AWS Lambda Common mistakes and fixing them

When working with AWS lamba there are few mistakes that we commonly make. These are some of the mistakes that i learned after working with the serverless service provided by AWS that is AWS lambda.  AWS Lambda can be an easily learned service but if we do not be careful we might run into problems if we do not have a good research done before.

In this blog i will walk you through the most common mistakes that the beginners make when using Lambda and provide you the steps to resolve these mistakes.

1. Timing out of Lambda Function

One of the most common mistake that a beginner make is Lambda timing out before completing the execution. Lamba provides a short timeout, that means when you cann an external API , some database operations or processing file then it might need some time. In this scenario you can do the following to avoid these problems.

Increasing the timeout in Lambda Configuration

Allocating more memory which will also increase the CPU power

2. Permision Denied Errors - IAM configuration issue

When working with AWS Lambda we predict that this service automatically has acess to all the other services of AWS services like S3, DynamoDB but in reality it does not work like that. Lambda service needs to be assigned an explicit permissions through IAM role so that it won't fail with the permission issues.

To fix them go to the IAM section where you will find the IAM policy to be attached to the Lambda execution role.

Always remember to use the least privilege permissions so that you do not give more permission than you service needs.

After completing the permissions attachment you need to go to the Cloudwatch Logs to verify that it worked.

3. Cold Start Issues

If you have recently started working in Lambda then you definetely have felt the first Lambda Invocation being slower than the afterwards requests and feels like something is wrong but now its working fine. This happens because Lambda needs to initialize the new execution environment which refers to cold start. If its a problem then it should have a solution. so to mitigate this problem please follow the below fixes.

Increasing the memory allocation

Keeping the lambda function lightweight

using the scheduled events to not let the funtion do the cold start , in this case the lambda keeps running which will make it in warm state.

3. Logs not showing in the CloudWatch

Working in an application and not being able to view logs is really a frustrating thing. When there is an error, but we can't see the logs, we remember that something is missing. This usually happens when we are unaware where the Lambda logs is being stored.

To solve this we need to make sure the below steps are being checked

Verify the correct Cloudwatch log group for the Lambda function

Next thing is to check the Lambda execution role has the correct logging permission

Using the correct and meaningful log messages is always a plus point to have to make debugging easier

4. Hard Coded secrets secrets directly into the Code

One of the biggest mistakes and not following a security measure is a hard-coded password or API keys inside the Lambda Function itself. This a bad practice and very insecure which will make the rotation of the password difficult. To solve this, we need to follow the following measures to make your environment secure

Implement the environment variables for any non-sensitive values

For the secrets do not use the environment variables but the service provided by AWS that is secrets manager or parameter store for secrets

Granting permissions to Lambda to read secrets securely

Summary

This blog is a beginner-friendly blog to help users troubleshoot the common issues they face while working with serverless (Lambda). After reading the blog, you will be able to understand the common timeout issues, IAM problems, and also the common cold start issues. These practices can help beginners to build more reliable and secure serverless solutions in AWS.