Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Configure Minimum Instances for Cloud Functions

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

To minimize cold start latency and enhance performance, ensure that your Google Cloud Functions have a sufficient number of warm instances configured.

Reliability
Performance
efficiency
Operational
excellence

Due to their stateless nature, Google Cloud functions can experience cold starts, which can impact latency. To minimize this, we strongly recommend setting a minimum number of function instances. Configuring a minimum number of instances for your functions ensures faster response times and better reliability by keeping some instances warm and ready, reducing the latency caused by cold starts. This is important for production, critical workloads with consistent traffic or low-latency requirements.

Audit

To determine if your Google Cloud functions are configured with a minimum number of instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Functions console available at https://console.cloud.google.com/functions/ to list the Google Cloud functions deployed for the selected GCP project.

04 Click on the name (link) of the function that you want to examine, listed in the Name column.

05 Select the DETAILS tab and check the Minimum instances attribute value, listed under General Information. If the Minimum instances value is set to 0 (zero), the selected Google Cloud function does not have a minimum number of instances configured despite being critical or latency-sensitive, leading to potential cold start delays and degraded performance.

06 Repeat steps no. 4 and 5 for each Google Cloud function created for the selected GCP project.

07 Repeat steps no. 2 - 6 for each project deployed within your Google Cloud account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom output filters to list the ID of each project available in your Google Cloud Platform (GCP) account: 

gcloud projects list
	--format="value(projectId)"

02 The command output should return the requested GCP project ID(s): 

cc-bigdata-project-123123
cc-iot-app-project-112233

03 Run functions list command (Windows/macOS/Linux) with the ID of the GCP project that you want to examine as the identifier parameter and custom output filters to describe the name and the region of each Google Cloud function deployed within the selected project: 

gcloud functions list
	--project cc-bigdata-project-123123
	--format="(NAME,REGION)"

04 The command output should return the requested function names and the associated regions: 

NAME: cc-project5-function
REGION: us-central1

NAME: tm-stream-function
REGION: us-central1

NAME: tm-vertex-function
REGION: us-central1

05 Run functions describe command (Windows/macOS/Linux) with the name of the Google Cloud function that you want to examine as the identifier parameter, to describe the minimum number of instances configured for the selected function: 

gcloud functions describe cc-project5-function
	--region=us-central1
	--format="json(serviceConfig.minInstanceCount)"

06 The command output should return the minimum number of function instances configured: 

null

If functions describe command output returns null, as shown in the example above, the selected Google Cloud function does not have a minimum number of instances configured. This can result in potential cold start delays and degraded performance, especially for critical or latency-sensitive functions.

07 Repeat steps no. 5 and 6 for each Google Cloud function created for the selected GCP project.

08 Repeat steps no. 3 – 8 for each GCP project deployed in your Google Cloud account.

Remediation / Resolution

To ensure that your Google Cloud Functions have a sufficient number of warm instances configured by setting the minimum number of function instances, perform the following operations:

Using GCP Console

01 Sign in to the Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to access from the console top navigation bar.

03 Navigate to Functions console available at https://console.cloud.google.com/functions/ to list the Google Cloud functions deployed for the selected GCP project.

04 Click on the name (link) of the function that you want to configure, listed in the Name column.

05 Choose EDIT, expand the Runtime, build, connections and security settings configuration panel, select the RUNTIME tab, and enter the minimum number of function instances in the Minimum number of instances box, under Autoscaling. The minimum number of function instances should be greater than zero and determined according to your workload's performance needs while staying within your organization's budget guidelines. Choose NEXT and DEPLOY to apply the changes and deploy a new revision for the selected function.

06 Repeat steps no. 4 and 5 for each Google Cloud function that you want to configure, available within the selected project.

07 Repeat steps no. 2 – 6 for each project deployed in your Google Cloud account.

Using GCP CLI

01 Run functions deploy command (Windows/macOS/Linux) with the name of the Google Cloud function that you want to configure as the identifier parameter, to set the minimum number of warm instances required by the selected function. The minimum number of function instances should be determined according to your workload's performance needs while staying within your organization's budget guidelines. The number should be greater than zero and cannot exceed 1000: 

gcloud functions deploy cc-project5-function
	--source=gs://gcf-v2-sources-123456789012-us-central1/cc-project5-function/function-source.zip
	--region=us-central1
	--runtime=nodejs20
	--trigger-http
	--min-instances=3

02 The command output should return the build information available for the redeployed function: 

buildConfig:
	automaticUpdatePolicy: {}
	build: projects/123456789012/locations/us-central1/builds/abcd1234-abcd-1234-abcd-1234abcd1234abcd
	dockerRegistry: ARTIFACT_REGISTRY
	dockerRepository: projects/cc-bigdata-project-123123/locations/us-central1/repositories/gcf-artifacts
	entryPoint: run-app
	runtime: nodejs20
	source:
		storageSource:
		bucket: gcf-v2-sources-123456789012-us-central1
		generation: '1730285369954566'
		object: cc-project5-function/function-source.zip
	sourceProvenance:
		resolvedStorageSource:
		bucket: gcf-v2-sources-123456789012-us-central1
		generation: '1730285369954566'
		object: cc-project5-function/function-source.zip
createTime: '2024-10-28T09:49:12.051881848Z'
environment: GEN_2
labels:
	deployment-tool: console-cloud
	name: projects/cc-bigdata-project-123123/locations/us-central1/functions/cc-project5-function
	serviceConfig:
	allTrafficOnLatestRevision: true
	availableCpu: 167m
	availableMemory: 256Mi
	environmentVariables:
		LOG_EXECUTION_ID: 'true'
	ingressSettings: ALLOW_ALL
	minInstanceCount: 3
	maxInstanceCount: 10
	maxInstanceRequestConcurrency: 1
	revision: cc-project5-function-00003-abc
	service: projects/cc-bigdata-project-123123/locations/us-central1/services/cc-project5-function
	serviceAccountEmail: 123456789012-compute@developer.gserviceaccount.com
	timeoutSeconds: 60
	uri: https://cc-project5-function-abcd1234abcd-uc.a.run.app
state: ACTIVE
updateTime: '2024-10-28T10:50:15.176254527Z'
url: https://us-central1-cc-bigdata-project-123123.cloudfunctions.net/cc-project5-function

03 Repeat steps no. 1 and 2 for each Google Cloud function that you want to configure, available in the selected project.

04 Repeat steps no. 1 – 3 for each GCP project deployed in your Google Cloud account.

References

Publication date Nov 20, 2024

Related CloudFunction rules