Building API Driven Microservices

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About me: Chris Munns - munns@amazon.com, @chrismunns • Senior Developer Advocate - Serverless • New Yorker • Previously: • AWS Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups • Rochester Institute of Technology: Applied Networking and Systems Administration ’05 • Internet infrastructure geek

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Software is Eating the World” – Marc Andreessen “APIs are Eating Software” – Dr. Steve Willmott Fun fact: Apis is the “Genus” for Honey Bees

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. > 60 million deployments a year* Thousands of teams × Microservice architecture × Continuous delivery × Multiple environments *2016 number

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Management Challenges Managing multiple versions and stages of an API is difficult. Monitoring third-party developers’ access is time consuming. Access authorization is a challenge. Traffic spikes create an operational burden. Dealing with increased management overhead

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing Amazon API Gateway Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale: • Host multiple versions and stages of your APIs • Create and distribute API Keys to developers • Throttle and monitor requests to protect your backend • Leverage signature version 4 to authorize access to APIs • Request / Response data transformation and API mocking • Reduced latency and DDoS protection through CloudFront • Optional Managed cache to store API responses • SDK Generation for Java, JavaScript, Java for Android, Objective-C or Swift for iOS, and Ruby • Swagger support

API Gateway integrations Internet Mobile Apps Websites Services AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service YOUR VPC Endpoints in Your VPC Regional API Endpoints All publicly accessible endpoints AWS Lambda functions

Internet Mobile Apps Websites Services AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service YOUR VPC Endpoints in Your VPC Regional API Endpoints All publicly accessible endpoints AWS Lambda functions API Gateway backend integrations

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deploying Microservices on Amazon EC2 Recommendation: • Single service per host • Start with small instance sizes • Leverage Auto Scaling and AWS Elastic Load Balancing/Application Load Balancer/Network Load Balancer(if in VPC) • Automate the ability to pump out these environments easily • Leverage CodeDeploy, CloudFormation, Elastic Beanstalk or Opsworks Auto Scaling group EC2 Instance EC2 Instance EC2 Instance region Elastic Load Balancing

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deploying Microservices with ECS Recommendation • Put multiple services per host • Make use of larger hosts with much more CPU/RAM • Run helper services on the same host as other dependent services • Leverage Auto Scaling and AWS Elastic Load Balancing/Application Load Balancer/Network Load Balancer(if in VPC) • Use AWS Fargate for even less administrative overhead! region Guest OS Bins/Libs Bins/Lib s App2App1 EC2 Instance Network Load Balancer Public Application Load Balancer

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anatomy of a Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda Function Invocation Context object Methods available to interact with runtime information (request ID, log group, etc.) public String handleRequest(Book book, Context context) { saveBook(book); return book.getName() + " saved!"; }

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda function 2. Lambda function invoked 1. API call made against API Gateway API clients Amazon API Gateway Lambda function Lambda function 2. API call made directly against backing AWS service API clients Amazon API Gateway API clients Amazon S3 Amazon Kinesis Amazon DynamoDB etc.. 2. Step Functions workflow is executed 1. API call made against API Gateway Amazon API Gateway API clients AWS Step Functions 1. API call made against API Gateway

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. InternetMobile/Web apps AWS Databases/ Data stores Basic Serverless API technology stack API Gateway AWS Lambda functions places where we can secure our application

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Security Several mechanisms for adding Authz/Authn to our API: • IAM Permissions • Use IAM policies and AWS credentials to grant access • Lambda Authorizers • Use Lambda to validate a bearer token(Oauth or SAML as examples) or request parameters and grant access • Cognito User Pools • Create a completely managed user management system

API Gateway Lambda Authorizers Use an AWS Lambda function to invoke whatever authorizer logic/method you want! For example this HTTP Basic Auth example which can be found in the AWS Serverless Application Repository:

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cognito User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stages are named links to a deployed version of your API Recommended for managing API lifecycle • Dev/test/prod • Alpha/beta/gamma Support for parameterized values through stage variables API Stages

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stage Variables and Lambda Aliases Using Stage Variables in API Gateway together with Lambda function Aliases you can manage a single API configuration and Lambda function for multiple environment stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Canary Support Use canary release deployments to gradually roll out new APIs in Amazon API Gateway: • configure percent of traffic to go to a new stage deployment • can test stage settings and variables • API gateway will create additional Amazon CloudWatch Logs group and CloudWatch metrics for the requests handled by the canary deployment API • To rollback: delete the deployment or set percent of traffic to 0 • Explore new technologies in your API backend: • New languages • New frameworks • Try Lambda in place of other HTTP endpoints! • Migrate an API from on-premises to AWS via private endpoint integrations in VPC

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Canary Support v1API Clients All publicly and privately accessible endpoints Backends in AWS api.mydomain.com/prod All traffic to currently deployed version

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Canary Support API Clients All publicly and privately accessible endpoints Backends in AWS v1 90% v2 10% api.mydomain.com/prod 10% traffic to new deployment of stage, rest to previous version

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Canary Support v2API Clients All publicly and privately accessible endpoints Backends in AWS api.mydomain.com/prod All traffic to new deployed version

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SDK work flow: Service developer swagger Node.js Client SDK myservice-1.1.1 module Private Repo API v1.1.1 Service Client v1.1.1

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SDK work flow: Service developer swagger Private Repo Service Client v1.1.1 API v1.1.1 API v2.0.0 Node.js Client SDK myservice-2.0.0 module Service Client v2.0.0

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Metrics and logging are a universal right! CloudWatch Metrics: • 7 Built in metrics for Lambda • Invocation Count, Invocation duration, Invocation errors, Throttled Invocation, Iterator Age, DLQ Errors, Concurrency • Can call “put-metric-data” from your function code for custom metrics • 7 Built in metrics for API-Gateway • API Calls Count, Latency, 4XXs, 5XXs, Integration Latency, Cache Hit Count, Cache Miss Count • Error and Cache metrics support averages and percentiles

Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS X-Ray Integration with Serverless • API Gateway inserts a tracing header into HTTP calls as well as reports data back to X-Ray itself • Lambda instruments incoming requests for all supported languages and can capture calls made in code var AWSXRay = require(‘aws-xray-sdk-core‘); AWSXRay.middleware.setSamplingRules(‘sampling-rules.json’); var AWS = AWSXRay.captureAWS(require(‘aws-sdk’)); S3Client = AWS.S3();

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How do I figure out what’s wrong? These tools are here, so use them! 1. Turn on X-Ray now 1. look at wrapping your own calls with it via the X-Ray SDKs 2. Don’t underestimate the power of logging in Lambda 1. Simple “debug: in functionX” statements work great and are easy to find in CloudWatch Logs 3. The most valuable metrics are the ones closest to your customer/use-case 1. How many gizmos did this function call/create/process/etc

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API definition as code: • Portable API definition • JSON/YAML • Import/Export your API • Amazon API Gateway extensions • Can be used independently or as part of a CloudFormation template • Rich 3rd party ecosystem of tools Swagger – now OpenAPI Specification(OAS)

Node.js framework for deploying projects to AWS Lambda and Amazon API Gateway • Has sub projects for microservices, chat bots and APIs • Simplified deployment with a single command • Use standard NPM packages, no need to learn swagger • Manage multiple versions https://claudiajs.com https://github.com/claudiajs/claudia app.js: var ApiBuilder = require('claudia-apibuilder') var api = new ApiBuilder(); module.exports = api; api.get('/hello', function () { return 'hello world'; }); $ claudia create --region us-east-1 --api-module app ClaudiaJS

Chalice Python serverless “microframework” for AWS Lambda and Amazon API Gateway • A command line tool for creating, deploying, and managing your app • A familiar and easy to use API for declaring views in python code • Automatic Amazon IAM policy generation https://github.com/aws/chalice https://chalice.readthedocs.io app.py: from chalice import Chalice app = Chalice(app_name="helloworld") @app.route("/") def index(): return {"hello": "world"} $chalice deploy Chalice

from chalice import Chalice from chalice import BadRequestError app = Chalice(app_name='apiworld-hot') FOOD_STOCK = { 'hamburger': 'yes’, 'hotdog': 'no' } @app.route('/') def index(): return {'hello': 'world'} @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}') def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT']) def add_food(food): return {"value": food} Chalice application routes error handling http method support Chalice – a bit deeper

Chalice – adding Cognito User Pools from chalice import Chalice from chalice import BadRequestError from chalice import CognitoUserPoolAuthorizer app = Chalice(app_name='apiworld-hot') authorizer = CognitoUserPoolAuthorizer( 'MyPool', provider_arns=['arn:aws:cognito:...:userpool/name']) ... ... @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}’, methods=['GET'], authorizer=authorizer) def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT'], authorizer=authorizer) def add_food(food): return {"value": food} authorization required for certain routes/methods adding authorization Chalice

AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml <-THIS BECOMES THIS-> SAM template

AWS SAM CLI SAM Local Relaunched/GA’d on May 8th! CLI tool for local building, validating, testing of serverless apps Works with Lambda functions and “proxy-style” APIs Response object and function logs available on your local machine Uses open source docker-lambda images to mimic Lambda’s execution environment: • Emulates timeout, memory limits, runtimes https://github.com/awslabs/aws-sam-cli

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FIN, ACK It’s never been easier to build and launch APIs! Serverless APIs: • No management of servers • Pay for what you use and not for idle resources! • Instantly scale up without turning any knobs or provisioning any resources • Tooling to get started in minutes with incredibly minimal code needed • Built in high availability built into multiple places in the application stack • Authentication and Authorization built into multiple places in the application stack InternetMobile/Web apps AWS Databases/ Data stores API Gateway AWS Lambda functions

Building API Driven Microservices

More Related Content

Similar to Building API Driven Microservices

More from Chris Munns

Recently uploaded

Building API Driven Microservices

Editor's Notes