Serverless on AWS: Architectural Patterns and Best Practices

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Vladimir Simek, Sr. Solutions Architect @ AWS 19th September 2019 AWS User Group Slovakia Serverless on AWS: Architectural Patterns and Best Practices

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Let’s take a look at the evolution of computing Physical Servers in Datacenters Virtual Servers in Datacenters a Virtual Servers in the Cloud

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Each progressive step was better Physical Servers in Datacenters Virtual Servers in Datacenters a Virtual Servers in the Cloud • Higher utilization • Faster provisioning speed • Improved uptime • Disaster recovery • Hardware independence • Trade CAPEX for OPEX • More scale • Elastic resources • Faster speed and agility • Reduced maintenance • Better availability and fault tolerance • Better Automation

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But there are still limitations Physical Servers in Datacenters Virtual Servers in Datacenters a Virtual Servers in the Cloud • Higher utilization • Faster provisioning speed • Improved uptime • Disaster recovery • Hardware independence • Trade CAPEX for OPEX • More scale • Elastic resources • Faster speed and agility • Reduced maintenance • Better availability and fault tolerance • Better Automation • Still need to administer virtual servers • Still need to manage capacity and utilization • Still need to size workloads • Still need to manage availability, fault tolerance • Still expensive to run intermittent jobs

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless means… No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in

No server is easier to manage than "no server.” Werner Vogels—Amazon CTO

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless applications Services (anything) Changes in data state Requests to endpoints Changes in resource state Event source Function Node.js Python Java C# Go Ruby BYOR (Bring your own runtime)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Handler() function Function to be executed upon invocation Event object Data sent during Lambda Function Invocation Context object Methods available to interact with runtime information (request ID, log group, etc.) public String handleRequest(Book book, Context context) { saveBook(book); return book.getName() + " saved!"; } Anatomy of a Lambda function

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine-Grained Pricing Buy compute time in 100ms increments Low request charge No hourly, daily, or monthly minimums No per-device fees Never pay for idle Free Tier 1M requests and 400,000 GB-s of compute. Every month, every customer.

Lambda permissions model Fine grained security controls for both execution and invocation: Execution policies: • Define what AWS resources/API calls can this function access via IAM • Used in streaming invocations • E.g. “Lambda function A can read from DynamoDB table users” Function policies: • Used for sync and async invocations • E.g. “Actions on bucket X can invoke Lambda function Z" • Resource policies allow for cross account access

Lambda execution models Synchronous (push) Asynchronous (event) Poll-based Amazon API Gateway AWS Lambda function Amazon DynamoDBAmazon SNS /order AWS Lambda function Amazon S3 reqs Amazon Kinesis changes AWS Lambda service function

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Lambda use cases Web Applications • Static websites • Complex web apps • Packages for Flask and Express Data Processing • Real time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps & services • Mobile • IoT </></> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT Automation • Policy engines • Extending AWS services • Infrastructure management

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Create a unified API frontend for multiple microservices Authenticate and authorize requests to a backend DDoS protection and throttling for your backend Throttle, meter, and monetize API usage by 3rd party developers Amazon API Gateway

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway integrations Internet Mobile Apps Websites Services AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service YOUR VPC Endpoints in Your VPC Regional API Endpoints All publicly accessible endpoints AWS Lambda functions

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Best Practices • Minimize package size to necessities • Use Environment Variables to modify operational behavior • Self-contain dependencies in your function package • Delete large unused functions (75GB limit) • Leverage “Max Memory Used” to right-size your functions

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tweak your function’s computer power Lambda exposes only a memory control, with the % of CPU core and network capacity allocated to a function proportionally Is your code CPU, Network or memory-bound? If so, it could be cheaper to choose more memory.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Smart resource allocation Match resource allocation (up to 3 GB!) to logic Stats for Lambda function that calculates 1.000 times all prime numbers <= 1.000.000 128 MB 11.722965sec $0.024628 256 MB 6.678945sec $0.028035 512 MB 3.194954sec $0.026830 1024 MB 1.465984sec $0.024638 Green==Best Red==Worst

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Smart resource allocation Match resource allocation (up to 3 GB!) to logic Stats for Lambda function that calculates 1.000 times all prime numbers <= 1.000.000 128 MB 11.722965sec $0.024628 256 MB 6.678945sec $0.028035 512 MB 3.194954sec $0.026830 1024 MB 1.465984sec $0.024638 Green==Best Red==Worst +$0.00001-10.256981sec

AWS Step Functions “Serverless” workflow management with zero administration • Makes it easy to coordinate the components of distributed applications and microservices using visual workflows • Automatically triggers and tracks each step, and retries when there are errors, so your application executes in order and as expected • Logs the state of each step, so when things do go wrong, you can diagnose and debug problems quickly Task Choice Failure capture Parallel Tasks

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Metrics and logging are a universal right CloudWatch Metrics: • 7 Built in metrics for Lambda • Invocation Count, Invocation duration, Invocation errors, Throttled Invocation, Iterator Age, DLQ Errors, Concurrency • Can call “put-metric-data” from your function code for custom metrics • 7 Built in metrics for API-Gateway • API Calls Count, Latency, 4XXs, 5XXs, Integration Latency, Cache Hit Count, Cache Miss Count • Error and Cache metrics support averages and percentiles

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS X-Ray Integration with Serverless • Lambda instruments incoming requests for all supported languages • Lambda runs the X-Ray daemon on all languages with an SDK var AWSXRay = require(‘aws-xray-sdk-core‘); AWSXRay.middleware.setSamplingRules(‘sampling-rules.json’); var AWS = AWSXRay.captureAWS(require(‘aws-sdk’)); S3Client = AWS.S3();

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best Practice: Leverage other Serverless services AWS Lambda Amazon Kinesis Amazon S3 Amazon API Gateway Amazon SQS Amazon DynamoDB AWS IoT Amazon EMR Amazon ElastiCache Amazon RDS Amazon Redshift Amazon ES Managed Serverless Amazon EC2 Microsoft SQL Server “On EC2” Amazon Cognito Amazon CloudWatch

Pattern 1: Serverless Web Apps

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web application Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3 Amazon Cognito

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway AWS Lambda Amazon DynamoDB Amazon S3 Amazon CloudFront • Bucket Policies • ACLs • OAI • Geo-Restriction • Signed Cookies • Signed URLs • DDOS Protection IAM AuthZ IAM Serverless web app security • Throttling • Caching • Usage Plans • ACM Browser Amazon Cognito

Pattern 2: Serverless Data Lake

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless Data Lake Characteristics • Collect/Store/Process/Consume and Analyze all organizational data • Structured/Semi-Structured/Unstructured data • AI/ML and BI/Analytical use cases • Fast automated ingestion • Schema on Read • Complementary to EDW • Decoupled Compute and Storage

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Data Lake S3 Bucket(s) Key Management Service Amazon Athena AWS CloudTrail Amazon Cognito AWS IAM Amazon Kinesis Streams Amazon Kinesis Firehose Amazon ES Amazon QuickSight AWS Glue Amazon DynamoDB Amazon Macie Amazon API Gateway AWS IAM Amazon Redshift Spectrum AWS Direct Connect Ingest Catalog & Search Security & Auditing API/UI Analytics & Processing AWS Glue AWS Lambda

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stream processing characteristics • High ingest rate • Near real-time processing (low latency from ingest to process) • Spiky traffic (lots of devices with intermittent network connections) • Message durability • Message ordering

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Streaming data ingestion Amazon CloudWatch: Delivery metrics Amazon S3: Buffered files Kinesis Agent Record Producers Amazon Redshift: Table loads Amazon Elasticsearch Service: Domain loads Amazon S3: Source record backup AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw records Lookup Transformed records Transformed recordsRaw records Amazon Kinesis Firehose: Delivery stream

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sensor data collection IoT rules IoT actions MQTT Amazon S3: Raw records Amazon Kinesis Firehose: Delivery stream Amazon S3: Batched records Amazon Kinesis Streams: Real-time stream AWS IoT: Data collection IoT Sensors Real-time analytics applications

Pattern 4: Operations Automation

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation characteristics • Periodic jobs • Event triggered workflows • Enforce security policies • Audit and notification • Respond to alarms • Extend AWS functionality … All while being Highly Available, Scalable and Auditable

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Image recognition and processing Web App Amazon DynamoDB: Image meta-data & tags Amazon Cognito: User authentication Amazon S3: Image uploads AWS Step Functions: Workflow orchestration Start state machine execution 1 Extract image meta-data 2 Amazon Rekognition: Object detection Invoke Amazon Rekognition Generate image thumbnail 3 3Store meta-data and tags 4 https://github.com/awslabs/lambda-refarch-imagerecognition

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce security policies RDP from 0.0.0.0/0 RDP from 0.0.0.0/0 CloudWatch Event Bus in another AWS Account New Security Group ingress rule Amazon CloudWatch Events: Rule AWS Lambda: Remediate and alert AWS SNS: Email alert Ingress rule deleted

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Application Model (SAM) AWS CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything AWS CloudFormation supports Open specification (Apache 2.0) https://aws.amazon.com/serverless/sam

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS SAM Command Line Interface (AWS CLI) CLI tool for local development, debugging, testing, deploying, and monitoring of serverless applications Supports API Gateway “proxy-style” and Lambda service API testing Response object and function logs available on your local machine Uses open source docker-lambda images to mimic Lambda’s execution environment such as timeout, memory limits, runtimes Can tail production logs from CloudWatch logs https://aws.amazon.com/serverless/sam

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. processes 4,000 requests per second ingests, analyzes and stores 17+ petabytes of data per season processes half a trillion validations of stock trades daily executes 16 million requests a month processes tens of billions of data points monthly SERVERLESS AT SCALE IS THE NEW NORM API traffic to register and license more than 47 million driver records in Great Britain,

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Further Resources AWS Serverless https://aws.amazon.com/serverless/ AWS SAM https://github.com/awslabs/serverless- application-model AWS SAM CLI (Beta) https://github.com/awslabs/aws-sam- cli Wild Rydes with Unicorns (serverless web app) https://aws.amazon.com/getting-started/projects/build- serverless-web-app-lambda-apigateway-s3-dynamodb- cognito/

Serverless on AWS: Architectural Patterns and Best Practices

More Related Content

Similar to Serverless on AWS: Architectural Patterns and Best Practices

More from Vladimir Simek

Recently uploaded

Serverless on AWS: Architectural Patterns and Best Practices