or run

tessl search
Log in

lambda

tessl install github:itsmostafa/aws-agent-skills --skill lambda

github.com/itsmostafa/aws-agent-skills

AWS Lambda serverless functions for event-driven compute. Use when creating functions, configuring triggers, debugging invocations, optimizing cold starts, setting up event source mappings, or managing layers.

Review Score

81%

Validation Score

12/16

Implementation Score

65%

Activation Score

100%

AWS Lambda

AWS Lambda runs code without provisioning servers. You pay only for compute time consumed. Lambda automatically scales from a few requests per day to thousands per second.

Table of Contents

  • Core Concepts
  • Common Patterns
  • CLI Reference
  • Best Practices
  • Troubleshooting
  • References

Core Concepts

Function

Your code packaged with configuration. Includes runtime, handler, memory, timeout, and IAM role.

Invocation Types

TypeDescriptionUse Case
SynchronousCaller waits for responseAPI Gateway, direct invoke
AsynchronousFire and forgetS3, SNS, EventBridge
Poll-basedLambda polls sourceSQS, Kinesis, DynamoDB Streams

Execution Environment

Lambda creates execution environments to run your function. Components:

  • Cold start: New environment initialization
  • Warm start: Reusing existing environment
  • Handler: Entry point function
  • Context: Runtime information

Layers

Reusable packages of libraries, dependencies, or custom runtimes (up to 5 per function).

Common Patterns

Create a Python Function

AWS CLI:

# Create deployment package
zip function.zip lambda_function.py

# Create function
aws lambda create-function \
  --function-name MyFunction \
  --runtime python3.12 \
  --role arn:aws:iam::123456789012:role/lambda-role \
  --handler lambda_function.handler \
  --zip-file fileb://function.zip \
  --timeout 30 \
  --memory-size 256

# Update function code
aws lambda update-function-code \
  --function-name MyFunction \
  --zip-file fileb://function.zip

boto3:

import boto3
import zipfile
import io

lambda_client = boto3.client('lambda')

# Create zip in memory
zip_buffer = io.BytesIO()
with zipfile.ZipFile(zip_buffer, 'w') as zf:
    zf.writestr('lambda_function.py', '''
def handler(event, context):
    return {"statusCode": 200, "body": "Hello"}
''')
zip_buffer.seek(0)

# Create function
lambda_client.create_function(
    FunctionName='MyFunction',
    Runtime='python3.12',
    Role='arn:aws:iam::123456789012:role/lambda-role',
    Handler='lambda_function.handler',
    Code={'ZipFile': zip_buffer.read()},
    Timeout=30,
    MemorySize=256
)

Add S3 Trigger

# Add permission for S3 to invoke Lambda
aws lambda add-permission \
  --function-name MyFunction \
  --statement-id s3-trigger \
  --action lambda:InvokeFunction \
  --principal s3.amazonaws.com \
  --source-arn arn:aws:s3:::my-bucket \
  --source-account 123456789012

# Configure S3 notification (see S3 skill)

Add SQS Event Source

aws lambda create-event-source-mapping \
  --function-name MyFunction \
  --event-source-arn arn:aws:sqs:us-east-1:123456789012:my-queue \
  --batch-size 10 \
  --maximum-batching-window-in-seconds 5

Environment Variables

aws lambda update-function-configuration \
  --function-name MyFunction \
  --environment "Variables={DB_HOST=mydb.cluster-xyz.us-east-1.rds.amazonaws.com,LOG_LEVEL=INFO}"

Create and Attach Layer

# Create layer
zip -r layer.zip python/

aws lambda publish-layer-version \
  --layer-name my-dependencies \
  --compatible-runtimes python3.12 \
  --zip-file fileb://layer.zip

# Attach to function
aws lambda update-function-configuration \
  --function-name MyFunction \
  --layers arn:aws:lambda:us-east-1:123456789012:layer:my-dependencies:1

Invoke Function

# Synchronous invoke
aws lambda invoke \
  --function-name MyFunction \
  --payload '{"key": "value"}' \
  response.json

# Asynchronous invoke
aws lambda invoke \
  --function-name MyFunction \
  --invocation-type Event \
  --payload '{"key": "value"}' \
  response.json

CLI Reference

Function Management

CommandDescription
aws lambda create-functionCreate new function
aws lambda update-function-codeUpdate function code
aws lambda update-function-configurationUpdate settings
aws lambda delete-functionDelete function
aws lambda list-functionsList all functions
aws lambda get-functionGet function details

Invocation

CommandDescription
aws lambda invokeInvoke function
aws lambda invoke-asyncAsync invoke (deprecated)

Event Sources

CommandDescription
aws lambda create-event-source-mappingAdd event source
aws lambda list-event-source-mappingsList mappings
aws lambda update-event-source-mappingUpdate mapping
aws lambda delete-event-source-mappingRemove mapping

Permissions

CommandDescription
aws lambda add-permissionAdd resource-based policy
aws lambda remove-permissionRemove permission
aws lambda get-policyView resource policy

Best Practices

Performance

  • Right-size memory: More memory = more CPU = faster execution
  • Minimize cold starts: Keep functions warm, use Provisioned Concurrency
  • Optimize package size: Smaller packages deploy faster
  • Use layers for shared dependencies
  • Initialize outside handler: Reuse connections across invocations
# GOOD: Initialize outside handler
import boto3
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('MyTable')

def handler(event, context):
    # Reuses existing connection
    return table.get_item(Key={'id': event['id']})

Security

  • Least privilege IAM roles — only grant needed permissions
  • Use Secrets Manager for sensitive data
  • Enable VPC only if needed (adds latency)
  • Encrypt environment variables with KMS

Cost Optimization

  • Set appropriate timeout — don't use max 15 minutes unnecessarily
  • Use ARM architecture (Graviton2) for 34% better price/performance
  • Batch process where possible
  • Use Reserved Concurrency to limit costs

Reliability

  • Configure DLQ for async invocations
  • Handle retries — async events retry twice
  • Make handlers idempotent
  • Use structured logging

Troubleshooting

Timeout Errors

Symptom: Task timed out after X seconds

Causes:

  • Function takes longer than timeout
  • Network call to unreachable resource
  • VPC configuration issues

Debug:

# Check function configuration
aws lambda get-function-configuration \
  --function-name MyFunction \
  --query "Timeout"

# Increase timeout
aws lambda update-function-configuration \
  --function-name MyFunction \
  --timeout 60

Out of Memory

Symptom: Function crashes with memory error

Fix:

aws lambda update-function-configuration \
  --function-name MyFunction \
  --memory-size 512

Cold Start Latency

Causes:

  • Large deployment package
  • VPC configuration
  • Many dependencies to load

Solutions:

  • Use Provisioned Concurrency
  • Reduce package size
  • Use layers for dependencies
  • Consider Graviton2 (ARM)
# Enable Provisioned Concurrency
aws lambda put-provisioned-concurrency-config \
  --function-name MyFunction \
  --qualifier LIVE \
  --provisioned-concurrent-executions 5

Permission Denied

Symptom: AccessDeniedException

Debug:

# Check execution role
aws lambda get-function-configuration \
  --function-name MyFunction \
  --query "Role"

# Check role policies
aws iam list-attached-role-policies \
  --role-name lambda-role

VPC Connectivity Issues

Symptom: Cannot reach internet or AWS services

Causes:

  • No NAT Gateway for internet access
  • Missing VPC endpoint for AWS services
  • Security group blocking outbound

Solutions:

  • Add NAT Gateway for internet
  • Add VPC endpoints for AWS services
  • Check security group rules

References