AWS Resource Reference
      Back to home
      1. Arpio Documentation
      2. Reference Guides
      3. AWS Resource Reference

      Lambda

      Lambda resource replication with Arpio

      Lambda

      Arpio replicates the following Lambda function resource types into your recovery environment.

      Lambda Function

      Arpio will create copies of your selected unpublished Lambda functions in the recovery environment.  A Lambda function copy in your recovery environment will have the same general configuration settings that the original has, including the description, allocated memory, timeout, ephemeral storage size, and execution role.  The concurrency settings, environmental variables, and tags for your function are also copied to the recovery environment without any translation required.

      Lambda function code is also replicated to the recovery environment along with the Lambda function. When you make changes to the Lambda function code in your primary environment, those changes will also be automatically copied to the recovery environment.

      Some resource attributes, listed in the table below, do require translation.

      Attribute

      Translation

      Dead Letter Config

      The dead letter queue configuration for asynchronous invocations of the Lambda function will be updated to use the replicated dead letter queue in the recovery environment.

      Destination 

      The configuration for a replicated Lambda function will be updated to refer to the replicated destination topics or queues in the recovery environment.

      Event Invoke Config

      A new instance of the asynchronous invocation configuration will be created in the recovery environment which refers to the replicated Lambda function and uses the replicated versions of the SNS topic, SQS queue, or Lambda function for the Destination Config.

      Event Source Mappings

      SQS queues referenced in a Lambda’s Event Source Mapping are translated to the corresponding resources in the recovery environment.

      EFS File System Config

      To save costs and reduce application setup time, Arpio doesn’t create EFS file systems  in your recovery environment until you failover your application.  


      As a result, the Lambda functions replicated  to the recovery environment won’t have EFS file systems connected until your application is in test or recovery mode.  Once your application is in test or recovery mode, the file systems will be created in the recovery environment and the replicated Lambda function will be automatically updated to refer to them.

      Environment Variables

      Environment variables that reference the ARN or hostname of other resources (secrets, RDS databases, etc.) that Arpio is replicating will be translated to reference the corresponding resource(s) in the recovery environment.

      Image

      For Lambda functions that reference container images in ECR, the replicated function in the recovery environment will be pointed to the corresponding ECR image in the recovery environment.

      Layers

      Arpio replicates any layers used by your function to the replication environment, and then when Arpio replicates your functions, it updates any layer references in the function to use the replicated version of the layer

      Permissions/Policy

      When your Lambda function is replicated to the recovery environment, Arpio converts the S3 resources referenced in the function resource-based policy to the replicated versions of those S3 resources in the recovery environment. 

      VPC

      If a Lambda instance in your primary environment is connected to a VPC, the replicated instance in the recovery environment will be attached to the replicated version of that VPC in the recovery environment.

      The following resources are automatically discovered and included in  recovery points when a Lambda function is selected:

      • Resources referenced in the policy document for the Lambda function
      • SQS queues referenced as triggers in the function’s event source mapping.
      • SQS queues, SNS topics, and other Lambda functions, published versions of Lambda functions, or Lambda function aliases  referenced as the OnSuccess or OnFailure destinations for the function.
      • SNS topics or SQS queues used by the dead letter queue in the function’s asynchronous configuration.
      • Layers used by the function.
      • ECR images referenced by the function.
      • Resources referenced within the Lambda's environment variables (RDS databases, Elasticache clusters, OpenSearch domains, etc.)

      Lambda Function Version

      AWS users can publish their Lambda functions to create versions, and Arpio automatically selects function versions required by applications to be replicated to the recovery environment.  As with unpublished functions, a function version copy will be created with the same general configuration settings as the original.  Some of the function version configuration fields require translation as described in the table below.

      The code in the Lambda function version is also replicated to the corresponding Lambda function version in the recovery environment.

      Attribute

      Translation

      Dead Letter Config

      The dead letter queue configuration for asynchronous invocations in the function version configuration will be updated to use the replicated dead letter queue in the recovery environment.

      Destination 

      As with the dead letter queue, the configuration for your replicated Lambda function version will be updated to refer to the replicated destination topics or queues in the recovery environment. 

      Event Invoke Config

      A new instance of the asynchronous invocation configuration will be created in the recovery environment which refers to the replicated Lambda function version and uses the replicated versions of the SNS topic, SQS queue, or Lambda function for the Destination Config.

      Event Source Mappings

      SQS queues referenced in the published function version’s Event Source Mapping are translated to the corresponding resources in the recovery environment.  

      EFS File System Config

      To save costs and reduce application setup time, Arpio doesn’t create EFS file systems  in your recovery environment until you failover your application.  


      As a result, a replicated function version environment won’t have EFS file systems connected until your application is in test or recovery mode.  Once your application is in test or recovery mode, the file systems will be created in the recovery environment and the replicated Lambda function version will be automatically updated to refer to them.
      Environment Variables

      Environment variables that reference the ARN or hostname of other resources (secrets, RDS databases, etc.) that Arpio is replicating will be translated to reference the corresponding resource(s) in the recovery environment. 
      Image

      For Lambda functions that reference container images in ECR, the replicated function in the recovery environment will be pointed to the corresponding ECR image in the recovery environment.

      Layers

      Arpio replicates any layers used by a function version to the replication environment.  When Arpio replicates a function version, it updates any layer references in the function to use the replicated version of the layer

      Permissions/Policy

      When your function version is replicated to the recovery environment, Arpio converts the S3 resources in the function version’s resource-based policy to the replicated versions of those S3 resources in the recovery environment. 

      Provisioned Concurrency

      If provisioned concurrency is set for your function version in the source environment, it is not copied to the recovery environment standby mode since AWS will charge you for its use.  When your application is in failover or failover test mode, the provisioned concurrency settings will be replicated to the recovery environment.

      Version

      AWS increments the version number each time a function with the same name  is published in a new region or account.  If your function versions are not sequential, the replication version number may not match the source version number.  Arpio keeps track of the recovery function’s version number for a given primary resource version, and you can use the Arpio console to determine the recovery function version number. 

      However, because this may be a source of confusion during failover, and may require manually updating the configuration for resources Arpio is not replicating, Arpio recommends you use a function alias for any versions in those resources to reduce the amount of manual work required to get your application functional in the recovery environment.

      VPC

      If a published Lambda function version instance in your primary environment is connected to a VPC, the replicated instance in the recovery environment will be attached to the replicated version of that VPC in the recovery environment.

       

      The following resources are automatically discovered and included in  recovery points when a Lambda function version is selected for replication.

      • Resources referenced in the policy document used by the function version, such as S3 buckets.
      • SQS queues referenced as triggers in the function version’s event source mapping.
      • SQS queues, SNS topics, and other Lambda functions, published versions of Lambda functions, or Lambda function aliases referenced as the OnSuccess or OnFailure destinations for the function.
      • SNS topics or SQS queues used by the dead letter queue in the function version’s asynchronous configuration.
      • Layers used by the function version.
      • ECR images referenced by the function.
      • Resources referenced within the Lambda's environment variables (RDS databases, Elasticache clusters, OpenSearch domains, etc.)

      Lambda Function Alias

      Arpio users can select function aliases to be replicated to the recovery environment.  a function version copy will be created with the same general configuration settings as the original.  Some of the function version configuration fields require translation as described in the table below.

      Attribute

      Translation

      Destination 

      As with the dead letter queue, the configuration for your replicated Lambda function alias will be updated to refer to the replicated destination topics or queues in the recovery environment. 

      Event Invoke Config

      A new instance of the asynchronous invocation configuration will be created in the recovery environment which refers to the replicated Lambda function version and uses the replicated versions of the SNS topic, SQS queue, or Lambda function for the Destination Config.

      Event Source Mappings

      SQS queues referenced in the published function version’s Event Source Mapping are translated to the corresponding resources in the recovery environment.  

      Permissions/Policy

      When your function version is replicated to the recovery environment, Arpio converts the S3 resources in the function version’s resource-based policy to the replicated versions of those S3 resources in the recovery environment. 

      Primary function version

      Because AWS sets the version number for published function versions, Arpio can’t force a version number in the recovery environment. However, Arpio does track the matching version number  in the recovery environment  for a version in the source environment, and uses the correct version number in the configuration for the replicated alias. 

      Provisioned concurrency

      If provisioned concurrency is set for your function alias in the source environment, it is not copied to the recovery environment standby mode since AWS will charge you for its use.  When your application is in failover or failover test mode, the provisioned concurrency settings will be replicated to the recovery environment.

      Weighted versions

      As with the primary version, even though version identifiers might differ between source and replication environments, Arpio uses the correct additional version identifiers for the additional weight version if it’s set.

       

      The following resources are automatically discovered and included in recovery points when a Lambda function alias is selected for replication.

      • Resources referenced in the policy document used by the function alias, such as S3 buckets.
      • SQS queues referenced as triggers in the function alias’ event source mapping.
      • SQS queues, SNS topics, and other Lambda functions, published versions of Lambda functions, or Lambda function aliases referenced as the OnSuccess or OnFailure destinations for the function.

      Lambda Layer Versions

      Lambda Layer Versions can be selected to be replicated to the recovery environment.  

      Attribute

      Translation

      Permissions/Policy

      If your recovery environment is in a different account, when your layer version is replicated, the layer version’s policy will be replicated using the account id of your recovery environment. 

      Policies for third party layers (ex: Datadog or AWS-supplied layers) are usually not accessible, and are not copied to the recovery environment.