aws-lambda

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AWS Lambda Serverless Development

AWS Lambda 无服务器开发

Design, build, deploy, and debug serverless applications with AWS serverless services. This skill provides access to serverless development guidance through the AWS Serverless MCP Server, helping you to build production-ready serverless applications with best practices built-in.

Use SAM CLI for project initialization and deployment, Lambda Web Adapter for web applications, or Event Source Mappings for event-driven architectures. AWS handles infrastructure provisioning, scaling, and monitoring automatically.

Key capabilities:

SAM CLI Integration: Initialize, build, deploy, and test serverless applications
Web Application Deployment: Deploy full-stack applications with Lambda Web Adapter
Event Source Mappings: Configure Lambda triggers for DynamoDB, Kinesis, SQS, Kafka
Lambda durable functions: Resilient multi-step applications with checkpointing — see the durable-functions skill for guidance
Schema Management: Type-safe EventBridge integration with schema registry
Observability: CloudWatch logs, metrics, and X-Ray tracing
Performance Optimization: Right-sizing, cost optimization, and troubleshooting

使用AWS无服务器服务设计、构建、部署和调试无服务器应用。本技能通过AWS Serverless MCP Server提供无服务器开发指导，帮助您构建内置最佳实践的生产级无服务器应用。

使用SAM CLI进行项目初始化与部署，使用Lambda Web Adapter部署Web应用，或使用Event Source Mappings构建事件驱动架构。AWS会自动处理基础设施配置、扩缩容与监控。

核心功能：

SAM CLI 集成：初始化、构建、部署和测试无服务器应用
Web应用部署：通过Lambda Web Adapter部署全栈应用
事件源映射：为DynamoDB、Kinesis、SQS、Kafka配置Lambda触发器
Lambda 持久化函数：支持检查点的弹性多步骤应用——详见持久化函数技能获取指导
Schema管理：与schema注册表集成的类型安全EventBridge
可观测性：CloudWatch日志、指标与X-Ray追踪
性能优化：资源合理配置、成本优化与故障排查

When to Load Reference Files

何时加载参考文件

Load the appropriate reference file based on what the user is working on:

Getting started, what to build, project type decision, or working with existing projects -> see references/getting-started.md
SAM, CDK, deployment, IaC templates, CDK constructs, or CI/CD pipelines -> see the aws-serverless-deployment skill (separate skill in this plugin)
Web app deployment, Lambda Web Adapter, API endpoints, CORS, authentication, custom domains, or sam local start-api -> see references/web-app-deployment.md
Event sources, DynamoDB Streams, Kinesis, SQS, Kafka, S3 notifications, or SNS -> see references/event-sources.md
EventBridge, event bus, event patterns, event design, Pipes, or schema registry -> see references/event-driven-architecture.md
Durable functions, checkpointing, replay model, saga pattern, or long-running Lambda workflows -> see the durable-functions skill (separate skill in this plugin with full SDK reference, testing, and deployment guides)
Orchestration, workflows, or Durable Functions vs Step Functions -> see references/orchestration-and-workflows.md
Step Functions, ASL, state machines, JSONata, Distributed Map, or SDK integrations -> see references/step-functions.md
Step Functions testing, TestState API, mocking service integrations, or state machine unit tests -> see references/step-functions-testing.md
Observability, logging, tracing, metrics, alarms, or dashboards -> see references/observability.md
Optimization, cold starts, memory tuning, cost, or streaming -> see references/optimization.md
Powertools, idempotency, feature flags, parameters, parser, batch processing, or data masking -> see references/powertools.md
Troubleshooting, errors, debugging, or deployment failures -> see references/troubleshooting.md

根据用户的工作内容加载对应的参考文件：

入门指南、构建方向、项目类型选择或现有项目开发 -> 查看references/getting-started.md
SAM、CDK、部署、IaC模板、CDK构造或CI/CD流水线 -> 查看aws-serverless-deployment技能（本插件中的独立技能）
Web应用部署、Lambda Web Adapter、API端点、CORS、身份验证、自定义域名或sam local start-api -> 查看references/web-app-deployment.md
事件源、DynamoDB Streams、Kinesis、SQS、Kafka、S3通知或SNS -> 查看references/event-sources.md
EventBridge、事件总线、事件模式、事件设计、Pipes或schema注册表 -> 查看references/event-driven-architecture.md
持久化函数、检查点、重放模型、Saga模式或长运行Lambda工作流 -> 查看持久化函数技能（本插件中的独立技能，包含完整SDK参考、测试与部署指南）
编排、工作流或Durable Functions vs Step Functions -> 查看references/orchestration-and-workflows.md
Step Functions、ASL、状态机、JSONata、Distributed Map或SDK集成 -> 查看references/step-functions.md
Step Functions测试、TestState API、服务集成模拟或状态机单元测试 -> 查看references/step-functions-testing.md
可观测性、日志、追踪、指标、告警或仪表板 -> 查看references/observability.md
优化、冷启动、内存调优、成本或流处理 -> 查看references/optimization.md
Powertools、幂等性、功能开关、参数、解析器、批处理或数据掩码 -> 查看references/powertools.md
故障排查、错误、调试或部署失败 -> 查看references/troubleshooting.md

Best Practices

最佳实践

Project Setup

项目设置

Do: Use
```
sam_init
```
or
```
cdk init
```
with an appropriate template for your use case
Do: Set global defaults for timeout, memory, runtime, and tracing (
```
Globals
```
in SAM, construct props in CDK)
Do: Use AWS Lambda Powertools for structured logging, tracing, metrics (EMF), idempotency, and batch processing — available for Python, TypeScript, Java, and .NET
Don't: Copy-paste templates from the internet without understanding the resource configuration
Don't: Use the same memory and timeout values for all functions regardless of workload

建议：使用
```
sam_init
```
或
```
cdk init
```
并选择适合您场景的模板
建议：设置超时时间、内存、运行时与追踪的全局默认值（SAM中的
```
Globals
```
，CDK中的构造属性）
建议：使用AWS Lambda Powertools实现结构化日志、追踪、指标（EMF）、幂等性与批处理——支持Python、TypeScript、Java与.NET
不建议：未经理解资源配置就从互联网复制粘贴模板
不建议：所有函数都使用相同的内存与超时值，不考虑工作负载差异

Security

安全

Do: Follow least-privilege IAM policies scoped to specific resources and actions
Do: Use
```
secure_esm_*
```
tools to generate correct IAM policies for event source mappings
Do: Store secrets in AWS Secrets Manager or SSM Parameter Store, never in environment variables
Do: Use VPC endpoints instead of NAT Gateways for AWS service access when possible
Do: Enable Amazon GuardDuty Lambda Protection to monitor function network activity for threats (cryptocurrency mining, data exfiltration, C2 callbacks)
Don't: Use wildcard (
```
*
```
) resource ARNs or actions in IAM policies
Don't: Hardcode credentials or secrets in application code or templates
Don't: Store user data or sensitive information in module-level variables — execution environments can be reused across different callers

建议：遵循最小权限原则，为IAM策略限定特定资源与操作
建议：使用
```
secure_esm_*
```
工具为事件源映射生成正确的IAM策略
建议：将密钥存储在AWS Secrets Manager或SSM Parameter Store中，绝不要存储在环境变量里
建议：尽可能使用VPC端点而非NAT网关访问AWS服务
建议：启用Amazon GuardDuty Lambda Protection以监控函数网络活动中的威胁（加密货币挖矿、数据泄露、C2回调）
不建议：在IAM策略中使用通配符（
```
*
```
）资源ARN或操作
不建议：在应用代码或模板中硬编码凭证或密钥
不建议：在模块级变量中存储用户数据或敏感信息——执行环境可能会被不同调用者复用

Idempotency

幂等性

Do: Write idempotent function code — Lambda delivers events at least once, so duplicate invocations must be safe
Do: Use the AWS Lambda Powertools Idempotency utility (backed by DynamoDB) for critical operations
Do: Validate and deduplicate events at the start of the handler before performing side effects
Don't: Assume an event will only ever be processed once

For topic-specific best practices, see the dedicated guide files in the reference table above.

建议：编写幂等的函数代码——Lambda会至少一次投递事件，因此重复调用必须是安全的
建议：对关键操作使用AWS Lambda Powertools幂等性工具（基于DynamoDB）
建议：在执行副作用操作前，先在处理程序开头验证并去重事件
不建议：假设事件只会被处理一次

如需特定主题的最佳实践，请查看上述参考表格中的专用指南文件。

Lambda Limits Quick Reference

Lambda 限制速查

Limits that developers commonly hit:

Resource	Limit
Function timeout	900 seconds (15 minutes)
Memory	128 MB – 10,240 MB
1 vCPU equivalent	1,769 MB memory
Synchronous payload (request + response)	6 MB each
Async invocation payload	1 MB
Streamed response	200 MB
Deployment package (.zip, uncompressed)	250 MB
Deployment package (.zip upload, compressed)	50 MB
Container image	10 GB
Layers per function	5
Environment variables (aggregate)	4 KB
`/tmp` ephemeral storage	512 MB – 10,240 MB
Account concurrent executions (default)	1,000 (requestable increase)
Burst scaling rate	1,000 new executions per 10 seconds

Check Service Quotas for your account limits:

aws lambda get-account-settings

开发者常遇到的限制：

资源	限制值
函数超时时间	900秒（15分钟）
内存	128 MB – 10,240 MB
1 vCPU 等效配置	1,769 MB 内存
同步负载（请求+响应）	6 MB 每侧
异步调用负载	1 MB
流式响应	200 MB
部署包（.zip，未压缩）	250 MB
部署包（.zip 上传，压缩）	50 MB
容器镜像	10 GB
每个函数的层数	5
环境变量（总计）	4 KB
`/tmp` 临时存储	512 MB – 10,240 MB
账户并发执行数（默认）	1,000（可申请提高）
突发扩缩容速率	每10秒新增1,000次执行

查看您账户的服务配额：

aws lambda get-account-settings

Troubleshooting Quick Reference

故障排查速查

Error	Cause	Solution
`Build Failed`	Missing dependencies	Run `sam_build` with `use_container: true`
`Stack is in ROLLBACK_COMPLETE`	Previous deploy failed	Delete stack with `aws cloudformation delete-stack` , redeploy
`IteratorAge` increasing	Stream consumer falling behind	Increase `ParallelizationFactor` and `BatchSize` . Use `esm_optimize`
EventBridge events silently dropped	No DLQ, retries exhausted	Add `RetryPolicy` + `DeadLetterConfig` to rule target
Step Functions failing silently	No retry on Task state	Add `Retry` with `Lambda.ServiceException` , `Lambda.AWSLambdaException`
Durable Function not resuming	Missing IAM permissions	Add `lambda:CheckpointDurableExecution` and `lambda:GetDurableExecutionState` — see durable-functions skill

For detailed troubleshooting, see references/troubleshooting.md.

错误	原因	解决方案
`Build Failed`	缺少依赖项	使用 `use_container: true` 参数运行 `sam_build`
`Stack is in ROLLBACK_COMPLETE`	之前的部署失败	使用 `aws cloudformation delete-stack` 删除栈，重新部署
`IteratorAge` 持续增长	流处理消费者滞后	提高 `ParallelizationFactor` 与 `BatchSize` 。使用 `esm_optimize`
EventBridge 事件静默丢失	无死信队列，重试耗尽	为规则目标添加 `RetryPolicy` + `DeadLetterConfig`
Step Functions 静默失败	Task状态未配置重试	为 `Lambda.ServiceException` 、 `Lambda.AWSLambdaException` 添加 `Retry` 配置
持久化函数无法恢复	缺少IAM权限	添加 `lambda:CheckpointDurableExecution` 与 `lambda:GetDurableExecutionState` 权限——详见持久化函数技能

如需详细故障排查，请查看references/troubleshooting.md。

Configuration

配置

AWS CLI Setup

AWS CLI 设置

This skill requires that AWS credentials are configured on the host machine:

Verify access: Run

aws sts get-caller-identity

to confirm credentials are valid

本技能要求主机上已配置AWS凭证：

验证访问权限：运行

aws sts get-caller-identity

确认凭证有效

SAM CLI Setup

SAM CLI 设置

Install SAM CLI: Follow the SAM CLI installation guide
Verify: Run
```
sam --version
```

安装SAM CLI：遵循SAM CLI安装指南
验证：运行
```
sam --version
```

Container Runtime Setup

容器运行时设置

Install a Docker compatible container runtime: Required for
```
sam_local_invoke
```
and container-based builds
Verify: Use an appropriate command such as
```
docker --version
```
or
```
finch --version
```

安装兼容Docker的容器运行时：
```
sam_local_invoke
```
与基于容器的构建需要此环境
验证：运行相应命令，如
```
docker --version
```
或
```
finch --version
```

MCP Server Configuration

MCP Server 配置

Write access is enabled by default. The plugin ships with

--allow-write

.mcp.json

, so the MCP server can create projects, generate IaC, and deploy on behalf of the user.

Access to sensitive data (like Lambda and API Gateway logs) is not enabled by default. To grant it, add

--allow-sensitive-data-access

.mcp.json

默认启用写入权限。插件在

.mcp.json

中包含

--allow-write

配置，因此MCP Server可以代表用户创建项目、生成IaC并执行部署。

默认不启用对敏感数据（如Lambda与API Gateway日志）的访问权限。如需授权，请在

.mcp.json

中添加

--allow-sensitive-data-access

。

SAM Template Validation Hook

SAM 模板验证钩子

This plugin includes a

PostToolUse

hook that runs

sam validate

automatically after any edit to

template.yaml

template.yml

. If validation fails, the error is returned as a system message so you can fix it immediately. The hook requires SAM CLI and

jq

to be installed; if either is missing, validation is skipped with a system message. Users can disable it via

/hooks

Verify: Run

jq --version

本插件包含一个

PostToolUse

钩子，会在编辑

template.yaml

或

template.yml

后自动运行

sam validate

。若验证失败，错误会作为系统消息返回，您可立即修复。该钩子需要安装SAM CLI与

jq

；若缺少其中任意一项，会跳过验证并返回系统消息。用户可通过

/hooks

禁用此钩子。

验证：运行

jq --version

Language selection

语言选择

Default: TypeScript

Override syntax:

"use Python" → Generate Python code
"use JavaScript" → Generate JavaScript code

When not specified, ALWAYS use TypeScript

默认：TypeScript

覆盖语法：

"use Python" → 生成Python代码
"use JavaScript" → 生成JavaScript代码

未指定时，默认使用TypeScript

IaC framework selection

IaC 框架选择

Default: CDK