AWS Lambda can encounter failure states when attemping an update. When an update fails the service falls back to the previous iteration of the code potentially leading to outdated application functionality
AWS Lambda is a fully managed compute service where all aspects of the execution environment are handled by AWS leaving only the code and configuration to be provided to the runtime. As such the Lambda service manages all standard input, standard output, standard error, environment variables and the overall compute runtime. The user’s primary responsibility is to provide the code for the function to execute and to ensure that the Lambda function’s configuration, including logging and operational settings, is accurate and complete.
AWS Lambda operates with clearly defined management boundaries, where AWS is responsible for the runtime and infrastructure, while the user is responsible for supplying code in a format compatible with the selected runtime and suitable configuration.
When updating Lambda code, AWS Lambda can detect and fail deployments if the uploaded code is incompatible or if the configuration provided for the environment fails. If a deployment fails, AWS Lambda continues to serve the previous version of the code, ensuring that requests and invocations of the function are not interrupted by the failed update.
Failure states include issues with EFS Mounting, providing an invalid runtime configuration, KMS Key access denial, invalid network configuration and more.
Any Lambda functions experiencing deployment failures should be investigated to identify issues with the new code and the updated configuration and determine how to remediate the stated errors. This ensures that the intended codebase is deployed successfully, preventing the Lambda Service from continuing to run an outdated version of the function.
Deployment failures in Lambda are not always immediately obvious, as AWS prioritizes uptime by automatically rolling back to the last working version of the code. Therefore deployment release monitoring is essential to detect failures during the release and start an immediate investigation and fix. By capturing deployment issues, you can initiate a full rollback or accelerate the development of a fix, ensuring the service operates with the correct codebase and intended functionality.
SkySiege Cloud Security Assessments scan for this issue and provide same-day reports..
Available for individual projects or organisations.
