Getting started overview

AWS Lambda is a serverless, event-driven compute service that allows you to run code without provisioning or managing servers. This getting started guide focuses on the initial steps to deploy and invoke your first Lambda function.

The core process involves:

  1. AWS Account Setup: Establishing an AWS account and securing it.
  2. IAM Configuration: Setting up Identity and Access Management (IAM) users and roles with appropriate permissions.
  3. Function Creation: Writing and packaging your function code.
  4. Deployment: Uploading the function to AWS Lambda.
  5. Invocation: Triggering the function to execute.

This guide will walk you through these steps using the AWS Management Console for simplicity, though the AWS Command Line Interface (CLI) and AWS SDKs offer programmatic alternatives.

Create an account and get keys

To begin with AWS Lambda, you need an active AWS account. If you do not have one, you can create a new AWS account by following the official AWS account creation guide. This process typically involves providing an email address, password, credit card information for verification (charges only apply after free tier limits are exceeded), and a phone number for identity verification.

IAM User and Access Keys

After creating your AWS account, it is a security best practice to create an IAM user with specific permissions rather than using the root account for daily operations. This limits potential damage if credentials are compromised. For programmatic access, you will generate access keys for this IAM user.

  1. Create an IAM User:
    • Navigate to the IAM console.
    • In the navigation pane, choose Users, then Add users.
    • Enter a User name (e.g., lambda-admin).
    • Select Programmatic access for the Access type.
    • Choose Next: Permissions.
  2. Attach Permissions:
    • Select Attach existing policies directly.
    • Search for and select the AWSLambda_FullAccess policy. While this grants broad access, it simplifies the initial setup. For production, apply the principle of least privilege.
    • Choose Next: Tags (optional), then Next: Review, and finally Create user.
  3. Retrieve Access Keys:
    • On the final screen, you will see the Access key ID and Secret access key.
    • Download the .csv file containing these keys immediately. This is the only time you can view or download the secret access key. If you lose it, you will need to create a new one.
    • Keep these credentials secure.

Configure AWS CLI (Optional but Recommended)

The AWS Command Line Interface (CLI) allows you to interact with AWS services from your terminal. Installing and configuring the CLI streamlines many development tasks.

  1. Install AWS CLI: Follow the AWS CLI installation instructions for your operating system.
  2. Configure AWS CLI: Open your terminal and run aws configure.
    • Enter your AWS Access Key ID.
    • Enter your AWS Secret Access Key.
    • Enter your Default region name (e.g., us-east-1). Refer to the AWS Regions and Availability Zones documentation for a list of available regions.
    • Enter your Default output format (e.g., json).

Your first request

This section guides you through creating and invoking a basic Python Lambda function using the AWS Management Console.

Quick Reference Table: First Lambda Function

Step What to Do Where
1. Create Execution Role Define permissions for your Lambda function. IAM Console > Roles
2. Create Lambda Function Configure basic function details. Lambda Console > Functions
3. Add Code Paste or upload your function code. Lambda Function Details Page > Code tab
4. Test Function Invoke with a test event. Lambda Function Details Page > Test tab

Step-by-step Function Creation and Invocation

1. Create an IAM Role for Lambda Execution

Lambda functions require an IAM role that grants them permissions to execute and access other AWS services (like CloudWatch for logging). This is known as the execution role.

  1. Navigate to the IAM console.
  2. In the navigation pane, choose Roles, then Create role.
  3. For Trusted entity type, select AWS service.
  4. For Use case, select Lambda, then choose Next.
  5. Search for and select the policy AWSLambdaBasicExecutionRole. This policy grants permissions for Lambda to write logs to CloudWatch. Choose Next.
  6. (Optional) Add tags, then choose Next.
  7. Enter a Role name (e.g., lambda-basic-execution-role) and choose Create role.

2. Create Your Lambda Function

  1. Navigate to the AWS Lambda console.
  2. Choose Create function.
  3. Select Author from scratch.
    • For Function name, enter my-first-lambda-function.
    • For Runtime, select Python 3.9 (or your preferred language).
    • For Architecture, keep the default (x86_64).
    • Under Change default execution role, select Use an existing role and choose the lambda-basic-execution-role you created earlier.
  4. Choose Create function.

3. Add Function Code

Once the function is created, you will be directed to its configuration page. Scroll down to the Code source section.

  1. The console provides a default lambda_function.py file. Replace its contents with the following Python code: 
    
import json

def lambda_handler(event, context):
    # Log the event for debugging
    print("Received event: " + json.dumps(event, indent=2))

    # Example: Process input data from the event
    if 'name' in event:
        message = f"Hello, {event['name']}! This is your first Lambda function."
    else:
        message = "Hello from your first Lambda function! Provide a 'name' in the event for a personalized greeting."

    return {
        'statusCode': 200,
        'body': json.dumps(message)
    }
  2. Choose Deploy to save your changes.

4. Test Your Function

  1. On the function's configuration page, select the Test tab.
  2. In the Test event section:
    • For Event name, enter MyTestEvent.
    • For Event JSON, replace the default content with a simple JSON payload: 
      
{
  "name": "apispine user"
}
  3. Choose Save, then choose Test.
  4. The Execution results pane will display the function's output, including the response, function logs, and execution duration. You should see a statusCode: 200 and a body containing "Hello, apispine user! This is your first Lambda function.".

Common next steps

After successfully deploying and invoking your first Lambda function, consider these common next steps to expand your capabilities:

  • Add Triggers: Connect your Lambda function to various AWS services (e.g., S3, API Gateway, DynamoDB Streams, SQS) to make it event-driven. For example, configure an API Gateway trigger to create a RESTful API endpoint for your function.
  • Explore Deployment Methods: Beyond the console, learn to deploy functions using the AWS CLI, AWS Serverless Application Model (SAM), or AWS CloudFormation for Infrastructure as Code (IaC).
  • Advanced Configuration: Investigate environment variables, memory allocation, timeout settings, and VPC configuration to optimize your function's performance and security.
  • Monitoring and Logging: Utilize Amazon CloudWatch for detailed monitoring, logging, and alarming on your function's invocations and errors.
  • SDKs and Language Runtimes: Experiment with different AWS SDKs and programming language runtimes beyond Python, such as Node.js or Java, based on your project requirements.
  • Local Development and Testing: Explore local development tools like the AWS SAM CLI for faster iteration and debugging without continuous deployments to the cloud.
  • Cost Optimization: Understand Lambda pricing and how memory allocation and invocation duration impact costs.

Troubleshooting the first call

Encountering issues during your first Lambda invocation is common. Here's a guide to common problems and their solutions:

  • Permission Denied (AccessDeniedException):
    • Issue: The IAM user or role attempting to create/update/invoke the Lambda function lacks sufficient permissions.
    • Solution: Verify that the IAM user has policies like AWSLambda_FullAccess attached, or ensure the Lambda function's execution role has at least AWSLambdaBasicExecutionRole. Check the IAM policy troubleshooting guide for details.
  • Function Timeout:
    • Issue: Your function runs longer than its configured timeout setting (default is 3 seconds).
    • Solution: Increase the timeout value in your function's configuration (under Configuration > General configuration). Review your code for infinite loops or long-running operations.
  • Handler Not Found:
    • Issue: Lambda cannot find the specified handler function in your code. This often happens due to incorrect file names, function names, or handler path configuration.
    • Solution: Ensure your file is named lambda_function.py (for Python) and contains the lambda_handler function, or update the handler path in the function configuration (e.g., filename.handler_function_name).
  • Syntax Errors in Code:
    • Issue: Your function code contains syntax errors, preventing it from executing.
    • Solution: Carefully review your code for typos, incorrect indentation, or missing delimiters. The test logs in the console often provide specific error messages.
  • Dependencies Not Found:
    • Issue: Your function requires external libraries not included in the standard Lambda runtime environment.
    • Solution: Bundle your dependencies with your function code into a deployment package (ZIP file) or use Lambda Layers.
  • Cold Starts:
    • Issue: Infrequently invoked functions experience higher latency on their first invocation due to the environment needing to be spun up.
    • Solution: While not an error, it's a performance characteristic. For latency-sensitive applications, consider Provisioned Concurrency or ensure sufficient invocation frequency. This is a common aspect of serverless computing.
  • CloudWatch Logs: Always check your function's logs in Amazon CloudWatch. Lambda automatically sends execution logs there, providing detailed error messages and debugging information.