1 Answer
- Newest
- Most votes
- Most comments
2
Good work on the research there - it clearly shows the delineation between the AWS and customer responsibilities.
If you are using a custom runtime then you are responsible for patches for that runtime. In the second diagram at the bottom-right you can see the Execution Environment - with a custom runtime the customer is responsible for maintaining all of that.
The AWS responsibility starts at the Lambda Sandbox which will include some level of "operating system" (definitions are going to be blurry at this level).
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
Thanks for answering! I'd like to try to clarify my understanding of the scope of the Execution Environment a bit further.
Focusing on the use case of deploying a Lambda function as a .zip archive and providing a custom runtime via a Lambda Layer, my understanding is that the custom runtime layer is simply a collection of files that includes the custom runtime and an executable
bootstrap
file. Is it accurate to think about the Lambda Sandbox as a container image that AWS is responsible for patching, and the custom runtime layer as a bind mount where we're just injecting files into the container at runtime?To put it another way, is there anything inside the Execution Environment other than function code, layer code, and the custom runtime that the customer would need to patch?
Your understanding is correct. Another way to put it is that anything that the customer provides is their responsibility to patch. Because the Lambda execution environment is being supplied by AWS it's the responsibility of AWS to patch.