AWS Lambda: The Serverless Powerhouse
AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers. In the SAA-C03 exam, Lambda is the “go-to” answer for high scalability, cost-efficiency, and event-based architectures.
The Real-World Analogy
Imagine a Vending Machine. Unlike a traditional restaurant (EC2) where you pay for the building, the staff, and the electricity regardless of customers, a vending machine only consumes power and processes a transaction when someone presses a button. You don’t manage the “kitchen”; you just provide the snacks (code) and pay only for the moments the machine is actually spinning to drop a snack.
Topics covered:
Summary of key subtopics covered in this guide:
- Core Execution Model (Triggers & Handlers)
- Configuration (Memory, Timeout, Ephemeral Storage)
- Networking (VPC vs. Non-VPC)
- Concurrency (Reserved vs. Provisioned)
- Security (IAM Roles & Resource Policies)
- Event Source Mappings & Invocations
Core Concepts & Configuration
Lambda functions are stateless. Every time an event triggers a function, AWS spins up a micro-container to execute the code.
- Memory: You allocate memory (128MB to 10GB). Crucial Exam Note: Increasing memory also proportionally increases CPU power and network bandwidth.
- Timeout: The maximum execution time is 15 minutes (900 seconds). If a task takes longer, Lambda is not the right tool (use AWS Batch or ECS).
- Ephemeral Storage (/tmp): A temporary file system available during execution (512MB to 10GB).
Comparison: Compute Options
| Feature | AWS Lambda | Amazon EC2 | AWS Fargate (ECS) |
|---|---|---|---|
| Management | Serverless (No Ops) | Heavy (Patching/OS) | Serverless Containers |
| Scaling | Automatic (Sub-second) | Manual/Auto Scaling Group | Fast (Seconds/Minutes) |
| Max Runtime | 15 Minutes | Unlimited | Unlimited |
| Cost Model | Pay per Request/Duration | Pay per Hour/Second | Pay per vCPU/RAM Hour |
Networking & Security
By default, Lambda runs in an AWS-managed VPC with access to the public internet. However, to access resources in your private VPC (like an RDS instance), you must provide VPC configuration (Subnets and Security Groups). Lambda will then create an Elastic Network Interface (ENI) to communicate.
- Execution Role: An IAM Role that grants the Lambda function permission to access other AWS services (e.g., S3, DynamoDB).
- Resource-based Policy: Grants other services (like S3 or API Gateway) permission to invoke the Lambda function.
Decision Matrix / If–Then Guide
- IF the task is short-lived (< 15 mins) and event-driven THEN use Lambda.
- IF you need to process S3 uploads or DynamoDB Streams in real-time THEN use Lambda.
- IF you have a steady, predictable workload 24/7 THEN EC2 Reserved Instances might be cheaper.
- IF you need to eliminate “Cold Starts” for latency-sensitive apps THEN use Provisioned Concurrency.
Exam Tips and Gotchas
- The 15-Minute Wall: If an exam question mentions a process taking 20 minutes, Lambda is a distractor. Choose ECS or EC2.
- CPU Scaling: You cannot manually set CPU. If a function is slow due to heavy computation, increase the Memory.
- VPC Internet Access: A Lambda in a VPC *cannot* access the internet unless the VPC has a NAT Gateway. A Public Subnet is not enough.
- Event Source Mapping: Used for polling services that don’t push events (SQS, Kinesis, DynamoDB Streams).
- Dead Letter Queues (DLQ): Use these to capture failed asynchronous invocations for later processing.
AWS Lambda Ecosystem Infographic
Reserved Concurrency: Limits the max instances to prevent overwhelming downstream databases.
Provisioned Concurrency: Keeps functions “warm” to eliminate cold start latency for critical APIs.
Granular Billing: Billed in 1ms increments. No idle costs.
Right-Sizing: Use AWS Compute Optimizer to find the sweet spot between memory cost and execution speed.
Image Resizing: User uploads photo to S3 → S3 Triggers Lambda → Lambda creates thumbnail → Lambda saves thumbnail to S3 and metadata to DynamoDB.