Migration from Azure Functions to AWS Lambda with AWS Lambda Container Image Support

AWS Lambda Container Image Support was announced at AWS re:Invent 2020!

What is AWS Lambda Container Image Support?

With the release of AWS Lambda Container Image Support, AWS Lambda can now take advantage of Docker container images in Lambda.

By using Docker images, you can take advantage of library-dependent packages (such as the AWS CLI) that were previously difficult to use in Lambda, and run Docker container-based applications in Lambda.

Use cases of AWS Lambda Container Image Support

Here are some use cases for AWS Lambda Container Image Support.

1. Running the AWS CLI in Lambda

Now it is possible to use features or commands on Lambda that depend on OS libraries or specific packages.

For example, if you want to use "s3 sync", which is not available in the AWS SDK, you can use it by installing the AWS CLI on the Docker image.

2. Migrating a serverless environment running on other platforms

Serverless applications that run on Docker container images, such as Azure Functions, can also run on Lambda.

For example, if your Web-API server container application is running on Azure Functions, you can consider moving it to Lambda by using the Proxy library and Amazon API Gateway.

In this case, we will assume this use case and create a sample application to validate the migration to Lambda.

We used a Azure Functions sample application and validated the migration to Lambda.

Migration approach

How to migrate

We Installed the AWS Lambda Runtime Interface Client, based on the Azure Functions Container Image.

We added a Lambda handler to this container and configure the Dockerfile so that the entrypoint specifies the handler.

Example of Dockerfile configuration:

# Azure Functions Container
FROM xblood/azurefunctionsimage:v1.0.0

ARG FUNCTION_DIR="/home/app/"
ARG RUNTIME_VERSION
ARG DISTRO_VERSION

RUN apt-get install -y libtool autoconf automake make cmake
# build-base, libexecinfo-dev, libcurl
RUN apt-get install -y curl build-essential
RUN pip install awscli
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_SESSION_TOKEN
ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
ENV AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
RUN mkdir -p ${FUNCTION_DIR}

# Copy Lambda Handler
COPY handler.py ${FUNCTION_DIR}

# Install AWS Lambda Runtime Interface Client
RUN python${RUNTIME_VERSION} -m pip install \
    awslambdaric \
    --target /home/app/

WORKDIR ${FUNCTION_DIR}

# Set the CMD to handler
ENTRYPOINT [ "/usr/local/bin/python", "-m", "awslambdaruntimeclient" ]
CMD [ "handler.lambda_handler" ]

The xblood/azurefunctionsimage specified in this Dockerfile is a pre-built image based on Azure Functions tutorial.

Building Docker Image

In this example, we built the container by executing the following command.

docker build . \
-f Dockerfile \
-t lambda-container-image \
--build-arg AWS_ACCESS_KEY_ID="[YOUR AWS ACCESS KEY ID]" \
--build-arg AWS_SECRET_ACCESS_KEY="[YOUR AWS SECRET ACCESS KEY]" \
--build-arg RUNTIME_VERSION="3.8" \
--build-arg DISTRO_VERSION="3.12"

Push to ECR

We set tags on the Docker image and pushed it to Amazon Elastic Container Registry (ECR).
ECR repository must be created and the login to ECR is required beforehand.

docker push xxxxxxxxxxxx.dkr.ekr.sa-east-1.amazonaws.com/lambda-container-image:latest

Creating Lambda Function

Next, we created a Lambda Function using AWS Lambda Container Image Support.

In this case, we created the IAM role in advance with the following policy.

Example IAM role policy ( lambda-container-image-iam-role )

{
   "Statement":[[
      {
         "Sid": "VisualEditor0",
         "Effect": "Allow",
         "Action":["Action":[
            "ecr:SetRepositoryPolicy",
            "ecr:GetRepositoryPolicy"
         ],
         "Resource": "arn:aws:ecr:<region>:<account>:repository/<repo name>/"
      }
   ]
}

Specify the ImageUri option, added by AWS Lambda Container Image Support, for the container image you have just pushed to the ECR.

Aws lambda create-function
--function-name lambda-container-image-function
--package-type Image
--Image URI=xxxxxxxxxxxxxxxxxxxx.dkr.ekr.sa-east-1.amazonaws.com/lambda-container-image:latest
--role arn:aws:iam::xxxxxxxxxxxxxxxxxxxxx:role/lambda-container-image-iam-role

Launch Lambda Function

We tested the Lambda function from the AWS Management Console and confirmed the Lambda function has been successfully executed.

For a more practical use case

In this article, we have used sample code for validation purposes. However, when migrating a real serverless application to AWS Lambda, or in a multi-cloud strategy, you need to consider the dependencies of each cloud vendor with their interfaces.

Nowadays, in some cases, this can be solved by leveraging libraries such as Serverless Multicloud Library.

Take advantage of AWS Lambda with MMM!

We have been certified as an AWS Service Delivery Partner (AWS Lambda Partner). We have a strong technical expertise and a proven track record in the business use of AWS Lambda, including the new AWS Lambda Container Image Support feature.

Including the new AWS Lambda Container Image Support feature, we are strongly good at embedding the advantages of the cloud - flexibility and agility - into our customers' businesses by using a wide variety of AWS managed services in a best-practice manner.

Find more information at Serverless Architecture (AWS Lambda), and feel free to contact us at https://mmmcorp.co.jp/inquiry !

デロイト トーマツ ウェブサービス株式会社(DWS)

デロイト トーマツ ウェブサービス株式会社はアマゾン ウェブ サービス（AWS）に 専門性や実績を認定された公式パートナーです。