lambda
💡 摘要
一个用于管理 AWS Lambda 函数的综合技能,涵盖创建、配置、触发器、优化和故障排除。
🎯 适合人群
🤖 AI 吐槽: “这是一本组织良好的 AWS 手册,但称其为“新颖技能”就像称字典为小说一样。”
该技能允许执行任意 AWS CLI 命令,如果被滥用,可能导致权限升级、资源删除或密钥泄露。缓解措施:为代理实施严格的基于 IAM 角色的访问控制和命令白名单。
name: lambda description: AWS Lambda serverless functions for event-driven compute. Use when creating functions, configuring triggers, debugging invocations, optimizing cold starts, setting up event source mappings, or managing layers. last_updated: "2026-01-07" doc_source: https://docs.aws.amazon.com/lambda/latest/dg/
AWS Lambda
AWS Lambda runs code without provisioning servers. You pay only for compute time consumed. Lambda automatically scales from a few requests per day to thousands per second.
Table of Contents
Core Concepts
Function
Your code packaged with configuration. Includes runtime, handler, memory, timeout, and IAM role.
Invocation Types
| Type | Description | Use Case | |------|-------------|----------| | Synchronous | Caller waits for response | API Gateway, direct invoke | | Asynchronous | Fire and forget | S3, SNS, EventBridge | | Poll-based | Lambda polls source | SQS, Kinesis, DynamoDB Streams |
Execution Environment
Lambda creates execution environments to run your function. Components:
- Cold start: New environment initialization
- Warm start: Reusing existing environment
- Handler: Entry point function
- Context: Runtime information
Layers
Reusable packages of libraries, dependencies, or custom runtimes (up to 5 per function).
Common Patterns
Create a Python Function
AWS CLI:
# Create deployment package zip function.zip lambda_function.py # Create function aws lambda create-function \ --function-name MyFunction \ --runtime python3.12 \ --role arn:aws:iam::123456789012:role/lambda-role \ --handler lambda_function.handler \ --zip-file fileb://function.zip \ --timeout 30 \ --memory-size 256 # Update function code aws lambda update-function-code \ --function-name MyFunction \ --zip-file fileb://function.zip
boto3:
import boto3 import zipfile import io lambda_client = boto3.client('lambda') # Create zip in memory zip_buffer = io.BytesIO() with zipfile.ZipFile(zip_buffer, 'w') as zf: zf.writestr('lambda_function.py', ''' def handler(event, context): return {"statusCode": 200, "body": "Hello"} ''') zip_buffer.seek(0) # Create function lambda_client.create_function( FunctionName='MyFunction', Runtime='python3.12', Role='arn:aws:iam::123456789012:role/lambda-role', Handler='lambda_function.handler', Code={'ZipFile': zip_buffer.read()}, Timeout=30, MemorySize=256 )
Add S3 Trigger
# Add permission for S3 to invoke Lambda aws lambda add-permission \ --function-name MyFunction \ --statement-id s3-trigger \ --action lambda:InvokeFunction \ --principal s3.amazonaws.com \ --source-arn arn:aws:s3:::my-bucket \ --source-account 123456789012 # Configure S3 notification (see S3 skill)
Add SQS Event Source
aws lambda create-event-source-mapping \ --function-name MyFunction \ --event-source-arn arn:aws:sqs:us-east-1:123456789012:my-queue \ --batch-size 10 \ --maximum-batching-window-in-seconds 5
Environment Variables
aws lambda update-function-configuration \ --function-name MyFunction \ --environment "Variables={DB_HOST=mydb.cluster-xyz.us-east-1.rds.amazonaws.com,LOG_LEVEL=INFO}"
Create and Attach Layer
# Create layer zip -r layer.zip python/ aws lambda publish-layer-version \ --layer-name my-dependencies \ --compatible-runtimes python3.12 \ --zip-file fileb://layer.zip # Attach to function aws lambda update-function-configuration \ --function-name MyFunction \ --layers arn:aws:lambda:us-east-1:123456789012:layer:my-dependencies:1
Invoke Function
# Synchronous invoke aws lambda invoke \ --function-name MyFunction \ --payload '{"key": "value"}' \ response.json # Asynchronous invoke aws lambda invoke \ --function-name MyFunction \ --invocation-type Event \ --payload '{"key": "value"}' \ response.json
CLI Reference
Function Management
| Command | Description |
|---------|-------------|
| aws lambda create-function | Create new function |
| aws lambda update-function-code | Update function code |
| aws lambda update-function-configuration | Update settings |
| aws lambda delete-function | Delete function |
| aws lambda list-functions | List all functions |
| aws lambda get-function | Get function details |
Invocation
| Command | Description |
|---------|-------------|
| aws lambda invoke | Invoke function |
| aws lambda invoke-async | Async invoke (deprecated) |
Event Sources
| Command | Description |
|---------|-------------|
| aws lambda create-event-source-mapping | Add event source |
| aws lambda list-event-source-mappings | List mappings |
| aws lambda update-event-source-mapping | Update mapping |
| aws lambda delete-event-source-mapping | Remove mapping |
Permissions
| Command | Description |
|---------|-------------|
| aws lambda add-permission | Add resource-based policy |
| aws lambda remove-permission | Remove permission |
| aws lambda get-policy | View resource policy |
Best Practices
Performance
- Right-size memory: More memory = more CPU = faster execution
- Minimize cold starts: Keep functions warm, use Provisioned Concurrency
- Optimize package size: Smaller packages deploy faster
- Use layers for shared dependencies
- Initialize outside handler: Reuse connections across invocations
# GOOD: Initialize outside handler import boto3 dynamodb = boto3.resource('dynamodb') table = dynamodb.Table('MyTable') def handler(event, context): # Reuses existing connection return table.get_item(Key={'id': event['id']})
Security
- Least privilege IAM roles — only grant needed permissions
- Use Secrets Manager for sensitive data
- Enable VPC only if needed (adds latency)
- Encrypt environment variables with KMS
Cost Optimization
- Set appropriate timeout — don't use max 15 minutes unnecessarily
- Use ARM architecture (Graviton2) for 34% better price/performance
- Batch process where possible
- Use Reserved Concurrency to limit costs
Reliability
- Configure DLQ for async invocations
- Handle retries — async events retry twice
- Make handlers idempotent
- Use structured logging
Troubleshooting
Timeout Errors
Symptom: Task timed out after X seconds
Causes:
- Function takes longer than timeout
- Network call to unreachable resource
- VPC configuration issues
Debug:
# Check function configuration aws lambda get-function-configuration \ --function-name MyFunction \ --query "Timeout" # Increase timeout aws lambda update-function-configuration \ --function-name MyFunction \ --timeout 60
Out of Memory
Symptom: Function crashes with memory error
Fix:
aws lambda update-function-configuration \ --function-name MyFunction \ --memory-size 512
Cold Start Latency
Causes:
- Large deployment package
- VPC configuration
- Many dependencies to load
Solutions:
- Use Provisioned Concurrency
- Reduce package size
- Use layers for dependencies
- Consider Graviton2 (ARM)
# Enable Provisioned Concurrency aws lambda put-provisioned-concurrency-config \ --function-name MyFunction \ --qualifier LIVE \ --provisioned-concurrent-executions 5
Permission Denied
Symptom: AccessDeniedException
Debug:
# Check execution role aws lambda get-function-configuration \ --function-name MyFunction \ --query "Role" # Check role policies aws iam list-attached-role-policies \ --role-name lambda-role
VPC Connectivity Issues
Symptom: Cannot reach internet or AWS services
Causes:
- No NAT Gateway for internet access
- Missing VPC endpoint for AWS services
- Security group blocking outbound
Solutions:
- Add NAT Gateway for internet
- Add VPC endpoints for AWS services
- Check security group rules
References
优点
- 广泛覆盖 Lambda 操作和模式。
- 为常见任务提供清晰的 CLI 和代码示例。
- 包含实用的最佳实践和故障排除指南。
缺点
- 主要是一个文档包装器,缺乏新颖的自动化功能。
- 严重依赖外部 AWS CLI/boto3;没有自包含的逻辑。
- 假设用户已具备 AWS 知识和环境设置。
相关技能
免责声明:本内容来源于 GitHub 开源项目,仅供展示和评分分析使用。
版权归原作者所有 itsmostafa.