At AWS re:Invent 2015, Amazon Web Services focused on improving and expanding its existing services, including AWS Lambda. Since the release of the Lambda service earlier this year, developers have asked for the ability to place a Lambda cluster behind a VPC or, at the very least, the ability to configure security groups for Lambda functions. That's just one of the recent additions AWS made to the service.
For the average user of the Lambda service, the ability to place the service behind an AWS Virtual Private Cloud (VPC) may not be terribly exciting. But if you're using Lambda to access resources that are restricted behind a firewall, such as MySQL or other traditional relational databases, this is a huge improvement. By placing AWS Lambda behind a VPC, DynamoDB streams can trigger an AWS Lambda function to automatically update an Aurora database when changes are detected to records in DynamoDB. This also means users could restrict access to Lambda functions so they are only called from within internal networks -- adding an extra level of system security.
While most modern resources don't filter according to IP ranges, older technologies do. VPC support within AWS Lambda allows Access Key-authenticated frameworks to access IP-restricted resources. Lambda can sit within a firewall through VPC, giving it access to legacy platforms; developers can securely use modern external clients directly through Lambda.
Using MySQL, Lambda and a browser app
But running the Lambda service is a great way to remove a back end, and you wouldn't need to write a middle layer that authenticates to MySQL and provides a secure way to access it outside of Lambda. Fortunately, putting Lambda functions within a VPC enables developers to configure security groups and keep a MySQL cluster closed to everything except specific Lambda functions. This significantly reduces exposure and ensures that the MySQL instance is properly protected.
Scheduling capabilities for Lambda functions
Another improvement is the ability to schedule AWS Lambda functions. This allows developers to periodically run background tasks instead of using a task instance or a tool such as Cloud Cron to run scripts. The Lambda service also increased its maximum run time to five minutes.
If, for example, a company needs to periodically read RSS feeds from bloggers, they can do that entirely from within AWS Lambda by triggering an auto-scheduled function to queue up a list of all blogs that need to be read. The service would then execute a separate Lambda function for each feed. The company could schedule the master function to read from DynamoDB every few hours -- and then each item would trigger a Lambda function to read a feed.
Due to Lambda's current limit of 100 simultaneous function calls, the company would need to queue up these calls first. But once AWS removes that limit, it's possible to trigger calls from the master scheduling function.
AWS Lambda now supports Python, which is important if you're using Python in existing environments. However, this may allude to AWS adding support for additional programming languages in the future -- perhaps even Docker support.
AWS pins its future on Lambda
How does AWS bill customers using Lambda?
AWS Lambda could change the face of cloud computing
Use AWS Lambda to shave time off cloud development