144. Lambda Billing Changes, Cold Start Costs, and Log Savings: What You Need to Know

In this episode, we provide an overview of Amazon EBS, which stands for Elastic Block Storage. We explain what block storage is and how EBS provides highly available and high-performance storage volumes that can be attached to EC2 instances. We discuss the various EBS volume types, including GP3, GP2, provisioned IOPS, and HDD volumes, and explain how they differ in performance characteristics like IOPS and throughput. We go over important concepts like IOPS, throughput, and volume types so listeners can make informed decisions when provisioning EBS. We also cover EBS features like snapshots, encryption, direct API access, and ECS integration. Overall, this is a comprehensive guide to understanding EBS and choosing the right options based on your workload needs. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, an AWS Partner that does CLOUD stuff really well. Go to fourtheorem.com to read about our case studies! In this episode, we mentioned the following resources: EBS Official Documentation: https://docs.aws.amazon.com/ebs/latest/userguide/what-is-ebs.html EBS Direct Access API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-accessing-snapshot.html EBS internal configuration is implemented as “millions of tiny databases” (paper): https://www.amazon.science/publications/millions-of-tiny-databases EBS Pricing examples: https://aws.amazon.com/ebs/pricing/#Pricing_examples Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

8 Mars 202421min

In this episode, we discuss AWS Resource Access Manager (RAM) and how it can be used to securely share AWS resources like VPC subnets, databases, and SSM parameters across accounts. We explain the benefits of using RAM over other options like resource policies and assumed roles. Some key topics covered include how to get started with RAM, how it works from the resource owner and resource participant side, and common use cases like sharing VPC subnets, Aurora databases, and SSM parameters. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠⁠⁠https://fourTheorem.com⁠⁠⁠⁠⁠ In this episode, we mentioned the following resources: Sharing Aurora Databases with RAM (Conor Maher's article): https://fourtheorem.com/using-aws-resource-access-manager-for-development/ Blog post "VPC Lattice: The Future of AWS Networking Explained": https://fourtheorem.com/vpc-lattice/ Our previous episode dedicated to VPC Lattice: https://awsbites.com/88-what-is-vpc-lattice/ VPC Lattice sample code base: https://github.com/fourTheorem/vpc-lattice-demo Sharing AWS Systems Manager Parameters official announcement: https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/ Official documentation for what can be shared with RAM: https://docs.aws.amazon.com/ram/latest/userguide/shareable.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

1 Mars 202413min

In this episode, we discuss Permission Boundary policies in AWS IAM. A permissions boundary is an advanced feature in which you set the maximum permissions that an identity-based policy can grant to an IAM entity. When you set a permissions boundary for an entity, the entity can perform only the actions allowed by its identity-based policies and its permissions boundaries. In this episode, we discuss this concept a bit more in detail and we show how it can be used to give freedom to development teams while preventing privilege escalation. We also cover some of the disadvantages that come with using permission boundaries and other things to be aware of. Finally, we will give some practical advice on how to get the best out of Permissions Boundary Policy and get the best out of them. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠⁠https://fourTheorem.com⁠⁠⁠⁠ In this episode, we mentioned the following resources: Episode 112. "What is a Service Control Policy (SCP)?": https://awsbites.com/112-what-is-a-service-control-policy-scp/ IAM Policy Simulator: https://policysim.aws.amazon.com/home/index.jsp?#roles The famous RSA paper that introduces Alice and Bob in the world of cryptography: https://web.williams.edu/Mathematics/lg5/302/RSA.pdf A biographical backstory on Alice and Bob: https://urbigenous.net/library/alicebob.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

23 Feb 202413min

In this episode, we discuss the new experimental AWS Lambda LLRT Low Latency runtime for JavaScript. We provide an overview of what a Lambda runtime is and how LLRT aims to optimize cold starts and performance compared to existing runtimes like Node.js. We outline the benefits of LLRT but also highlight concerns around its experimental status, lack of parity with Node.js, and reliance on dependencies like QuickJS. Overall, LLRT shows promise but needs more stability, support, and real-world testing before it can be recommended for production use. In the end, we also have an appeal for AWS itself when it comes to investing in the larger JavaScript ecosystem. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner with lots of experience with AWS, Serverless, and Lambda. If you are looking for a partner that can help you deliver your next Serverless workload successfully, look no further and reach out to us at ⁠⁠⁠https://fourTheorem.com⁠⁠⁠ In this episode, we mentioned the following resources: Episode 104. "Explaining Lambda Runtimes": https://awsbites.com/104-explaining-lambda-runtimes/ LLRT official repository on GitHub: https://github.com/awslabs/llrt QuickJS official website: https://bellard.org/quickjs/ Lambda performance benchmark by Maxime David: https://maxday.github.io/lambda-perf/ Richard Davidson on GitHub: https://github.com/richarddavison Fabrice Bellard on Wikipedia: https://en.wikipedia.org/wiki/Fabrice_Bellard QuickJS-ng fork: https://github.com/quickjs-ng/quickjs QuickJS issue where users debate whether the project is dead or alive: https://github.com/bellard/quickjs/issues/188 WinterCG initiative: https://wintercg.org/ Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

16 Feb 202430min

In this episode, we discuss what to do if you accidentally leak your AWS credentials during a live stream. We explain the difference between temporary credentials and long-lived credentials, and how to revoke each type. For temporary credentials, we recommend using the AWS console to revoke sessions or creating an IAM policy to deny access. For long-lived credentials, you must deactivate and rotate the credentials. We also touch on using tools like HashiCorp Vault to manage credentials securely. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner that doesn’t suck. Check us out at ⁠⁠https://fourTheorem.com⁠⁠ In this episode, we mentioned the following resources: Gist with example policy: https://gist.github.com/lmammino/02fef8ce0cc22a45f219fe4f47fcf20c Revoking IAM role temporary security credentials (official AWS docs): https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

9 Feb 202411min

In this episode, we provide a friendly introduction to Service Control Policies (SCPs) in AWS Organizations. We explain what SCPs are, how they work, common use cases, and tips for troubleshooting access-denied errors related to SCPs. We cover how SCPs differ from identity-based and resource-based policies, and how SCPs can be used to set boundaries on maximum permissions in AWS accounts across an organization. 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Partner with plenty of experience setting up AWS accounts and Service Control Policies. If that's something you'd like some help with, reach out to us on social media or check out ⁠https://fourTheorem.com⁠ In this episode, we mentioned the following resources: Episode 96: "AWS Governance and Landing Zone with Control Tower, Org Formation, and Terraform": https://awsbites.com/96-aws-governance-and-landing-zone-with-control-tower-org-formation-and-terraform/ Episode 40: "What do you need to know about IAM?": https://awsbites.com/40-what-do-you-need-to-know-about-iam/ Conor Maher's repo with some SCP examples: https://github.com/conzy/terraform-demo Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

2 Feb 202418min

In this episode, we discuss how we work as a cloud consulting company, including our principles, engagement process, sprint methodology, and focus on agile development to deliver successful projects. We aim to be trusted partners, not just vendors, and enable our customers' business goals. By the end of this episode, you will know what working with a cloud consulting company like fourTheorem could look like and you might learn some strategies to make cloud projects a success! We will also digress a little into the history of software practices, common misconceptions, and what we believe should be the right way to build software. 💰 SPONSORS 💰 AWS Bites is sponsored by fourTheorem, an AWS Partner with plenty of experience delivering cloud projects to production. If you want to chat, reach out to us on social media or check out https://fourTheorem.com In this episode, we mentioned the following resources. Working with fourTheorem (blog post): https://fourtheorem.com/working-with-fourtheorem/ AI as a service, book by Peter Elger and Eoin Shanaghy: https://www.manning.com/books/ai-as-a-service Majority of developers spending half, or less, of their day coding, report finds (TechRepublic article): https://www.techrepublic.com/article/majority-of-developers-spending-half-or-less-of-their-day-codin g-report-finds/ 2023 software.com Future of Work Report: https://www.software.com/reports/future-of-work Managing the Development of Large Software Systems, Dr. WInston W. Royce, 1970: https://www.praxisframework.org/files/royce1970.pdf Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

26 Jan 202445min

In this episode, we discuss using AWS Lambda for machine learning inference. We cover the tradeoffs between GPUs and CPUs for ML, tools like ggml and llama.cpp for running models on CPUs, and share examples where we've experimented with Lambda for ML like podcast transcription, medical imaging, and natural language processing. While Lambda ML is still quite experimental, it can be a viable option for certain use cases. 💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, an Advanced AWS Partner. If you are moving to AWS or need a partner to help you go faster, check us out at fourtheorem.com ! In this episode, we mentioned the following resources. Episode "46. How do you do machine learning on AWS?": https://awsbites.com/46-how-do-you-do-machine-learning-on-aws/ Episode "108. How to Solve Lambda Python Cold Starts": https://awsbites.com/108-how-to-solve-lambda-python-cold-starts/ ggml (the framework): https://github.com/ggerganov/ggml ggml (the company): https://ggml.ai llama.cpp: https://github.com/ggerganov/llama.cpp whisper.cpp: https://github.com/ggerganov/whisper.cpp whisper.cpp WebAssembly demo: https://whisper.ggerganov.com/ ONNX Runtime: https://onnxruntime.ai/ An example of using whisper.cpp with the Rust bindings: https://github.com/lmammino/whisper-rs-example Project running Whisper.cpp in a Lambda function: https://github.com/eoinsha/whisper_lambda_cpp AWS Lambda Image Container Chest X-Ray Example: https://github.com/fourTheorem/lambda-image-cxr-detection Episode "103. Building GenAI Features with Bedrock": https://awsbites.com/103-building-genai-features-with-bedrock/⁠ Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠ - ⁠⁠⁠⁠https://twitter.com/loige⁠⁠

19 Jan 202424min