How do I identify the cause of Lambda function invocation spikes?

Resolution

Detect the increased invocation requests

Set up an Amazon CloudWatch alarm for Lambda function invocations, errors, or throttle metrics. The alarm then notifies the user of the number of invocation requests. For instructions, see Create a CloudWatch alarm based on a static threshold.

Stop the increased invocation requests

Use reserved concurrency and set the amount of concurrency to 0 to throttle all function invocations. For more information, see Configuring reserved concurrency.

Identify the cause of the invocation requests spike

Use these best practices to identify the cause of the invocation spike.

• Turn on AWS CloudTrail data events. The Lambda invoke API actions are then logged in CloudTrail for analysis of patterns and the source of the invocations.
• Check the CloudWatch Metrics for Errors and Throttles. For asynchronous invocations, Lambda retries errors up to two times by default. The throttled request is retried until the event reaches Maximum age of event. For more information, see Configuring error handling for asynchronous invocation.
• Log the event object for the Lambda function. The event object provides the Lambda function data and metadata.
• Be sure that the client or source application isn't undergoing a DDoS attack that invokes the Lambda function into unexpected spikes.
• Don't use recursive function code in the Lambda function. Recursive Lambda function code calls itself until the condition is met. This results in unexpected function invocations and billing charges. For more information, see Best practices for working with AWS Lambda functions.

Related information

Recursive patterns that cause run-away Lambda functions

Using AWS Lambda with Amazon S3