Add content for Extensions API (preview)

Author: devlinbd2

doc_source/applications-tutorial.md

@@ -94,7 +94,7 @@ When the deployment process completes, invoke the function from the Lambda conso
 
 1. Choose **Test**\.
 
-The Lambda console executes your function and displays the result\. Expand the **Details** section under the result to see the output and execution details\.
+The Lambda console runs your function and displays the result\. Expand the **Details** section under the result to see the output and execution details\.
 
 ![\[\]](http://docs.aws.amazon.com/lambda/latest/dg/images/application-create-result.png)
 
@@ -326,7 +326,7 @@ You can continue to modify and use the sample to develop your own application\.
 
 1. Open the [Amazon S3 console](https://console.aws.amazon.com/s3)\.
 
-1. Delete the artifact bucket – **aws\-*us\-east\-2*\-*123456789012*\-my\-app\-pipe**\.
+1. Delete the artifact bucket – ***us\-east\-2*\-*123456789012*\-my\-app\-pipe**\.
 
 1. Return to the AWS CloudFormation console and delete the infrastructure stack – **serverlessrepo\-my\-app\-toolchain**\.
 

doc_source/applications-usecases.md

@@ -24,7 +24,7 @@ The diagram illustrates the following sequence:
 
 1. Amazon S3 invokes your Lambda function using the permissions provided by the [execution role](lambda-intro-execution-role.md)\.
 
-1. AWS Lambda executes the Lambda function, specifying the event as a parameter\.
+1. AWS Lambda runs the Lambda function, specifying the event as a parameter\.
 
 You configure Amazon S3 to invoke your function as a bucket notification action\. To grant Amazon S3 permission to invoke the function, update the function's [resource\-based policy](access-control-resource-based.md)\.
 

doc_source/best-practices.md

@@ -16,23 +16,23 @@ The following are recommended best practices for using AWS Lambda:
   	var foo = event.foo;
   	var bar = event.bar;
   	var result = MyLambdaFunction (foo, bar);
-   
+  
   	callback(null, result);
   }
-   
+  
   function MyLambdaFunction (foo, bar) {
   	// MyLambdaFunction logic here
   }
   ```
 + **Take advantage of execution context reuse to improve the performance of your function\.** Initialize SDK clients and database connections outside of the function handler, and cache static assets locally in the `/tmp` directory\. Subsequent invocations processed by the same instance of your function can reuse these resources\. This saves execution time and cost\.
 
-  To avoid potential data leaks across invocations, don’t use the execution context to store user data, events, or other information with security implications\. If your function relies on a mutable state that can’t be stored in memory within the handler, consider creating a separate function or separate versions of a function for each user\.
+  To avoid potential data leaks across invocations, don’t use the execution environment to store user data, events, or other information with security implications\. If your function relies on a mutable state that can’t be stored in memory within the handler, consider creating a separate function or separate versions of a function for each user\.
 + **Use a keep\-alive directive to maintain persistent connections\.** Lambda purges idle connections over time\. Attempting to reuse an idle connection when invoking a function will result in a connection error\. To maintain your persistent connection, use the keep\-alive directive associated with your runtime\. For an example, see [Reusing Connections with Keep\-Alive in Node\.js](https://docs.amazonaws.cn/en_us/sdk-for-javascript/v2/developer-guide/node-reusing-connections.html)\.
 + **Use [environment variables](configuration-envvars.md) to pass operational parameters to your function\.** For example, if you are writing to an Amazon S3 bucket, instead of hard\-coding the bucket name you are writing to, configure the bucket name as an environment variable\.
 + **Control the dependencies in your function's deployment package\. ** The AWS Lambda execution environment contains a number of libraries such as the AWS SDK for the Node\.js and Python runtimes \(a full list can be found here: [AWS Lambda runtimes](lambda-runtimes.md)\)\. To enable the latest set of features and security updates, Lambda will periodically update these libraries\. These updates may introduce subtle changes to the behavior of your Lambda function\. To have full control of the dependencies your function uses, package all of your dependencies with your deployment package\. 
 + **Minimize your deployment package size to its runtime necessities\. ** This will reduce the amount of time that it takes for your deployment package to be downloaded and unpacked ahead of invocation\. For functions authored in Java or \.NET Core, avoid uploading the entire AWS SDK library as part of your deployment package\. Instead, selectively depend on the modules which pick up components of the SDK you need \(e\.g\. DynamoDB, Amazon S3 SDK modules and [Lambda core libraries](https://github.com/aws/aws-lambda-java-libs)\)\. 
 + **Reduce the time it takes Lambda to unpack deployment packages** authored in Java by putting your dependency `.jar` files in a separate /lib directory\. This is faster than putting all your function’s code in a single jar with a large number of `.class` files\. See [AWS Lambda deployment package in Java](java-package.md) for instructions\.
-+ **Minimize the complexity of your dependencies\.** Prefer simpler frameworks that load quickly on [execution context](runtimes-context.md) startup\. For example, prefer simpler Java dependency injection \(IoC\) frameworks like [Dagger](https://google.github.io/dagger/) or [Guice](https://github.com/google/guice), over more complex ones like [Spring Framework](https://github.com/spring-projects/spring-framework)\. 
++ **Minimize the complexity of your dependencies\.** Prefer simpler frameworks that load quickly on [execution environment](runtimes-context.md) startup\. For example, prefer simpler Java dependency injection \(IoC\) frameworks like [Dagger](https://google.github.io/dagger/) or [Guice](https://github.com/google/guice), over more complex ones like [Spring Framework](https://github.com/spring-projects/spring-framework)\. 
 + **Avoid using recursive code** in your Lambda function, wherein the function automatically calls itself until some arbitrary criteria is met\. This could lead to unintended volume of function invocations and escalated costs\. If you do accidentally do so, set the function concurrent execution limit to `0` immediately to throttle all invocations to the function, while you update the code\.
 
 ## Function configuration<a name="function-configuration"></a>

doc_source/configuration-console.md

@@ -15,13 +15,13 @@ With the function node selected in the designer, you can modify the following se
 
 **Function settings**
 + **Code** – The code and dependencies of your function\. For scripting languages, you can edit your function code in the embedded [editor](code-editor.md)\. To add libraries, or for languages that the editor doesn't support, upload a [deployment package](gettingstarted-features.md#gettingstarted-features-package)\. If your deployment package is larger than 50 MB, choose **Upload a file from Amazon S3**\.
-+ **Runtime** – The [Lambda runtime](lambda-runtimes.md) that executes your function\.
-+ **Handler** – The method that the runtime executes when your function is invoked, such as `index.handler`\. The first value is the name of the file or module\. The second value is the name of the method\.
++ **Runtime** – The [Lambda runtime](lambda-runtimes.md) that runs your function\.
++ **Handler** – The method that the runtime runs when your function is invoked, such as `index.handler`\. The first value is the name of the file or module\. The second value is the name of the method\.
 + **Environment variables** – Key\-value pairs that Lambda sets in the execution environment\. [ Use environment variables](configuration-envvars.md) to extend your function's configuration outside of code\.
 + **Tags** – Key\-value pairs that Lambda attaches to your function resource\. [Use tags](configuration-tags.md) to organize Lambda functions into groups for cost reporting and filtering in the Lambda console\.
 
   Tags apply to the entire function, including all versions and aliases\.
-+ **Execution role** – The [IAM role](lambda-intro-execution-role.md) that AWS Lambda assumes when it executes your function\.
++ **Execution role** – The [IAM role](lambda-intro-execution-role.md) that AWS Lambda assumes when it runs your function\.
 + **Description** – A description of the function\.
 + **Memory**– The amount of memory available to the function during execution\. Choose an amount [between 128 MB and 3,008 MB](gettingstarted-limits.md) in 64\-MB increments\.
 

doc_source/configuration-envvars.md

@@ -27,10 +27,17 @@ You set environment variables on the unpublished version of your function by spe
 
 1. Choose **Save**\.
 
-Use environment variables to pass environment\-specific settings to your code\. For example, you can have two functions with the same code but different configuration\. One function connects to a test database, and the other connects to a production database\. In this situation, you use environment variables to tell the function the hostname and other connection details for the database\. You might also set an environment variable to configure your test environment to use more verbose logging or more detailed tracing\.
+Use environment variables to pass environment\-specific settings to your code\. For example, you can have two functions with the same code but different configuration\. One function connects to a test database, and the other connects to a production database\. In this situation, you use environment variables to tell the function the hostname and other connection details for the database\. 
+
+The following example shows how to define the database host and database name as environment variables\.
 
 ![\[\]](http://docs.aws.amazon.com/lambda/latest/dg/images/console-env.png)
 
+If you want your test environment to generate more debug information than the production environment, you could set an environment variable to configure your test environment to use more verbose logging or more detailed tracing\.
+
+**Note**  
+Environment variables are not evaluated prior to the function invocation\. Any value you define is considered a literal string and not expanded\. Perform the variable evaluation in the function code\.
+
 To retrieve environment variables in your function code, use the standard method for your programming language\.
 
 ------
@@ -99,6 +106,7 @@ Lambda [runtimes](lambda-runtimes.md) set several environment variables during i
 
 **Reserved environment variables**
 + `_HANDLER` – The handler location configured on the function\.
++ `_X_AMZN_TRACE_ID` – The [X\-Ray tracing header](services-xray.md)\.
 + `AWS_REGION` – The AWS Region where the Lambda function is executed\.
 + `AWS_EXECUTION_ENV` – The [runtime identifier](lambda-runtimes.md), prefixed by `AWS_Lambda_`—for example, `AWS_Lambda_java8`\.
 + `AWS_LAMBDA_FUNCTION_NAME` – The name of the function\.
@@ -120,7 +128,6 @@ The following additional environment variables aren't reserved and can be extend
 + `NODE_PATH` – \([Node\.js](lambda-nodejs.md)\) The Node\.js library path \(`/opt/nodejs/node12/node_modules/:/opt/nodejs/node_modules:$LAMBDA_RUNTIME_DIR/node_modules`\)\.
 + `PYTHONPATH` – \([Python 2\.7, 3\.6, 3\.8](lambda-python.md)\) The Python library path \(`$LAMBDA_RUNTIME_DIR`\)\.
 + `GEM_PATH` – \([Ruby](lambda-ruby.md)\) The Ruby library path \(`$LAMBDA_TASK_ROOT/vendor/bundle/ruby/2.5.0:/opt/ruby/gems/2.5.0`\)\.
-+ `_X_AMZN_TRACE_ID` – The [X\-Ray tracing header](services-xray.md)\.
 + `AWS_XRAY_CONTEXT_MISSING` – For X\-Ray tracing, Lambda sets this to `LOG_ERROR` to avoid throwing runtime errors from the X\-Ray SDK\.
 + `AWS_XRAY_DAEMON_ADDRESS` – For X\-Ray tracing, the IP address and port of the X\-Ray daemon\.
 

doc_source/configuration-filesystem.md

@@ -162,8 +162,7 @@ Resources:
       FileSystemConfigs:
       - 
         Arn: !Sub
-          - "arn:aws:elasticfilesystem:eu-central-1:123456789101:access-point/${ap}"
-          - {ap: !Ref AccessPoint}
+          - "arn:aws:elasticfilesystem:eu-central-1:123456789101:access-point/fsap-015cxmplb72b405fd"
         LocalMountPath: "/mnt/efs0"
     DependsOn: "MountTarget1"
 ```

doc_source/configuration-vpc.md

@@ -2,22 +2,6 @@
 
 You can configure a Lambda function to connect to private subnets in a virtual private cloud \(VPC\) in your AWS account\. Use Amazon Virtual Private Cloud \(Amazon VPC\) to create a private network for resources such as databases, cache instances, or internal services\. Connect your function to the VPC to access private resources during execution\.
 
-**To connect a function to a VPC**
-
-1. Open the Lambda console [Functions page](https://console.aws.amazon.com/lambda/home#/functions)\.
-
-1. Choose a function\.
-
-1. Under **VPC**, choose **Edit**\.
-
-1. For **VPC connection**, choose **Custom VPC**\.
-
-1. Choose a VPC, subnets, and security groups\.
-**Note**  
-Connect your function to private subnets to access private resources\. If your function needs internet access, use [network address translation \(NAT\)](#vpc-internet)\. Connecting a function to a public subnet doesn't give it internet access or a public IP address\.
-
-1. Choose **Save**\.
-
 When you connect a function to a VPC, Lambda creates an [elastic network interface](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ElasticNetworkInterfaces.html) for each combination of security group and subnet in your function's VPC configuration\. This process can take about a minute\.
 
 While Lambda creates a network interface, you can't perform additional operations that target the function, such as [creating versions](configuration-versions.md) or updating the function's code\. For new functions, you can't invoke the function until its state changes from `Pending` to `Active`\. For existing functions, you can still invoke an earlier version while the update is in progress\. For more information about function states, see [Monitoring the state of a function with the Lambda API](functions-states.md)\.
@@ -28,15 +12,13 @@ If your functions aren't active for a long period of time, Lambda reclaims its n
 
 Lambda functions can't connect directly to a VPC with [ dedicated instance tenancy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html)\. To connect to resources in a dedicated VPC, [peer it to a second VPC with default tenancy](https://aws.amazon.com/premiumsupport/knowledge-center/lambda-dedicated-vpc/)\.
 
-**VPC tutorials**
-+ [Tutorial: Configuring a Lambda function to access Amazon RDS in an Amazon VPC](services-rds-tutorial.md)
-+ [Tutorial: Configuring a Lambda function to access Amazon ElastiCache in an Amazon VPC](services-elasticache-tutorial.md)
-
 **Topics**
 + [Execution role and user permissions](#vpc-permissions)
-+ [Configuring VPC access with the Lambda API](#vpc-configuring)
++ [Configuring VPC access with the Lambda console](#vpc-configuring)
++ [Configuring VPC access with the Lambda API](#vpc-configuring-api)
 + [Using IAM condition keys for VPC settings](#vpc-conditions)
 + [Internet and service access for VPC\-connected functions](#vpc-internet)
++ [VPC tutorials](#vpc-tutorials)
 + [Sample VPC configurations](#vpc-samples)
 
 ## Execution role and user permissions<a name="vpc-permissions"></a>
@@ -57,7 +39,43 @@ When you configure VPC connectivity, Lambda uses your permissions to verify netw
 + **ec2:DescribeSubnets**
 + **ec2:DescribeVpcs**
 
-## Configuring VPC access with the Lambda API<a name="vpc-configuring"></a>
+## Configuring VPC access with the Lambda console<a name="vpc-configuring"></a>
+
+If your [IAM permissions](#vpc-conditions) allow you only to create Lambda functions that connect to your VPC, you must configure the VPC when you create the function\. If your IAM permissions allow you to create functions that aren't connected to your VPC, you can add the VPC configuration after you create the function\.
+
+**To configure a VPC when you create a function**
+
+1. Open the Lambda console [Functions page](https://console.aws.amazon.com/lambda/home#/functions)\.
+
+1. Choose **Create function**\.
+
+1. Under **Basic information**, for **Function name**, enter a name for your function\.
+
+1. Expand **Advanced settings**\.
+
+1. Under **Network**, choose a **VPC** for your function to access\.
+
+1. Choose subnets and security groups\. When you choose a security group, the console displays the inbound and outbound rules for that security group\.
+**Note**  
+To access private resources, connect your function to private subnets\. If your function needs internet access, use [network address translation \(NAT\)](#vpc-internet)\. Connecting a function to a public subnet doesn't give it internet access or a public IP address\.
+
+1. Choose **Create function**\.
+
+**To configure a VPC for an existing function**
+
+1. Open the Lambda console [Functions page](https://console.aws.amazon.com/lambda/home#/functions)\.
+
+1. Choose a function\.
+
+1. Under **VPC**, choose **Edit**\.
+
+1. Choose a VPC, subnets, and security groups\.
+**Note**  
+To access private resources, connect your function to private subnets\. If your function needs internet access, use [network address translation \(NAT\)](#vpc-internet)\. Connecting a function to a public subnet doesn't give it internet access or a public IP address\.
+
+1. Choose **Save**\.
+
+## Configuring VPC access with the Lambda API<a name="vpc-configuring-api"></a>
 
 To connect a Lambda function to a VPC, you can use the following API operations:
 + [CreateFunction](API_CreateFunction.md)
@@ -269,6 +287,12 @@ Several AWS services offer [VPC endpoints](https://docs.aws.amazon.com/vpc/lates
 
 Internet access from a private subnet requires network address translation \(NAT\)\. To give your function access to the internet, route outbound traffic to a [NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) in a public subnet\. The NAT gateway has a public IP address and can connect to the internet through the VPC's internet gateway\. For more information, see [How do I give internet access to my Lambda function in a VPC?](https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/)
 
+## VPC tutorials<a name="vpc-tutorials"></a>
+
+In the following tutorials, you connect a Lambda function to resources in your VPC\.
++ [Tutorial: Configuring a Lambda function to access Amazon RDS in an Amazon VPC](services-rds-tutorial.md)
++ [Tutorial: Configuring a Lambda function to access Amazon ElastiCache in an Amazon VPC](services-elasticache-tutorial.md)
+
 ## Sample VPC configurations<a name="vpc-samples"></a>
 
 You can use the following sample AWS CloudFormation templates to create VPC configurations to use with Lambda functions\. There are two templates available in this guide's GitHub repository: