IN VPC 更新前VPC 更新后VPC While Hyperplane still uses a cross account network interface, it provides the following benefits for Lambda within a VPC: Reduced latency when a function is invoked by using pre-created network interfaces. The network interface is created when the Lambda function is initially created. Network interfaces are shared across functions with the same security group:subnet combination Function scaling is no longer bound to the number of network interfaces While the new changes make it more conducive for developers to connect Lambda functions to VPCs, the basic architecture doesn’t change in terms of your VPC.

Lambda Provisioned Concurrency

Provisioned Concurrency for Lambda Functions To provide customers with improved control over their mission-critical app performance on serverless, AWS introduces Provisioned Concurrency, which is a Lambda feature and works with any trigger. For example, you can use it with WebSockets APIs, GraphQL resolvers, or IoT Rules. This feature gives you more control when building serverless applications that require low latency, such as web and mobile apps, games, or any service that is part of a complex transaction.


创建函数 分配角色 zip index.js aws lambda create-function --function-name sns-db-function \ --zip-file fileb:// --handler index.handler --runtime nodejs12.x \ --role arn:aws:iam::465691908928:role/fn-case-role


发布测试消息到SNS git clone node sns_publishtotopic.js Message MESSAGE_TEXT send sent to the topic arn:aws:sns:ap-northeast-1:465691908928:func-topic MessageID is 8b5c90f2-0c74-5985-8a34-c676c0370f73 根据MessageID查看函数执行结果 The $ in [$LATEST] needs to be escaped…[\$LATEST]. aws logs describe-log-groups --query logGroups[*].logGroupName aws logs describe-log-streams --log-group-name '/aws/lambda/my-function' --query logStreams[*].logStreamName aws logs get-log-events --log-group-name '/aws/lambda/my-function' --log-stream-name '2019/12/31/[$LATEST]7467497f9cdb4078a876ab889797793c' { "ingestionTime": 1577764111252, "timestamp": 1577764096184, "message": "2019-12-31T03:48:16.183Z\tc01c9f5e-6c33-40a1-a6d9-c11ab248ab48\tINFO\tEVENT\n{\n \"Records\": [\n {\n \"EventSource\": \"aws:sns\",\n \"EventVersion\": \"1.0\",\n \"EventSubscriptionArn\": \"arn:aws:sns:ap-northeast-1:465691908928:func-topic:2e0e0d95-f1c8-47bd-90ff-40ca4129794b\",\n \"Sns\": {\n \"Type\": \"Notification\",\n \"MessageId\": \"5f80d26e-bdeb-579f-bc81-84ea7ad4e2ae\",\n \"TopicArn\": \"arn:aws:sns:ap-northeast-1:465691908928:func-topic\",\n \"Subject\": null,\n \"Message\": \"MESSAGE_TEXT\",\n \"Timestamp\": \"2019-12-31T03:48:15.


restore snapshot shell !#/bin/bash wget tar xvf node-v12.13.1-linux-x64.tar.xz export PATH=/home/ubuntu/node-v12.13.1-linux-x64/bin:$PATH wget sudo apt update sudo apt install unzip unzip mv Final\ Source\ Code/ sls sudo apt install python-pip pip install awscli which aws_completer cp ~/.bashrc ~/.bashrc_orig tee -a ~/.bashrc <<-'EOF' complete -C '/home/ubuntu/.local/bin/aws_completer' aws export PATH=/home/ubuntu/node-v12.13.1-linux-x64/bin:$PATH EOF aws configure npm install claudia -g claudia -v 5.11.0 cd chapter-03 npm install claudia create \ --region ap-northeast-1 \ --api-module api packaging files npm install -q --no-audit --production npm WARN [email protected]

Aws IAM Policy

AWS leverages a standard JSON Identity and Access Management (IAM) policy document format across many services to control authorization to resources and API actions terraform resource "aws_iam_role_policy" "s3_policy" { name = "s3_policy" role = "${}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "ListObjectsInBucket", "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::bucket-name"] }, { "Sid": "AllObjectActions", "Effect": "Allow", "Action": "s3:*Object", "Resource": ["arn:aws:s3:::bucket-name/*"] } ] } EOF } resource "aws_iam_role" "lambda_s3_role" { name = "lambda_s3_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.


运行环境 terraform -v Terraform v0.12.16 + v2.39.0 创建函数 main.js 'use strict' exports.handler = function(event, context, callback) { var response = { statusCode: 200, headers: { 'Content-Type': 'text/html; charset=utf-8' }, body: '<p>Hello world!</p>' } callback(null, response) } zip ../ main.js 上传 awslocal s3api create-bucket --bucket=terraform-serverless-example awslocal s3 cp s3://terraform-serverless-example/v1.0.0/ 创建资源 resource "aws_lambda_function" "example" { function_name = "ServerlessExample" # The bucket name as created earlier with "aws s3api create-bucket" s3_bucket = "terraform-serverless-example" s3_key = "v1.


函数计算概论 函数计算就是事件驱动架构(EDA),目前函数计算支持的事件类型列表 函数计算事件列表 计费模式 请求数 执行时间 内存分配 优劣势分析 真正做到谁开发谁运维(who code it who run it) 不需要提前做计算容量规划,服务器配置,负责均衡,扩容 代表性产品 DB: Aurora

Serverless Supports Events Type on Aws

基于local stack的本地S3对象创建通知

get s3 object creation notification create queue awslocal s3 mb s3://localstack awslocal sqs create-queue --queue-name localstack get queue arn awslocal sqs get-queue-attributes --queue-url http://localhost:4576/queue/localstack --attribute-names All { "Attributes": { "ApproximateNumberOfMessagesNotVisible": "0", "ApproximateNumberOfMessagesDelayed": "0", "CreatedTimestamp": "1574152022", "ApproximateNumberOfMessages": "1", "ReceiveMessageWaitTimeSeconds": "0", "DelaySeconds": "0", "VisibilityTimeout": "30", "LastModifiedTimestamp": "1574152022", "QueueArn": "arn:aws:sqs:us-east-1:000000000000:localstack" } } create s3 notification config cat notification.json { "QueueConfigurations": [ { "QueueArn": "arn:aws:sqs:local:000000000000:localstack", "Events": [ "s3:ObjectCreated:*" ] } ] } make notification effect awslocal s3api put-bucket-notification-configuration --bucket localstack --notification-configuration file://notification.

Aws Log

AWS Lambda By default, all native logs within a Lambda function are stored in the function execution result within Lambda. Additionally, if you would like to review log information immediately after executing a function, invoking the Lambda function with the LogType parameter will retrieve the last 4KB of log data generated by the function. This information is returned in the x-amz-log-results header in the HTTP response. While these methods are great ways to test and debug issues associated with individual function calls, they do not do much by way of analysis or alerting.


serverless install -u -n aws-node-upload-to-s3-and-postprocess sls deploy -s local awslocal logs describe-log-groups { "logGroups": [ { "arn": "arn:aws:logs:us-east-1:1:log-group:/aws/lambda/uload-local-postprocess", "creationTime": 1573867924377.624, "metricFilterCount": 0, "logGroupName": "/aws/lambda/upload-local-postprocess", "storedBytes": 0 } ] } awslocal logs describe-log-streams --log-group-name /aws/lambda/uload-local-postprocess { "logStreams": [] } serverless install -u -n aws-node-s3-file-replicator sls deploy -s local awslocal s3api get-bucket-notification-configuration --bucket bbbb awslocal s3api get-bucket-acl --bucket output-bucket-12345 import json def my_handler(event, context): print("Received event: " + json.


install nodejs install serverless npm install -g serverless npm install serverless-localstack check serverless version serverless -v Framework Core: 1.57.0 Plugin: 3.2.3 SDK: 2.2.1 Components Core: 1.1.2 Components CLI: 1.4.0 create serverless function serverless create --template aws-nodejs --path my-service cd my-service serverless.yml functions: hello: handler: handler.hello events: - http: path: ping method: get plugins: - serverless-localstack custom: localstack: debug: true stages: - local - dev host: http://localhost endpoints: S3: http://localhost:4572 DynamoDB: http://localhost:4570 CloudFormation: http://localhost:4581 Elasticsearch: http://localhost:4571 ES: http://localhost:4578 SNS: http://localhost:4575 SQS: http://localhost:4576 Lambda: http://localhost:4574 Kinesis: http://localhost:4568 APIGateway: http://localhost:4567 CloudWatch: http://localhost:4582 CloudWatchLogs: http://localhost:4586 CloudWatchEvents: http://localhost:4587 deploy redeploy if all Functions, Events or Resources

Aws Lambda Notes

事件 事件源发送的事件是JSON格式,LAMBDA运行时把原始JSON事件转换为 对象并发送给函数代码。 事件的结构和内容由事件源决定 支持事件源的服务 Kinesis DynamoDB Simple Queue Service 权限 通过权限策略(permissions policy)来管理IAM用户,组或者角色对lambda API和资源(函数或函数层)访问权限。 权限策略也可以授权给资源本身,让资源或服务访问lambda。 每一个lamdba函数都有一个执行角色(execution role), 该角色授权lamdba函数 本身对其他资源和服务的访问。执行角色至少包含对CLOUDWATCH日志的访问权限。 lambda也通过执行角色请求对事件源的读取权限。 资源 函数 版本 别名 层级 举例:授权SNS 调用 my-function aws lambda add-permission --function-name my-function --action lambda:InvokeFunction --statement-id sns \ > --principal --output text {"Sid":"sns","Effect":"Allow","Principal":{"Service":""},"Action":"lambda:InvokeFunction","Resource":"arn:aws:lambda:ap-northeast-1:465691908928:function:my-function"} serveless backend Lambda allows to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code

Aws S3 Upload With Localstack


Create function index.js exports.handler = async function(event, context) { console.log("ENVIRONMENT VARIABLES\n" + JSON.stringify(process.env, null, 2)) console.log("EVENT\n" + JSON.stringify(event, null, 2)) return context.logStreamName } 打包 zip index.js aws lambda create-function --function-name my-function --zip-file fileb:// --handler index.handler --runtime nodejs10.x --role arn:aws:iam::123456789012:role/lambda-cli-role --endpoint-url=http://localhost:4574 aws lambda get-function --function-name my-function --endpoint-url=http://localhost:4574 { "Code": { "Location": "http://localhost:4574/2015-03-31/functions/my-function/code" }, "Configuration": { "TracingConfig": { "Mode": "PassThrough" }, "Version": "$LATEST", "CodeSha256": "3d149vplmMjIEgZuPhQgnFJ+tndL4I9D11GL1qdgT6M=", "FunctionName": "my-function", "LastModified": "2019-09-29T01:16:43.

基于local stack的Step Function本地化开发

安装AWS CLI (venv) d:\code\venv>pip install awscli pip install awscli-local awslocal = aws –endpoint-url=http://localhost: 可以安装到系统环境 配置AWS CLI (venv) d:\code\venv>aws configure AWS Access Key ID [None]: any-id-is-ok AWS Secret Access Key [None]: fake-key Default region name [local]: local Default output format [None]: 命令行自动完成 $which aws_completer ~/code/venv/bin/aws_completer tee ~/.bashrc <<-'EOF' complete -C '~/code/venv/bin/aws_completer' aws EOF 安装AWS SAM CLI (venv) d:\code>pip install aws-sam-cli (venv) d:\code>sam --version SAM CLI, version 0.


典型无服务器架构应用场景 应用后台 数据处理 实时分析 遗留应用API代理 调度服务 RPA 最新实现参考 基于S3和SES邮件服务器

基于Localstack的本地云服务编排 AWS SAM is an extension for the AWS CloudFormation template language that lets you define serverless applications at a higher level localstack default regrion us-east-1 create stack file path has to be in file URL format(file:///home/user/…) func.yaml AWSTemplateFormatVersion: '2010-09-09' Description: Simple CloudFormation Test Template Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: PublicRead BucketName: test-bucket-1 aws cloudformation create-stack --stack-name funstack --template-body file:///data/func.yaml --endpoint-url=http://localhost:4581 --region us-east-1 aws cloudformation describe-stacks --endpoint-url=http://localhost:4581 --region us-east-1


问题 长链接 通过连接池和数据库保持长链接 Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora (MySQL-compatible and PostgreSQL-compatible editions), where the database will automatically start up, shut down, and scale capacity up or down based on your application’s needs. It enables you to run your database in the cloud without managing any database instances. It’s a simple, cost-effective option for infrequent, intermittent, or unpredictable workloads.