cfn_nag
aws-lambda-power-tuning
Our great sponsors
cfn_nag | aws-lambda-power-tuning | |
---|---|---|
14 | 36 | |
1,219 | 5,120 | |
0.5% | - | |
0.0 | 8.7 | |
8 months ago | 7 days ago | |
Ruby | JavaScript | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cfn_nag
-
Setting up my own landing zone on AWS
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
For generic CloudFormation templates, check CFN-NAG.
-
AWS Serverless Production Readiness Checklist
If you use CDK, you should implement CDK nag; otherwise, use cfn-nag.
-
Make your life easier using Makefiles
cfn_nag
-
Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline
CodeBuild will run a linting check against the CloudFormation Template using cfn-lint and will then run cfn-nag to check for patterns that indicate insecure resources within the CloudFormation template.
-
App with self-contained infrastructure on AWS
Security checks for the Cloudformation stack using cfn-nag
-
Mastering AWS CDK Aspects
cdk-nag contains several Aspects to check your applications for best practices. It is especially useful if you need to be HIPAA-compliant or have other compliance requirements. It is inspired by cfn_nag which is a a tool checking for patterns in your CloudFormation templates.
-
how did you get good at iac-cloudformation
cfn-lint and cfn_nag or other tools of that nature to check as you write so you don't need to continually try to deploy only to find that you've done something dumb.
-
Source Control your AWS CloudFormation templates with GitHub
There is another tool called cfn_nag that can check your code for potentially any insecure infrastructure. When you read the documentation around this tool, the author says it can check for things such as:
-
Static Analysis for Cloud Formation
cfn-nag: Verify that there is no code that poses a security risk.
aws-lambda-power-tuning
-
AWS SnapStart - Part 13 Measuring warm starts with Java 21 using different Lambda memory settings
In case of not enabling SnapStart for the Lambda function we observed that increasing memory reduces the warm execution time for our use case especially for p>90. As adding more memory to the Lambda function is also a cost factor, the sweet spot between cold and warm start time and cost is somewhere between 768 and 1204 MB memory setting for the Lambda function for our use case. You can use AWS Lambda Power Tuning for very nice visualisations.
-
How to optimize your lambda functions with AWS Lambda power tuning
This tool, which is open source and available here, takes the form of a Step Function that is deployed on your AWS account. The purpose of this Step Function is to run your lambda with different memory configurations several times and output a comparison in the form of a graph (or JSON) to try to find the optimal balance between cost and execution time. There are three possible optimization modes: cost, execution time, or a "balanced" mode where it tries to find a balance between the two.
-
Developers Journey to AWS Lambda
The AWS Documentation's Memory and Computing Power page is a good starting point. To avoid configuring it manually, it's worth checking out AWS Lambda Power Tuning, which will help you find the sweet spot.
-
Guide to Serverless & Lambda Testing — Part 2 — Testing Pyramid
Utilizing tools such as AWS X-Ray, AWS Lambda Power Tuning, and AWS Lambda Powertools tracer utility is recommended. Read more about it here.
-
Tunea tus funciones Lambda
Install the AWS SAM CLI in your local environment. Configure your AWS credentials (requires AWS CLI installed): $ aws configure Clone this git repository: $ git clone https://github.com/alexcasalboni/aws-lambda-power-tuning.git Build the Lambda layer and any other dependencies (Docker is required): $ cd ./aws-lambda-power-tuning $ sam build -u sam build -u will run SAM build using a Docker container image that provides an environment similar to that which your function would run in. SAM build in-turn looks at your AWS SAM template file for information about Lambda functions and layers in this project. Once the build has completed you should see output that states Build Succeeded. If not there will be error messages providing guidance on what went wrong. Deploy the application using the SAM deploy "guided" mode: $ sam deploy -g
-
AWS Serverless Production Readiness Checklist
Use AWS Lambda Power Tuning to balance cost and performance.
-
GPT-Powered chatbot over the phone - Try it, and see how it was built
Since it relies on an external API call, it does take a while to execute (1.285 seconds on average), which is very inefficient, and despite throwing Lambda Power Tuning at the problem, it's purely an external dependency issue, and can't be resolved by resources. You could make it more cost-effective using AWS Step Functions to handle the OpenAI API call asyncrhonously, but I didn't worry for this project.
-
Tips to avoid surprises in your AWS bill
Optimise the memory settings for functions that use provisioned concurrency and adjust memory allocation for a function by using a tool like this to avoid guesswork.
-
Modern hardware is fast, so let's choose the slowest language to balance it out
Adding to this, increasing lambda size can actually reduce your spend on lambda depending on what you're actually running. And there's a tool to figure out what's optimal. https://github.com/alexcasalboni/aws-lambda-power-tuning
-
Optimize your workloads for Sustainability
Use tools like AWS lambda power tuning, and AWS Compute Optimizer to right-size your resources. In addition, you should use Auto Scaling to automatically scale up and down based on demand. To improve the overall resource efficiency and reduce idle capacity in the entire Cloud AWS, use Amazon EC2 Spot Instances. Spot Instances are unused EC2 capacity in AWS, this instance also gives you up to a 90% discount compared to On-Demand prices. If you are using EKS you should follow the EKS Best Practices Guides - especially the Auto Scaling guide to improve the utilization of your nodes. Moreover, you should generally adopt a serverless, event-driven architecture to maximize overall resource utilization.
What are some alternatives?
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
cfn-python-lint - CloudFormation Linter
SonarQube - Continuous Inspection
aws-secure-environment-accelerator - The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
json-schema-to-ts - Infer TS types from JSON schemas 📝
vscode-cloudformation-snippets - This extension adds snippets for all the AWS CloudFormation resources into Visual Studio Code.
tfsec - Security scanner for your Terraform code
dynamodb-toolbox - A simple set of tools for working with Amazon DynamoDB and the DocumentClient
middy - 🛵 The stylish Node.js middleware engine for AWS Lambda 🛵
aws-sam-cli - CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
aws-graviton-getting-started - Helping developers to use AWS Graviton2 and Graviton3 processors which power the 6th and 7th generation of Amazon EC2 instances (C6g[d], M6g[d], R6g[d], T4g, X2gd, C6gn, I4g, Im4gn, Is4gen, G5g, C7g[d][n], M7g[d], R7g[d]).
cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources