AWS Certified Developer Associate: Developing Code for AWS Lambda

Learning Objectives

After completing this study guide, you should be able to:

• Configure Lambda functions including memory, timeout, environment variables, and runtimes.
• Implement secure access to private resources within an Amazon VPC from Lambda code.
• Design robust error handling using Dead Letter Queues (DLQs) and Lambda Destinations.
• Integrate Lambda with various AWS services using triggers and asynchronous patterns.
• Optimize Lambda performance by tuning memory allocation and managing execution environments.
• Utilize AWS SAM and other tools to write and run test code for serverless applications.

Key Terms & Glossary

• Cold Start: The delay occurring when a Lambda function is invoked for the first time or after a period of inactivity, as AWS provisions a new execution environment.
• Handler: The specific method in your code that AWS Lambda calls to begin execution when the function is triggered.
• Lambda Layer: A distribution mechanism for libraries, custom runtimes, and other function dependencies without including them in your deployment package.
• Lambda Destination: An AWS service that receives the results (success or failure) of an asynchronous Lambda invocation.
• Idempotency: The property of a function where multiple identical requests have the same effect as a single request, preventing side effects during retries.

The "Big Idea"

AWS Lambda represents a paradigm shift from Infrastructure as a Service (IaaS) to Function as a Service (FaaS). Instead of managing servers, developers focus solely on code. The "Big Idea" is the Event-Driven Architecture: code only runs in response to specific triggers (like an S3 upload or a DynamoDB change), scales automatically from zero to thousands of concurrent requests, and follows a "pay-for-what-you-use" model.

Formula / Concept Box

Hierarchical Outline

• I. Lambda Configuration & Runtime
  • Runtimes: Supports Node.js, Python, Java, Go, Ruby, C#, and Custom Runtimes.
  • Environment Variables: Use for configuration (e.g., DB endpoints); use Secrets Manager for sensitive data.
  • Layers: Share code between functions; limit of 5 layers per function.
• II. Networking and Security
  • VPC Access: Requires private subnets and a NAT Gateway for internet access.
  • IAM Roles: Execution roles grant the function permission to access other AWS services.
• III. Event Lifecycle & Error Handling
  • Synchronous vs Asynchronous: Sync (API Gateway) returns result immediately; Async (S3, SNS) retries on failure.
  • DLQ: Send failed asynchronous events to SQS or SNS.
  • Destinations: Advanced routing for async results to SQS, SNS, Lambda, or EventBridge.
• IV. Performance Tuning
  • Memory Tuning: More memory increases CPU, which can actually decrease total cost by reducing execution time.
  • Concurrency: Reserved concurrency (limits instances) vs. Provisioned concurrency (eliminates cold starts).

Visual Anchors

Lambda Event Flow

Lambda VPC Connectivity

\begin{tikzpicture}[node distance=2cm, every node/.style={rectangle, draw, rounded corners, minimum width=2.5cm, minimum height=1cm, align=center}] \node (lambda) [fill=orange!20] {Lambda\Function}; \node (eni) [right of=lambda, xshift=2cm, fill=blue!10] {Hyperplane ENI$Network Interface)}; \node (subnet) [right of=eni, xshift=2cm, fill=green!10] {Private Subnet$VPC)}; \node (db) [below of=subnet, fill=red!10] {RDS / Private\Resource}; \draw [thick, <->] (lambda) -- (eni); \draw [thick, <->] (eni) -- (subnet); \draw [thick, <->] (subnet) -- (db); \end{tikzpicture}

Definition-Example Pairs

• Environment Variable: A key-value pair stored in the function configuration to avoid hardcoding.
  • Example: Storing a database connection string DB_HOST=production-db.cluster.aws so the code works in different stages.
• Trigger: An AWS service or custom application that invokes a Lambda function.
  • Example: An Amazon S3 bucket configured to trigger a Lambda function whenever a new image is uploaded for resizing.
• Provisioned Concurrency: A configuration that keeps a specified number of execution environments warm and ready to respond.
  • Example: A retail app during Black Friday setting provisioned concurrency to 500 to ensure zero latency for the checkout function.

Worked Examples

Example 1: Accessing Private RDS from Lambda

1. VPC Selection: Configure the Lambda to use the VPC where the RDS instance resides.
2. Subnets: Select at least two private subnets for high availability.
3. Security Groups: Add a Security Group to the Lambda. Update the RDS Security Group to allow inbound traffic from the Lambda's Security Group on the DB port (e.g., 5432).
4. Internet Check: Note that once in a VPC, the Lambda loses default internet access. Attach a NAT Gateway to the private subnet route table if external APIs are needed.

Example 2: Handling Asynchronous Retries

1. Trigger: S3 triggers a Lambda. If the Lambda fails (e.g., downstream service down), AWS retries it twice by default (3 total attempts).
2. Destinations: Configure an "On Failure" destination to an SQS queue.
3. Result: If all 3 attempts fail, the event metadata is moved to the SQS queue for manual investigation or automated reprocessing.

Checkpoint Questions

1. What is the primary difference between a Dead Letter Queue (DLQ) and a Lambda Destination for failure handling?
2. How does increasing memory allocation from 128 MB to 512 MB affect the CPU available to a Lambda function?
3. If a Lambda function needs to access a public API while connected to a private VPC subnet, what networking component is required?
4. Where should you place database initialization code to optimize for "warm starts"?

[!TIP] Always use Environment Variables for configuration but Secrets Manager for passwords. Lambda environment variables can be encrypted at rest, but Secrets Manager provides rotation and finer access control.