If you use Lambda Function URLs and are extracting the caller's ip address from the x-forwarded-for header, that ip can be spoofed. In this article, I'll describe the scenarios where Lambda mangles this header and a workaround to get the caller's true ip address. Since several frameworks rely on the x-forwarded-for to determine the caller's ip address, your caller's ip address may be wrong!
With each release of LLRT (Low Latency Runtime for Lambda), I've tried to use it to run my production API and failed. Recently I took a different approach and navigated the last few hurdles to migrate my API from Node 22 to LLRT. In this post, I'll share how I did it, the challenges I faced, and some benchmarks.
I've written a few articles on how to get faster coldstarts with Lambda, the AWS JavaScript V3 SDK and the Node runtime. It's time to put them all together and show you the Cloud Development Kit (CDK) configuration I use to achieve the fastest coldstarts with the AWS JavaScript V3 SDK and Node 22.
Did you know that setting environment variables on a Lambda function could add over 20 ms to your coldstart times? In this post, I'll talk about how I discovered this and when it matters.
Have you ever thought you understood the timeline of a request in AWS Lambda only to stare at your logs and traces and find out that you didn't? The official documentation has diagrams that look pretty, but don't convey everything that is important. In this post I'll present the infographic I use to understand what Lambda is doing and what is and isn't in the logs.
In November 2023, I noticed Lambda coldstarts were 40 ms - 300 ms slower because they unnecessarily loaded the SSO credentials provider. I cut a GitHub issue which was closed with wontfix. Fast forward to January 29, version 3.502 of the AWS JavaScript SDK was released to lazy load non-essential credentials providers. This is a big win, but you can still squeeze out more performance. In this post I'll show you how to make your coldstarts 35 ms faster.
I'm a big fan of the CloudWatch Embedded Metrics Format. It lets you write metrics to the lambda log without the overhead of a service call. Alas, there is no Embedded EventBridge Format, you need to make a sync call to EventBridge to put events onto the bus. Can we make it more asynchronous? In this post, I'll describe a back door to publishing events to EventBridge by just writing JSON to the lambda log.
You thought you could just set some flags and your node.js lambda function would be bundled, tree-shaken, minified and go from ice cold to glowing hot in milliseconds? My sweet summer child. I thought that too, but then I analyzed the bundle, pored over some traces and realized how wrong I was. What follows is the rabbit hole I went down to optimize my lambda coldstarts.