AWS Lambda: the swiss army knife of aws

As an aws cloud engineer/architect you should have a fair understanding of the AWS Lambda implementations/integrations, this tool can be described as the swiss army knife of aws and it will definitely help you in implementing many cloud scenarios and architectures. This article is nothing more than highlighting some of the operations & integrations that you can do on the aws cloud platform using lambda. Of course, it’s not meant to be the full list, as the list can go on and on. I will definitely come back and update every now and then, please feel free to highlight other integrations in the comments also.

What is AWS Lambda?

If you not working with aws lambda functions yet, you probably heard of it at least, it’s at the core of the serverless architectures in aws, it has a lot of integrations with other aws services also which makes it a very helpful and flexible tool for many solution architecture requirements.

Form the official documentation by aws:

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume.

With Lambda, you can run code for virtually any type of application or backend service — all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services or call it directly from any web or mobile app.

Lambda supports currently several programming languages, from the aws Lambda faq:

AWS Lambda natively supports Java, Go, PowerShell, Node.js, C#, Python, and Ruby code, and provides a Runtime API which allows you to use any additional programming languages to author your functions.

Below are some of the operations/integrations that can be performed with the help aws Lambda.

1. Update Security Groups

A very handful feature from a security and networking perspective to have an option to update security groups on the fly.

Automating Security Group Updates with AWS Lambda

How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda.

2. Track security groups changes

Similar to the previous one, this feature will provide you with a mechanism to auto-detect changes related to security group and make corrective actions.

How to Automatically Revert and Receive Notifications About Changes to Your Amazon VPC Security Groups

2. Manage EC2 instances

This is another flexible feature that will allow you to manage EC2 resources via Lambda.

How do I stop and start Amazon EC2 instances at regular intervals using Lambda?

Using AWS Lambda with Amazon EC2

3. Amazon S3 public acces and events notifications

Imagine having an S3 bucket that stores sensitive information and it was turned on to be public either accidentally or intentionally, with the help of Lambda and other services you can have to setup to receive alerts via SNS immediately.

How to Use AWS Config to Monitor for and Respond to Amazon S3 Buckets Allowing Public Access

Also you can configure Lambda to respond to S3 events notifications:

Using AWS Lambda with Amazon S3

4. DynamoDB Streams and AWS lambda triggers

DynamoDB Streams allow you to capture data changes happening on a dynamodb tables, Lamdba can integrate with those streams for additional actions over those changes like calling other service in the workflow after a change, this is one of the common scenarios that you see within the microservices architecture.

DynamoDB Streams and AWS Lambda Triggers

5. Access RDS service

This is a common scenario in a serverless architecture where you want interactions with the DB using Lambda. For example handling a CRUD action for the api gateway.

Tutorial: Configuring a Lambda function to access Amazon RDS in an Amazon VPC

6. Lambda & AWS systems manager parameter store

The Systems Manager Parameter Store is where you can store application configurations. During Lambda execution you might need to access some values stored there like passwords or api keys or DB connection strings.

Sharing Secrets with AWS Lambda Using AWS Systems Manager Parameter Store

7. AWS Lambda & AWS Config rules

“AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.”

This services is important to keep your aws resources configurations in the complaint state and you can integrate it with Lambda to react to non-complaint resources evaluation events by the AWS Config service.

Example AWS Lambda Functions for AWS Config Rules (Node.js)

8. Lambda & S3 batch operations

Another example of the integration between S3 & Lambda is over the S3 batch operations:

“S3 Batch Operations performs large-scale batch operations on Amazon S3 objects. You can use S3 Batch Operations to copy objects, set object tags or access control lists (ACLs), initiate object restores from Amazon S3 Glacier, or invoke an AWS Lambda function to perform custom actions using your objects.”

Invoking a Lambda function from Amazon S3 batch operations

9. Lambda authorizer

This feature allows you to implement a custom authorization scheme that uses a bearer token authentication strategy such as OAuth or SAML for the purpose of controlling access to your api enpdoints.

Use API Gateway Lambda authorizers

Configure a cross-account Lambda authorizer

10. Set up Lambda integrations in API Gateway

You can integrate an API method with a Lambda function using Lambda proxy integration or Lambda non-proxy (custom) integration.

Set up Lambda integrations in API Gateway

11. Trigger Lambda via SNS subscriptions

Another cool feature for Lambda where you can attach it to an SNS subscription and get the Lambda function invoked whenever a message is published.

Using Amazon SNS for system-to-system messaging with an AWS Lambda function as a subscriber

I passed also on the the below list of Lambda integrations with other aws services.

Using AWS Lambda with other services

Happy Lambda!