Links

• Running .NET 8 Lambda Functions on AWS using Custom Runtime & Lambda Internals

Description

Serverless service / Function as a service allowing to run code without having to worry about underlying hardware and OS.
Event driven: the lambda is triggered by an event.
Pay only for what you use: per request and based on the duration of the code execution.

Use cases

• Data transformation (Kinesis Data Stream as input)
• File processing (when uploaded to S3 bucket)
• Website backend microservice
• Scheduled tasks

Bad use cases

• Long running processes (timeout after 15mn)
• Constant workload (no scalability and high cost)
• Large code base (needed to be loaded at startup)
• State management (lambda are stateless)

Anti-patterns

• Monolithic function
  • increase package size
  • hard to enforce least privilege permissions
  • hard to upgrade, maintain and test
• Recursion
  • endless loop
• Orchestration
  • avoid complex workflow logic
  • ties lambda with other systems
  • instead consider AWS Step Functions or EventBridge
• Chaining (synchronously invoke another lambda)
  • instead use EventBridge or QueueService
• Waiting (synchronously call services or databases)
  • instead use asynchronous calls

Runtime

• OS
• Libraries
• Programming language (.NET, Node.js, Python, Go, Ruby, Java)

Environnement variables

Wrapper scripts

Execute the wrapper on top of the runtime and the lambda function.

• run shell commands and binaries

Use AWS_LAMBDA_EXEC_WRAPPER to point to your wrapper script.

Custom runtime

Provide your custom runtime.

• unsupported programming language

Handler (entry point)

Method responsible for processing input events.

Configuration

Storage

Directories

Elastic File System (EFS)

• Persistent
• Serverless, scalable
• Support concurrent access
• Require VPC access

S3

• Persistent
• No VPC required
• Accessed via API

IAM entities

Synchronous execution

Invocation result

Asynchronous invocation

When a Lambda function is invoked asynchronously:

• an event is placed in its internal queue
• it returns a success response (202 Accepted) without additional information to the invoker
• a separate process reads events from the queue and sends them to the lambda function
• the result (Invocation Record) and the error are sent to the destinations

Destination

Allow to route asynchronous function results as an execution record to a destination resource.
Available destinations:

• Simple Notification Service (SNS) topic
• Simple Queue Service (SQS) queue
• Lambda function
• EventBridge event bus

Event Source (trigger)

• Simple Queue Service (SQS) queue
• DynamoDB stream
• DocumentDB stream
• Kinesis data stream
• Message Queue (MQ)
• Kafka

Lambda has builtin functionalities to poll the event source with batching and filtering functionality.
Event source mapping polls and gathers records before it will initialize a Lambda function and send a batch of events to it for processing.

Error handling

If the invocation errors, then it will try the same invocation again after a minute.
After X fails that exceeds the configured retry attempts (0, 1 or 2), the failed invocation goes to:

• a dead-letter queue
• a failure destination

CLI

# async call (invoke via queue) aws lambda invoke \ --profile [Profile] \ --function-name [Function] \ --invocation-type Event \ --payload $([Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes('{ "key": "value" }'))) \ response.json

Optimization

Make the most of warm start

The initialization of the function is run only during the cold start.
During the warm start the environment is thawed and only the function handler is executed. Use function initialization to: (outside of the handler function)

• load external libraries
• open db connection
• load configuration and secrets
• use the ephemeral storage, such as a local cache for files

SnapStart

Only for Java runtime

Lambda initializes the function at publish rather than during cold-start invocation.
If not invoked, snapshots are deleted after 14 days.
Limitations:

• cannot be used with provisioned concurrency
• supports limited runtimes, architecture and ephemeral storage

Ensure to (with post-snapshot hook):

• reestablish network connections
• have preloaded data up to date
• take care of uniqueness (generation of random numbers or GUID), each function starts with a clone of the snapshot

Concurrency

• Lambda function scaling

Setting up your .NET development environment

# install the VS project template dotnet new install Amazon.Lambda.Templates # install the command line tools dotnet tool install -g Amazon.Lambda.Tools

Install the AWS Toolkit for Visual Studio extension.

AWS Lambda application types

C# class library

You provide Lambda with information about your function's handler in the form of a handler string: ASSEMBLY::TYPE::METHOD

• ASSEMBLY is the name of the .NET assembly file for your application. If you use the Amazon.Lambda.Tools CLI to build your application and you don't set the assembly name using the AssemblyName property in the .csproj file, then ASSEMBLY is simply the name of your .csproj file.
• TYPE is the full name of the handler type, which consists of the Namespace and the ClassName.
• METHOD is the name of the function handler method in your code.

ex: MyProject::MyNamespace.MyClass::MyFunctionHandler

// Assembly attribute to enable the Lambda function's JSON input to be converted into a .NET class.
[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]

namespace MyProject;

public class Function
{
    public string FunctionHandler(string input, ILambdaContext context)
    {
        return input.ToUpper();
    }
}

{
  "Information": [ ],
  "profile": "MyAwsProfile",
  "region": "eu-central-1",
  "configuration": "Release",
  "function-architecture": "x86_64",
  "function-runtime": "dotnet8",
  "function-memory-size": 512,
  "function-timeout": 30,
  "function-handler": "MyProject::MyProject.Function::FunctionHandler"
}

On VS, if the extension AWS Toolkit is installed, you have the AWS .NET Mock Lambda Test Tool available which allows you to debug locally.

{
  "profiles": {
    "Mock Lambda Test Tool": {
      "commandName": "Executable",
      "commandLineArgs": "--port 5050",
      "workingDirectory": ".\\bin\\$(Configuration)\\net8.0",
      "executablePath": "%USERPROFILE%\\.dotnet\\tools\\dotnet-lambda-test-tool-8.0.exe"
    }
  }
}

C# executable assembly

Using the C# 9's top-level statements feature, you generate an executable assembly which will be run by the Lambda. You provide Lambda only with the name of the executable assembly to run.

var handler = async (string argument1, ILambdaContext context) => { }; // bootstrap the Lambda runtime and pass it the handler method await LambdaBootstrapBuilder.Create(handler, new DefaultLambdaJsonSerializer()).Build().RunAsync();

To debug locally you have to create the debug configuration file for you lambda.

{
  "profiles": {
    "Mock Lambda Test Tool": {
      "commandName": "Executable",
      "commandLineArgs": "--port 5050",
      "executablePath": "%USERPROFILE%\\.dotnet\\tools\\dotnet-lambda-test-tool-8.0.exe",
      "workingDirectory": ".\\bin\\$(Configuration)\\net8.0",
      "environmentVariables": {
        "AWS_LAMBDA_RUNTIME_API": "localhost:5050",
        "AWS_PROFILE": "MyProfile",
        "AWS_REGION": "us-east-1"
      }
    }
  }
}

Context

public string FunctionHandler(string input, ILambdaContext context)
{
    Logger.LogInfo("Function Name: {0}:{1}", context.FunctionName, context.FunctionVersion);
    Logger.LogInfo("Log Group: {0}", context.LogGroupName);
    Logger.LogInfo("Stream Name: {0}", context.LogStreamName);
    Logger.LogInfo("Request Id: {0}", context.AwsRequestId);
    Logger.LogInfo("Memory Limit: {0} MB", context.MemoryLimitInMB);
    Logger.LogInfo("Remaining timeLimit: {0} ms", context.RemainingTime);

    var contextInfo = new Dictionary<string, object>
    {
        { "Context", context }
    };
    Logger.AppendKeys(contextInfo);
    Logger.LogInfo("Context info");
    Logger.RemoveKeys(contextInfo.Keys.ToArray());

LambdaJsonSerializer

• Handle Enums in the input arguments of .NET AWS Lambda Functions
• CamelCaseLambdaJsonSerializer already exists

// create a custom serializer
public class EnumCamelCaseLambdaJsonSerializer : DefaultLambdaJsonSerializer
{
    public EnumCamelCaseLambdaJsonSerializer()
        : base(options =>
        {
            options.Converters.Add(new JsonStringEnumConverter());
            options.PropertyNamingPolicy = new AwsNamingPolicy(JsonNamingPolicy.CamelCase);
        }) { }
}

// then use it
[assembly: LambdaSerializer(typeof(EnumCamelCaseLambdaJsonSerializer))]

Stream as input

// use a stream as input argument and deserialize it
public string FunctionHandler(Stream input, ILambdaContext context)
{
    var options = new JsonSerializerOptions
    {
        PropertyNameCaseInsensitive = true,
        Converters = { new JsonStringEnumConverter() }
    };

    JsonSerializer.Deserialize<MyClass>(input, options);
}

Logging

Lambda pushes logs to the CloudWatch Logs service under /aws/lambda/[FunctionName].
Permissions (function's execution role, ex: AWSLambdaBasicExecutionRole policy):

• create CloudWatch groups
• create CloudWatch streams
• write log events

• Logs are organized into groups (1 group per function)
  • each group contains a collection of streams (1 stream per function instance) YYYY/MM/DD[Function version][Execution env GUID]

LambdaLogger.Log("Message");

Powertools

Allows Logging, Tracing, Metrics, Parameters.

Powertools Logging

Use structured logging.

// nuget package: AWS.Lambda.Powertools.Logging public class Function { public Function() { Logger.UseFormatter(new CustomLogFormatter()); // optionally change the format of the logs } // When debugging in non-production environments, you can instruct Logger to log the incoming event [Logging(LogEvent = true)] // define the case of property names (default: snake) [Logging(LoggerOutputCase = LoggerOutputCase.CamelCase)] // Delete all custom keys. Due to Lambda Execution Context reuse, this means that custom keys can be persisted across invocations. [Logging(ClearState = true)] public string FunctionHandler(string input, ILambdaContext context) { Logger.LogInformation("Input: '{0}'", input); // add structured JSON object to all the next log entries var contextInfo = new Dictionary<string, object> { { "contextInfo", context } }; Logger.AppendKeys(contextInfo); Logger.LogInformation("Context info"); // log anything Logger.RemoveKeys(contextInfo.Keys.ToArray()); // remove the structured JSON object to all the next log entries return input; } }

public class CustomLogFormatter : ILogFormatter
{
    public object FormatLogEntry(LogEntry logEntry)
    {
        return new
        {
            Message = logEntry.Message,
            Service = logEntry.Service,
            CorrelationIds = new 
            {
                AwsRequestId = logEntry.LambdaContext?.AwsRequestId,
                XRayTraceId = logEntry.XRayTraceId,
                CorrelationId = logEntry.CorrelationId
            },
            LambdaFunction = new
            {
                Name = logEntry.LambdaContext?.FunctionName,
                Arn = logEntry.LambdaContext?.InvokedFunctionArn,
                MemoryLimitInMB = logEntry.LambdaContext?.MemoryLimitInMB,
                Version = logEntry.LambdaContext?.FunctionVersion,
                ColdStart = logEntry.ColdStart,
            },
            Level = logEntry.Level.ToString(),
            Timestamp = logEntry.Timestamp.ToString("o"),
            Logger = new
            {
                Name = logEntry.Name,
                SampleRate = logEntry.SamplingRate
            },
        };
    }
}

Define the desired log level of the lambda:

1. Configuration tab → Monitoring and operation tools → Logging configuration → Edit button
2. Log format = JSON
3. Application log level =
4. System log level =

Priority of log level settings in Powertools for AWS Lambda:

1. AWS_LAMBDA_LOG_LEVEL environment variable
2. Setting the log level in code using [Logging(LogLevel = )]
3. POWERTOOLS_LOG_LEVEL environment variable

Parameters

Fetch values from Secrets Manager, Parameter Store, DynamoDB and App Config

public class Function { public string FunctionHandler(string input, ILambdaContext context) { // Get Secrets Provider instance (Secrets Manager) ISecretsProvider secretsProvider = ParametersManager.SecretsProvider; // Retrieve a single secret string? value = await secretsProvider.GetAsync("/my/secret"); } }

Handle exceptions

try
{
    await Task.Delay(2000);
    throw new Exception("XXX", new Exception("YYY"));
    result = input.ToUpper();
}
catch (Exception e)
{
    // log the exception object
    var exceptionInfo = new Dictionary<string, object>
    {
        { e.GetType().Name, e }
    };
    Logger.AppendKeys(exceptionInfo);
    Logger.LogCritical($"Exception: {e.Message}");
    Logger.RemoveKeys(exceptionInfo.Keys.ToArray());

    // log the exception and possibly the first inner exception
    Logger.LogCritical($"Exception: {e.Message}");
    Logger.LogCritical($"Stack trace: {e.StackTrace}");
    if (e.InnerException is not null)
    {
        Logger.LogCritical($"Exception: {e.InnerException.Message}");
        Logger.LogCritical($"Stack trace: {e.InnerException.StackTrace}");
    }
}

Timeout / ResponseSizeTooLarge

var response = await amazonLambdaClient.InvokeAsync(request);
var payload = Encoding.ASCII.GetString(response.Payload.ToArray()); // to debug only

if (response.FunctionError == "Unhandled")
{
    var jsonSerializerOptions = new JsonSerializerOptions
    {
        PropertyNamingPolicy = JsonNamingPolicy.CamelCase
    };
    var lambdaError = await JsonSerializer.DeserializeAsync<LambdaError>(response.Payload, jsonSerializerOptions);
}

record LambdaError(string ErrorType, string ErrorMessage);

{ "errorType":"Sandbox.Timedout", "errorMessage":"RequestId: 19c4a134-16ff-47ae-aa4e-1d1f7fe31d51 Error: Task timed out after 15.00 seconds" } { "errorType": "Function.ResponseSizeTooLarge", "errorMessage": "Response payload size exceeded maximum allowed payload size (6291556 bytes)." }

Deployment

dotnet lambda deploy-function [AssemblyName] --profile [Profile]

From VS with AWS Toolkit

Right-click on the project → Publish to AWS Lambda

{
    "Information" : [ ],
    "profile"     : "Profile-Name",
    "region"      : "eu-central-1",
    "configuration" : "Release",
    "function-architecture" : "x86_64",
    "function-runtime"      : "dotnet8",
    "function-memory-size"  : 512,
    "function-timeout"      : 30,
    "function-handler"      : "ProjectName::NamespaceName.ClassName::FunctionHandlerName",
    "environment-variables" : "\"POWERTOOLS_SERVICE_NAME\"=\"PowertoolsFunction\";\"POWERTOOLS_LOG_LEVEL\"=\"Info\";\"POWERTOOLS_LOGGER_CASE\"=\"PascalCase\";\"POWERTOOLS_TRACER_CAPTURE_RESPONSE\"=\"true\";\"POWERTOOLS_TRACER_CAPTURE_ERROR\"=\"true\";\"POWERTOOLS_METRICS_NAMESPACE\"=\"powertools_function\"",
    "framework"             : "net8.0",
    "function-name"         : "ProjectName",
    "package-type"          : "Zip",
    "function-role"         : "arn:aws:iam::637423632242:role/Deploy_Lambda",
    "function-subnets"      : "",
    "function-security-groups" : "",
    "tracing-mode"             : "PassThrough",
    "image-tag"                : ""
}

Permissions

WatchLogs

EventBridge

Call a lambda from code

// nuget: AWSSDK.Lambda, AWSSDK.SSO, AWSSDK.SSOOIDC var jsonSerializerOptions = new JsonSerializerOptions { PropertyNamingPolicy = JsonNamingPolicy.CamelCase, Converters = { new JsonStringEnumConverter() } }; var amazonLambdaConfig = new AmazonLambdaConfig { Profile = new Profile("MyProfile"), RegionEndpoint = RegionEndpoint.USEast1 }; var amazonLambdaClient = new AmazonLambdaClient(amazonLambdaConfig); var request = new InvokeRequest { FunctionName = "MyFunction", Payload = JsonSerializer.Serialize(myObject, jsonSerializerOptions), LogType = LogType.Tail, InvocationType = InvocationType.Event // async call (invoke with queue) InvocationType = InvocationType.RequestResponse // sync call (invoke directly and wait for the response) }; var response = await amazonLambdaClient.InvokeAsync(request); var payload = Encoding.ASCII.GetString(response.Payload.ToArray()); // to debug only if (response.FunctionError == "Unhandled") { var lambdaError = await JsonSerializer.DeserializeAsync<LambdaError>(response.Payload, jsonSerializerOptions); } else { var result = JsonSerializer.Deserialize<MyClass>(response.Payload, jsonSerializerOptions); } record LambdaError(string ErrorType, string ErrorMessage);

Templates

# list your installed Amazon Lambda Templates dotnet new list lambda # install Amazon Lambda Templates dotnet new install Amazon.Lambda.Templates

Lambda ASP.NET Core Web API

Use a CloudFormation stack and an S3 to upload the application (zip) and the CloudFormation template file.

• CloudFormation stack
• IAM Role (Lambda Role)
• IAM Role (Lambda Role)
• Lambda Function (Web API)
• VPC
• API Gateway (REST)

Errors

Could not find the specified handler assembly with the file name LambdaTest

The Lambda on AWS has wrongly set the handler to LambdaTest.
AWS - Lambda - Functions - select your function - Code tab - Runtime settings - Edit - change the Handler

Your function doesn't have permission to write to Amazon CloudWatch Logs

1. AWS → IAM → Roles → [the roles used by your lambda] → Persissions policies → Add permission → Create inline policy
2. Service = CloudWatch Logs
3. All CloudWatch Logs actions (logs:*)
4. All Resources