Handling uniqueness with Lambda SnapStart
When invocations scale up on a SnapStart function, Lambda uses a single initialized snapshot to resume multiple execution environments. If your initialization code generates unique content that is included in the snapshot, then the content might not be unique when it is reused across execution environments. To maintain uniqueness when using SnapStart, you must generate unique content after initialization. This includes unique IDs, unique secrets, and entropy that's used to generate pseudorandomness.
We recommend the following best practices to help you maintain uniqueness in your code. Lambda also provides an open-source SnapStart scanning tool to help check for code that assumes uniqueness. If you generate unique data during the initialization phase, then you can use a runtime hook to restore uniqueness. With runtime hooks, you can run specific code immediately before Lambda takes a snapshot or immediately after Lambda resumes a function from a snapshot.
Avoid saving state that depends on uniqueness during initialization
During the initialization phase of your function, avoid caching data that's intended to be unique, such as generating a unique ID for logging. Instead, we recommend that you generate unique data inside your function handler or use a runtime hook.
Example – Generating a unique ID in function handler
The following example demonstrates how to generate a UUID in the function handler.
import java.util.UUID; public class Handler implements RequestHandler<String, String> { private static UUID uniqueSandboxId = null; @Override public String handleRequest(String event, Context context) {
if (uniqueSandboxId == null) uniqueSandboxId = UUID.randomUUID();
System.out.println("Unique Sandbox Id: " + uniqueSandboxId); return "Hello, World!"; } }
Use cryptographically secure pseudorandom number generators (CSPRNGs)
If your application depends on randomness, we recommend that you use cryptographically secure random number
generators (CSPRNGs). The Lambda managed runtime for Java includes two built-in CSPRNGs (OpenSSL 1.0.2 and
java.security.SecureRandom
) that automatically maintain randomness with SnapStart. Software that
always gets random numbers from /dev/random
or /dev/urandom
also maintains randomness
with SnapStart.
Example – java.security.SecureRandom
The following example uses java.security.SecureRandom
, which generates unique number sequences even when the function is restored from a snapshot.
import java.security.SecureRandom; public class Handler implements RequestHandler<String, String> {
private static SecureRandom rng = new SecureRandom();
@Override public String handleRequest(String event, Context context) { for (int i = 0; i < 10; i++) { System.out.println(rng.next()); } return "Hello, World!"; } }
SnapStart scanning tool
Lambda provides a scanning tool to help you check for code that assumes uniqueness. The SnapStart scanning
tool is an open-source SpotBugs
To learn more about handling uniqueness with SnapStart, see Starting up faster with Amazon Lambda SnapStart