Top 4 best practice recommendations to reimagine AWS Lambda monitoring
Site24x7's AWS monitoring tool for AWS Lambda enhances real-time visibility into your Lambda functions. It monitors the health, efficiency, and log details of your Lambda functions. Site24x7 provides effective management of serverless operations by gathering statistics on function engagement, code execution duration, and anomalies, enhancing the performance of your AWS serverless functions.
AWS Lambda monitoring best practices
Site 24x7 provides the Lambda Telemetry API, which enables the development of extensions capable of directly accessing telemetry streams within the Lambda execution environment. With the Telemetry API, you can acquire telemetry streams sourced from the Lambda service. This encompasses logs from functions and extensions, as well as events, traces, and metrics originating from the Lambda platform itself.
When you are using AWS Lambda functions, you will be charged for each request raised to execute a function, which leads to higher bills. The Site24x7 Guidance Report gives you suggestions for addressing the cost overruns and helps you save on costs.
1. Lambda function - Publicly accessible
This best practice checks the setup of AWS Lambda and notifies you if any functions are accessible to the public. Lambda usage incurs costs based on the quantity of requests, with each execution triggered by an event notification or invocation call being counted as a request by AWS.
Permitting unauthorized invocations can result in unanticipated expenses on your AWS invoice. The Guidance Report recommendation would be to utilize Lambda function policies to regulate invocation permissions effectively.
2. AWS Lambda - X-Ray tracing disabled
This check is run when X-Ray tracing is turned off and a notification is issued. While CloudWatch automatically furnishes performance metrics for all AWS Lambda function executions, these measurements might not offer a complete picture of each and every invocation's journey. To achieve a comprehensive view, the Guidance Report recommends to activate the active tracing for your Lambda functions.
3. VPC configuration for AWS Lambda functions
If your Lambda functions have virtual private cloud (VPC) configuration enabled to access AWS resources privately, functions are executed within a secure VPC that grants access to both AWS services and the internet. Otherwise, you can customize your Lambda function's VPC settings to connect with resources in a custom VPC.
This customized VPC establishes a secluded network of resources like databases, cache instances, or internal services. It allows you to establish a connection to your Lambda function from within a VPC while circumventing internet access.
This approach is efficient in preventing unauthorized outbound traffic to the internet. AWS provides multiple services with VPC endpoints, which can be employed to link to AWS services from within a VPC devoid of internet connectivity. The recommendations would be to incorporate the VPC configuration into your Lambda functions to ensure private access to AWS resources without relying on internet connectivity.
4. Lambda functions must use the latest runtime
This check is primarily done to see if the runtime used for Lambda functions is deprecated or not. The Guidance Report recommends to utilize the latest runtime to leverage the best security improvements. This reduces the risk of bugs and vulnerabilities in your Lambda function.