Emulating Lambda to speed up

development

Kevin Epstein

CTO

CorpInfo | AWS Premier Partner

What is Lambda?

• Scalable, Highly Available, Stateless, event driven computing

• Fully managed runtime environment

Python Node.js Java

Why emulate Lambda?

Lambda functions are usually relatively small, discreet pieces

of code, so why emulate Lambda?

• So what? Just because Lambda functions are small pieces of code

doesn’t mean we should treat this code any differently to any other.

• Test your Lambda code locally.

• Automate testing - Integrate with your CI/CD

• Not a completely foreign idea to emulate AWS Services. DynamoDB

has a local environment for testing too.

But I can test my Lambda locally – sort of

#!/usr/bin/python

def lambda_handler(event, context):

# Lambda execution entry point

print "Hello World!"

if __name__ == '__main__':

# Local testing entry point

print "Hello World!"

But I can test my Lambda locally – sort of

The problem with this approach is we don’t fully test Lambda

functionality.

• Passing events to the Lambda function aren’t easily testing.

• Context cannot be testing.

• Doesn’t test IAM

• Packaging your code and uploading becomes painful quickly!

http://docs.aws.amazon.com/lambda/latest/dg/eventsources.html

http://docs.aws.amazon.com/lambda/latest/dg/python-context-object.html

Emulambda

Emulabda is an opensource project that attempts to emulate

the Lamdba environment as closely as possible.

• Test your Lambda locally without packaging and deploying to AWS

Lambda.

• Shorten your feedback loops on lambda execution

• Some basic execution profiling.

• Supports IAM Lambda Execution Roles

pip install -e git+https://github.com/fugue/emulambda#egg=emulambda

A practical example

Development of a simple Amazon Alexa Skill

• If you want your skill published in the Skills portal, you need to test,

test, test!

• Every interaction is called an “Intent”

• Every time you add new intents you have to resubmit for approval

• Skills can have lots of intents – they all need to be tested.

• We want to make sure we get expected responses

• We want to evaluate the session state of the skill.

• Pair BATS (Bash Automated TestingSystem) with Emulambda

Using Emulambda to test an Alexa Skills

Demo

Configuring a Lambda Function to

Access Resources in an Amazon VPC

Punitha Atluru

Cloud Engineer

CorpInfo | AWS Premier Partner

Introduction

• AWS service resources, such as Redshift, ElastiCache, RDS or any

other services running on EC2 instances are created inside Amazon

Virtual Private Cloud (Amazon VPC) so that they cannot be directly

accessed over the public Internet.

• Lambda functions are deployed outside of any VPC by default,

restricting access to the private resources.

• Lambda function might require Internet access to fetch resources from

public internet and inject into AWS services that don't have VPC

endpoints, such as Amazon Kinesis or RDS

What To Do?

• VPC-specific configuration information (VPC subnet IDs and security

group IDs) must be provided in order to enable your Lambda function to

access resources inside your private VPC.

• AWS Lambda uses this information to set up elastic network interfaces

(ENIs) that enable your function to connect securely to other resources

within your private VPC.

Note: Lambda function execution role must have permissions to create

ENIs. AWS Lambda provides a predefined/managed policy,

AWSLambdaVPCAccessExecutionRole giving the function access to

CloudWatch Logs, and ec2 ENI related permissions

Problem

ENI's attached to a Lambda functions do

not get Elastic IP's. So even if we were to

deploy the Lambda ENI into the public

subnet, the function will not be able to

reach the internet because the default

route in a public subnet is the Internet

Gateway.

Solution

If your Lambda function needs access to

private resources and Internet, choose to

deploy the Lambda function in private

subnets that have NAT (NAT instance or an

Amazon VPC NAT gateway) as a default

route to reach internet.

GOTCHA’s

• Consider provisioning dedicated private subnets for your lambda

functions. Especially if you anticipate very high concurrency – a /24

subnet can only support 254 concurrent lambda executions. /23 would

support 510 concurrent lambda executions, etc.

• Dedicated subnets for Lambda also gives you some protections. You

have greater control over what the function can communicate with.

You can leverage both NACL’s and SG’s. If you put your lambda

function in the same subnet as your database, you cannot use

NACL’s.

• Reference security groups – not IP’s to give lambda functions access.

The security group governing RDS should have a rule that references

the security group-id of the lambda function.

CloudWatch Events

CloudWatch Events

• New Service announced in January 2016

• Near real-time stream of system events that describe changes in Amazon

Web Services

• Comprised of three main components

• Events

• Based on resource state changes

• Rules

• Match events to targets for processing

• Targets

• Process events and are specified in the rules (Current supported

targets are SNS topics, SQS queues, Kinesis steams, Lambda

functions, and built-in targets

Demo

• Demo Time

• Demonstrate an event (new instance being launched)

• Rules matches a new instance being run

• Target is a Lambda function which adds tags to the new instance

Use Cases

• Scheduled Execution of Lambda scripts (such as for EBS volume backups)

• Watching EC2 health to trigger functions to take corrective actions

• Lambda function that can debug application

• Public to SNS topic to notify a distribution list

• Public to SQS queue to inspect health-check statuses

• Publish autoscaling events to CloudWatch logs using Lambda

Relaunch Instance in 5 Minutes

Rick Winkler

Lead Solutions Architect

CorpInfo | AWS Premier Partner

Relaunch Instance in 5 Minutes

• Need to modify instance after it has launched?• IAM Role

• Dedicated Host

• Subnets

• Etc?

• Creating an AMI from snapshots takes too long?

Relaunch Instance in 5 Minutes

Overview

Source

Instance

EBS Volumes

New

Instance

Relaunch Instance in 5 Minutes

DEMO

Relaunch Instance in 5 Minutes

Repository:

https://github.com/corpinfo/relaunch_with_disks