New serverless pattern - lambda-managed-instances

lambda-managed-instances-cdk-ts/.gitignore

@@ -0,0 +1,65 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
+
+# Parcel default cache directory
+.parcel-cache
+
+# npm
+npm-debug.log*
+.npm
+
+# Yarn
+yarn-error.log
+
+# IDEs
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Dependency directories
+jspm_packages/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# AWS SAM
+.aws-sam/

lambda-managed-instances-cdk-ts/README.md

@@ -0,0 +1,131 @@
+# Lambda Managed Instances with AWS CDK TypeScript
+
+This pattern demonstrates how to create and deploy AWS Lambda Managed Instances using AWS CDK in TypeScript. Lambda Managed Instances allow you to run Lambda functions on dedicated EC2 instances for workloads that require more control over the underlying infrastructure.
+
+Learn more about this pattern at Serverless Land Patterns: [Lambda Managed Instances](https://serverlessland.com/patterns/lambda-managed-instances)
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Node.js](https://nodejs.org/) (version 18.x or later)
+* [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html) installed (`npm install -g aws-cdk`)
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+
+## Architecture
+
+This CDK stack creates:
+
+1. **IAM Roles**: 
+   - Lambda execution role with basic execution permissions
+   - Capacity provider operator role for managing EC2 instances
+
+2. **VPC Resources**:
+   - New VPC with CIDR 10.0.0.0/16
+   - Private subnet with NAT Gateway for outbound internet access
+   - Security group for Lambda Managed Instances
+
+3. **Lambda Capacity Provider**:
+   - Manages EC2 instances (x86_64 architecture)
+   - Maximum 30 vCPUs scaling configuration
+
+4. **Lambda Function**:
+   - Node.js 20.x runtime
+   - 2048 MB memory allocation
+   - 512 MB ephemeral storage
+   - Configured to use the managed instances capacity provider
+
+## Deployment Instructions
+
+1. Clone this repository and navigate to the pattern directory:
+    ```bash
+    cd lambda-managed-instances-cdk-ts
+    ```
+
+2. Install dependencies:
+    ```bash
+    npm install
+    ```
+
+3. Build the TypeScript code:
+    ```bash
+    npm run build
+    ```
+
+4. Bootstrap CDK (if you haven't done this before in your account/region):
+    ```bash
+    cdk bootstrap
+    ```
+
+5. Deploy the stack:
+    ```bash
+    cdk deploy
+    ```
+
+6. Note the outputs from the CDK deployment process. These contain the resource names and ARNs which are used for testing.
+
+## How it works
+
+1. **Infrastructure Setup**: The CDK creates all necessary infrastructure including VPC, subnets, security groups, and IAM roles.
+
+2. **Capacity Provider**: A Lambda capacity provider is created that manages EC2 instances in your VPC. This provider can scale up to 30 vCPUs based on demand.
+
+3. **Lambda Function**: The Lambda function is configured to use the managed instances capacity provider instead of the standard serverless execution environment.
+
+4. **Function Execution**: When invoked, the Lambda function runs on dedicated EC2 instances managed by the capacity provider, providing more control over the execution environment.
+
+## Testing
+
+1. Test the Lambda function using the AWS CLI:
+    ```bash
+    aws lambda invoke \
+      --function-name my-managed-instance-function \
+      --payload '{"test": "data"}' \
+      response.json
+    ```
+
+2. Check the response:
+    ```bash
+    cat response.json
+    ```
+
+3. You should see a response like:
+    ```json
+    {
+      "statusCode": 200,
+      "body": "{\"message\":\"Hello from Lambda Managed Instances!\",\"event\":{\"test\":\"data\"}}"
+    }
+    ```
+
+4. Monitor the function execution in CloudWatch Logs to see the detailed execution logs.
+
+## Useful CDK Commands
+
+* `npm run build`   - compile typescript to js
+* `npm run watch`   - watch for changes and compile
+* `cdk deploy`      - deploy this stack to your default AWS account/region
+* `cdk diff`        - compare deployed stack with current state
+* `cdk synth`       - emits the synthesized CloudFormation template
+* `cdk destroy`     - delete the stack
+
+## Cleanup
+
+1. Delete the stack:
+    ```bash
+    cdk destroy
+    ```
+
+2. Confirm when prompted to delete the stack and all its resources.
+
+## Notes
+
+- Lambda Managed Instances require VPC configuration and have different networking requirements compared to standard Lambda functions.
+- The capacity provider manages EC2 instances automatically, scaling based on function invocation demand.
+- This pattern is suitable for workloads that need more control over the execution environment or have specific networking requirements.
+
+----
+Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

lambda-managed-instances-cdk-ts/bin/lambda-managed-instances-cdk-ts.ts

@@ -0,0 +1,21 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { LambdaManagedInstancesStack } from '../lib/lambda-managed-instances-stack';
+
+const app = new cdk.App();
+new LambdaManagedInstancesStack(app, 'LambdaManagedInstancesStack', {
+  /* If you don't specify 'env', this stack will be environment-agnostic.
+   * Account/Region-dependent features and context lookups will not work,
+   * but a single synthesized template can be deployed anywhere. */
+
+  /* Uncomment the next line to specialize this stack for the AWS Account
+   * and Region that are implied by the current CLI configuration. */
+  // env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
+
+  /* Uncomment the next line if you know exactly what Account and Region you
+   * want to deploy the stack to. */
+  // env: { account: '123456789012', region: 'us-east-1' },
+
+  /* For more information, see https://docs.aws.amazon.com/cdk/latest/guide/environments.html */
+});

lambda-managed-instances-cdk-ts/cdk.json

@@ -0,0 +1,65 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/lambda-managed-instances-cdk-ts.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/core:bootstrapQualifier": "simple",
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableLogging": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForSourceAction": true
+  }
+}

lambda-managed-instances-cdk-ts/example-pattern.json

@@ -0,0 +1,63 @@
+{
+  "title": "Lambda Managed Instances with CDK TypeScript",
+  "description": "Create AWS Lambda Managed Instances using AWS CDK in TypeScript.",
+  "language": "TypeScript",
+  "level": "300",
+  "framework": "AWS CDK",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "This sample project demonstrates how to create and deploy AWS Lambda Managed Instances using AWS CDK in TypeScript. Lambda Managed Instances allow you to run Lambda functions on dedicated EC2 instances for workloads that require more control over the underlying infrastructure.",
+      "The pattern creates all necessary infrastructure including VPC, subnets, security groups, IAM roles, and a Lambda capacity provider that manages EC2 instances. The Lambda function is configured to use the managed instances capacity provider instead of the standard serverless execution environment.",
+      "This pattern deploys a VPC with public and private subnets, NAT Gateway, Lambda capacity provider, Lambda function with Node.js runtime, and all required IAM roles and policies."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/lambda-managed-instances-cdk-ts",
+      "templateURL": "serverless-patterns/lambda-managed-instances-cdk-ts",
+      "projectFolder": "lambda-managed-instances-cdk-ts",
+      "templateFile": "lambda-managed-instances-stack.ts"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Lambda Managed Instances Documentation",
+        "link": "https://docs.aws.amazon.com/lambda/latest/dg/managed-instances.html"
+      },
+      {
+        "text": "AWS Lambda Developer Guide",
+        "link": "https://docs.aws.amazon.com/lambda/latest/dg/"
+      },
+      {
+        "text": "AWS CDK TypeScript Reference",
+        "link": "https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda-readme.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "cdk deploy"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "Delete the stack: <code>cdk destroy</code>."
+    ]
+  },
+  "authors": [
+    {
+      "name": "AWS Serverless Patterns",
+      "image": "https://serverlessland.com/assets/images/logos/serverless-land-logo.png",
+      "bio": "AWS Serverless Patterns Collection",
+      "linkedin": "",
+      "twitter": "AWSOpen"
+    }
+  ]
+}