From 545284268250b8d8f9ee9277b9c4cf2aedb4da54 Mon Sep 17 00:00:00 2001 From: Justin Roberson Date: Mon, 17 Mar 2025 08:56:45 -0400 Subject: [PATCH] feat(lambda-promtail): allow setting Lambda reserved concurrency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For the uninitiated, from https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html > Reserved concurrency – This represents the maximum number of > concurrent instances allocated to your function. When a function has > reserved concurrency, no other function can use that concurrency. > Reserved concurrency is useful for ensuring that your most critical > functions always have enough concurrency to handle incoming requests. > Configuring reserved concurrency for a function incurs no additional > charges. Given this, being able to configure reserved concurrency will help in AWS accounts that utilize Lambda heavily (not just for lambda-promtail) in a few ways. Since reserved concurrency is the max concurrency a function can run, it means that a deluge of events being sent to lambda-promtail won't exhaust all of the Lambda concurrency for the entire AWS account's region. On the other hand, since setting reserved concurrency means that function will always have that amount of concurrency reserved just for it, it can mitigate issues with delayed log messages during periods of heavily Lambda usage since the lambda-promtail function will be guaranteed to be able to handle N number of events (N being the reserved concurrency) number of events at any given time. The default behavior in the Terraform AWS provider is to _not_ set any reserved concurrency. It uses the `-1` value to denote this. To preserve that behavior, the default value for the new input variable is `-1`. For the keen-eyed, _provisioned_ concurrency is a different thing to _reserved_ concurrency. _Reserved_ concurrency is configured on the `aws_lambda_function` resource, but _provisioned_ concurrency is configured via a separate resource `aws_lambda_provisioned_concurrency_config`. --- tools/lambda-promtail/main.tf | 2 ++ tools/lambda-promtail/variables.tf | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/tools/lambda-promtail/main.tf b/tools/lambda-promtail/main.tf index 7d7054b223525..5e9b5224b67fb 100644 --- a/tools/lambda-promtail/main.tf +++ b/tools/lambda-promtail/main.tf @@ -189,6 +189,8 @@ resource "aws_lambda_function" "this" { memory_size = 128 package_type = var.lambda_promtail_image == "" ? "Zip" : "Image" + reserved_concurrent_executions = var.lambda_reserved_concurrent_executions + # From the Terraform AWS Lambda docs: If both subnet_ids and security_group_ids are empty then vpc_config is considered to be empty or unset. vpc_config { # Every subnet should be able to reach an EFS mount target in the same Availability Zone. Cross-AZ mounts are not permitted. diff --git a/tools/lambda-promtail/variables.tf b/tools/lambda-promtail/variables.tf index 4639ca9229546..e5b22ffebbb45 100644 --- a/tools/lambda-promtail/variables.tf +++ b/tools/lambda-promtail/variables.tf @@ -102,6 +102,12 @@ variable "batch_size" { default = "" } +variable "lambda_reserved_concurrent_executions" { + type = number + description = "Amount of reserved concurrent executions for the Lambda function. A value of -1 removes any concurrency limitations. A value of 0 prevents the Lambda function from being triggered at all." + default = -1 +} + variable "lambda_vpc_subnets" { type = list(string) description = "List of subnet IDs associated with the Lambda function."