Outrageously long cold start on api gateway only?

Question

I have a simple python function behind api gateway. On a cold start, the lambda executes in under 300 ms as determined from the cloudwatch logs, but it takes 13.99 seconds for api gateway to return the event. On subsequent calls, it returns in 350 ms to the api gateway endpoint.

This lambda function is inside of a vpc, and I'd like to keep it there for DB security. There are other lambda functions that execute fine with identical networking config, so that's not the issue. Has anyone dealt with this before?

Answer 1

The problem was the ENI cold start. For anyone who reaches this problem in the future, how I solved it was I triggered all of the lambda functions that required VPC connectivity every 14 minutes with cloudwatch events. The long starts have been fixed. This link pointed me towards the fact that the connection is kept alive for 15 minutes for lambdas within VPC: https://www.jeremydaly.com/lambda-warmer-optimize-aws-lambda-function-cold-starts/

Answer 2

Yes, VPC lambdas have notoriously long cold start times. You are mistaken though; you've always been paying the VPC penalty. The lambda execution time you are seeing in Cloudwatch logs does not include the cold start time; that execution time is a reflection of the time that you are charged while the lambda is actually executing. You don't get charged for the time it takes for the lambda container to spin up, acquire an ENI, etc.

A more accurate picture of how long it takes for a VPC lambda to cold start would be the API Gateway "Integration latency" metric in Cloudwatch. There's hope though; AWS plans to redesign how lambdas in VPCs acquire their ENIs and make that process much faster. You can read about that here.