AWS Lambda Function Versioning and Aliases: Best Practices for Production-Grade Code

How to Safeguard Production-Grade AWS Lambda Functions

Q: You are creating a production mode Lambda function.Due to auditing compliance, your organization stated that production-grade code must not be modified during its execution unless the modification goes through a change process.For that, you decided to publish a version for PROD, create an alias, and use the alias ARN for invoking the Lambda function.However, your organization stated the code should not run if the version is $LATEST.How would you achieve this? (choose 2 options)

getFunctionVersion from Context object.Use the AWS_LAMBDA_FUNCTION_VERSION environment variable.

Prev Question Next Question

Question

You are creating a production mode Lambda function.

Due to auditing compliance, your organization stated that production-grade code must not be modified during its execution unless the modification goes through a change process.

For that, you decided to publish a version for PROD, create an alias, and use the alias ARN for invoking the Lambda function.

However, your organization stated the code should not run if the version is $LATEST.

How would you achieve this? (choose 2 options)

Answers

A. getFunctionVersion from Context object.

B. Get invokedLambdaARN from the event object and find out the version from it.

C. Use the AWS_LAMBDA_FUNCTION_VERSION environment variable.

D. Use the AWS_LAMBDA_FUNCTION_ALIAS environment variable.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: A, C.

For more information on environment variables available to Lambda functions, refer to documentation here.

https://docs.aws.amazon.com/lambda/latest/dg/env_variables.html https://docs.aws.amazon.com/lambda/latest/dg/tutorial-env_cli.html

Option B is not correct.

There is no parameter in any event source containing the ARN of the invoked Lambda function.

Option D is not correct.

This is no environment variable for ALIAS.

© getFunctionVersion(): The Lambda function version that is executing. If an alias is used to invoke the function, then
getFunctionVersion will be the version the alias points to.

To achieve the requirement of not allowing the code to run if the version is $LATEST, the following two options can be used:

Option A: Get function version from Context object In this option, the getFunctionVersion method of the Context object can be used to retrieve the version of the Lambda function that is currently running. If the version is $LATEST, an error message can be thrown, and the execution can be stopped. This method returns the version number as a string.

Option C: Use the AWS_LAMBDA_FUNCTION_VERSION environment variable In this option, the AWS_LAMBDA_FUNCTION_VERSION environment variable can be used to retrieve the version of the Lambda function that is currently running. This environment variable is set by AWS Lambda and is available to the Lambda function at runtime. If the value of this variable is $LATEST, an error message can be thrown, and the execution can be stopped.

Option B and D are not correct options for this requirement. The Get invokedLambdaARN method in Option B returns the ARN of the Lambda function that triggered the current invocation, which does not provide the information about the version of the function. The AWS_LAMBDA_FUNCTION_ALIAS environment variable in Option D is used to retrieve the alias of the Lambda function that is currently running, which is not relevant for this requirement.

In summary, the two options to achieve the requirement of not allowing the code to run if the version is $LATEST are to use the getFunctionVersion method of the Context object or the AWS_LAMBDA_FUNCTION_VERSION environment variable.

Prev Question Next Question