AWS Lambda
Serverless compute service — run code without provisioning servers, covering concurrency, cold starts, layers, destinations, and event-driven patterns.
Overview
AWS Lambda is a serverless compute service — run code in response to events without provisioning or managing servers. Lambda automatically scales from zero to thousands of concurrent executions and charges only for actual compute time consumed.
Lambda supports multiple runtimes (Python, Node.js, Java, .NET, Go, Ruby, custom via container images or custom runtimes) and integrates natively with over 200 AWS services as event sources or targets.
Core Concepts
| Concept | Description |
|---|---|
| Function | The unit of deployment — code + configuration (runtime, memory, timeout, IAM role) |
| Event Source | The AWS service or custom application that triggers a function invocation |
| Invocation | A single execution of a function; can be synchronous, asynchronous, or poll-based |
| Execution Environment | A secure, isolated micro-VM (Firecracker) that runs the function code |
| Handler | The entry-point method that Lambda calls when the function is invoked |
| Layer | A ZIP archive containing libraries, custom runtimes, or configuration shared across functions |
| Concurrency | The number of in-flight invocations at any given time |
| Cold Start | Latency penalty when Lambda creates a new execution environment (init + code download + runtime boot) |
| Destinations | Routing targets for async invocation results — success and failure sent to SQS, SNS, Lambda, or EventBridge |
Invocation Models
| Model | Trigger Examples | Retry Behaviour | Error Handling |
|---|---|---|---|
| Synchronous | API Gateway, ALB, SDK Invoke | Caller retries; Lambda returns error immediately | Error returned to caller |
| Asynchronous | S3, SNS, EventBridge, CloudWatch Events | Lambda retries twice (configurable); then sends to DLQ | Dead-Letter Queue (DLQ) or Destinations |
| Poll-based | SQS, Kinesis, DynamoDB Streams, Kafka | Lambda polls and retries until record expires or succeeds | Bisect batch on error; DLQ on source (SQS) |
Exam Trap: For asynchronous invocations, Lambda handles retries automatically (up to 2 additional attempts). The caller does not receive error responses — configure a Dead-Letter Queue or Destination to capture failures.
Concurrency
| Concurrency Type | Description |
|---|---|
| Unreserved | Default pool shared across all functions in the account (default limit: 1,000 per region) |
| Reserved | Guarantees a set number of concurrent executions for a specific function |
| Provisioned | Pre-initialises execution environments to eliminate cold starts; charged when idle |
Account concurrency limit (e.g., 1,000)
├── Function A: Reserved = 100 (guaranteed, capped at 100)
├── Function B: Reserved = 200 (guaranteed, capped at 200)
└── Unreserved pool = 700 (shared by all other functions)SAA/SAP Tip: Reserved Concurrency both guarantees and caps a function's concurrency. Setting it to 0 effectively throttles the function. Provisioned Concurrency eliminates cold starts but incurs cost even when idle.
Cold Starts
Cold starts occur when Lambda creates a new execution environment. The latency depends on:
| Factor | Impact |
|---|---|
| Runtime | Interpreted languages (Python, Node.js) start faster than compiled (Java, .NET) |
| Package size | Larger deployment packages increase download and extraction time |
| VPC attachment | Functions in a VPC previously had extra ENI setup time; Hyperplane now reduces this significantly |
| Memory allocation | Higher memory = proportionally more CPU = faster init |
Mitigation Strategies
- Provisioned Concurrency — pre-warm execution environments; eliminates cold starts entirely
- SnapStart (Java) — snapshots the initialised JVM state; restores from cache on invocation
- Keep functions warm — schedule periodic pings (workaround, not recommended at scale)
- Minimise package size — exclude unused dependencies; use layers for shared libraries
Lambda Layers
Layers separate dependencies from function code, enabling reuse across functions.
- Up to 5 layers per function
- Total unzipped deployment size (function + layers) ≤ 250 MB
- Layers are versioned and immutable once published
- Common use: shared SDKs, database drivers, custom runtimes
Lambda@Edge and CloudFront Functions
| Feature | Lambda@Edge | CloudFront Functions |
|---|---|---|
| Runtime | Node.js, Python | JavaScript only |
| Execution location | Regional edge caches | 400+ CloudFront edge locations (PoPs) |
| Max execution time | 5 s (viewer) / 30 s (origin) | < 1 ms |
| Max memory | 128–10,240 MB | 2 MB |
| Use case | A/B testing, auth, origin selection, image transform | Header manipulation, URL rewrites, cache key normalisation |
Event Source Mapping
Event Source Mappings (ESMs) allow Lambda to poll stream and queue sources automatically.
| Source | Batching | Parallelisation | Error Handling |
|---|---|---|---|
| SQS | 1–10,000 | Up to 1,000 concurrent batches | Message returns to queue on failure |
| Kinesis / DynamoDB Streams | 1–10,000 | Up to 10 per shard | Bisect batch, retry, or skip |
| Kafka (MSK / self-managed) | 1–10,000 | Per-partition | Retry until success or record expires |
Limits (Key Defaults)
| Resource | Default Limit |
|---|---|
| Memory | 128 MB – 10,240 MB |
| Timeout | Up to 15 minutes |
| Deployment package (zipped) | 50 MB (direct) / 250 MB (S3) |
Ephemeral storage (/tmp) | 512 MB – 10,240 MB |
| Concurrent executions | 1,000 per region (soft) |
| Environment variables | 4 KB total |
| Layers per function | 5 |
Common Use Cases
- API backend — Pair with API Gateway or ALB for fully serverless HTTP endpoints with per-request billing.
- Event-driven data processing — Trigger from S3 uploads, DynamoDB Streams, or Kinesis for real-time ETL and enrichment.
- Scheduled tasks — Use EventBridge rules to run cron-like jobs without maintaining a server.
- Stream processing — Poll Kinesis or Kafka topics via ESM for real-time analytics pipelines.
- ChatOps and automation — Respond to SNS notifications, CloudWatch alarms, or CodePipeline events with automated remediation.
- Edge computing — Lambda@Edge for request/response manipulation at CloudFront edge locations.
SAA/SAP Exam Tips
SAA/SAP Tip: Lambda has a 15-minute maximum timeout. For workloads exceeding this, consider Step Functions (orchestrate multiple Lambdas), AWS Batch, or ECS/Fargate tasks.
Exam Trap: Lambda functions in a VPC require subnets with available IP addresses and a NAT Gateway (or VPC endpoint) to reach the internet or AWS services outside the VPC. A function with no route to the internet will fail to call external APIs.
SAA/SAP Tip: For "serverless" + "lowest operational overhead" questions, Lambda is typically the answer. For "serverless containers," the answer is Fargate — not Lambda.
Exam Trap: Reserved Concurrency set to 0 acts as a kill switch — the function cannot be invoked at all. This is sometimes used intentionally to disable a function in an emergency.
Cross-Cloud Equivalents
| Provider | Service / Solution | Notes |
|---|---|---|
| AWS | AWS Lambda | Baseline |
| Azure | Azure Functions | Similar event-driven model; Durable Functions built-in |
| GCP | Google Cloud Functions / Cloud Run | Cloud Run also supports containers natively |
| On-Premises | OpenFaaS, Knative, Apache OpenWhisk | Self-hosted FaaS frameworks on Kubernetes |
Pricing Model
| Dimension | Unit | Notes |
|---|---|---|
| Requests | Per 1 million | First 1M requests/month free |
| Duration | Per ms (GB-seconds) | Proportional to allocated memory; first 400K GB-s/month free |
| Provisioned Concurrency | Per GB-s allocated | Charged whether invoked or not |
| Ephemeral storage | Per GB-s above 512 MB | 512 MB included free |
| Data transfer out | Per GB | Standard EC2 data transfer rates apply |
Related Services / See Also
- Amazon EC2 — virtual servers for long-running or stateful workloads
- Amazon API Gateway — managed API endpoint for Lambda backends
- Amazon EventBridge — event bus for routing events to Lambda
- AWS Step Functions — orchestrate multi-step Lambda workflows
- Amazon SQS — decouple producers from Lambda consumers
AWS Elastic Beanstalk
Platform as a Service (PaaS) — deploy and manage web applications without infrastructure complexity, covering deployment policies, environment tiers, and .ebextensions.
Amazon ElastiCache
Amazon ElastiCache — managed in-memory caching with Redis and Memcached. Covers caching patterns, Redis data structures, cluster modes, and cross-cloud equivalents.