Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Compute Optimizer Lambda Function Findings

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)

Check for Compute Optimizer Lambda findings in order to take the necessary actions and optimize the under-provisioned and over-provisioned Amazon Lambda functions identified within your AWS cloud account. AWS Compute Optimizer delivers recommendations for Lambda functions that may be over-provisioned in memory sizes so that you can simply downsize them to save costs. The Compute Optimizer service also delivers recommendations for Lambda functions that may benefit from additional CPU power, so that you can increase their memory sizes to allocate more CPU power and reduce execution time.

The AWS Compute Optimizer findings for Amazon Lambda functions are classified in the following ways:

Memory under-provisioned – a Lambda function is considered under-provisioned when its configured memory or CPU power (which is proportional to the configured memory) does not meet the performance requirements of the workload (application). An under-provisioned function might lead to poor application performance.

Memory over-provisioned – a function is considered over-provisioned when its configured memory can be sized down while still meeting the performance requirements of your workload. An over-provisioned function might lead to unnecessary cloud infrastructure costs.

Memory-optimized – a Lambda function is considered optimized when its configured memory meets the performance requirements of the workload. An optimized function runs your workloads with optimal performance and cost.

Cost
optimisation
Reliability
Performance
efficiency

Choosing the right amount of memory for your Amazon Lambda functions is extremely important because over-provisioning Lambda functions can lead to unexpected cost, while under-provisioning Lambda functions can lead to increased error rate or application latency and poor performance. AWS Computer Optimizer uses Machine Learning to provide recommendations for Lambda functions that may be over-provisioned or under-provisioned in memory sizes. By using Computer Optimizer recommendations, you can quickly identify optimal memory size settings for your Amazon Lambda functions based on your application usage and performance metrics, without investing substantial time and effort to understand how these work.


Audit

To check your AWS cloud account for Compute Optimizer Lambda function findings, perform the following operations:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Compute Optimizer console at https://console.aws.amazon.com/compute-optimizer/.

03 In the navigation panel, under AWS Compute Optimizer, choose Dashboard. The Compute Optimizer dashboard provides an overview of the optimization opportunities for your Amazon Lambda functions based on the data that has been collected and analyzed for your current AWS account (or accounts if you are currently signed into the master account of your organization).

04 To clear any preselecting filters, choose Clear filters next to the Regions filter.

05 Click inside the Regions filter, select Region, and choose the AWS region that you want to examine.

06 In the Lambda functions section, check for any Lambda function findings, listed under Findings as Not optimized. If one or more findings have been identified, there are Amazon Lambda functions that need to be reconfigured and optimized for performance and cost, available in the selected AWS region.

07 Change the AWS cloud region using the Regions filter and repeat the audit process for other regions.

Using AWS CLI

01 Run get-recommendation-summaries command (OSX/Linux/UNIX) with custom query filters to return the Amazon Lambda function findings identified in the selected AWS region (in this case US East – N. Virginia region):

aws compute-optimizer get-recommendation-summaries
  --region us-east-1
  --query 'recommendationSummaries[?(recommendationResourceType==`LambdaFunction`)].summaries[]'

02 The command output should return the number of optimized and under-optimized Amazon Lambda functions, identified in the selected region:

[
    {
        "name": "Optimized",
        "value": 0.0
    },
    {
        "name": "NotOptimized",
        "value": 3.0,
        "reasonCodeSummaries": [
            {
                "name": "MemoryOverprovisioned",
                "value": 2.0
            },
            {
                "name": "MemoryUnderprovisioned",
                "value": 1.0
            }
        ]
    }
]

If the number of over-provisioned and/or under-provisioned Lambda functions (highlighted) returned by the get-recommendation-summaries command output is positive, as shown in the example above, there are Amazon Lambda functions that need to be reconfigured and optimized for performance and cost, available within the selected AWS cloud region.

03 Change the AWS region by updating the --region command parameter value and repeat the entire audit process for other regions.

Remediation / Resolution

To access, review, and implement the Compute Optimizer finding recommendations generated for your under-optimized Amazon Lambda functions, perform the following operations:

Note: As example, this conformity rule demonstrates how to implement an AWS Compute Optimizer recommendation by reducing the memory size for an over-provisioned Lambda function in order to save cost without impacting performance.

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Compute Optimizer console at https://console.aws.amazon.com/compute-optimizer/.

03 In the navigation panel, under Recommendations per AWS resource, choose Lambda functions to access the optimization recommendations made by AWS Compute Optimizer service for your under-provisioned and/or over-provisioned Amazon Lambda functions.

04 To clear any preselecting filters, choose Clear filters next to the Regions filter.

05 Click inside the Regions filter, select Region, and choose the AWS region that you want to access.

06 Click on the Not optimized link of the Lambda function finding recommendation that you want to implement, to access the recommendation details.

07 On the selected recommendation page, review each option to identify the optimization recommendation that works best for you. When comparing memory configurations and determining which one best suits your workload needs, carefully weigh the possible validation efforts against the benefits.

08 Once you have chosen the best Compute Optimizer recommendation option, choose Open in Lambda console to access the Amazon Lambda function that you want to reconfigure.

09 Click on the name (link) of the over-provisioned Amazon Lambda function.

10 Select the Configuration tab to access the panel with the configuration information available for the selected resource.

11 In the Basic settings section, choose Edit to change the amount of memory available for the selected function during invocation.

12 Inside the Memory (MB) configuration box, change the memory size as recommended at step no. 7. In this case, the optimization recommendation is to reduce the function memory size to the value recommended by AWS Compute Optimizer in order to save cost without impacting duration.

13 Choose Save to apply the changes. Once the configuration changes are applied, the selected Amazon Lambda function is cost-optimized without increasing job duration.

14 Repeat steps no. 6 – 13 for each Compute Optimizer finding identified within the current AWS region.

15 Change the AWS cloud region using the Regions filter and repeat the remediation process for other regions.

Using AWS CLI

01 Run get-lambda-function-recommendations command (OSX/Linux/UNIX) to retrieve the Amazon Resource Name (ARN) of each under-optimized Amazon Lambda function identified in the selected AWS region (in this case, US East – N. Virginia region):

aws compute-optimizer get-lambda-function-recommendations
  --region us-east-1
  --filters name=Finding,values=NotOptimized
  --query 'lambdaFunctionRecommendations[*].functionArn'

02 The command output should return the requested function ARNs:

[
    "arn:aws:lambda:us-east-1:123456789012:function:cc-sqs-poller",
    "arn:aws:lambda:us-east-1:123456789012:function:cc-rts-monitor",
    "arn:aws:lambda:us-east-1:123456789012:function:cc-ec2-manager"
]

03 Execute get-lambda-function-recommendations command (OSX/Linux/UNIX) using the ARN of the under-provisioned/over-provisioned Lambda function that you want to optimize as identifier parameter, to describe the optimization recommendations provided by AWS Compute Optimizer for the selected Amazon Lambda function (in this case the specified function is over-provisioned):

aws compute-optimizer get-lambda-function-recommendations
  --region us-east-1
  --function-arns arn:aws:lambda:us-east-1:123456789012:function:cc-sqs-poller
  --query 'lambdaFunctionRecommendations[*]'

04 The command output should return the optimization recommendation(s) available for the selected function:

[
    {
        "utilizationMetrics": [
            {
                "name": "Duration",
                "value": 31566.22275443912,
                "statistic": "Average"
            },
            {
                "name": "Duration",
                "value": 32413.05,
                "statistic": "Maximum"
            },
            {
                "name": "Memory",
                "value": 812.97049834135,
                "statistic": "Average"
            },
            {
                "name": "Memory",
                "value": 815.0,
                "statistic": "Maximum"
            }
        ],
        "currentMemorySize": 1024,
        "lastRefreshTimestamp": 1607529145.405,
        "numberOfInvocations": 1554,
        "functionArn": "arn:aws:lambda:us-east-1:123456789012:function:cc-sqs-poller:$LATEST",
        "memorySizeRecommendationOptions": [
            {
                "projectedUtilizationMetrics": [
                    {
                        "name": "Duration",
                        "value": 30015.234193697025,
                        "statistic": "LowerBound"
                    },
                    {
                        "name": "Duration",
                        "value": 31515.46678891891,
                        "statistic": "Expected"
                    },
                    {
                        "name": "Duration",
                        "value": 33091.712123300697,
                        "statistic": "UpperBound"
                    }
                ],
                "memorySize": 875,
                "rank": 1
            }
        ],
        "functionVersion": "$LATEST",
        "finding": "NotOptimized",
        "findingReasonCodes": [
            "MemoryOverprovisioned"
        ],
        "lookbackPeriodInDays": 14.0,
        "accountId": "123456789012"
    }
]

05 Based on the information returned at the previous step by the get-lambda-function-recommendations command output, review the Compute Optimizer recommendations by analyzing the finding properties listed below. Review each option to identify the optimization recommendation that works best for you. When comparing memory configurations and determining which one best suits your workload needs, carefully weigh the possible validation efforts against the benefits:

  1. "finding" - the finding classification returned for the selected Amazon Lambda function (i.e. "NotOptimized").
  2. "findingReasonCodes" - the reason for the finding classification of the function (e.g. "MemoryOverprovisioned").
  3. "functionArn" - the Amazon Resource Name (ARN) of the selected Lambda function.
  4. "functionVersion" - the version number of the current Lambda function.
  5. "lookbackPeriodInDays" - the number of days for which utilization metrics were analyzed for the selected Lambda resource.
  6. "currentMemorySize" – the amount of memory (MB) that is allocated to the current function.
  7. "memorySizeRecommendationOptions[].memorySize" - the memory size (MB) recommended for the Lambda function optimization.
  8. "memorySizeRecommendationOptions[].rank" - the rank of the function recommendation option. The top recommendation option is ranked as 1.

06 Once you have chosen the best Compute Optimizer recommendation option, you can proceed with the Amazon Lambda function reconfiguration. Run update-function-configuration command (OSX/Linux/UNIX) using the ARN of the Lambda function that you want to reconfigure as identifier parameter, to update the amount of memory available to the selected function at runtime, as recommended by Compute Optimizer at step no. 4. In this case, the optimization recommendation is to reduce the function memory size to the value recommended by AWS Compute Optimizer (i.e. "memorySizeRecommendationOptions[].memorySize" value) in order to save cost without impacting duration:

aws lambda update-function-configuration
  --function-name arn:aws:lambda:us-east-1:123456789012:function:cc-sqs-poller
  --memory-size 875

07 The command output should return the metadata of the reconfigured Amazon Lambda function:

{
    "FunctionName": "cc-sqs-poller",
    "FunctionArn": "arn:aws:lambda:us-east-1:123456789012:function:cc-sqs-poller",
    "Runtime": "python3.7",
    "Role": "arn:aws:iam::123456789012:role/service-role/cc-sqs-poller-role-abcdabcd",
    "Handler": "lambda_function.lambda_handler",
    "CodeSize": 550,
    "Timeout": 60,
    "MemorySize": 875,
    "LastModified": "2021-01-12T10:00:00.000+0000",
    "Version": "$LATEST",
    "TracingConfig": {
        "Mode": "PassThrough"
    },
    "State": "Active",
    "LastUpdateStatus": "Successful",
    "PackageType": "Zip"
}

08 Repeat steps no. 3 – 7 for each Compute Optimizer finding identified in the selected AWS region.

09 Change the AWS region by updating the --region command parameter value and repeat the entire remediation process for other regions.

References

Publication date Jan 14, 2021

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Compute Optimizer Lambda Function Findings

Risk Level: Medium