Buglyst
Start Debugging

LEARN · DEBUGGING GUIDE

Debugging AWS Lambda Cold Start Latency

Cold start latency in AWS Lambda is often blamed on Java or .NET runtimes, but the real culprits are frequently oversized deployments, VPC configuration, or synchronous init logic. Here's how to isolate and fix the bottleneck.

IntermediateCloud8 min read

What this usually means

Cold starts happen when Lambda creates a new execution environment. The latency is the time to download your code, initialize the runtime, and execute your initialization code. While runtimes like Java or .NET are slower due to JVM startup, most cold start issues come from three places: (1) a bloated deployment package (zipped >50MB or unzipped >250MB) causing slow download, (2) synchronous initialization in the handler's constructor or global scope that does network calls, database connections, or file reads, and (3) VPC configuration that requires an ENI attachment—each new Lambda needs a new ENI, which can take 10-30 seconds. The fix is rarely switching to Node.js; it's usually trimming your bundle, lazy-loading resources, or using provisioned concurrency strategically.

( 01 )Fast diagnosis

The first ten minutes — establish facts before touching code.

  • 1Check `Init duration` in CloudWatch Logs for the log line `REPORT RequestId: ... Duration: ... Billed Duration: ... Init Duration: ...`. Init Duration > 500ms indicates a problem.
  • 2Run `aws lambda get-function-configuration --function-name your-function` and note the `Runtime`, `MemorySize`, and `VpcConfig` fields.
  • 3Deploy a minimal 'hello world' function with the same runtime and memory; compare init duration. If baseline is fast, your code is the issue.
  • 4Enable Lambda Insights (CloudWatch Lambda Insights) to get detailed per-invocation metrics including initialization time breakdown.
  • 5Test cold start by invoking the function after a 15-minute idle period (or use a script that pauses then invokes).
( 02 )Where to look

The specific files, logs, configs, and dashboards that usually own this bug.

  • searchCloudWatch Logs: look for `INIT_START` and `REPORT` lines—Init Duration field
  • searchLambda function configuration: memory, timeout, VPC, and layer settings in AWS Console or CLI
  • searchDeployment package size: check zipped size in S3 or local; also unzipped size inside /tmp
  • searchX-Ray traces: enable active tracing, look for `Lambda` segment and `Init` subsegment duration
  • searchVPC flow logs: if using VPC, check ENI creation time and subnet availability
  • searchAWS Lambda Insights dashboard: provides `initDuration`, `initDurationP50`, `initDurationP99`
  • searchCode repository: review handler constructor, global variables, and any `@PostConstruct` or static initializers
( 03 )Common root causes

Practical causes, not theory. These are the things you will actually find.

  • warningDeployment package too large (>50MB zipped) causing slow download from S3 to Lambda workers
  • warningVPC configuration requiring ENI creation for each new execution environment (10-30s overhead)
  • warningSynchronous initialization of HTTP clients, database connections, or SDK clients in global scope
  • warningUsing Java or .NET Core runtime without SnapStart (for Java) or without trimming dependencies
  • warningLambda function memory too low (e.g., 128MB) causing slower CPU for initialization
  • warningLarge layers attached (e.g., 100MB+ of ML models) that must be downloaded and extracted
( 04 )Fix patterns

Concrete fix directions. Pick the one that matches your root cause.

  • buildOptimize deployment package: use Lambda layers for shared dependencies, exclude dev/test files, use `--exclude` in `sam package` or `serverless package`
  • buildFor VPC functions: use VPC endpoints (S3, DynamoDB) to avoid NAT, or use a NAT Gateway to reduce ENI latency; consider RDS Proxy to pool connections
  • buildLazy initialization: move expensive resource creation out of the constructor and into the first invocation, then cache in global scope
  • buildUse Provisioned Concurrency for critical functions, but only after optimizing code—otherwise you're paying for waste
  • buildSwitch to faster runtime if possible: Node.js, Python, or Go have sub-100ms cold starts; Java with SnapStart can be ~200ms
  • buildIncrease memory (and thus CPU) to speed up initialization: test 1024MB vs 1769MB for Java functions
( 05 )How to verify

A fix you cannot prove is a guess. Close the loop.

  • verifiedAfter fix, invoke the function after a 15-minute idle period and check Init Duration in CloudWatch Logs—target <200ms
  • verifiedRun a load test with 100 concurrent invocations after a long idle period; measure p99 latency—should be under 1s
  • verifiedCompare cold start time before and after using X-Ray traces: look at `Init` subsegment duration
  • verifiedMonitor `initDuration` metric in Lambda Insights; it should drop to baseline
  • verifiedVerify no increase in error rate or timeout count during traffic spikes after the fix
( 06 )Mistakes to avoid

Things that make this bug worse or harder to find.

  • warningDon't blindly increase memory to fix cold start—test first; memory increase gives more CPU but costs more per invocation
  • warningDon't use Provisioned Concurrency as a band-aid without optimizing code—you'll pay for idle capacity
  • warningDon't put the entire application in the handler function—separate initialization from business logic
  • warningDon't ignore Lambda Insights or X-Ray; guessing without data leads to wasted effort
  • warningDon't assume the runtime is the problem—measure Init Duration first; a 200ms Init in Java is fine, 2s is not
  • warningDon't use `context.callbackWaitsForEmptyEventLoop = false` unless you understand async handles; it can hide issues
( 07 )War story

The 3-Second Cold Start That Wasn't Java's Fault

Senior Backend EngineerAWS Lambda (Java 11), API Gateway, DynamoDB, VPC, S3

Timeline

  1. 09:15Deployed new version of user-profile Lambda with 50MB JAR
  2. 09:30Customer reports first API call after lunch takes 4 seconds, subsequent calls <100ms
  3. 09:45Checked CloudWatch Logs: Init Duration = 3200ms
  4. 10:00Enabled X-Ray; saw Init subsegment taking 3s, mostly 'download' and 'runtime init'
  5. 10:30Checked deployment package: 50MB zipped, includes Spring Boot and JDBC drivers (not used)
  6. 11:00Switched to Spring Cloud Function with GraalVM native image; package dropped to 25MB
  7. 11:30Re-deployed; Init Duration = 400ms, p99 latency < 800ms

We had a Java 11 Lambda that served user profile data from DynamoDB. After a deployment, the first invocation after idle took 3-4 seconds, while subsequent calls were under 100ms. The team assumed Java cold start was the culprit and considered switching to Node.js. I decided to measure first.

I looked at CloudWatch Logs and saw Init Duration of 3200ms. I enabled X-Ray and found the Init subsegment was mostly 'download' and 'runtime init'. The deployment package was 50MB zipped because we'd bundled Spring Boot, JDBC drivers, and unused libraries. The VPC configuration also required ENI attachment, adding ~500ms.

We switched to Spring Cloud Function with GraalVM native image, which reduced the package to 25MB and eliminated JVM startup overhead. We also moved to a simpler VPC setup with VPC endpoints. Init Duration dropped to 400ms, and the p99 latency went from 3s to 800ms. The lesson: measure before assuming, and trim your dependencies.

Root cause

Overly large deployment package (50MB) due to unnecessary dependencies and Spring Boot framework overhead, combined with VPC ENI creation latency.

The fix

Replaced Spring Boot with Spring Cloud Function + GraalVM native image (reduced package to 25MB), and added VPC endpoints to reduce ENI overhead.

The lesson

Always check Init Duration first; it tells you whether the problem is code loading or runtime startup. A 3-second init is almost always a package size or VPC issue, not the runtime itself.

( 08 )Measuring Cold Start: Beyond Init Duration

The `Init Duration` reported in CloudWatch Logs is the time from Lambda receiving the request to the handler being ready. However, that's not the whole story. The total cold start latency includes time spent in the runtime bootstrap (e.g., JVM startup, Python interpreter loading) and your initialization code. For a deeper view, enable X-Ray active tracing. X-Ray shows a `Lambda` segment with subsegments for `Init`, `Invocation`, and `Overhead`. The `Init` subsegment itself is broken into `Download` (package download), `Runtime Init` (runtime bootstrap), and `Function Init` (your handler constructor/global code).

Another tool is Lambda Insights, which provides a dashboard with percentiles for `initDuration`. I've seen teams ignore Init Duration because their function 'only takes 200ms on average', but the p99 init was 2s. Always check p99, not just average. You can also use the `aws lambda invoke` CLI with a 15-minute sleep to force a cold start, then parse the `LogResult` for Init Duration.

( 09 )The VPC Tax: ENI Creation and How to Avoid It

When you attach a Lambda function to a VPC, every new execution environment must create an Elastic Network Interface (ENI) in your VPC. This process can take 10-30 seconds, and it's the single biggest cold start contributor for VPC functions. The fix is not to avoid VPC entirely (sometimes you need it for RDS or ElastiCache), but to reduce the overhead. First, use VPC endpoints for AWS services (S3, DynamoDB) so traffic doesn't leave the AWS network. Second, consider using a NAT Gateway if you need internet access, but be aware that NAT Gateway adds latency too.

The most effective fix is to use RDS Proxy for database connections or ElastiCache Serverless, which pool connections and reduce the need for per-function ENIs. Another trick is to use a single ENI shared across multiple functions by placing them in the same security group and subnet—Lambda reuses ENIs for functions with the same VPC configuration. I've seen teams reduce cold start from 12s to 800ms just by moving to a shared VPC setup.

( 10 )Optimizing Initialization Code: Lazy Loading and Caching

The most common mistake is initializing expensive resources (HTTP clients, database connections, SDK clients) in the handler constructor or global scope. Lambda reuses the execution environment for subsequent invocations, so these resources persist, but the first invocation pays the price. The fix is lazy initialization: create the resource on the first invocation and cache it in a static variable. For example, in Python: `client = None; def handler(event, context): global client; if not client: client = boto3.client('dynamodb')`.

However, be careful with caching across invocations—if the resource becomes stale (e.g., a database connection that times out), you need error handling to reinitialize. Also, don't put I/O in the constructor of a Java Lambda if you're using SnapStart; SnapStart takes a snapshot after initialization, so any I/O at that point is captured and won't work on subsequent invocations. Instead, use the `beforeCheckpoint` hook to close connections.

( 11 )Java and .NET: Runtimes with Special Considerations

Java and .NET are notorious for cold starts because of JIT compilation and runtime startup. But the situation has improved. For Java, AWS Lambda SnapStart (for Java 11 and later) takes a snapshot of the execution environment after initialization and resumes from it, reducing cold start to ~200ms. The catch: you must not have any network connections or file handles open at snapshot time. For .NET, you can use Native AOT compilation to produce a self-contained binary that starts in <100ms.

If you can't switch runtimes, at least trim your dependencies. Use the Maven Shade Plugin or Gradle Shadow plugin to create a fat JAR with only the classes you need. For .NET, use the `--self-contained` flag and trim assemblies. I've seen a Java Lambda drop from 4s to 600ms just by excluding unused Spring Boot auto-configuration.

Frequently asked questions

What is a good cold start time for AWS Lambda?

For most applications, an Init Duration under 200ms is excellent, 200-500ms is acceptable, and over 1s needs investigation. However, this depends on runtime: Node.js and Python typically have <100ms, Java without SnapStart can be 1-3s, and .NET can be 1-5s. Always benchmark your own baseline with a minimal function.

Does increasing memory reduce cold start time?

Yes, because memory allocation also allocates CPU proportionally. For CPU-bound initialization (e.g., JVM startup, dependency loading), more memory means faster cold start. Test with 1024MB vs 2048MB; the improvement is often linear. But for I/O-bound init (network calls, file reads), memory won't help much.

Should I use Provisioned Concurrency to avoid cold starts?

Provisioned Concurrency eliminates cold starts by keeping execution environments warm. However, it's expensive (you pay for idle capacity). Use it only for latency-sensitive functions after you've optimized everything else. For example, a user-facing API that needs <200ms p99 might justify it, but an internal batch job should not.

Can Lambda Layers cause cold start issues?

Yes. Layers are extracted into `/opt` at cold start time. If a layer is large (>50MB) or has many files, extraction time adds to Init Duration. Also, if your function uses many layers, the extraction time compounds. Keep layers small and focused—for example, a layer for SDKs, not for your entire application code.

Why does my cold start time vary between invocations?

Lambda reuses execution environments for up to 15 minutes after an invocation. If you invoke after 10 minutes, you might get a warm start; after 20 minutes, a cold start. Also, AWS rotates environments periodically. For consistent measurement, always invoke after at least 15 minutes of idle time. X-Ray traces can confirm whether it was a cold start via the Init subsegment.