This content is part of the Essential Guide: AWS Lambda architecture brings serverless to enterprise cloud

VPC, Python support bolster Lambda service features

AWS Lambda has grown in popularity among developers looking to run code without provisioning servers, and a host of new features will expand its functionality.

At AWS re:Invent 2015, Amazon Web Services focused on improving and expanding its existing services, including AWS Lambda. Since the release of the Lambda service earlier this year, developers have asked for the ability to place a Lambda cluster behind a VPC or, at the very least, the ability to configure security groups for Lambda functions. That's just one of the recent additions AWS made to the service.

For the average user of the Lambda service, the ability to place the service behind an AWS Virtual Private Cloud (VPC) may not be terribly exciting. But if you're using Lambda to access resources that are restricted behind a firewall, such as MySQL or other traditional relational databases, this is a huge improvement. By placing AWS Lambda behind a VPC, DynamoDB streams can trigger an AWS Lambda function to automatically update an Aurora database when changes are detected to records in DynamoDB. This also means users could restrict access to Lambda functions so they are only called from within internal networks -- adding an extra level of system security.

While most modern resources don't filter according to IP ranges, older technologies do. VPC support within AWS Lambda allows Access Key-authenticated frameworks to access IP-restricted resources. Lambda can sit within a firewall through VPC, giving it access to legacy platforms; developers can securely use modern external clients directly through Lambda.

Using MySQL, Lambda and a browser app

If a developer is using the Lambda service and the AWS SDK for JavaScript to create a serverless Web application -- and she is using DynamoDB for the back-end database -- there shouldn't be any problems. However, to use a Relational Database Service (RDS) such as MySQL or Amazon Aurora, create a bridge application or open the RDS MySQL instance to the world. This can open MySQL, a notorious target for zero-day vulnerabilities, up to further attacks. In general, running a MySQL instance with an open port is a bad security move.

But running the Lambda service is a great way to remove a back end, and you wouldn't need to write a middle layer that authenticates to MySQL and provides a secure way to access it outside of Lambda. Fortunately, putting Lambda functions within a VPC enables developers to configure security groups and keep a MySQL cluster closed to everything except specific Lambda functions. This significantly reduces exposure and ensures that the MySQL instance is properly protected.

It's still important to make sure that only authorized users can access Lambda functions, but those are fortunately very easy to secure using Amazon Cognito and IAM roles.

Scheduling capabilities for Lambda functions

Another improvement is the ability to schedule AWS Lambda functions. This allows developers to periodically run background tasks instead of using a task instance or a tool such as Cloud Cron to run scripts. The Lambda service also increased its maximum run time to five minutes.

If, for example, a company needs to periodically read RSS feeds from bloggers, they can do that entirely from within AWS Lambda by triggering an auto-scheduled function to queue up a list of all blogs that need to be read. The service would then execute a separate Lambda function for each feed. The company could schedule the master function to read from DynamoDB every few hours -- and then each item would trigger a Lambda function to read a feed.

Due to Lambda's current limit of 100 simultaneous function calls, the company would need to queue up these calls first. But once AWS removes that limit, it's possible to trigger calls from the master scheduling function.

Python support

AWS Lambda now supports Python, which is important if you're using Python in existing environments. However, this may allude to AWS adding support for additional programming languages in the future -- perhaps even Docker support.

Next Steps

AWS pins its future on Lambda

How does AWS bill customers using Lambda?

AWS Lambda could change the face of cloud computing

Use AWS Lambda to shave time off cloud development

Dig Deeper on AWS Lambda