This chapter covers AWS Lambda, the cornerstone of serverless computing on AWS. For the CLF-C02 exam, serverless concepts appear under Domain 3: Cloud Technology Services, Objective 3.1 (Define methods of deploying and operating in the AWS Cloud). You need to understand what Lambda is, how it works, its pricing model, and common use cases. This topic typically accounts for about 5-8% of the exam questions, often in the context of comparing serverless to traditional compute services like EC2.
Jump to a section
Imagine you run a food delivery service. You don't own a restaurant; instead, you rent a commercial kitchen only when you have orders. When a customer places an order, the kitchen automatically turns on the stove, prep station, and dishwasher, cooks the meal, and then shuts everything down. You pay only for the time the kitchen was actually cooking, not for idle time or overhead. This is exactly how AWS Lambda works: it's a 'pop-up kitchen' for code. Your code (the recipe) is uploaded and stored. When an event triggers it (like an order), AWS spins up a container (a kitchen) with the exact runtime needed, executes the code, and then tears down the container when done. You pay per 100ms of execution time and number of invocations. There's no server to manage, no idle capacity, and the kitchen scales automatically to handle thousands of orders simultaneously. The key mechanism is that the container is ephemeral — it exists only for the duration of the execution, just like a pop-up kitchen that disappears after the meal is served. This is different from a traditional restaurant (EC2 instances) where you pay for the kitchen even when no orders come in.
What is AWS Lambda and the Problem It Solves
AWS Lambda is a compute service that lets you run code without provisioning or managing servers. It is a key component of the serverless architecture on AWS. The problem it solves is the operational overhead of managing servers: you no longer need to worry about OS patching, capacity planning, scaling, or high availability. You simply upload your code (known as a Lambda function) and define triggers (events) that cause the code to run. AWS handles everything else, including automatic scaling from zero to thousands of concurrent executions.
How Lambda Works: The Mechanism
When you create a Lambda function, you specify the runtime (e.g., Python 3.9, Node.js 18, Java 11, .NET Core 6, Go, Ruby, or custom runtime via provided.al2), the code itself (either uploaded directly or from Amazon S3), and a role (IAM role) that grants the function permission to access other AWS services. The function is packaged into a deployment package (a .zip file or container image up to 250 MB unzipped).
Behind the scenes, AWS Lambda maintains a pool of warm containers ready to execute. When an event triggers the function, the Lambda service assigns an available container to run the code. The first invocation after a period of inactivity may experience a cold start (delay of a few hundred milliseconds to a few seconds) because a new container must be initialized. Subsequent invocations reuse the same container (warm start) for faster response. The container is frozen after the function completes, and if another invocation arrives quickly, it is reused. After a period of inactivity (typically 5-15 minutes), the container is recycled.
Lambda functions can be triggered by many AWS services: S3 (on object create/delete), DynamoDB Streams, Kinesis Streams, SQS, SNS, API Gateway, CloudWatch Events/EventBridge, and more. You can also invoke Lambda directly via the AWS SDK, CLI, or console.
Key Configuration and Limits
Memory: 128 MB to 10,240 MB (in 1 MB increments). CPU is allocated proportionally to memory (more memory = more CPU).
Ephemeral storage: /tmp directory: 512 MB to 10,240 MB (default 512 MB).
Timeout: 1 second to 15 minutes (default 3 seconds).
Concurrent executions: Soft limit of 1,000 per region (can be increased via support request).
Deployment package size: 50 MB zipped, 250 MB unzipped. Container images up to 10 GB.
Function payload: 6 MB (synchronous) and 256 KB (asynchronous).
Pricing Model
Lambda pricing is based on three components: 1. Requests: $0.20 per 1 million requests (first 1 million free per month). 2. Duration: $0.0000166667 per GB-second (first 400,000 GB-seconds free per month). Duration is calculated from the time your code starts executing to when it returns or terminates, rounded up to the nearest 1 ms (previously 100 ms). 3. Provisioned Concurrency: Additional cost for keeping a number of containers warm to avoid cold starts. You pay for the amount of concurrency configured and the duration it is enabled.
Comparison to On-Premises or Alternatives
On-premises, you would need to provision physical or virtual servers, install the OS and runtime, deploy your code, set up load balancers, and monitor health. With Lambda, none of that exists. Compared to Amazon EC2, Lambda is event-driven and scales automatically but has limitations: maximum 15-minute execution time, limited local storage (10 GB), and no persistent connections (state must be stored externally in DynamoDB or S3). EC2 gives you full control over the OS and environment and can run long-running processes. Lambda is ideal for short-lived, stateless functions.
When to Use Lambda vs Alternatives
Use Lambda when:
Your workload is event-driven (e.g., file processing, stream processing, web backends).
You want to reduce operational overhead.
You have unpredictable or intermittent traffic (Lambda scales to zero when not used).
Your code runs for less than 15 minutes.
Do not use Lambda when:
You need a long-running process (e.g., a web server that maintains persistent connections).
You require a specific OS or software that cannot be packaged in a Lambda runtime.
You have very predictable, high-utilization workloads where reserved EC2 instances are cheaper.
Lambda@Edge
Lambda@Edge is a feature that lets you run Lambda functions at AWS edge locations (CloudFront points of presence) to customize content delivered via CloudFront. You can trigger functions on viewer request, origin request, viewer response, and origin response. This is useful for A/B testing, URL rewrites, and authentication.
Lambda Versions and Aliases
Lambda supports versioning of functions. Each version has a unique ARN and is immutable. You can create an alias (e.g., "prod", "dev") that points to a specific version, and you can update the alias to point to a different version without changing the code that invokes the alias. This enables blue/green deployments and canary releases.
Environment Variables
Lambda allows you to set environment variables (up to 4 KB) that are available to your code at runtime. These are encrypted at rest by default using AWS KMS (you can provide a custom KMS key). Environment variables are useful for storing configuration settings like database connection strings (but not secrets — use AWS Secrets Manager or Parameter Store for sensitive data).
Lambda Layers
A Lambda layer is a .zip file archive that can contain libraries, a custom runtime, or other dependencies. You can use layers to manage common dependencies separately from your function code, reducing the size of deployment packages and promoting code reuse. You can include up to five layers per function.
Event Source Mapping
For stream-based services (DynamoDB Streams, Kinesis Data Streams, SQS), Lambda uses event source mappings to poll the stream and invoke your function. You can configure batch size, starting position, and error handling (e.g., DLQ). The mapping handles scaling and retries.
Destinations
Lambda can send invocation results to a destination (SQS, SNS, Lambda, EventBridge) for successful or failed asynchronous invocations. This is useful for chaining functions or handling errors.
Code Examples
Here is a simple Lambda function in Python that processes an S3 event:
import json
import boto3
def lambda_handler(event, context):
# Log the event
print("Received event: " + json.dumps(event, indent=2))
# Get the S3 bucket and object key from the event
bucket = event['Records'][0]['s3']['bucket']['name']
key = event['Records'][0]['s3']['object']['key']
# Process the object (e.g., resize image)
s3 = boto3.client('s3')
response = s3.get_object(Bucket=bucket, Key=key)
# ... do something with the file
return {
'statusCode': 200,
'body': json.dumps('Success')
}To invoke a Lambda function via the AWS CLI:
aws lambda invoke --function-name my-function --payload '{"key1": "value1"}' response.jsonCreate a Lambda Function
In the AWS Management Console, navigate to Lambda and click 'Create function'. Choose 'Author from scratch', provide a function name (e.g., 'my-function'), and select a runtime (e.g., Python 3.9). You also need to set an execution role — either create a new role with basic Lambda permissions (logs to CloudWatch) or use an existing role. Behind the scenes, AWS creates the function and stores your code in an internal S3 bucket. The function is not yet active until you add a trigger.
Add a Trigger
After creating the function, click 'Add trigger'. Select a trigger source, such as 'S3'. Choose the bucket and event type (e.g., 'All object create events'). This creates an event notification on the S3 bucket that sends a message to Lambda whenever a new object is uploaded. AWS configures the necessary permissions automatically (if you allowed it) — specifically, it adds a resource-based policy to the Lambda function allowing S3 to invoke it. Now the function is live and will execute when the trigger fires.
Write and Upload Code
You can edit the function code inline in the console (for simple functions), upload a .zip file, or reference an object in S3. The code must include a handler function (e.g., lambda_handler for Python) that receives the event and context objects. The event contains trigger-specific data (e.g., bucket name and object key for S3). The context object provides runtime information like the function name and remaining time. After saving, the code is deployed immediately. You can also use AWS Cloud9 or local development with SAM CLI.
Test the Function
To test, create a test event in the console. For an S3 trigger, you can use a sample S3 event template. Then click 'Test'. Lambda executes your function with that event. The console shows execution results, logs, and duration. Behind the scenes, Lambda allocates a container, runs the handler, and returns the response. You can view logs in CloudWatch Logs under the log group /aws/lambda/<function-name>. This is useful for debugging.
Monitor and Set Alarms
Lambda automatically sends metrics to CloudWatch: Invocations, Errors, Duration, Throttles, ConcurrentExecutions, etc. You can create CloudWatch Alarms to alert on high error rates or throttles. For example, set an alarm when Throttles > 0 for 5 minutes. This helps you detect when you need to request a concurrency limit increase. Also, enable AWS X-Ray for tracing to analyze performance bottlenecks.
Use Case 1: Image Thumbnail Generation
A social media app allows users to upload profile pictures. When a user uploads an image to an S3 bucket, an S3 event triggers a Lambda function that resizes the image into multiple thumbnail sizes (e.g., 50x50, 150x150) and stores them back in S3. The function also updates a DynamoDB table with the image metadata. This serverless architecture eliminates the need for a dedicated image processing server. Cost: For 1 million uploads per month, assuming 1-second execution time and 128 MB memory, the cost is about $0.20 for requests + $0.0000166667 * 128/1024 * 1,000,000 seconds = ~$2.08, total ~$2.28 per month. Misconfiguration: If the Lambda timeout is set too low (e.g., 3 seconds) and large images take longer, the function will timeout and fail. Also, if the function does not handle errors gracefully (e.g., corrupt image), it may retry and cause duplicate processing. A DLQ should be configured to capture failed events.
Use Case 2: Real-Time Stream Processing
A financial services company processes stock trade data from a Kinesis Data Stream. A Lambda function is triggered by the stream with a batch of records. It validates each trade, enriches it with reference data from DynamoDB, and writes the result to a Redshift cluster for analytics. This replaces a legacy on-premises stream processing system that required constant maintenance. The Lambda function scales automatically with the stream throughput. Cost considerations: The function must be idempotent because Kinesis may deliver records more than once. Also, if the function fails processing a batch, Lambda retries the entire batch until it succeeds or expires (up to 6 retries by default). A common mistake: Setting the batch size too large, causing the function to exceed the 15-minute timeout. The recommended batch size is 100 records for Kinesis.
Use Case 3: Scheduled Cleanup Jobs
An e-commerce platform needs to delete expired user sessions from a DynamoDB table every hour. Instead of running a cron job on an EC2 instance, they use Amazon EventBridge (CloudWatch Events) to trigger a Lambda function on a schedule (rate(1 hour)). The function scans the table for expired items and deletes them. This is cost-effective because the function runs only for a few seconds each hour. If the function is misconfigured to run too frequently or scans too many items, it could exceed the DynamoDB read capacity and cause throttling. Also, if the function fails, there is no automatic retry for scheduled events (the event is lost). Best practice: Use a DLQ for asynchronous invocations and set up a CloudWatch alarm for function errors.
What CLF-C02 Tests on Lambda
The exam focuses on high-level understanding of serverless compute and Lambda's role. You should know:
Lambda is a serverless compute service that runs code in response to events.
You pay only for compute time consumed (per request and duration).
Lambda can be triggered by many AWS services (S3, DynamoDB, API Gateway, etc.).
Lambda has a maximum execution timeout of 15 minutes.
Lambda scales automatically.
Common Wrong Answers and Why Candidates Choose Them
"Lambda runs on dedicated servers that you provision." This is wrong because Lambda is serverless; you do not provision or manage servers. Candidates confuse Lambda with EC2.
"Lambda can run for up to 24 hours." The maximum is 15 minutes. Candidates may think it's like a batch job on EC2.
"Lambda can be used to run a web server 24/7." No, because Lambda is event-driven and has a timeout. For a constant web server, use EC2 or Elastic Beanstalk.
"Lambda pricing includes charges for idle time." False; you pay only when your code is executing.
Specific Terms and Values on the Exam
Timeout: 15 minutes maximum.
Memory: 128 MB to 10,240 MB.
Concurrency: 1,000 default soft limit.
Pricing: per request and per GB-second.
Invocation types: Synchronous (e.g., API Gateway), Asynchronous (e.g., S3), and Poll-based (e.g., Kinesis).
Tricky Distinctions
Lambda vs. AWS Fargate: Both are serverless, but Fargate runs containers (Docker) and can run for longer, while Lambda runs functions with a 15-minute limit. Fargate is for containerized applications; Lambda is for discrete functions.
Lambda vs. Amazon API Gateway: API Gateway is a managed API service that can invoke Lambda as a backend. They are often used together, but they are different services.
Decision Rule for Multiple Choice
If a question describes a short-running, event-driven task that needs to scale automatically and you want to minimize operational overhead, the answer is likely Lambda. If the task requires a persistent server or runs longer than 15 minutes, eliminate Lambda and look for EC2 or Elastic Beanstalk.
AWS Lambda is a serverless compute service that runs code in response to events without provisioning servers.
Lambda supports runtimes including Python, Node.js, Java, Go, Ruby, .NET Core, and custom runtimes.
Maximum execution timeout is 15 minutes (900 seconds).
Memory can be configured from 128 MB to 10,240 MB.
Pricing is based on number of requests and duration (GB-seconds), with a free tier of 1 million requests and 400,000 GB-seconds per month.
Lambda can be triggered by S3, DynamoDB Streams, Kinesis, SQS, SNS, API Gateway, EventBridge, and more.
Lambda scales automatically up to a default soft limit of 1,000 concurrent executions per region.
Cold starts occur when a new container is initialized; provisioned concurrency can mitigate this at extra cost.
Lambda functions are stateless; state must be stored externally (e.g., DynamoDB, S3).
Use Lambda for short-lived, event-driven workloads; use EC2 or Fargate for long-running or stateful applications.
These come up on the exam all the time. Here's how to tell them apart.
AWS Lambda
Serverless – no server management
Maximum execution time 15 minutes
Scales automatically from zero to thousands
Pay per request and duration (no idle cost)
Event-driven, stateless functions
Amazon EC2
Requires provisioning and managing servers
Can run indefinitely (24/7)
Scaling requires Auto Scaling groups or manual intervention
Pay per hour or per second regardless of usage
Can host any application including stateful ones
Mistake
Lambda functions run on virtual machines that you manage.
Correct
Lambda is serverless; AWS manages the underlying infrastructure. You never see or manage the servers.
Mistake
Lambda has a maximum execution time of 5 minutes.
Correct
The maximum timeout is 15 minutes (900 seconds). It was previously 5 minutes, but AWS increased it.
Mistake
Lambda functions can only be written in Python or Node.js.
Correct
Lambda supports many runtimes including Python, Node.js, Java, Go, Ruby, .NET Core, and custom runtimes via provided.al2.
Mistake
You are charged for Lambda even when your code is not running.
Correct
You pay only for the compute time your code consumes (per request and duration). There is no charge for idle time.
Mistake
Lambda can be used to host a traditional web server like Apache or Nginx.
Correct
Lambda is not designed for long-running processes. It runs a function and then stops. Use EC2 or Lightsail for persistent web servers.
The maximum execution time (timeout) for a Lambda function is 15 minutes (900 seconds). This was increased from 5 minutes in 2018. If your code needs to run longer, you must use a different compute service like EC2 or AWS Fargate. On the exam, remember that 15 minutes is the hard limit.
Lambda pricing has two main components: requests and duration. You pay $0.20 per 1 million requests (first 1 million free) and $0.0000166667 per GB-second of compute time (first 400,000 GB-seconds free). Duration is calculated from the time your code starts executing to when it returns or terminates, rounded up to the nearest 1 ms. For example, a function with 128 MB memory running for 1 second costs 128/1024 * 1 = 0.125 GB-seconds, or about $0.00000208. There is no charge for idle time.
A cold start occurs when a Lambda function is invoked after being idle for a while, requiring AWS to spin up a new container and initialize the runtime. This adds latency (typically hundreds of milliseconds to a few seconds). To reduce cold starts, you can use Provisioned Concurrency, which keeps a specified number of containers warm and ready. However, Provisioned Concurrency incurs additional cost. Another tip is to keep your deployment package small and use languages with faster startup times (e.g., Python vs. Java).
Yes, you can configure a Lambda function to access resources in a VPC (e.g., RDS database). To do this, you must provide VPC subnet IDs and security group IDs. Lambda creates an elastic network interface (ENI) in the VPC. However, this adds latency and may increase cold start times. Also, if the function needs internet access (e.g., to call an external API), you must set up a NAT gateway or VPC endpoints.
Synchronous invocation: The caller waits for the function to complete and returns the response. Example: API Gateway invoking Lambda. Asynchronous invocation: The caller sends the event and does not wait for a response. Lambda queues the event and processes it. The function can be retried up to 2 times. Example: S3 event notification. For asynchronous invocation, you can configure a DLQ (Dead Letter Queue) for failed events.
Both are serverless, but Lambda runs functions (code) with a 15-minute timeout and is event-driven. Fargate runs containers (Docker) and can run indefinitely. Fargate is better for containerized applications that require persistent processes or custom environments. Lambda is simpler for discrete, short-lived tasks. On the exam, if the question mentions 'containers', think Fargate; if it mentions 'functions', think Lambda.
Lambda scales automatically by running multiple instances of your function in parallel. The default concurrency limit is 1,000 per region (can be increased). For stream-based triggers (Kinesis, DynamoDB), the number of shards determines the maximum concurrency. For SQS, Lambda scales up to process messages quickly. If you exceed the concurrency limit, Lambda throttles and you get a Throttle error. You can set reserved concurrency to guarantee capacity for critical functions.
You've just covered AWS Lambda (Serverless) — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?