
Best Practices for AWS Lambda Container Reuse - kiyanwang
https://medium.com/capital-one-tech/best-practices-for-aws-lambda-container-reuse-6ec45c74b67e
======
hn_throwaway_99
This article was missing a couple of major points:

1\. He doesn't say whether the RDS DB is Postgres or MySQL. The MySQL
connection times tend to be much shorter than Postgres. With Postgres, it's a
very good idea to put use a pgbouncer instance to implement connection pooling
and have the Lambdas connect to that. 2\. As others point out here, in AWS it
is a very bad idea to have your RDS DB not behind a VPC. When you do that, it
basically makes cold start times completely untenable for a user-facing
synchronous function. Amazon has promised they are improving this situation,
not sure what the status of this is. 3\. Author points out some of this in his
article, but caching your connection in global scope opens up a whole host of
very difficult to track down bugs (e.g. you can have lots of cached
connections open and thus killing your DB connection limits, needing to handle
dead connections, etc.)

In my opinion, and with a lot of experience on a high traffic consumer site,
it's a bad idea to cache connections in global scope. Either use MySQL or
pgbouncer and connect in the function body.

------
Niksko
We went down the Lambda route at work, and I think ultimately it's a poor fit
for the type of service that is being described here.

Do your persistence elsewhere, probably in an API wrapped around RDS.

SSM or other secrets needing decryption and fetching at runtime should use the
AWS recommended method of storing this data in the global scope (at least
that's how it works in Node), but this should feel icky because it is icky.

Mixing statefulness into things that are inherently intended to be stateless
probably indicates you've chosen the wrong tool for the job.

~~~
cle
Agree, at the moment Lambda doesn't quite make it for directly calling RDS
DBs, because of the connection problem and because your DB should be in a VPC,
which has horrendous cold start implications for Lambda (it needs to attach an
ENI in the invoke path, which takes many seconds).

Re: the connection issue, it would be great if there were a service or RDS
feature that could do the DB connection pooling behind a standard AWS API, so
that we don't have manage connections in Lambda and so that we can query the
DB from public internet with standard AWS auth without having to expose the DB
itself.

~~~
013a
This exists, in Aurora Serverless. It is a shame they haven't opened it up to
the other RDS databases.

------
SethTro
Did anyone else notice the sql injection in their first block of code?

------
Niksko
[https://outline.com/67B7q6](https://outline.com/67B7q6)

------
Animats
They've re-invented FCGI.

