Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Lambda in VPC deletion takes more time

Tags:

aws-lambda

amazon-cloudformation

I have created a stack that lambda in VPC using cloud formation. When I try to delete the entire stack, it takes 40-45 minutes of time.

My Iam Role has the following permission:

Action:                            
          - ec2:DescribeInstances
          - ec2:CreateNetworkInterface
          - ec2:AttachNetworkInterface
          - ec2:DescribeNetworkInterfaces
          - ec2:DeleteNetworkInterface
          - ec2:DetachNetworkInterface
          - ec2:ModifyNetworkInterfaceAttribute
          - ec2:ResetNetworkInterfaceAttribute
          - autoscaling:CompleteLifecycleAction
          - iam:CreateRole
          - iam:CreatePolicy
          - iam:AttachRolePolicy
          - iam:PassRole
          - lambda:GetFunction
          - lambda:ListFunctions
          - lambda:CreateFunction
          - lambda:DeleteFunction
          - lambda:InvokeFunction
          - lambda:GetFunctionConfiguration
          - lambda:UpdateFunctionConfiguration
          - lambda:UpdateFunctionCode
          - lambda:CreateAlias
          - lambda:UpdateAlias
          - lambda:GetAlias
          - lambda:ListAliases
          - lambda:ListVersionsByFunction
          - logs:FilterLogEvents
          - cloudwatch:GetMetricStatistics

How to improve the deletion time of the stack?

like image 511
Gowtham Chand Avatar asked Dec 24 '17 03:12

Gowtham Chand

People also ask

How long does Lambda take to delete?

AWS CloudFormation uses elastic network interfaces, and elastic network interfaces can only be deleted by Lambda. Deleting an elastic network interface can take up to 45 minutes. This length of time depends on factors such as how many Lambda functions are using the elastic network interface.

How do I make Lambda execution faster?

If we need to reduce the Lambda execution time, we can try increasing memory (and by extension, CPU) to process it faster. However, when we try to increase the memory for a function past a certain limit, it won't improve the execution time as AWS currently offers a maximum of 2 cores CPU.

How do I remove Lambda from VPC?

To delete a network interface that Lambda createdChange the Amazon VPC configuration to use a different subnet and security group. Disconnect the function from the Amazon VPC. 2. For each published Lambda function version listed, delete the function version.

Can Lambda run for more than 15 minutes?

Historically, the maximum execution timeout limit was 5 minutes. At the time of writing this article, AWS Lambda functions cannot run continuously for more than 15 minutes. This is a hard limit in the AWS Lambda service. In practice, there are use cases for which those 15 minutes are not enough.

1 Answers

When a Lambda function executes within your VPC, an Elastic Network Interface (ENI) is created in order to give it network access. You can think of an ENI as a virtual NIC. It has a MAC address and at least one private IP address, and is "plugged into" any resource that connects to the VPC network and has an IP address inside the VPC (EC2 instances, RDS instances, ELB, ALB, NLB, EFS, etc.).

While it does not appear to be explicitly documented, these interfaces as used by Lambda appear to be mapped 1:1 to container instances, each of which hosts one or more containers, depending on the size of each container's memory allocation. The algorithm Lambda uses for provisioning these machines is not documented, but there is a documented formula for approximating the number that Lambda will create:

You can use the following formula to approximately determine the ENI requirements.

Projected peak concurrent executions * (Memory in GB / 3GB)

https://docs.aws.amazon.com/lambda/latest/dg/vpc.htm

This formula suggests that you will see more ENIs if you have either high concurrency or large memory footprints, or fewer ENIs if neither of those conditions is true. (The reason for 3GB boundary seems to be based on the smallest instance Lambda appears to use, in the background, which is the m3.medium general purpose EC2 instance. You can't see these among your EC2 instances, and you are not billed for them.)

In any event, Lambda doesn't shut down containers or their host instances immediately after function execution because it might need them for reuse on subsequent invocations, and since containers (and their host instances) are not destroyed right away, neither are their associated ENIs. To do so would be inefficient. In any event, the delay is documented:

There is a delay between the time your Lambda function executes and ENI deletion.

http://docs.aws.amazon.com/lambda/latest/dg/vpc.html

This makes sense, when we consider that the Lambda infrastructure's priorities should be focused on making resources available as needed and keeping them available for quick access performance reasons -- so tearing things down again is a secondary consideration that the service attends to in the background.

In short, this delay is normal and expected.

Presumably, CloudFormation has used tags to identify these interfaces, since it isn't readily apparent how to otherwise distinguish among them.

ENIs are visible in the EC2 console's left hand navigation pane under Network Interfaces, so it's possible that you could delete these yourself and hasten the process... but note that this action, assuming the system allows it, needs to be undertaken with due caution -- because if you delete an ENI that is attached to a container instance that Lambda subsequently tries to use, Lambda will not know that the interface is missing and the function will time out or throw an error at least until Lambda decides to destroy the attached container instance.

like image 61
Michael - sqlbot Avatar answered Dec 04 '22 20:12

Michael - sqlbot
Sign in to Comment

Related questions

Creating process.env variables using AWS Amplify?
Pass and use input (parameters) to a lambda task from a step function
how to connect a cloudwatch alarm to a lambda function
Lambda and DynamoDB : is not authorized to perform: dynamodb:Scan
AWS API Gateway OPTIONS requests returns 500 error
Preventing multiple simultaneous logins with Cognito
How can we trace axios http requests with aws x-ray?
AWS Lambda and inaccurate memory allocation
Is it possible to run docker image/DockerFile on AWS Lambda?
GPU based algorithm on AWS Lambda
AWS SQS permissions for AWS Lambda
Lambda from API gateway VS kinesis Streams
How to resolve: 'Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment'
Pushing AWS Lambda data to Kinesis Stream
Is significant latency introduced by API Gateway?
How to debug a aws lambda function?
How to keep desired amount of AWS Lambda function containers warm
Scheduled AWS Lambda Task at less than 1 minute frequency
Can you trigger an AWS Lambda on a dynamic timer?
invoke lambda function with hours delay

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!