I have a simple python function behind api gateway. On a cold start, the lambda executes in under 300 ms as determined from the cloudwatch logs, but it takes 13.99 seconds for api gateway to return the event. On subsequent calls, it returns in 350 ms to the api gateway endpoint.
This lambda function is inside of a vpc, and I'd like to keep it there for DB security. There are other lambda functions that execute fine with identical networking config, so that's not the issue. Has anyone dealt with this before?
Cold starts and web applicationsAPI Gateway invokes Lambda functions synchronously, meaning the caller is blocked until the function returns a value. Generally, cold starts are less impactful in asynchronous executions.
Lambda cold starts occur when there is no available function instance to respond to an invocation. This can happen when instances have expired due to inactivity or when there are more invocations than active instances.
The duration of a cold start varies from under 100 ms to over 1 second. Since the Lambda service reuses warmed environments for subsequent invocations, cold starts are typically more common in development and test functions than production workloads.
The problem was the ENI cold start. For anyone who reaches this problem in the future, how I solved it was I triggered all of the lambda functions that required VPC connectivity every 14 minutes with cloudwatch events. The long starts have been fixed. This link pointed me towards the fact that the connection is kept alive for 15 minutes for lambdas within VPC: https://www.jeremydaly.com/lambda-warmer-optimize-aws-lambda-function-cold-starts/
Yes, VPC lambdas have notoriously long cold start times. You are mistaken though; you've always been paying the VPC penalty. The lambda execution time you are seeing in Cloudwatch logs does not include the cold start time; that execution time is a reflection of the time that you are charged while the lambda is actually executing. You don't get charged for the time it takes for the lambda container to spin up, acquire an ENI, etc.
A more accurate picture of how long it takes for a VPC lambda to cold start would be the API Gateway "Integration latency" metric in Cloudwatch. There's hope though; AWS plans to redesign how lambdas in VPCs acquire their ENIs and make that process much faster. You can read about that here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With