🚀 Serverless & Containers#
Learning Objectives#
- Build serverless APIs with Lambda, API Gateway, and DynamoDB
- Choose between Lambda, ECS, EKS, and Fargate
- Design event-driven serverless architectures
- Understand container orchestration on AWS
1. AWS Lambda#
1.1 Lambda Overview#
AWS Lambda runs your code without provisioning or managing servers. You pay only for compute time consumed.
Event Sources → Lambda Function → Output
│ │
│ ┌──────┴──────┐
│ │ S3, DynamoDB │
│ │ SQS, SNS │
│ │ API Gateway │
│ │ Step Func. │
│ └─────────────┘
│
├── S3 (new object)
├── DynamoDB Streams
├── API Gateway (HTTP request)
├── SQS (new message)
├── SNS (notification)
├── EventBridge (scheduled)
└── CloudWatch (logs, alarms)1.2 Lambda Limits#
| Resource | Limit |
|---|---|
| Memory | 128 MB - 10,240 MB (10 GB) |
| Ephemeral storage | 512 MB - 10,240 MB |
| Max execution timeout | 15 minutes |
| Environment variables | 4 KB total |
| Deployment package | 50 MB (zipped), 250 MB (unzipped) |
| /tmp directory | 512 MB - 10,240 MB |
| Concurrent executions | 1,000 (soft limit, can be increased) |
| Invocation payload | 256 KB (synchronous), 128 KB (async) |
⚡ Exam Tip: Lambda max timeout is 15 minutes. For longer tasks, use ECS, Step Functions, or EC2.
1.3 Lambda Triggers & Destinations#
Synchronous Invocations (request-response):
- API Gateway, Cognito, Lex, CloudFront (Lambda@Edge)
Asynchronous Invocations (event-based):
- S3, SNS, EventBridge, CloudWatch
Destinations (for async invocations):
# Configure Lambda with SQS destination on success
aws lambda create-event-source-mapping \
--function-name process-order \
--event-source-arn arn:aws:mq:us-east-1:...:broker/orders \
--destination-config '{"OnSuccess": { "Destination": "arn:aws:sqs:us-east-1:...:order-success-queue" },
"OnFailure": {"Destination": "arn:aws:sqs:us-east-1:...:order-dlq" }
}'1.4 Lambda Versions & Aliases#
$LATEST (unstable, dev) → version 1 → version 2 → version 3
│ │
┌────┴────┐ ┌────┴────┐
│ alias: │ │ alias: │
│ "prod" │ │ "staging"│
│ v2 │ │ v3 │
└─────────┘ └─────────┘
# Create alias and point to specific version
aws lambda create-alias \
--function-name process-order \
--name "prod" \
--function-version "2"
# Weighted alias (10% traffic to new version)
aws lambda update-alias \
--function-name process-order \
--name "prod" \
--function-version "2" \
--routing-config '{"AdditionalVersionWeights": {"3": 0.1}}'1.5 Lambda Layers#
Share code, libraries, and dependencies across multiple functions:
# Create layer
aws lambda publish-layer-version \
--layer-name pandas-layer \
--description "Pandas + NumPy for Python 3.9" \
--zip-file fileb://pandas-layer.zip \
--compatible-runtimes python3.9
# Attach layer to function
aws lambda update-function-configuration \
--function-name process-data \
--layers arn:aws:lambda:us-east-1:...:layer:pandas-layer:12. API Gateway#
2.1 API Types#
| Feature | REST API | HTTP API | WebSocket API |
|---|---|---|---|
| Protocol | REST (JSON) | REST (JSON) | WebSocket |
| Features | Full (caching, WAF, usage plans) | Simpler, cheaper | Real-time 2-way |
| Latency | Low | Very low (30%) | Real-time |
| Cost | Standard | 70% cheaper | Per connection |
| Use Case | Enterprise APIs | Microservices | Chat, streaming |
2.2 REST API vs HTTP API#
# Create HTTP API (simpler, cheaper)
aws apigatewayv2 create-api \
--name "orders-api" \
--protocol-type HTTP \
--target arn:aws:lambda:us-east-1:...:function:process-order
# Create REST API (more features)
aws apigateway create-rest-api \
--name "orders-api-rest" \
--endpoint-configuration '{"types": ["REGIONAL"]}'2.3 API Gateway Caching#
- Cache API responses to reduce latency and backend load
- TTL: 0-3600 seconds (default 300)
- Cache size: 500 MB - 237 GB
- Per-key caching with parameters
3. ECS, EKS & Fargate#
3.1 Container Orchestration Options#
| Service | Description | Use Case |
|---|---|---|
| ECS | AWS-native container orchestration | Most common AWS container choice |
| EKS | Managed Kubernetes | Kubernetes-native workflows |
| Fargate | Serverless compute for containers | No EC2 management |
| EC2 launch type | Run containers on managed EC2 | Need control over instances |
| App Runner | From source to container service | Simple web apps |
ECS with Fargate Architecture:
graph TD
Route53["Route53 DNS"]
ALB["Application Load Balancer\nHTTPS:443 → HTTP:80"]
subgraph ECS_CLUSTER["ECS Cluster (Fargate)"]
TD["Task Definition\nImage: nginx:latest\nCPU: 512 / RAM: 1GB\nPort: 80"]
subgraph Service["Service: web-app\nMin: 2 / Max: 10\nScaling: CPU @ 70%"]
T1["Fargate Task #1\nus-east-1a"]
T2["Fargate Task #2\nus-east-1b"]
T3["Fargate Task #3\nus-east-1a"]
end
end
RDS["RDS Multi-AZ\nDatabase"]
Route53 --> ALB
ALB --> T1
ALB --> T2
ALB --> T3
T1 --> RDS
T2 --> RDS
T3 --> RDS
style ALB fill:#ff9900,color:#fff
style T1 fill:#527fff,color:#fff
style T2 fill:#01ab5c,color:#fff
style T3 fill:#527fff,color:#fff
style RDS fill:#d33,color:#fffContainer Orchestration Decision Guide:
graph TD
Q1{Need full Kubernetes API compatibility?}
Q2{Want to manage worker nodes on EC2?}
Q3{Simple container app from source?}
EKS["EKS\nKubernetes-native\nPortability"]
ECS_EC2["ECS (EC2)\nControl over instances\nGPU / custom AMIs"]
FARGATE["ECS (Fargate)\nServerless containers\nNo infra management"]
APP_RUNNER["App Runner\nSource → Container\nSimplest option"]
Q1 -- Yes --> EKS
Q1 -- No --> Q2
Q2 -- Yes --> ECS_EC2
Q2 -- No --> Q3
Q3 -- Yes --> APP_RUNNER
Q3 -- No --> FARGATE
style EKS fill:#527fff,color:#fff
style FARGATE fill:#01ab5c,color:#fff
style ECS_EC2 fill:#ff9900,color:#fff
style APP_RUNNER fill:#888,color:#fff3.2 ECS Task Definitions#
{"family": "web-app",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "512",
"memory": "1024",
"executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
"containerDefinitions": [{
"name": "web",
"image": "nginx:latest", "essential": true, "portMappings": [{ "containerPort": 80, "protocol": "tcp" }],
"environment": [
{"name": "NODE_ENV", "value": "production"}
],
"logConfiguration": {"logDriver": "awslogs", "options": { "awslogs-group": "/ecs/web-app", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "web" }
}
}]
}3.3 ECS Service Auto Scaling#
aws application-autoscaling register-scalable-target \
--service-namespace ecs \
--resource-id service/web-app/web-svc \
--scalable-dimension ecs:service:DesiredCount \
--min-capacity 2 \
--max-capacity 10
aws application-autoscaling put-scaling-policy \
--service-namespace ecs \
--resource-id service/web-cluster/web-svc \
--policy-name cpu-scaling \
--policy-type TargetTrackingScaling \
--target-tracking-scaling-policy-configuration '{"TargetValue": 70.0, "PredefinedMetricSpecification": { "PredefinedMetricType": "ECSServiceAverageCPUUtilization" }
}'4. Serverless Architecture Patterns#
Pattern 1: Serverless API#
Route53 → CloudFront → API Gateway → Lambda → DynamoDB
│
Lambda (Auth)Pattern 2: Serverless Image Processing#
S3 (upload) → S3 Event → Lambda → S3 (processed)
│
Lambda (thumbnail)Pattern 3: Scheduled Tasks#
EventBridge (cron: 0 2 * * *) → Lambda → RDS (cleanup old records)5. ⚡ Exam Tips#
- Lambda @ Edge — Run at CloudFront Edge (node.js/python only)
- Lambda + RDS — Use RDS Proxy to manage connections (avoid connection pool exhaustion)
- Lambda SnapStart — For Java functions, reduce cold starts by 90%
- Fargate vs Lambda — Fargate for containers >15 min. Lambda for event-driven <15 min
- API Gateway — REST = full features. HTTP = cheaper, simpler. WebSocket = real-time
- ECS vs EKS — ECS = simpler, AWS-native. EKS = Kubernetes standard
- Service discovery — Use Cloud Map or ALB for ECS service discovery
✅ Chapter Quiz#
-
What is the maximum execution time for AWS Lambda?
- A) 5 minutes
- B) 10 minutes
- C) 15 minutes
- D) 30 minutes
-
Which API Gateway type is cheapest and best for simple APIs?
- A) REST API
- B) HTTP API
- C) WebSocket API
- D) Private API
-
Which ECS launch type is serverless and requires no EC2 management?
- A) EC2
- B) Fargate
- C) EKS
- D) App Runner
-
What is the maximum memory you can allocate to a Lambda function?
- A) 3 GB
- B) 5 GB
- C) 10 GB
- D) 16 GB
-
Which AWS service helps Lambda manage database connections for RDS?
- A) RDS Proxy
- B) DynamoDB DAX
- C) ElastiCache
- D) Secrets Manager
-
A company runs a containerized application on ECS with Fargate. The application needs to share a persistent filesystem across all tasks. Which storage solution should be used?
- A) EBS
- B) EFS
- C) S3
- D) Instance Store
-
Which Lambda invocation type provides a response in the function’s output?
- A) Synchronous
- B) Asynchronous
- C) Event
- D) Stream
-
Which feature allows ECS tasks to be assigned an IAM role at the task level?
- A) Task execution role
- B) Task role
- C) Instance profile
- D) Service-linked role
-
What is the maximum temporary storage available in Lambda’s /tmp directory?
- A) 512 MB
- B) 1 GB
- C) 10 GB
- D) 5 GB
-
A company wants to run a task that takes 30 minutes to complete. Which AWS compute service should be used?
- A) Lambda
- B) ECS Fargate
- C) Lambda with Step Functions
- D) API Gateway
-
What is the purpose of Lambda reserved concurrency?
- A) To limit the maximum number of concurrent executions
- B) To guarantee a minimum number of available concurrent executions
- C) To increase the default concurrency limit
- D) To enable provisioned concurrency
-
Which API Gateway endpoint type is used to serve API traffic from within a VPC only?
- A) Edge-optimized
- B) Regional
- C) Private
- D) WebSocket
-
A company runs an ECS service with Fargate launch type. They need to encrypt sensitive data at the task level. Which AWS service should they use?
- A) KMS
- B) Secrets Manager
- C) ACM
- D) Systems Manager
-
What does Lambda SnapStart improve for Java functions?
- A) Memory allocation
- B) Cold start latency
- C) Execution timeout
- D) Deployment size
-
Which Amazon ECS launch type provides the most granular control over the underlying EC2 instances?
- A) Fargate
- B) Fargate Spot
- C) EC2
- D) External
-
A company needs to update a Lambda function’s code without changing the function’s configuration. Which command should be used?
- A) update-function-configuration
- B) update-function-code
- C) create-function
- D) publish-version
-
What is the purpose of API Gateway usage plans?
- A) To throttle API requests by API key
- B) To define API stages
- C) To enable caching
- D) To configure custom domains
-
Which AWS service should be used to distribute incoming traffic across multiple ECS tasks?
- A) Route53
- B) ALB
- C) CloudFront
- D) Global Accelerator
-
A company wants to use Lambda with a static IP address for an integration with a third-party API. What should they use?
- A) Lambda in a VPC with a NAT Gateway
- B) Lambda with a public IP
- C) Lambda with VPC endpoints
- D) Lambda with a VPN connection
-
What is the maximum size of a Lambda deployment package when uploaded directly via the console (zipped)?
- A) 50 MB
- B) 3 MB
- C) 10 MB
- D) 250 MB
-
Which ECS scheduling strategy spreads tasks across Availability Zones and instances?
- A) Spread
- B) Binpack
- C) Random
- D) Daemon
-
What is the purpose of Lambda provisioned concurrency?
- A) To limit the number of concurrent executions
- B) To pre-initialize a number of execution environments
- C) To schedule Lambda functions
- D) To deploy Lambda across regions
-
A company needs to invoke an existing Lambda function in response to an S3 event but only for objects with a specific prefix. How should this be configured?
- A) S3 event notification with prefix filter
- B) Lambda trigger with prefix filter
- C) EventBridge rule with prefix pattern
- D) SNS filter policy
-
Which network mode must be used for ECS tasks with Fargate launch type?
- A) bridge
- B) host
- C) awsvpc
- D) none
-
A company is designing a serverless event-driven architecture and needs to send a notification to multiple downstream services when an event occurs. Which service should be used?
- A) SQS Standard
- B) SNS
- C) SQS FIFO
- D) Lambda
📝 Answer Key
- C — Lambda max timeout is 15 minutes (900 seconds).
- B — HTTP API is simpler and 70% cheaper than REST API.
- B — Fargate is the serverless compute engine for ECS.
- C — Lambda max memory is 10,240 MB (10 GB).
- A — RDS Proxy manages connection pooling for Lambda + RDS.
- B — EFS provides a shared POSIX filesystem that can be mounted by multiple ECS tasks across AZs.
- A — Synchronous invocation returns a response in the function’s output (request-response).
- B — The task role grants the ECS task permissions to call AWS services.
- C — Lambda /tmp directory maximum size is 10,240 MB (10 GB), matching memory limit.
- B — ECS Fargate supports long-running tasks beyond Lambda’s 15-minute timeout.
- A — Reserved concurrency sets a cap on the maximum concurrent executions for a function.
- C — Private API endpoints are accessible only from within a VPC via VPC endpoints.
- A — KMS provides encryption keys for encrypting data at rest in ECS tasks.
- B — Lambda SnapStart pre-initializes Java functions to reduce cold start time by up to 90%.
- C — EC2 launch type gives full control over the underlying instances, including AMI selection.
- B — update-function-code replaces the Lambda function’s code without changing configuration.
- A — Usage plans throttle and quota API requests per API key for rate limiting.
- B — Application Load Balancer distributes traffic across ECS tasks in a service.
- A — Placing Lambda in a VPC with a NAT Gateway provides a static outbound IP.
- B — The console upload limit for Lambda zipped packages is 3 MB (50 MB via S3).
- A — Spread strategy distributes tasks evenly across AZs and instances.
- B — Provisioned concurrency pre-warms execution environments to eliminate cold starts.
- A — S3 event notifications support prefix and suffix filters on object creation events.
- C — awsvpc network mode is required for Fargate tasks, giving each task an ENI.
- B — SNS uses a fan-out pattern to deliver notifications to multiple subscribers.
📚 Additional Resources#
Next → Security & Compliance