# AWS Lambda

### What Is AWS Lambda
* AWS Lambda is a compute service that lets you run code without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. 
* You can use AWS Lambda to run your code in response to events, such as changes to data in an Amazon S3 bucket or an Amazon DynamoDB table; to run your code in response to HTTP requests using Amazon API Gateway; or invoke your code using API calls made using AWS SDKs. 
* You can trigger your lambda function by either event driven Lambda function invocation or on-demand invocation

****

### How is AWS Lambda works
* AWS Lambda lets you run functions in a serverless environment to process events in the language of your choice. Each instance of your function runs in an isolated execution context and processes one event at a time. When it finishes processing the event, it returns a response and Lambda sends it another event. Lambda automatically scales up the number of instances of your function to handle high numbers of events.

****

### Getting Started with AWS Lambda
* https://docs.aws.amazon.com/lambda/latest/dg/getting-started.html
* <b>AWS Lambda Concepts</b>:
    * Function – A script or program that runs in AWS Lambda. Lambda passes invocation events to your function. The function processes an event and returns a response.
    * Runtimes, Layers, Event source, Downstream resources, Log streams, AWS SAM: https://docs.aws.amazon.com/lambda/latest/dg/lambda-application-fundamentals.html
    
****

### Lambda Permissions
* You can use AWS Identity and Access Management (IAM) to manage access to the Lambda API and resources like functions and layers. For users and applications in your account that use Lambda, you <b>manage permissions in a permissions policy that you can apply to IAM users, groups, or roles</b>. To grant permissions to other accounts or AWS services that use your Lambda resources, you use a policy that applies to the resource itself.
* <b>Permissions policy</b>: Give other resources in AWS permissions to access your lambda function
    * `Lambda Execution Role`: An AWS Lambda function's execution role grants it permission to access AWS services and resources. You provide this role when you create a function, and Lambda assumes the role when your function is invoked. You can create an execution role for development that has permission to send logs to Amazon CloudWatch, and upload trace data to AWS X-Ray. 
        * When you use an `event source mapping(Amazon Kinesis, Amazon DynamoDB, Amazon Simple Queue Service)` to invoke your function, Lambda uses the execution role to read event data. 
        * https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html
    * `Resource-based Policies for AWS Lambda`: AWS Lambda supports resource-based permissions policies for Lambda functions and layers. Resource-based policies let you grant usage permission to other accounts on a per-resource basis. You also use a resource-based policy to allow an AWS service to invoke your function.
        * Resource-based policies apply to a single function, version, alias, or layer version. They grant permission to one or more services and accounts.
        * https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html
    * `Identity-based IAM Policies for AWS Lambda`: You can use identity-based policies in AWS Identity and Access Management (IAM) to grant users in your account access to Lambda. Identity-based policies can apply to users directly, or to groups and roles that are associated with a user. 
        * https://docs.aws.amazon.com/lambda/latest/dg/access-control-identity-based.html
    * `Resources and Conditions for Lambda Actions`: You can restrict the scope of a user's permissions by specifying resources and conditions in an IAM policy. Each API action supports a combination of resource and condition types that varies depending on the behavior of the action.
        * Every IAM policy statement grants permission to an action that's performed on a resource. 
        * https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html

****
        
### Lambda Functions
* <b>Building Lambda Functions</b>: https://docs.aws.amazon.com/lambda/latest/dg/lambda-app.html
    * Authoring Code for Your Lambda Function: 
        * Programming Model:
            * Handler: Handler is the function AWS Lambda calls to start execution of your Lambda function. You identify the handler when you create your Lambda function. When a Lambda function is invoked, AWS Lambda starts executing your code by calling the handler function. AWS Lambda passes any `event data` to this handler as the `first parameter`. Your handler should process the incoming event data and may invoke any other functions/methods in your code.
            * Context: AWS Lambda also passes a  `context  object` to the handler function, as the `second parameter`. Via this context object your code can interact with AWS Lambda. 
            * Logging: Your Lambda function can contain logging statements. AWS Lambda writes these logs to CloudWatch Logs.
            * Exceptions: Your Lambda function needs to communicate the result of the function execution to AWS Lambda. Depending on the language you author your Lambda function code, there are different ways to end a request successfully or to notify AWS Lambda an error occurred during execution. 
            * Concurrency: When your function is invoked more quickly than a single instance of your function can process events, Lambda scales by running additional instances. Each instance of your function handles only one request at a time, so you don't need to worry about synchronizing threads or processes. 
        * Your Lambda function code must be written in a stateless style, and have no affinity with the underlying compute infrastructure. Your code should expect local file system access, child processes, and similar artifacts to be limited to the lifetime of the request. Persistent state should be stored in Amazon S3, Amazon DynamoDB, or another cloud storage service. Requiring functions to be stateless enables AWS Lambda to launch as many copies of a function as needed to scale to the incoming rate of events and requests. These functions may not always run on the same compute instance from request to request, and a given instance of your Lambda function may be used more than once by AWS Lambda. 
    * Deploying Code and Creating a Lambda Function: To create a Lambda function, you first package your code and dependencies in a deployment package. Then, you upload the deployment package to AWS Lambda to create your Lambda function.
    * Monitoring and Troubleshooting
    * Accessing AWS Resources from a Lambda Function: https://docs.aws.amazon.com/lambda/latest/dg/accessing-resources.html

****

### Configuring Functions
* https://docs.aws.amazon.com/lambda/latest/dg/resource-model.html

****

# Identity and Access Management (IAM) 