Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable and Configure Reserved Concurrency

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the Reserved Concurrency feature is enabled and configured for your Amazon Lambda functions. Enabling reserved concurrency ensures predictable performance and cost control for your Lambda functions by limiting the number of concurrent executions.

Security
Reliability
Operational
excellence
Cost
optimisation
Sustainability

Reserved concurrency in Amazon Lambda allows you to set a limit on the number of concurrent executions for a specific Lambda function, ensuring it doesn't exceed that limit even during spikes in traffic. Setting a concurrent execution limit at the Lambda function level ensures predictable scaling, prevents excessive resource usage, and enhances cost control and performance.


Audit

To determine if your Amazon Lambda functions are configured to use reserved concurrency, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Lambda console at https://console.aws.amazon.com/lambda/.

03 In the left navigation panel, under AWS Lambda, choose Functions.

04 Click on the name (link) of the Amazon Lambda function that you want to examine.

05 Select the Configuration tab and choose Concurrency to access the concurrency settings configured for the selected Lambda resource.

06 In the Concurrency section, check the Function concurrency attribute value. If Function concurrency is set toUse unreserved account concurrency, the Reserved Concurrency feature is not enabled for the selected Amazon Lambda function.

07 Repeat steps no. 4 – 6 for each Amazon Lambda function created within the current AWS cloud region.

08 Change the AWS cloud region from the navigation bar and repeat the Audit process for the other AWS regions.

Using AWS CLI

01 Run list-functions command (OSX/Linux/UNIX) to list the name of each Amazon Lambda function available in the selected AWS cloud region:

aws lambda list-functions
  --region us-east-1
  --output table
  --query 'Functions[*].FunctionName'

02 The command output should return a table with the requested function name(s):

---------------------------------
|         ListFunctions         |
+-------------------------------+
|  cc-process-stream-function   |
|  cc-dynamo-exporter-function  |
+-------------------------------+

03 Run get-function-concurrency command (OSX/Linux/UNIX) using the name of the Amazon Lambda function that you want to examine as the identifier parameter, to determine if the Reserved Concurrency feature is enabled for the selected Lambda function:

aws lambda get-function-concurrency 
  --region us-east-1 
  --function-name cc-process-stream-function

04 The command output should return the reserved concurrency configuration information available for the selected function. If the get-function-concurrency command does not return an output, the Reserved Concurrency feature is not enabled for the selected Amazon Lambda function.

05 Repeat steps no. 3 and 4 for each Amazon Lambda function available in the selected AWS cloud region.

06 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 – 5 to perform the Audit process for other AWS regions.

Remediation / Resolution

To enable and configure the Reserved Concurrency feature for your Amazon Lambda functions, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon Lambda console at https://console.aws.amazon.com/lambda/.

03 In the left navigation panel, under AWS Lambda, choose Functions.

04 Click on the name (link) of the Amazon Lambda function that you want to examine.

05 Select the Configuration tab and choose Edit from the Concurrency section.

06 On the Edit concurrency configuration page, select Reserve concurrency under Concurrency, and enter the amount of concurrency to reserve for the selected Lambda function. Choose Save to apply the configuration changes.

07 Repeat steps no. 4 – 6 for each Amazon Lambda function that you want to configure, available within the current AWS region.

08 Change the AWS cloud region from the navigation bar and repeat the Remediation process for the other AWS regions.

Using AWS CLI

01 Run put-function-concurrency command (OSX/Linux/UNIX) using the name of the Amazon Lambda function that you want to configure as the identifier parameter, to configure reserved concurrency for the selected Lambda function:

aws lambda put-function-concurrency 
  --function-name cc-process-stream-function 
  --reserved-concurrent-executions 150

02 The command output should return the number of reserved concurrent executions configured for the specified function:

{
	"ReservedConcurrentExecutions": 150
} 

03 Repeat steps no. 1 and 2 for each Amazon Lambda function that you want to configure, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat steps no. 1 – 3 to perform the Remediation process for other AWS regions.

References

Publication date Oct 20, 2023