CDK app that deploys a Lambda internal extension to modify the standard behaviour of AWS Lambda.
- AWS:
- Must have authenticated with Default Credentials in your local environment.
- Must have completed the CDK bootstrapping for the target AWS environment.
- Node.js + npm:
- Must be installed in your system.
- Poetry:
- Must be installed in your system.
- Docker:
- Must be installed in your system and running at deployment.
npx projen installnpx projen deploynpx projen destroy
-
Lambda Layer Creation
- A Lambda layer containing the internal extension is created and attached to the Lambda function.
-
Triggering the Lambda Function
- The Lambda function can be triggered manually by the user or programmatically via a cron job using Amazon EventBridge.
-
Executing the Wrapper Script
- Upon startup, the Lambda function is configured to execute a wrapper script from the Lambda layer. This execution is specified by the
AWS_LAMBDA_EXEC_WRAPPERenvironment variable, which points to the path of the wrapper script.
- Upon startup, the Lambda function is configured to execute a wrapper script from the Lambda layer. This execution is specified by the
-
Invoking the Forked
awslambdaric- The wrapper script then invokes a forked version of awslambdaric (AWS Lambda Runtime Interface Client). This version is modified to include custom logic for reading the
maintenance-windowparameter from Parameter Store during the Lambda bootstrap process.
- The wrapper script then invokes a forked version of awslambdaric (AWS Lambda Runtime Interface Client). This version is modified to include custom logic for reading the
-
Checking the Maintenance Window
- The Lambda function checks whether the current datetime falls within the defined maintenance window:
- If it falls within the window, the Lambda function handler is bypassed. Instead, the Lambda invocation event is stored in Amazon DynamoDB for future manual triggering.
- If it falls outside the window, the Lambda function operates as usual, executing its handler.
- The Lambda function checks whether the current datetime falls within the defined maintenance window:
The way AWS Lambda works under the hood is by using Firecracker, a virtual machine monitor (VMM) designed to rapidly spawn a fleet of microVMs in response to Lambda invocation events. When a new microVM is created, it reads and applies the settings you've configured for your Lambda function to set up the microVM environment accordingly. Additionally, your Lambda function code and any attached layers are copied into designated directories within the microVM.
With this knowledge, it's possible to alter a function's behaviour by configuring it to use a custom version of the Runtime Interface Client (RIC) instead of the official one provided by the AWS Lambda service within the microVM.