda console. Serverless applications that use fully managed connection pools from RDS Proxy will be billed according to RDS Proxy Pricing.
Q: How is AWS SAM licensed?
The specification is open sourced under Apache 2.0, which allows you and others to adopt and incorporate AWS SAM into build, deployment, monitoring, and management tools with a commercial-friendly license. You can access the AWS SAM repository on GitHub here.
Container image support
Q: What is Container Image Support for AWS Lambda?
Q: How can I use Container Image Support for AWS Lambda?
Q: Which container image types are supported?
Q: What base images can I use?
Q: What container tools can I use to package and deploy functions as container images?
Q: What AWS Lambda features are available to functions deployed as container images?
Q: Will AWS Lambda patch and update my deployed container image?
Q: What are the differences between functions created using ZIP archives vs. container images?
There are three main differences between functions created using ZIP archives vs. container images:
- Functions created using ZIP archives have a maximum code package size of 250 MB unzipped, and those created using container images have a maximum image size of 10 GB.
- Lambda uses Amazon ECR as the underlying code storage for functions defined as container images, so a function may not be invocable when the underlying image is deleted from ECR.
- ZIP functions are automatically patched for the latest runtime security and bug fixes. Functions defined as container images are immutable, and customers are responsible for the components packaged in their function. Customers can leverage the AWS provided base images which are regularly updated by AWS for security and bug fixes, using the most recent patches available.
Q: Is there a performance difference between functions defined as zip and container images?
Q: How will I be charged for deploying Lambda functions as container images?
There is no additional charge for packaging and deploying functions as container images to AWS Lambda. When you invoke your function deployed as a container image, you pay the regular price for requests and execution duration. To learn more, visit AWS Lambda pricing. You will be charged for storing your container images in Amazon ECR at the standard ECR prices. To learn more, visit Amazon ECR pricing.
Q: What is the Lambda Runtime Interface Emulator (RIE)?
The Lambda Runtime Interface Emulator is a proxy for the Lambda Runtime API,which allows customers to locally test their Lambda function packaged as a container image. It is a lightweight web server that converts HTTP requests to JSON events and emulates the Lambda Runtime API. It allows you to locally test your functions using familiar tools such as cURL and the Docker CLI (when testing functions packaged as container images). It also simplifies running your application on additional compute services. You can include the Lambda Runtime Interface Emulator in your container image to have it accept HTTP requests natively instead of the JSON events required for deployment to Lambda. This component does not emulate the Lambda orchestrator, or security and authentication configurations. The Runtime Interface Emulator is open sourced on GitHub. You can get started by downloading and installing it on your local machine.
Q: Why do I need the Lambda Runtime Interface Emulator (RIE) during local testing?
Q: What function behaviors can I test locally with the emulator?
Q: How does the Runtime Interface Emulator (RIE) help me run my Lambda compatible image on additional compute services?
Customers can add the Runtime Interface Emulator as the entry point to the container image or package it as a sidecar to ensure the container image now accepts HTTP requests instead of JSON events. This simplifies the changes required to run their container image on additional compute services. Customers will be responsible for ensuring they follow all security, performance, and concurrency best practices for their chosen environment. RIE is pre-packaged into the AWS Lambda provided images, and is available by default in AWS SAM CLI. Base image providers can use the documentation to provide the same experience for their base images.
Q: How can I deploy my existing containerized application to AWS Lambda?
You can deploy a containerized application to AWS Lambda if it meets the below requirements:
- The container image must implement the Lambda Runtime API. We have open-sourced a set of software packages, Runtime Interface Clients (RIC), that implement the Lambda Runtime API, allowing you to seamlessly extend your preferred base images to be Lambda compatible.
- The container image must be able to run on a read-only filesystem. Your function code can access a writable /tmp directory storage of 512 MB. If you are using an image that requires a writable root directory, configure it to write to the /tmp directory.
- The files required for the execution of function code can be read by the default Lambda user. Lambda defines a default Linux user with least-privileged permissions that follows security best practices. You need to verify that your application code does not rely on files that are restricted by other Linux users for execution.
- It is a Linux based container image.
AWS Lambda Snapstart
Q. What is AWS Lambda SnapStart?
AWS SnapStart can improve startup performance from several seconds to as low as sub-second for latency sensitive applications. SnapStart works by snapshotting your function's initialized memory (and disk) state and caching this snapshot for low-latency access. When your function is subsequently invoked, Lambda resumes execution environments from this pre-initialized snapshot instead of initializing them from scratch, improving startup latency. For resiliency, Lambda maintains cached copies of your snapshot and automatically applies software updates, such as runtime upgrades and security patches to them.
Q. How do I configure my Lambda function to use Lambda SnapStart?
Lambda SnapStart is a simple function level configuration that can be configured for new and existing functions by using Lambda API, the AWS Management Console, AWS Command Line Interface (CLI), AWS SDK, AWS Cloud Development Kit (CDK), AWS CloudFormation, and the AWS Serverless Application Model (SAM). When you configure Lambda SnapStart, every function version that is published thereafter benefits from the improved startup performance offered by Lambda SnapStart. To learn more about Lambda SnapStart, see the documentation.
Q. How do I choose between Lambda SnapStart and Provisioned Concurrency (PC)?
Lambda SnapStart is a performance optimization that helps your functions to achieve faster start-up times by reducing the variable latency incurred during execution of one-time initialization code. While Lambda SnapStart reduces startup latency, it works as a best-effort optimization, and does not guarantee elimination of cold starts. If your application has strict latency requirements and requires double-digit millisecond startup times, we recommend you use PC.
Q. Which runtimes does Lambda SnapStart support?
Lambda SnapStart supports multiple runtimes, including Java 11 (and newer), Python 3.12 (and newer) and .NET 8 (and newer). Future versions of runtimes will be supported after they are released. For all runtimes supported by Lambda, see the Lambda runtimes documentation.
Q. Can I enable both Lambda SnapStart and PC on the same function?
Q. Can I configure a Lambda SnapStart function with a virtual private cloud (VPC)?
Yes. You can configure a Lambda SnapStart function to access resources in a virtual private cloud (VPC). For more information on how to configure your function with a VPC, see the Lambda documentation.
Q. Can I configure Lambda SnapStart on both x86 and Arm architectures?
Yes. You can configure Lambda SnapStart for functions running on both x86 and Arm architectures.
Q. Can I enable Lambda SnapStart with Amazon Elastic File System (EFS)?
Q. Can I enable Lambda SnapStart with larger ephemeral storage (/tmp) beyond 512 MB?
Q. Does the process of caching and resuming from snapshots introduce software compatibility considerations?
Yes. If your code assumes uniqueness of state, you need to evaluate your code’s resilience to snapshot operations (such as being cloned and resumed). To learn more on uniqueness considerations with Lambda SnapStart, see the documentation and blog on understanding uniqueness in VM snapshots with Lambda SnapStart.
Q. Can I execute my own code before a snapshot is created or when the function is resumed from snapshot?
Yes. You can implement your own software logic before creating (checkpointing) a snapshot and after restoring a snapshot using runtime hooks. To learn more, see the Lambda SnapStart documentation.
Q. Will I be charged for Lambda SnapStart?
Yes, you will be charged for caching a snapshot over the period that your function version is active, for a minimum of 3 hours and per milli-second thereafter. The price depends on the amount of memory you allocate to your function. You are also charged each time Lambda resumes an execution environment by restoring your snapshot, with the price depending on the amount of memory you allocate to your function. To learn more about pricing for SnapStart, visit AWS Lambda Pricing.
SnapStart pricing does not apply to supported Java managed runtimes, which can only cache a snapshot for up to 14 days.
Q. How are duration charges calculated for SnapStart?
Like all Lambda functions, duration charges apply to SnapStart functions. For functions using SnapStart, duration includes the time it takes for the runtime to load, any code that runs in a runtime hook, and the initialization code executed when creating snapshot copies for resilience.
Q. How long do the snapshots for the published function version stay cached with Lambda SnapStart?
With Lambda SnapStart for Python and .NET, your function snapshots remain active as long as your function is active. For Java functions, the snapshot associated with a published function expires if it remains inactive for more than 14 days.
Q. How can I encrypt the snapshots of initialized execution environment created by Lambda SnapStart?
Snapshots are encrypted be default with customer-unique AWS Key Management Service (KMS) keys owned and managed by the Lambda service. Customers can also encrypt snapshots using a KMS key owned and managed by the customer.
Q. Is there a time limit for how long my code initialization can run with Lambda SnapStart?
Provisioned Concurency
Q: What is AWS Lambda Provisioned Concurrency?
Q: How do I set up and manage Provisioned Concurrency?
You can configure concurrency on your function through the AWS Management Console, the Lambda API, the AWS CLI, and AWS CloudFormation. The simplest way to benefit from Provisioned Concurrency is by using AWS Auto Scaling. You can use Application Auto Scaling to configure schedules, or have Auto Scaling automatically adjust the level of Provisioned Concurrency in real time as demand changes. To learn more about Provisioned Concurrency, see the documentation.
Q: Do I need to change my code if I want to use Provisioned Concurrency?
Q: How will I be charged for Provisioned Concurrency?
Provisioned Concurrency adds a pricing dimension, of ‘Provisioned Concurrency’, for keeping functions initialized. When enabled, you pay for the amount of concurrency that you configure and for the period of time that you configure it. When your function executes while Provisioned Concurrency is configured on it, you also pay for Requests and execution Duration. To learn more about the pricing of Provisioned Concurrency, see AWS Lambda Pricing.
Q: When should I use Provisioned Concurrency?
Q: What happens if a function receives invocations above the configured level of Provisioned Concurrency?
AWS Lambda functions powered by Graviton2 processors
Q: What are AWS Lambda functions powered by Graviton2 processors?
Q: Why should I use AWS Lambda functions powered by Graviton2 processors?
Q: How do I configure my functions to run on Graviton2 processors?
Q: How do I deploy my application built using functions powered by Graviton2 processors?
Q: Do I need an Arm-based development machine to create, build, and test functions powered by Graviton2 processors locally?
Interpreted languages like Python, Java, and Node generally do not require recompilation unless your code references libraries that use architecture specific components. In those cases, you would need to provide the libraries targeted to arm64. For more details, please see the Getting started with AWS Graviton page. Non-interpreted languages will require compiling your code to target arm64. While more modern compilers will produce compiled code for arm64, you will need to deploy it into an arm-based environment to test. To learn more about using Lambda functions with Graviton2, please see the documentation.
Q: Can an application use both functions powered by Graviton2 processors and x86 processors?
Q: Does AWS Lambda support multi-architecture container images?
Q: Can I create AWS Lambda Layers that target functions powered by AWS Graviton2 processors?
Q: What languages and runtimes are supported by Lambda functions running on Graviton2 processors?
At launch, customers can use Python, Node.js, Java, Ruby, .Net Core, Custom Runtime (provided.al2), and OCI Base images. To learn more, please see the AWS Lambda Runtimes.
Q: What is the pricing of AWS Lambda functions powered by AWS Graviton2 processors? Does the AWS Lambda free tier apply to functions powered by Graviton2?
Q: How do I choose between running my functions on Graviton2 processors or x86 processors?
Each workload is unique and we recommend customers test their functions to determine the price performance improvement they might see. To do that, we recommend using the AWS Lambda Power Tuning tool. We recommend starting with web and mobile backends, data, and stream processing when testing your workloads for potential price performance improvements.
Amazon EFS for AWS Lambda
Q: What is Amazon EFS for AWS Lambda?
Q: How do I set up Amazon EFS for Lambda?
Developers can easily connect an existing EFS file system to a Lambda function via an EFS Access Point by using the console, CLI, or SDK. When the function is first invoked, the file system is automatically mounted and made available to function code. You can learn more in the documentation.
Q: Do I need to configure my function with VPC settings before I can use my Amazon EFS file system?
Q: Who should use Amazon EFS for Lambda?
Q: Will my data be encrypted in transit?
Q: Is my data encrypted at rest?
Q: How will I be charged for Amazon EFS for AWS Lambda?
There is no additional charge for using Amazon EFS for AWS Lambda. Customers pay the standard price for AWS Lambda and for Amazon EFS. When using Lambda and EFS in the same availability zone, customers are not charged for data transfer. However, if they use VPC peering for Cross-Account access, they will incur data transfer charges. To learn more, please see Pricing.
Q: Can I associate more than one Amazon EFS file system with my AWS Lambda function?
Q: Can I use the same Amazon EFS file system across multiple functions, containers, and instances?
Lambda Functions URLs
Q: Do AWS Lambda functions support HTTP(S) endpoints?
Q: How do I configure a Lambda function URL for my function?
You can configure a function URL for your function through the AWS Management Console, the AWS Lambda API, the AWS CLI, AWS CloudFormation, and the AWS Serverless Application Model. Function URLs can be enabled on the $LATEST unqualified version of your function, or on any function alias. To learn more about configuring a function URL, see the documentation.
Q: How do I secure my Lambda function URL?
Q: How do I invoke my function with a Lambda function URL?
Q: Do Lambda function URLs work with function versions and aliases?
Yes. Lambda function URLs can be enabled on a function or function alias. If no alias is specified, the URL will point to $LATEST by default. Function URLs cannot target an individual function version.
Q: Can I enable custom domains for my Lambda function URL?
Q: Can Lambda function URLs be used to invoke a function in a VPC?
Q: What is the pricing for using Lambda function URLs?
There is no additional charge for using function URLs. You pay the standard price for AWS Lambda. To learn more, please see AWS Lambda Pricing.
Lambda@Edge
Q: What is Lambda@Edge?
Lambda@Edge allows you to run code across AWS locations globally without provisioning or managing servers, responding to end-users at the lowest network latency. You just upload your Node.js or Python code to AWS Lambda and configure your function to be triggered in response to Amazon CloudFront requests (i.e., when a viewer request lands, when a request is forwarded to or received back from the origin, and right before responding back to the end-user). The code is then ready to execute across AWS locations globally when a request for content is received, and scales with the volume of CloudFront requests globally. Learn more in our documentation.
Q: How do I use Lambda@Edge?
To use Lambda@Edge, you just upload your code to AWS Lambda and associate a function version to be triggered in response to Amazon CloudFront requests. Your code must satisfy the Lambda@Edge service limits. Lambda@Edge supports Node.js and Python for global invocation by CloudFront events at this time. Learn more in our documentation.
Q: When should I use Lambda@Edge?
Lambda@Edge is optimized for latency-sensitive use cases where your end viewers are distributed globally. All the information you need to make a decision should be available at the CloudFront edge, within the function and the request. This means that use cases where you are looking to make decisions on how to serve content based on user characteristics (e.g., location, client device, etc.) can now be executed and served close to your users without having to be routed back to a centralized server.
Q: Can I deploy my existing Lambda functions for global invocation?
You can associate existing Lambda functions with CloudFront events for global invocation if the function satisfies the Lambda@Edge service requirements and limits. Read more here on how to update your function properties.
Q: What Amazon CloudFront events can be used to trigger my functions?
Your functions will automatically trigger in response to the following Amazon CloudFront events:
- Viewer Request - This event occurs when an end-user or a device on the Internet makes an HTTP(S) request to CloudFront, and the request arrives at the edge location closest to that user.
- Viewer Response - This event occurs when the CloudFront server at the edge is ready to respond to the end user or the device that made the request.
- Origin Request - This event occurs when the CloudFront edge server does not already have the requested object in its cache, and the viewer request is ready to be sent to your backend origin web server (e.g. Amazon EC2, or Application Load Balancer, or Amazon S3).
- Origin Response - This event occurs when the CloudFront server at the edge receives a response from your backend origin web server.
Q: How is AWS Lambda@Edge different from using AWS Lambda behind Amazon API Gateway?
The difference is that API Gateway and Lambda are regional services. Using Lambda@Edge and Amazon CloudFront allows you to execute logic across multiple AWS locations based on where your end viewers are located.
Scalability and availability
Q: How available are AWS Lambda functions?
Q: Do my AWS Lambda functions remain available when I change my code or its configuration?
Q: Is there a limit to the number of AWS Lambda functions I can execute at once?
No. AWS Lambda is designed to run many instances of your functions in parallel. However, AWS Lambda has a default safety throttle, for the number of concurrent executions per account per region (visit here for info on default safety throttle limits). You can also control the maximum concurrent executions for individual AWS Lambda functions, which you can use to reserve a subset of your account concurrency limit for critical functions, or cap traffic rates to downstream resources.
If you wish to submit a request to increase the concurrent execution limit, you can use Service Quotas to request a limit increase request.
Q: What happens if my account exceeds the default throttle limit on concurrent executions?
On exceeding the maximum concurrent executions limit, AWS Lambda functions being invoked synchronously will return a throttling error (429 error code). Lambda functions being invoked asynchronously can absorb reasonable bursts of traffic for approximately 15-30 minutes, after which incoming events will be rejected as throttled. In case the Lambda function is being invoked in response to Amazon S3 events, events rejected by AWS Lambda may be retained and retried by S3 for 24 hours. Events from Amazon Kinesis streams and Amazon DynamoDB streams are retried until the Lambda function succeeds or the data expires. Amazon Kinesis and Amazon DynamoDB Streams retain data for 24 hours.
Q: Are default maximum concurrent execution limits applied on a per function level?
The default maximum concurrent execution limit is applied at the account level. However, you can also set limits on individually functions as well (visit here for info on Reserved Concurrency).
Q. How quickly do my AWS Lambda functions scale?
Each synchronously invoked Lambda function can scale at a rate of up to 1000 concurrent executions every 10 seconds. While Lambda's scaling rate is suitable for most use cases, it is particularly ideal for those with predictable or unpredictable bursts of traffic. For example, SLA-bound data processing would require predictable yet rapid scaling to meet processing demand. Similarly, serving breaking news articles, or flash sales could drive unpredictable levels of traffic in a short period of time. Lambda's scaling rate can facilitate such use cases without additional configurations or tooling. Additionally, the concurrency scaling limit is a function-level limit, which means each function in your account scales independently of other functions.
Q: What happens if my Lambda function fails while processing an event?
Q: What happens if my Lambda function invocations exhaust the available policy?
On exceeding the retry policy for asynchronous invocations, you can configure a “dead letter queue” (DLQ) into which the event will be placed; in the absence of a configured DLQ the event may be rejected. On exceeding the retry policy for stream-based invocations, the data would have already expired and therefore rejected.
Q: What resources can I configure as a dead letter queue for a Lambda function?
Security and access control
Q: How do I allow my AWS Lambda function access to other AWS resources?
You grant permissions to your Lambda function to access other resources using an IAM role. AWS Lambda assumes the role while executing your Lambda function, so you always retain full, secure control of exactly which AWS resources it can use. Visit Setting up AWS Lambda to learn more about roles.
Q: How do I control which Amazon S3 buckets can call which AWS Lambda functions?
When you configure an Amazon S3 bucket to send messages to an AWS Lambda function, a resource policy rule will be created that grants access. Visit the Lambda Developer Guide to learn more about resource policies and access controls for Lambda functions.
Q: How do I control which Amazon DynamoDB table or Amazon Kinesis stream an AWS Lambda function can poll?
Access controls are managed through the Lambda function role. The role you assign to your Lambda function also determines which resource(s) AWS Lambda can poll on its behalf. Visit the Lambda Developer Guide to learn more.
Q: How do I control which Amazon SQS queue an AWS Lambda function can poll?
Q: How do I access resources in Amazon VPC from my AWS Lambda function?
You can enable Lambda functions to access resources in your VPC by specifying the subnet and security group as part of your function configuration. Lambda functions configured to access resources in a particular VPC will not have access to the internet as a default configuration. To grant internet to these functions, use internet gateways. By default, Lambda functions communicate with resources in a dual-stack VPC over IPv4. You can configure your functions to access resources in a dual-stack VPC over IPv6. For more details on Lambda functions configured with VPC, see Lambda Private Networking with VPC.
Q: What is Code Signing for AWS Lambda?
Code Signing for AWS Lambda offers trust and integrity controls that enable you to verify that only unaltered code from approved developers is deployed in your Lambda functions. You can use AWS Signer, a fully-managed code signing service, to digitally sign code artifacts and configure your Lambda functions to verify the signatures at deployment. Code Signing for AWS Lambda is currently only available for functions packaged as ZIP archives.
Q: How do I create digitally signed code artifacts?
You can create digitally signed code artifacts using a Signing Profile through the AWS Signer console, the Signer API, SAM CLI or AWS CLI. To learn more, please see the documentation for AWS Signer.
Q: How do I configure my Lambda functions to enable code signing?
Q: What signature checks does AWS Lambda perform on deployment?
AWS Lambda can perform the following signature checks at deployment:
• Corrupt signature - This occurs if the code artifact has been altered since signing.
• Mismatched signature - This occurs if the code artifact is signed by a signing profile that is not approved.
• Expired signature - This occurs if the signature is past the configured expiry date.
• Revoked signature - This occurs if the signing profile owner revokes the signing jobs.
To learn more, please see the AWS Lambda documentation.
Q: Can I enable code signing for existing functions?
Q: Is there any additional cost for using Code Signing for AWS Lambda?
There is no additional cost when using Code Signing for AWS Lambda. You pay the standard price for AWS Lambda. To learn more, please see Pricing.
Advanced logging controls
Q: What advanced logging controls are supported on Lambda?
To provide you a simplified and enhanced logging experience by default, AWS Lambda offers advanced logging controls such as the ability to natively capture Lambda function logs in JSON structured format, control the log level filtering of Lambda function logs without making any code changes, and customize the Amazon CloudWatch log group Lambda sends logs to.
Q: What can I use advanced logging controls for?
You can capture Lambda function logs in JSON structured format without having to use your own logging libraries. JSON structured logs make it easier to search, filter, and analyze large volumes of log entries. You can control the log level filtering of Lambda function logs without making any code changes, which enables you to choose the required logging granularity level for Lambda functions without sifting through large volumes of logs when debugging and troubleshooting errors. You can also set which Amazon CloudWatch log group Lambda sends logs to, making it easier to aggregate logs from multiple functions within an application in one place. You can then apply security, governance, and retention policies to logs at the application level rather than individually to every function.
Q. How do I use advanced logging controls?
You can specify advanced logging controls for your Lambda functions using AWS Lambda API, AWS Lambda console, AWS CLI, AWS Serverless Application Model (SAM), and AWS CloudFormation. To learn more, visit the launch blog post for advanced logging controls or the Lambda Developer Guide.
Q. Can I use my own logging libraries to generate JSON structured logs for my Lambda function?
Yes, you can use your own logging libraries to generate Lambda logs in JSON structured format. To ensure your logging libraries work seamlessly with Lambda’s native JSON structured logging capability, Lambda will not double-encode any logs generated by your function that are already JSON encoded. You can also use Powertools for AWS Lambda library to capture Lambda logs in JSON structured format.
Q. How will I be charged for using the advanced logging controls?
There is no additional charge for using advanced logging controls on Lambda. You will continue to be charged for ingestion and storage of your Lambda logs by Amazon CloudWatch Logs. See CloudWatch pricing page for log pricing details.
AWS Lambda functions in Java
Q: How do I compile my AWS Lambda function Java code?
You can use standard tools like Maven or Gradle to compile your Lambda function. Your build process should mimic the same build process you would use to compile any Java code that depends on the AWS SDK. Run your Java compiler tool on your source files and include the AWS SDK 1.9 or later with transitive dependencies on your classpath. For more details, see our documentation.
Q: What is the JVM environment that Lambda uses for executing my function?
AWS Lambda functions in Node.js
Q: Can I use packages with AWS Lambda?
Yes. You can use NPM packages as well as custom packages. Learn more here.
Q: Can I execute other programs from within my AWS Lambda function written in Node.js?
Yes. Lambda’s built-in sandbox lets you run batch (“shell”) scripts, other language runtimes, utility routines, and executables. Learn more here.
Q: Is it possible to use native modules with AWS Lambda functions written in Node.js?
Yes. Any statically linked native module can be included in the ZIP file you upload, as well as dynamically linked modules compiled with an rpath pointing to your Lambda function root directory. Learn more here.
Q: Can I execute binaries with AWS Lambda written in Node.js?
Yes. You can use Node.js' child_process command to execute a binary that you included in your function or any executable from Amazon Linux that is visible to your function. Alternatively several NPM packages exist that wrap command line binaries such as node-ffmpeg. Learn more here.
Q: How do I deploy AWS Lambda function code written in Node.js?
To deploy a Lambda function written in Node.js, simply package your Javascript code and dependent libraries as a ZIP. You can upload the ZIP from your local environment, or specify an Amazon S3 location where the ZIP file is located. For more details, see our documentation.
AWS Lambda functions in Python
Q: Can I use Python packages with AWS Lambda?
AWS Lambda functions in C#
Q: How do I package and deploy an AWS Lambda function in C#?
AWS Lambda functions in PowerShell
Q: How do I deploy AWS Lambda function code written in PowerShell?
A PowerShell Lambda deployment package is a ZIP file that contains your PowerShell script, PowerShell modules that are required for your PowerShell script, and the assemblies needed to host PowerShell Core. You then use the AWSLambdaPSCore PowerShell module that you can install from the PowerShell Gallery to create your PowerShell Lambda deployment package.
AWS Lambda functions in Go
Q: How do I package and deploy an AWS Lambda function in Go?
Upload your Go executable artifact as a ZIP file through the AWS CLI or Lambda console and select the go1.x runtime. With Lambda, you can use Go's native tools to build and package your code. For more details, read our documentation.
AWS Lambda functions in Ruby
Q: How do I deploy AWS Lambda function code written in Ruby?
Other topics
Q: Which versions of Amazon Linux, Node.js, Python, JDK, .NET Core, SDKs, and additional libraries does AWS Lambda support?
You can view the list of supported versions here.
Q: Can I change the version of Amazon Linux or any language runtime?
No. AWS Lambda offers a single version of the operating system and managed language runtime to all users of the service. You can bring your own language runtime to use in Lambda.
Q: How can I record and audit calls made to the AWS Lambda API?
Q: How do I coordinate calls between multiple Lambda functions?
You can use Amazon Step Functions to coordinate multiple invoking Lambda functions. You can invoke multiple Lambda functions serially, passing the output of one to the other, or in parallel. See our documentation for more details.