Agent skill

aws-cloudformation-lambda

Provides AWS CloudFormation patterns for Lambda functions, layers, API Gateway integration, event sources, cold start optimization, monitoring, logging, template validation, and deployment workflows. Use when creating Lambda functions with CloudFormation, configuring event sources, implementing cold start optimization, managing layers, integrating with API Gateway, and deploying Lambda infrastructure.

View SKILL.md on GitHub Repository
Stars 192
Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/giuseppe-trisciuoglio/developer-kit/tree/main/plugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-lambda

SKILL.md

AWS CloudFormation Lambda Functions

Overview

Create production-ready Lambda functions using CloudFormation templates with validation and deployment workflows.

When to Use

  • Creating Lambda functions with CloudFormation
  • Configuring event sources (S3, SQS, DynamoDB, Kinesis)
  • Implementing Lambda layers and cold start optimization
  • Integrating Lambda with API Gateway
  • Deploying Lambda infrastructure with validation

Deployment Workflow

Always follow this deployment workflow:

1. Validate Template

bash
aws cloudformation validate-template --template-body file://template.yaml

2. Deploy Stack

bash
aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name my-lambda-stack \
  --capabilities CAPABILITY_IAM \
  --parameter-overrides Environment=prod

3. Monitor Stack Events

bash
aws cloudformation describe-stack-events \
  --stack-name my-lambda-stack \
  --query 'StackEvents[?ResourceStatus==`CREATE_FAILED`||ResourceStatus==`UPDATE_FAILED`]'

4. Verify Resources

bash
aws lambda get-function --function-name my-lambda-stack-function
aws cloudformation describe-stacks --stack-name my-lambda-stack \
  --query 'Stacks[0].StackStatus'

5. Rollback on Failure

bash
aws cloudformation delete-stack --stack-name my-lambda-stack
aws logs describe-log-groups --log-group-name-prefix "/aws/lambda/my-lambda"

Instructions

Follow these steps to create Lambda functions with CloudFormation:

1. Define Lambda Function Parameters

Specify runtime, memory, timeout, and environment variables:

yaml
Parameters:
  FunctionMemory:
    Type: Number
    Default: 256
    AllowedValues:
      - 128
      - 256
      - 512
      - 1024
      - 2048
    Description: Lambda function memory in MB

  FunctionTimeout:
    Type: Number
    Default: 30
    MinValue: 1
    MaxValue: 900
    Description: Function timeout in seconds

  Runtime:
    Type: String
    Default: nodejs20.x
    AllowedValues:
      - nodejs20.x
      - python3.11
      - java21
      - dotnet8
      - go1.x
    Description: Lambda runtime environment

2. Create Lambda Function

Define the basic function configuration:

yaml
Resources:
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-function"
      Runtime: !Ref Runtime
      Handler: index.handler
      Role: !Ref ExecutionRole
      MemorySize: !Ref FunctionMemory
      Timeout: !Ref FunctionTimeout
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: !Ref CodeKey
      Environment:
        Variables:
          LOG_LEVEL: INFO
          DATABASE_URL: !Ref DatabaseUrl
      Tags:
        - Key: Environment
          Value: !Ref Environment

3. Configure Execution Role

Apply least privilege IAM policies:

yaml
Resources:
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: S3ReadAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - s3:GetObject
                Resource: !Sub "${DataBucket.Arn}/*"

4. Add Event Sources

Configure triggers for Lambda invocation:

yaml
Resources:
  # S3 event source
  S3EventSource:
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      EventSourceArn: !GetAtt DataBucket.Arn
      FunctionName: !Ref LambdaFunction

  # SQS event source
  SQSEventSource:
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      EventSourceArn: !GetAtt Queue.Arn
      FunctionName: !Ref LambdaFunction
      BatchSize: 10
      MaximumBatchingWindowInSeconds: 5

5. Configure API Gateway Integration

Set up REST or HTTP API integration:

yaml
Resources:
  # HTTP API integration
  HttpApi:
    Type: AWS::ApiGatewayV2::Api
    Properties:
      Name: !Sub "${AWS::StackName}-api"
      ProtocolType: HTTP
      Target: !Ref LambdaFunction

  ApiIntegration:
    Type: AWS::ApiGatewayV2::Integration
    Properties:
      ApiId: !Ref HttpApi
      IntegrationType: AWS_PROXY
      IntegrationUri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction.Arn}/invocations"

6. Implement Versioning and Aliases

Create function versions and aliases:

yaml
Resources:
  LambdaVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref LambdaFunction
      Description: !Sub "Version ${AWS::StackName} v1"

  LambdaAlias:
    Type: AWS::Lambda::Alias
    Properties:
      FunctionName: !Ref LambdaFunction
      FunctionVersion: !GetAtt LambdaVersion.Version
      Name: live

7. Configure Monitoring

Enable CloudWatch logging and X-Ray tracing:

yaml
Resources:
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      LoggingConfig:
        LogGroup: !Ref LogGroup
      TracingConfig:
        Mode: Active

  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub "/aws/lambda/${LambdaFunction}"
      RetentionInDays: 7

8. Set Up Dead Letter Queue

Configure DLQ for failed invocations:

yaml
Resources:
  DeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: !Sub "${AWS::StackName}-dlq"

  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      DeadLetterConfig:
        TargetArn: !GetAtt DeadLetterQueue.Arn

Examples

Complete Lambda Stack Template

yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Lambda function with monitoring and DLQ

Parameters:
  FunctionMemory:
    Type: Number
    Default: 256
    AllowedValues: [128, 256, 512, 1024]
  FunctionTimeout:
    Type: Number
    Default: 30

Resources:
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal: { Service: lambda.amazonaws.com }
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-function"
      Runtime: nodejs20.x
      Handler: index.handler
      Role: !GetAtt ExecutionRole.Arn
      MemorySize: !Ref FunctionMemory
      Timeout: !Ref FunctionTimeout
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: !Ref CodeKey
      Environment:
        Variables:
          LOG_LEVEL: INFO

  LambdaVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref LambdaFunction

  LambdaAlias:
    Type: AWS::Lambda::Alias
    Properties:
      FunctionName: !Ref LambdaFunction
      FunctionVersion: !GetAtt LambdaVersion.Version
      Name: live

Outputs:
  FunctionArn:
    Value: !GetAtt LambdaFunction.Arn
  FunctionName:
    Value: !Ref LambdaFunction

Best Practices

Performance Optimization

  • Use SnapStart for Java functions to eliminate cold starts
  • Use provisioned concurrency for critical functions requiring low latency
  • Keep deployment packages small (< 50 MB zipped)
  • Optimize memory size based on function requirements
  • Use appropriate timeout values (avoid maximum timeout)
  • Configure reserved concurrency to prevent throttling

Cost Optimization

  • Right-size memory allocation for cost efficiency
  • Use provisioned concurrency strategically (adds cost when idle)
  • Monitor Lambda duration and optimize for faster execution
  • Use ephemeral storage (/tmp) efficiently
  • Clean up unused Lambda functions and versions
  • Consider Lambda PowerTuning for optimal memory/power configuration

Security

  • Apply least privilege IAM policies to execution roles
  • Encrypt environment variables at rest
  • Use VPC endpoints for private AWS service access
  • Rotate IAM credentials regularly
  • Implement VPC configuration for private function access
  • Use AWS KMS for encrypting sensitive data

Reliability

  • Configure Dead Letter Queue for async invocations
  • Implement retry logic with exponential backoff
  • Use CloudWatch alarms for error monitoring
  • Test Lambda functions thoroughly before deployment
  • Implement circuit breakers for downstream service failures
  • Use canary deployments with Lambda aliases

Monitoring and Observability

  • Enable CloudWatch Logs for all functions
  • Use X-Ray tracing for distributed tracing
  • Configure CloudWatch metrics for performance monitoring
  • Set up alarms for errors, throttles, and duration
  • Use Lambda Insights for debugging
  • Monitor concurrent executions and throttling

Versioning and Deployment

  • Use Lambda aliases for production environments (live, staging)
  • Implement canary deployments with weighted aliases
  • Create function versions for immutable deployments
  • Use SAM or AWS CDK for simplified Lambda deployments
  • Implement blue/green deployments with Lambda aliases
  • Test function changes in development environment first

Constraints and Warnings

  • Timeout limits: Lambda timeout max is 900 seconds (15 min); set appropriate values to avoid orphaned executions
  • Deployment package size: Zipped packages max 50 MB, unzipped max 250 MB (including layers)
  • Layer limits: Max 5 layers per function; each layer max 50 MB (unzipped)
  • Environment variables: Max 4 KB for all variables; encrypt sensitive values with KMS
  • Cold starts: Java and .NET functions have longer cold starts; use SnapStart or Provisioned Concurrency for latency-sensitive workloads
  • Concurrent execution: Default limit 1000 per region; request increase for high-traffic functions
  • VPC networking: Lambda in VPC adds 10-30 second cold start overhead for first invocation
  • IAM permissions: Never use * in Resource policies; always scope to specific resources
  • Dead Letter Queue: Required for async invocations; ensure DLQ is in same region as function
  • Cost monitoring: Enable billing alerts; Lambda charges per invocation and duration

References

For detailed implementation guidance, see:

  • constraints.md - Resource limits (function limits, concurrent execution, timeout, memory), deployment constraints (function size, layer size, environment variables), operational constraints (cold starts, VPC networking, event sources, DLQ), security constraints (execution role, resource policies, VPC endpoints), cost considerations (provisioned concurrency, duration, memory, data transfer), and performance constraints (SnapStart, layer versioning, X-Ray tracing, async invocation)

Related Resources

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

giuseppe-trisciuoglio/developer-kit

aws-cli-beast

Provides advanced AWS CLI patterns for managing EC2, Lambda, S3, DynamoDB, RDS, VPC, IAM, and CloudWatch. Generates bulk operation scripts, automates cross-service workflows, validates security configurations, and executes JMESPath queries for complex filtering. Triggers on "aws cli help", "aws command line", "aws scripting", "aws automation", "aws batch operations", "aws bulk operations", "aws cli pagination", "aws multi-region", "aws profiles", "aws cli troubleshooting".

192 20
Explore
giuseppe-trisciuoglio/developer-kit

aws-cost-optimization

Provides structured AWS cost optimization guidance using five pillars (right-sizing, elasticity, pricing models, storage optimization, monitoring) and twelve actionable best practices with executable AWS CLI examples. Use when optimizing AWS costs, reviewing AWS spending, finding unused AWS resources, implementing FinOps practices, reducing EC2/EBS/S3 bills, configuring AWS Budgets, or performing AWS Well-Architected cost reviews.

192 20
Explore
giuseppe-trisciuoglio/developer-kit

aws-sam-bootstrap

Provides AWS SAM bootstrap patterns: generates `template.yaml` and `samconfig.toml` for new projects via `sam init`, creates SAM templates for existing Lambda/CloudFormation code migration, validates build/package/deploy workflows, and configures local testing with `sam local invoke`. Use when the user asks about SAM projects, `sam init`, `sam deploy`, serverless deployments, or needs to bootstrap/migrate Lambda functions with SAM templates.

192 20
Explore
giuseppe-trisciuoglio/developer-kit

aws-drawio-architecture-diagrams

Creates professional AWS architecture diagrams in draw.io XML format (.drawio files) using official AWS Architecture Icons (aws4 library). Use when the user asks for AWS diagrams, VPC layouts, multi-tier architectures, serverless designs, network topology, or draw.io exports involving Lambda, EC2, RDS, or other AWS services.

192 20
Explore
giuseppe-trisciuoglio/developer-kit

aws-cloudformation-bedrock

Provides AWS CloudFormation patterns for Amazon Bedrock resources including agents, knowledge bases, data sources, guardrails, prompts, flows, and inference profiles. Use when creating Bedrock agents with action groups, implementing RAG with knowledge bases, configuring vector stores, setting up content moderation guardrails, managing prompts, orchestrating workflows with flows, and configuring inference profiles for model optimization.

192 20
Explore
giuseppe-trisciuoglio/developer-kit

aws-cloudformation-s3

Provides AWS CloudFormation patterns for Amazon S3. Use when creating S3 buckets, policies, versioning, lifecycle rules, and implementing template structure with Parameters, Outputs, Mappings, Conditions, and cross-stack references.

192 20
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results