This content is part of the Essential Guide: AWS Lambda architecture brings serverless to enterprise cloud

AWS Lambda helps IT pros avoid management overhead

AWS Lambda helps admins avoid some management overhead, but isn't a cure-all. These five strategies can help you use Lambda to better manage code.

Managing AWS EC2 instances requires some overhead -- even if you're only running relatively simple or lightweight services. AWS Lambda is a fine-grained method for deploying code, provisioning services and monitoring the health of lightweight services. Here are five best practices for getting the most out of AWS Lambda.

  1. Version-control the Lambda code as you would any other program. It may be tempting to want to write a quick JavaScript function in a text editor or the inline editor of the AWS Lambda console and walk away. Sure, this will work in a development environment when you're testing ideas and iterating through versions of a function. But it's not appropriate for deploying production code. Admins should have version-controlled copies of functions and deployment packages, particularly when you are including dependent libraries with them.
  2. Re-use identity and access management policies, when possible. AWS Lambda functions require invocation and execution roles; execution roles require an access and trust policy. The access policy grants resource permissions -- the ability to read or write from Simple Storage Service (S3) bucket. The execution policy specifies who can assume the role. It makes sense to re-use access policies you have established from other programs. But be careful of over-privileging. If your function only needs to read from an S3 bucket, do not give it an access policy that also allows for writing. Even though AWS Lambda functions are small, admins still need to consider security best practices, such as the principle of least privilege.
  3. Delete AWS Lambda functions that are no longer needed. CloudWatch, which gives you information on actively used functions, can help with cleanup. By version-controlling code, admins can restore from there. And don't forgot to invoke the context.done() function when your function is done running; this will clean up any resources that the function used. If you don't call it, the function may run longer and could incur additional charges.
  4. Use a function-naming convention that works for you. Ideally, the name should indicate the type of operation performed, the data manipulated and the system to which the function belongs. For example, use a naming convention such as <application code><general function type><data type> to produce function names like "custNewUpload." This name indicates that the function is part of a customer management system and processes new files that are uploaded to the application.
  5. Use CloudWatch to monitor AWS Lambda function invocations and executions. With CloudWatch, admins can track request duration, request count and execution error count. They can also view Lambda CloudWatch metrics through the AWS Management Console, CloudWatch or the AWS command line. CloudWatch can also help debug code -- insert log statements into the function, run the function and then review output in the CloudWatch log file.

About the author:
Dan Sullivan holds a master of science degree and is an author, systems architect and consultant with more than 20 years of IT experience. He has had engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail and education. Dan has written extensively about topics that range from data warehousing, cloud computing and advanced analytics to security management, collaboration and text mining.

Dig Deeper on AWS Lambda