Open Ticket

Contact

Login

AWS LAMBDA

Lambda is the leading AWS service for serverless code execution. It is a serverless event-based computing service that allows you to run codes for any type of application or back-end service without provisioning or managing servers. You can activate Lambda from over 200 AWS services and software applications as a service (SaaS), and pay only for what you use.

aws lambda delivery
Lambda

You can use AWS Lambda to extend other AWS services with custom logic, or to build your own backend services that take advantage of AWS scalability, performance, and security. AWS Lambda can automatically execute code in response to multiple events, such as HTTP requests through Amazon API Gateway, changes to objects in Amazon Simple Storage Service (Amazon S3) buckets, updating tables in Amazon DynamoDB, and state transitions in AWS Step Functions.

Lambda runs your code on a highly available compute infrastructure and performs all compute resource administration tasks. These include server and operating system maintenance, capacity provisioning and autoscaling, security code and patch implementation, and code monitoring and logging. All you have to do is provide the code. These and other features make Lambda particularly suitable for the following use cases:

  1. Massive Data Processing: Code at the capacity you need the way you need it. Resize to automatically fit your data volume and enable custom event triggers.
  2. Running interactive web and mobile backends: Combine AWS Lambda with other AWS services to create secure, stable, and scalable online experiences.
  3. Enable important ML insights: Pre-process the data before sending it to the machine learning (ML) model. With Amazon Elastic File System (EFS) and S3 access, AWS Lambda manages infrastructure and provisioning to simplify sizing.
  4. Build event-based applications: Build event-based functions for easy communication between unattached services.

Our Lambda Security Best Practices

AWS Lambda is a rather powerful and widely used service. And because the service runs on AWS, it’s inherently very secure thanks to Amazon’s high-quality architecture.

It is important to keep in mind that the CPU for Lambda is assigned proportionally to the memory assigned to the lambda function. So sometimes allocating more memory helps a function run faster and lower costs.

This can be tricky as memory increases and costs also increase and it is important to note that after a certain level the reduction in execution becomes much less significant than the increase in costs and is clearly represented in the graph below. Therefore, it is very important to find the right balance between memory and execution time to make sure lambda operates in an optimized environment.

The CriticalCase approach is precisely to study the right balance in the pre-allocation of resources, both in the design phase of the Serverless solution and in the subsequent phases of monitoring and fine-tuning of the solution over time.

Allocazione della memoria rispetto al tempo di esecuzione in una funzione Lambda

Memory allocation versus execution time in a Lambda function

That said, there are some special considerations that need to be taken to secure AWS Lambda. Here are some AWS Lambda security best practices to consider:

  • Keep your Lambdas separate

To avoid data leaks, AWS recommends that you do not store user data, events, and other data with security implications in the execution environment. Our advice is to create separate functions and separate function versions for each user, for functions that rely on a mutable state that cannot be stored in memory within the manager.

  • Use an API gateway

Using an API gateway to invoke Lambda functions is highly recommended, plus it’s a highly integrated AWS service. An API gateway can act as a gateway to the Lambda function, ensuring that only authorized identities access it. Amazon offers its own API gateway to create and document web APIs that route requests to specific Lambda functions. Using API Gateway, you can secure access to each Lambda function and maintain strict authorization authentication. For more information on how to use AWS Lambda with the Amazon API Gateway, read the documents.

  • Use strict IAM governance

AWS Identity and Access Management (IAM) allows administrators to control access to AWS resources. This service allows administrators to control who is authenticated and authorized to use Lambda resources, as well as to configure what lambdas themselves are privileged to do.

Continuous Integration / Continuous Delivery (CI / CD)

Our advice is to programmatically manage all serverless deployments via CI / CD pipeline. Because the speed of development with a serverless architecture will be much more frequent. Creating manual deployments and updates coupled with the need for more frequent deployments can cause bottlenecks and errors.

Continuous Integration/Continuous Delivery

Our advice is to use the suite of tools for configuring a CI / CD pipeline, made available directly by AWS:

  • AWS CodeCommit: CodeCommit is the AWS equivalent to GitHub or BitBucket. Provide private Git repositories and the ability to branch. Enable code management best practices with fine-grained access control.
  • AWS Code Pipeline: CodePipeline automates the build, test, and deploy steps of the release process whenever a change is made to your code. CodePipeline integrates with CodeCommit or other third party services like GitHub.
  • AWS CodeBuild: CodeBuild can be used for the build phase of the pipeline. You can use it to run unit tests and create a new Lambda code package. Integrate with AWS SAM to send code to Amazon S3 and send new packages to Lambda via CodeDeploy.
  • AWS CodeDeploy: CodeDeploy is used to automate deployments of new code into Lambda functions, eliminating the need for error-prone manual operations. CodeDeploy has several deployment preferences that you can use depending on your needs. For example, you can create a “Linear10PercentEvery1Minute” distribution, passing 10% of your feature traffic to the new feature version every minute for 10 minutes.
  • AWS CodeStar: CodeStar is a unified user interface that allows you to create a new application with best practices already implemented. When you create a CodeStar project, it creates a fully implemented CI / CD pipeline from the beginning with the tests already defined. CodeStar is the easiest way to start building an application.

Where we are

Via Chambery 93/107-V 10142 – Torino, Italy
+39 011.5097366 | info@criticalcase.com

Via Industria 31/A, 6987 Caslano, Switzerland
+39 011.5097366 | info@criticalcase.com

124 City Road London, EC1V 2NX, London, United Kigdom | info@criticalcase.com

Facebook-f Linkedin Twitter

Menu

Home
Contact
Media & Press Kit
Blog

Supporto

Presales
Open Ticket
Privacy Policy
Cookie Policy
Terms & Conditions

Newsletter

Contattaci

Compila il form e un nostro esperto ti ricontatterà entro 24 ore: non vediamo l’ora di conoscerti!

Richiedi la tua prova gratuita

Ehi! Stai già andando via?

Iscriviti alla nostra newsletter per restare aggiornato sulle novità dell’universo Criticalcase