lambda
💡 Summary
A comprehensive skill for managing AWS Lambda functions, covering creation, configuration, triggers, optimization, and troubleshooting.
🎯 Target Audience
🤖 AI Roast: “It's a well-organized AWS manual, but calling it a 'novel skill' is like calling a dictionary a novel.”
The skill enables execution of arbitrary AWS CLI commands, which could lead to privilege escalation, resource deletion, or secret exposure if misused. Mitigation: Implement strict IAM role-based access control and command allow-listing for the agent.
name: lambda description: AWS Lambda serverless functions for event-driven compute. Use when creating functions, configuring triggers, debugging invocations, optimizing cold starts, setting up event source mappings, or managing layers. last_updated: "2026-01-07" doc_source: https://docs.aws.amazon.com/lambda/latest/dg/
AWS Lambda
AWS Lambda runs code without provisioning servers. You pay only for compute time consumed. Lambda automatically scales from a few requests per day to thousands per second.
Table of Contents
Core Concepts
Function
Your code packaged with configuration. Includes runtime, handler, memory, timeout, and IAM role.
Invocation Types
| Type | Description | Use Case | |------|-------------|----------| | Synchronous | Caller waits for response | API Gateway, direct invoke | | Asynchronous | Fire and forget | S3, SNS, EventBridge | | Poll-based | Lambda polls source | SQS, Kinesis, DynamoDB Streams |
Execution Environment
Lambda creates execution environments to run your function. Components:
- Cold start: New environment initialization
- Warm start: Reusing existing environment
- Handler: Entry point function
- Context: Runtime information
Layers
Reusable packages of libraries, dependencies, or custom runtimes (up to 5 per function).
Common Patterns
Create a Python Function
AWS CLI:
# Create deployment package zip function.zip lambda_function.py # Create function aws lambda create-function \ --function-name MyFunction \ --runtime python3.12 \ --role arn:aws:iam::123456789012:role/lambda-role \ --handler lambda_function.handler \ --zip-file fileb://function.zip \ --timeout 30 \ --memory-size 256 # Update function code aws lambda update-function-code \ --function-name MyFunction \ --zip-file fileb://function.zip
boto3:
import boto3 import zipfile import io lambda_client = boto3.client('lambda') # Create zip in memory zip_buffer = io.BytesIO() with zipfile.ZipFile(zip_buffer, 'w') as zf: zf.writestr('lambda_function.py', ''' def handler(event, context): return {"statusCode": 200, "body": "Hello"} ''') zip_buffer.seek(0) # Create function lambda_client.create_function( FunctionName='MyFunction', Runtime='python3.12', Role='arn:aws:iam::123456789012:role/lambda-role', Handler='lambda_function.handler', Code={'ZipFile': zip_buffer.read()}, Timeout=30, MemorySize=256 )
Add S3 Trigger
# Add permission for S3 to invoke Lambda aws lambda add-permission \ --function-name MyFunction \ --statement-id s3-trigger \ --action lambda:InvokeFunction \ --principal s3.amazonaws.com \ --source-arn arn:aws:s3:::my-bucket \ --source-account 123456789012 # Configure S3 notification (see S3 skill)
Add SQS Event Source
aws lambda create-event-source-mapping \ --function-name MyFunction \ --event-source-arn arn:aws:sqs:us-east-1:123456789012:my-queue \ --batch-size 10 \ --maximum-batching-window-in-seconds 5
Environment Variables
aws lambda update-function-configuration \ --function-name MyFunction \ --environment "Variables={DB_HOST=mydb.cluster-xyz.us-east-1.rds.amazonaws.com,LOG_LEVEL=INFO}"
Create and Attach Layer
# Create layer zip -r layer.zip python/ aws lambda publish-layer-version \ --layer-name my-dependencies \ --compatible-runtimes python3.12 \ --zip-file fileb://layer.zip # Attach to function aws lambda update-function-configuration \ --function-name MyFunction \ --layers arn:aws:lambda:us-east-1:123456789012:layer:my-dependencies:1
Invoke Function
# Synchronous invoke aws lambda invoke \ --function-name MyFunction \ --payload '{"key": "value"}' \ response.json # Asynchronous invoke aws lambda invoke \ --function-name MyFunction \ --invocation-type Event \ --payload '{"key": "value"}' \ response.json
CLI Reference
Function Management
| Command | Description |
|---------|-------------|
| aws lambda create-function | Create new function |
| aws lambda update-function-code | Update function code |
| aws lambda update-function-configuration | Update settings |
| aws lambda delete-function | Delete function |
| aws lambda list-functions | List all functions |
| aws lambda get-function | Get function details |
Invocation
| Command | Description |
|---------|-------------|
| aws lambda invoke | Invoke function |
| aws lambda invoke-async | Async invoke (deprecated) |
Event Sources
| Command | Description |
|---------|-------------|
| aws lambda create-event-source-mapping | Add event source |
| aws lambda list-event-source-mappings | List mappings |
| aws lambda update-event-source-mapping | Update mapping |
| aws lambda delete-event-source-mapping | Remove mapping |
Permissions
| Command | Description |
|---------|-------------|
| aws lambda add-permission | Add resource-based policy |
| aws lambda remove-permission | Remove permission |
| aws lambda get-policy | View resource policy |
Best Practices
Performance
- Right-size memory: More memory = more CPU = faster execution
- Minimize cold starts: Keep functions warm, use Provisioned Concurrency
- Optimize package size: Smaller packages deploy faster
- Use layers for shared dependencies
- Initialize outside handler: Reuse connections across invocations
# GOOD: Initialize outside handler import boto3 dynamodb = boto3.resource('dynamodb') table = dynamodb.Table('MyTable') def handler(event, context): # Reuses existing connection return table.get_item(Key={'id': event['id']})
Security
- Least privilege IAM roles — only grant needed permissions
- Use Secrets Manager for sensitive data
- Enable VPC only if needed (adds latency)
- Encrypt environment variables with KMS
Cost Optimization
- Set appropriate timeout — don't use max 15 minutes unnecessarily
- Use ARM architecture (Graviton2) for 34% better price/performance
- Batch process where possible
- Use Reserved Concurrency to limit costs
Reliability
- Configure DLQ for async invocations
- Handle retries — async events retry twice
- Make handlers idempotent
- Use structured logging
Troubleshooting
Timeout Errors
Symptom: Task timed out after X seconds
Causes:
- Function takes longer than timeout
- Network call to unreachable resource
- VPC configuration issues
Debug:
# Check function configuration aws lambda get-function-configuration \ --function-name MyFunction \ --query "Timeout" # Increase timeout aws lambda update-function-configuration \ --function-name MyFunction \ --timeout 60
Out of Memory
Symptom: Function crashes with memory error
Fix:
aws lambda update-function-configuration \ --function-name MyFunction \ --memory-size 512
Cold Start Latency
Causes:
- Large deployment package
- VPC configuration
- Many dependencies to load
Solutions:
- Use Provisioned Concurrency
- Reduce package size
- Use layers for dependencies
- Consider Graviton2 (ARM)
# Enable Provisioned Concurrency aws lambda put-provisioned-concurrency-config \ --function-name MyFunction \ --qualifier LIVE \ --provisioned-concurrent-executions 5
Permission Denied
Symptom: AccessDeniedException
Debug:
# Check execution role aws lambda get-function-configuration \ --function-name MyFunction \ --query "Role" # Check role policies aws iam list-attached-role-policies \ --role-name lambda-role
VPC Connectivity Issues
Symptom: Cannot reach internet or AWS services
Causes:
- No NAT Gateway for internet access
- Missing VPC endpoint for AWS services
- Security group blocking outbound
Solutions:
- Add NAT Gateway for internet
- Add VPC endpoints for AWS services
- Check security group rules
References
Pros
- Extensive coverage of Lambda operations and patterns.
- Clear CLI and code examples for common tasks.
- Includes practical best practices and troubleshooting guides.
Cons
- Primarily a documentation wrapper with limited novel automation.
- Heavily reliant on external AWS CLI/boto3; no self-contained logic.
- Assumes pre-existing AWS knowledge and setup.
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author itsmostafa.