Enter your email address to follow our blog with all the latest software engineering tricks, tips, and updates from the R&D team at KnowBe4!
By: JJ Ferman
Published: 16 Oct 2023
Last Updated: 16 Oct 2023
Before diving into the pros and cons, let's set the stage by understanding the basics of AWS Lambda deployments:
Binary (or Code) Lambda Deployment: In this method, developers deploy their binary/code as ZIP archives directly. AWS then runs this code in a standard runtime environment they provide.
Containerized Lambda Deployment: This approach involves wrapping your Lambda function inside a Docker container image. You can then use this image to deploy your function to AWS Lambda.
At the time of writing this article AWS Lambda supports the following runtimes out of the box:
However if your choice of language (or specific version) falls outside of these listed above, then your only option is a custom runtime (for example in the case of Rust).
There's two ways to deploy a lambda with a custom runtime:
provided
or provided.al2
)Flexibility and Customization: By containerizing your Lambda function, you gain more control over the runtime environment. You can include specific dependencies or even create a custom runtime, which is essential for languages or versions not directly supported by AWS Lambda.
Consistency Across Environments: One of Docker's main advantages is its promise of "Build Once, Run Anywhere". You can build your Lambda container locally, test it, and then deploy the same container to AWS. This ensures that you're deploying what you tested.
Hosting Docker Images in ECR: One of the major drawbacks of the containerized approach is the need to host your Docker image in Amazon Elastic Container Registry (ECR). This introduces an additional layer of management and potentially increased costs, especially if you deploy frequently or have numerous images.
Potential Vulnerabilities in Docker Images: There could be vulnerabilities in the base image or other layers which aren't directly related to your code. This introduces potential security risks and necessitates regular image updates and scans. AWS provides the ECR image scanning feature to identify known vulnerabilities, but this is an additional step in the deployment process.
Simplicity: Deploying binaries is a straightforward process. You package your code and dependencies into a ZIP file and upload it. There's no need to deal with Dockerfiles or container registries.
Lower Costs: Without the need for ECR, you might experience reduced costs, especially if you have numerous deployments or function versions.
Less Vulnerable to Security Risks: Since you're not using Docker images, you don't have to worry about vulnerabilities in the base image or other layers. You can focus on securing your code and dependencies.
Limited to Provided Runtimes: If AWS doesn't provide the specific runtime or version you need, you have to ship a binary that executes a valid custom AWS lambda runtime within the provided Amazon Linux runtime (provided
or provided.al2
).
Potential Dependency Conflicts: Binary deployments can sometimes lead to "It works on my machine" scenarios, where local environments differ from the AWS Lambda environment, leading to potential issues. At KnowBe4, we have a process in our CI to check the binary we ship will execute on the provided AWS runtimes. This is however an extra step in the CI that needs to be accounted for.
Size Constraints: AWS imposes a 50 MB limit on the size of your zipped deployment package. This can be a problem if you have large dependencies or need to include large data files.
Both containerized and binary Lambda deployments have their place. The best approach depends on your specific needs, your familiarity with Docker, and the complexity of your application.
For many simple applications, the ease and efficiency of binary deployments might be your solution. But if you need more control over the runtime, or if you're already deeply invested in Docker and container orchestration, containerized Lambda functions offer compelling advantages.
Always ensure to keep security at the forefront, especially when working with containers. Regularly scan and update your images to keep vulnerabilities at bay.
Whatever approach you choose, AWS Lambda offers a powerful, serverless platform that can significantly accelerate your application development and deployment.
KnowBe4 Engineering heavily uses On-Demand environments for quick iterations on native cloud-based…
How KnowBe4 solved the "It Works on My Machine" problem with a new approach to provisioning test…