Description:
IN AWS Lambda, which is the core of the serverless platform at AWS, the unit of scale is the concurrent execution. This refers to the number of execution of your function code that is happening at any given time.
Concurrency is the number of requests that your function is serving at any given time
If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.
Concurrency is subject to a Regional quota that is shared by all functions in Region.
There are two types of concurrency controls available:
Reserved concurrency - Reserved concurrency guarantees the maximum number of concurrent instances for the function. When a function has reserved concurrency, no other function can use that concurrency. There is no charge for configuring reserved concurrency for a function.
Provisioned Concurrency - Provisioned concurrency initializes a requested number of execution environments so that they are prepared to respond immediately to your function environments so that they are prepared to respond immediately to your function’s invocations.
Rationale:
In Lambda functions' concurrency is the number of instances that serves requests at a given time. In a Region, the initial burst of traffic can reach between 500 and 3000, which varies per Region
Note: The burst concurrency quota is not per function; it applies to all of your functions in the Region.
Impact:
After the configuration there are the following effects:
It limits the number of instances of your Lambda function that can be instantiated at any time to the value specified.
It makes sure there is always at least enough concurrency capability available in the account to run the number of instances requested.
It alow helps to protect from DoS attack
Effects of Reserving concurrency:
Other functions cannot prevent your function from scaling - all of your account’s functions in the same Region without reserved concurrency share the pool of unreserved concurrency. Without reserved concurrency, other functions can use up all of the available concurrency. This prevents your function from scaling up when needed.
The functions cannot scale out of control - reserved concurrency also limits your function from using concurrency from the unreserved pool, which caps its maximum concurrency. you can reserve concurrency to prevent your function from using all the available concurrency in the Region, or from overloading downstream resources.
Default Value:
Burst concurrency quotas
3000 - US West(Oregon), US East (N. Virginia), Europe(Ireland )
1000 - Asia Pacific(Tokyo), Europe(Frankfurt), US East(Ohio)
500 - Other Regions
Lambda sets quotas for the amount of compute and storage
Resource | Default quota can | Can be increased up to |
---|---|---|
Concurrent executions | 1,000 | Hundreds of thousands |
Storage for upload functions and layers. | 75 GB | Terabytes |
The following quotas apply to function configuration, deployments, and execution. They cannot be changed
Resource | Quota |
---|---|
Function memory allocation | 128 MB to 10,240 MB, in 1-MB increments. |
Function timeout | 900 seconds (15 minutes) |
Function environment variables | 4 KB |
Function resource-based policy | 20 KB |
Function layers | five layers |
Function burst concurrency | 500 - 3000 (varies per Region) |
Invocation payload (request and response) | 6 MB (synchronous); 256 KB (asynchronous) |
Deployment package (.zip file archive) size | 50 MB (zipped, for direct upload); 250 MB (unzipped, including layers); 3 MB (console editor) |
Container image code package size | 10 GB |
Test events (console editor) | 10 |
| 512 MB |
File descriptors | 1,024 |
Execution processes/threads | 1,024 |
by default in any lambda function, it looks like
Pre-Requisite:
For configuring the provisioned concurrency you need to create a function alias using the Lambda console and for the alias or version you cannot use $LATEST
If the function will not or no alias is created then you can configure reserved concurrency
Remediation:
Test Plan:
Steps 1: Sign in to AWS Console Management and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions
Steps 2: Click on functions in the left navigation pane
Steps 3: Choose a function to audit
Steps 4: Go to the Configuration tab
Steps 5: Scroll down and then choose Concurrency
Steps 6: In the Concurrency by default Function concurrency is Use unreserved account concurrency and Unreserved concurrency set 1000 and Provisioned concurrency configurations is zero means it is not created or enables.
You can reserve the concurrency for particular functions. for this follow the implementation steps.
Using AWS CLI:
To get a list of provisioned concurrency configurations
aws lambda list-provisioned-concurrency-configs --function-name < give the name of function>
To view the reserved concurrency setting for a function
aws lambda get-function-concurrency --function-name < give the name of function>
Implementation Steps:
Configuring reserved concurrency, To reserve concurrency for a function:
Steps 1: Sign in to AWS Management Console and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions
Steps 2: Click on functions in the left navigation pane
Steps 3: Choose a function to configure the concurrency
Steps 4: Go to the Configuration tab
Steps 5: Scroll down and then choose Concurrency
Steps 6: In concurrency click on the Edit button to change the function of concurrency from Use unreserved account concurrency to reserved concurrency and give some value
Steps 7: To select Reserve concurrency click on the radio button in the rectangular box give the value ( for this particular function its reserves for the given concurrent value )
Step 8: Click on the Save button
Now selected function is used in reserved concurrency
Configuring Provisioned concurrency
To provision concurrency for an alias
Steps 1: Sign in to AWS Management Console and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions
Steps 2: Click on functions in the left navigation pane
Steps 3: Choose a function to configure the concurrency
Steps 4: Go to the Configuration tab
Steps 5: Scroll down and then choose Concurrency
Steps 6: In provisioned concurrency configurations click on click edit button because here as per prerequisite you already have an alias for this function so that in the concurrency part you have only provisioned concurrency
Steps 7: Set the value of concurrent requests and click on the Save button
as per the diagram, you can see the pricing per month before this you always see the pricing
Using AWS CLI
To configure a reserve concurrency limit for a function
aws lambda put-function-concurrency \
--function-name <give the function name> \
--reserved-concurrent-executions < give the value >
Backout Plan:
If you configure Reserved concurrency follow the implementation steps 1 - 6 after clicking the Edit button you choose to Use unreserved account concurrency and click on the Save button
If you configure Provisioned concurrency configuration follow the implementation steps 1-5 and first remove the alias and delete the version.
Using AWS CLI
To remove the reserved concurrent execution limit from a function
aws lambda delete-function-concurrency \
--function-name < give the function name>