Description:

IN AWS Lambda, which is the core of the serverless platform at AWS, the unit of scale is the concurrent execution. This refers to the number of execution of your function code that is happening at any given time.

  • Concurrency is the number of requests that your function is serving at any given time

  • If the function is invoked again while a request is still being processed, another instance is allocated, which increases the function’s concurrency.

  • Concurrency is subject to a Regional quota that is shared by all functions in Region.

There are two types of concurrency controls available:

  • Reserved concurrency - Reserved concurrency guarantees the maximum number of concurrent instances for the function. When a function has reserved concurrency, no other function can use that concurrency. There is no charge for configuring reserved concurrency for a function. 

  • Provisioned Concurrency - Provisioned concurrency initializes a requested number of execution environments so that they are prepared to respond immediately to your function environments so that they are prepared to respond immediately to your function’s invocations. 


Rationale:

In Lambda functions' concurrency is the number of instances that serves requests at a given time. In a Region, the initial burst of traffic can reach between 500 and 3000, which varies per Region

Note: The burst concurrency quota is not per function; it applies to all of your functions in the Region.


Impact:

 After the configuration there are the following effects:

  1. It limits the number of instances of your Lambda function that can be instantiated at any time to the value specified.

  2. It makes sure there is always at least enough concurrency capability available in the account to run the number of instances requested.

  3. It alow helps to protect from DoS attack

Effects of Reserving concurrency:

  • Other functions cannot prevent your function from scaling - all of your account’s functions in the same Region without reserved concurrency share the pool of unreserved concurrency. Without reserved concurrency, other functions can use up all of the available concurrency. This prevents your function from scaling up when needed.

  • The functions cannot scale out of control - reserved concurrency also limits your function from using concurrency from the unreserved pool, which caps its maximum concurrency. you can reserve concurrency to prevent your function from using all the available concurrency in the Region, or from overloading downstream resources. 


Default Value:

Burst concurrency quotas

  • 3000 - US West(Oregon), US East (N. Virginia), Europe(Ireland )

  • 1000 - Asia Pacific(Tokyo), Europe(Frankfurt), US East(Ohio)

  • 500 - Other Regions

Lambda sets quotas for the amount of compute and storage

Resource

Default quota can

Can be increased up to

Concurrent executions

1,000

Hundreds of thousands

Storage for upload functions and layers.

75 GB

Terabytes

The following quotas apply to function configuration, deployments, and execution. They cannot be changed

Resource

Quota

Function memory allocation

128 MB to 10,240 MB, in 1-MB increments.

Function timeout

900 seconds (15 minutes)

Function environment variables

4 KB

Function resource-based policy

20 KB

Function layers

five layers

Function burst concurrency

500 - 3000 (varies per Region)

Invocation payload (request and response)

6 MB (synchronous); 256 KB (asynchronous)

Deployment package (.zip file archive) size

50 MB (zipped, for direct upload); 250 MB (unzipped, including layers); 3 MB (console editor)

Container image code package size

10 GB

Test events (console editor)

10

/tmp directory storage

512 MB

File descriptors

1,024

Execution processes/threads

1,024

by default in any lambda function, it looks like


Pre-Requisite:

For configuring the provisioned concurrency you need to create a function alias using the Lambda console and for the alias or version you cannot use $LATEST

If the function will not or no alias is created then you can configure reserved concurrency


Remediation:


Test Plan:

Steps 1:  Sign in to AWS Console Management and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions

Steps 2: Click on functions in the left navigation pane

Steps 3: Choose a function to audit

Steps 4: Go to the Configuration tab

Steps 5: Scroll down and then choose Concurrency

Steps 6: In the Concurrency by default Function concurrency is Use unreserved account concurrency and Unreserved concurrency set 1000 and Provisioned concurrency configurations is zero means it is not created or enables.

You can reserve the concurrency for particular functions. for this follow the implementation steps.


Using AWS CLI:

To get a list of provisioned concurrency configurations

aws lambda list-provisioned-concurrency-configs --function-name < give the name of function> 


To view the reserved concurrency setting for a function

aws lambda get-function-concurrency --function-name < give the name of function>


Implementation Steps:

Configuring reserved concurrency, To reserve concurrency for a function:

Steps 1:  Sign in to  AWS Management  Console and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions

Steps 2: Click on functions in the left navigation pane

Steps 3: Choose a function to configure the concurrency

Steps 4: Go to the Configuration tab

Steps 5: Scroll down and then choose Concurrency

Steps 6: In concurrency click on the Edit button to change the function of concurrency from Use unreserved account concurrency to reserved concurrency and give some value 

Steps 7: To select Reserve concurrency click on the radio button in the rectangular box give the value ( for this particular function its reserves for the given concurrent value )


Step 8: Click on the Save button

Now selected function is used in reserved concurrency

Configuring Provisioned concurrency

To provision concurrency for an alias

Steps 1:  Sign in to AWS Management  Console and go to Lambda console at https://console.aws.amazon.com/lambda/home#/functions

Steps 2: Click on functions in the left navigation pane

Steps 3: Choose a function to configure the concurrency

Steps 4: Go to the Configuration tab

Steps 5: Scroll down and then choose Concurrency

Steps 6: In provisioned concurrency configurations click on click edit button because here as per prerequisite you already have an alias for this function so that in the concurrency part you have only provisioned concurrency

Steps 7: Set the value of concurrent requests and click on the Save button

as per the diagram, you can see the pricing per month before this you always see the pricing

Using AWS CLI

To configure a reserve concurrency limit for a function

aws lambda put-function-concurrency \
--function-name <give the function name> \
--reserved-concurrent-executions < give the value >


Backout Plan:

If you configure Reserved concurrency follow the implementation steps 1 - 6 after clicking the Edit button you choose to Use unreserved account concurrency and click on the Save button

If you configure Provisioned concurrency configuration follow the implementation steps 1-5 and first remove the alias and delete the version.


Using AWS CLI

To remove the reserved concurrent execution limit from a function

aws lambda delete-function-concurrency \
--function-name < give the function name>


Reference:

  1. Lambda quotas - AWS Lambda

  2. AWS Lambda function scaling - AWS Lambda

  3. Managing concurrency for a Lambda function - AWS Lambda