0

Because of Lambda’s ZIP deployment size limitation I’m changing the way I deploy my Lambda functions to use container image.

The deployed function is located within a VPC, so I have a NAT gateway within that VPC to allow public internet traffic, so I need to know if I need to add a VPC endpoints for the ECR services or not (to minimise the traffics going through the NAT gateway).

I’m not sure how/when the lambda pull the image from ECR. is it a 1-time pull that occur when deploying a new image version, or whenever a new lambda instance initialised (cold start)?

In the following post, it says

Lambda also optimizes the image and caches it close to where the functions runs so cold start times are the same as for .zip archives.

But its not clear whether if it’ll still use ECR to get the image or it’ll uses some dedicated location “close to the lambda” ?

Amer Sawan
  • 101
  • 1
  • 1
    An ECR endpoint should reduce NAT gateway usage, or eliminate it if it's not used for anything else. I don't know the answer to your other question, you could work it out by pushing an image, running a lambda, then pushing another image with a subtle difference like a print command when it starts. – Tim Oct 21 '22 at 19:38
  • Thanks @Tim, I'll check that manually as you mentioned, that will give accurate information about when the image exactly will get pulled. – Amer Sawan Oct 24 '22 at 07:47
  • To prevent content duplication, I'm removing this question, here is the same question posted on AWS re:post website that contains more detailed information. https://repost.aws/questions/QUUB4mNCLdTVGm_lUeGt8lsg/will-lambda-deployed-from-image-pull-the-ecr-image-on-every-startup – Amer Sawan Oct 24 '22 at 07:48

0 Answers0