Go to the Monitoring tab for the selected function. Review the CloudWatch metrics such as Invocations, Duration, Errors, Throttles, and IteratorAge. Regularly monitoring these metrics helps maintain operational efficiency by providing insights into function performance and behavior.
Logging:
Check the Logs section in the Monitoring tab to verify if the Lambda function writes logs to Amazon CloudWatch. Proper logging aids in troubleshooting and operational excellence by providing a detailed record of function activity.
Versioning and Aliases:
In the Versions and Aliases sections under the Configuration tab, review the usage of versions to maintain stable function deployments. Aliases allow you to map specific versions for different environments (e.g., dev, prod), promoting safe rollouts and operational stability.
Environment Variables:
In the Configuration tab, navigate to Environment variables. Ensure they are correctly set up and, where applicable, use AWS Secrets Manager or Parameter Store for sensitive information.
Under the Configuration tab, check the Execution role linked to the Lambda function. Click on the role name to review its permissions in the IAM service. Ensure the role adheres to the principle of least privilege, granting only the necessary permissions for the function to operate.
Environment Variable Encryption:
In the Environment variables section, confirm that sensitive data (e.g., API keys, database credentials) is stored securely using encryption. Ensure that the Encryption configuration is set to use AWS KMS (Key Management Service) to encrypt environment variables.
Network Settings:
Under Configuration, select VPC to view the network settings. Ensure that the Lambda function is correctly configured within a VPC (if needed) and has appropriate subnet and security group settings to restrict network access.
Function Access:
Go to the Permissions section in the Configuration tab to review the function's Resource-based policies. Ensure that the function’s access policies (e.g., who can invoke the function) are set to limit access to only necessary services and accounts.
Under the Configuration tab, review the Concurrency settings. Configure Reserved concurrency to limit the number of concurrent executions, which helps prevent other critical functions from being throttled due to high load.
Error Handling:
In the Configuration tab, explore Asynchronous invocation settings to check if Dead Letter Queues (DLQ) or on-failure destinations are configured. Using DLQs allows you to capture failed events, aiding in debugging and enhancing the reliability of event processing.
Function Versions and Aliases:
Under Versions and Aliases, review how versions and aliases are used for managing and deploying code changes. Maintaining separate versions allows for rollbacks in case of failures, contributing to the function’s reliability.
Retry Behavior:
Explore the Event source settings (e.g., SQS, SNS, DynamoDB) in the Configuration tab to check if retry mechanisms are appropriately configured to handle transient failures, ensuring reliable message processing.
In the Configuration tab, review the Memory (MB) and Timeout settings. Optimizing memory allocation and timeout duration ensures that the function runs efficiently without consuming excessive resources. Set these values based on the function's performance requirements to avoid unnecessary costs.
Monitoring Costs:
Under the Monitoring tab, review CloudWatch metrics and logs. Excessive logging can incur additional costs, so ensure that logging is appropriately configured to capture only necessary information for debugging and monitoring.
Concurrency Limits:
Check the Concurrency settings under the Configuration tab. By setting Reserved concurrency, you can limit the number of simultaneous executions to control costs, especially in cases of high invocation rates.
Use of ARM/Graviton Processors:
In the Runtime section, if applicable, check if the Lambda function is using ARM/Graviton processors for lower-cost execution, which can reduce overall function costs.
Under the Configuration tab, verify the Memory (MB) setting. Allocating more memory can lead to faster execution, potentially improving performance for compute-intensive functions. Adjust memory allocation based on function profiling to find the right balance between performance and cost.
Networking and VPC Configuration:
If the function is configured to run in a VPC, check the VPC settings in the Configuration tab. Ensure that subnets and security groups are optimized for performance, minimizing the latency caused by VPC-to-Lambda communication.
Layer Usage:
In the Layers section, review the use of Lambda layers to share common libraries and dependencies across multiple functions. This practice reduces package size, which can lead to faster deployments and improved function start times.
Provisioned Concurrency:
Check if Provisioned concurrency is enabled in the Concurrency section under Configuration. Provisioned concurrency keeps functions initialized and ready to handle requests, reducing cold start latency and enhancing performance, especially for latency-sensitive applications.
Use CloudWatch to set up alarms for critical metrics like Errors, Throttles, and Duration. Alarms provide real-time monitoring to help maintain the operational excellence, reliability, and cost-effectiveness of your Lambda functions.
Log in to the AWS Management Console of securitytooling account.
AWS Config:
If AWS Config is enabled, navigate to it to review compliance rules related to Lambda functions. This helps ensure that your Lambda functions are configured according to security and operational best practices