Serverless Architecture on AWS Our Experiences Christopher Phillips
- Slides: 148
Serverless Architecture on AWS Our Experiences Christopher Phillips, Stanley Black & Decker
Christopher Phillips Technical Backend Lead at Stanley Black and Decker 7+ years of development experience Delivered production systems in Node, Erlang, Java Experienced with distributed, highly available, fault tolerant systems • Serverless deployments since September 2015 • • lostcolony@gmail. com
Purpose lostcolony@gmail. com
lostcolony@gmail. com
Summarize the infrastructure we’ve used, the ways we’ve used it, and the lessons we’ve learned, to give you a decent working set of what is useful in going Serverless. lostcolony@gmail. com
Assumptions lostcolony@gmail. com
lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. • You use, plan to use, or are considering using the Cloud (specifically AWS). lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. • You use, plan to use, or are considering using the Cloud (specifically AWS). • You have some inkling of what Serverless is. lostcolony@gmail. com
But just in case… lostcolony@gmail. com
Recap lostcolony@gmail. com
lostcolony@gmail. com
AWS as VM farm Application Servers Database Servers Auto Scaling group Elastic Load Balancing Availability Zone #1 lostcolony@gmail. com
VMs with AWS Hosted Services Amazon Route 53 Cloud. Front distribution web app server Elastic Load Balancing logs root volume EC 2 instance security group data volume Amazon EBS snapshot Auto Scaling group Amazon RDS Availability Zone #1 VPC subnet lostcolony@gmail. com Amazon S 3 bucket
Serverless (AWS) Amazon Route 53 Cloud. Front distribution logs Amazon API Gateway AWS Lambda Amazon S 3 bucket VPC subnet Amazon RDS Availability Zone #1 lostcolony@gmail. com
Cons Pros • Costs are more visible • Complexity is hidden • Stateless • Scales trivially • Secure • Costs are more visible • Complexity is hidden. • Stateless can seem harder to reason about • Latency issues (cold start) • Immature tooling • Vendor lock-in (to some degree) lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. Right? lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. Right? Of course not. lostcolony@gmail. com
Real Applications™ Are Serious Business ™ lostcolony@gmail. com
lostcolony@gmail. com
Real Applications: • Maintain explicit state lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Explicit State lostcolony@gmail. com
lostcolony@gmail. com
Definition Time! lostcolony@gmail. com
Serverless has no shared disk or memory between function invocations (with caveats) lostcolony@gmail. com
Everything you have learned about distributed storage applies to basic storage in Serverless. lostcolony@gmail. com
S 3 Cons Pros • Extremely Cheap • No provisioning required • Trivial to replicate across regions • Version controlled • Very durable, with SLA • Can trigger off of updates • File system-like (no queries) • Eventually consistent lostcolony@gmail. com
Dynamo. DB Cons Pros • Infinitely scalable • Queryable • Can trigger off of updates. • Expensive • Requires explicit throughput provisioning • No. SQL model dictates denormalization and all that entails • Eventually consistent lostcolony@gmail. com
RDS Cons Pros • ACID transactions • Queryable • Familiar • Provisions according to hardware; downtime to scale up. • Limited ways to scale out (read replicas). • Questionable distribution story. • Requires you managing the DB • Should be in a VPC, which has some limitations you need to be aware of. • Complexity when it comes to connection handling. lostcolony@gmail. com
Be wary of disk and memory persistence between function invocations. lostcolony@gmail. com
Summary • Push state to the datastore; don’t rely on memory/disk between function invocations. • The datastore is necessarily distributed; treat it as such • S 3 is cheap, low complexity, but the most restrictive model • Dynamo. DB is expensive, requires adaptive provisioning, and is eventually consistent. • RDS is familiar, moderately expensive, moderately complex, and changes in provisioning require downtime. • There is no one size fits all; evaluate your use case. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Messaging & Responding lostcolony@gmail. com
lostcolony@gmail. com
What if I need some backend processing apart from REST calls? lostcolony@gmail. com
• SQS • Event based triggers • Schedule based triggers • Kinesis • SWF • Lambda Step functions lostcolony@gmail. com
Fundamentally all these services (and others) trigger lambdas based on various events. lostcolony@gmail. com
But with some caveats! lostcolony@gmail. com
Default SQS queues don’t preserve message order. But they’re probably what you want if you need a queue for later processing. lostcolony@gmail. com
SQS also provides FIFO queues, but extremely limited availability. lostcolony@gmail. com
Event based triggers are what they sound like. lostcolony@gmail. com
lostcolony@gmail. com
Scheduled events can be triggered with Cloudwatch lostcolony@gmail. com
lostcolony@gmail. com
You can invoke lambdas directly with the SDK, as well as execute SWF workflows or Lambda Step Functions. lostcolony@gmail. com
What happens when things fail? lostcolony@gmail. com
Lambdas behave differently depending on whether they’re called synchronously, asynchronously, or from a streaming service. lostcolony@gmail. com
Lambdas called synchronously will simply return a failure. Lambdas called asynchronously (from other AWS services) will automatically be queued up and retried a couple times and can be sent to a dead letter queue if retries are used up. Lambdas called from a streaming service will be retried, in order, until success or expiration. lostcolony@gmail. com
So that’s a quick overview of backend infrastructure. What about client pushes? lostcolony@gmail. com
Pushes to phones, triggered from lambdas, are no different from a traditional server environment. lostcolony@gmail. com
Pushes to web clients, however, are. They have no canonical AWS solution (as of writing) lostcolony@gmail. com
But there is a way. lostcolony@gmail. com
AWS Io. T effectively gives you pub/sub capabilities via Web. Sockets (MQTT over Websocket) https: //github. com/lostcolony/examples/blob/master/deviceless_ws. js lostcolony@gmail. com
Consider Polling. lostcolony@gmail. com
Consider Polling. No, seriously. Frequent updates may be cheaper to pick up via batching and polling. lostcolony@gmail. com
If AWS Io. T is too expensive, and polling won’t work…you may actually need server based infrastructure. lostcolony@gmail. com
lostcolony@gmail. com
However, this feature has been lodged with AWS. lostcolony@gmail. com
Summary • Events can trigger lambdas from many other services, and are configured as part of the lambda. • API Gateway is just a particular use case of this. • Events can be synchronous, in which case failure requires you to retry, asynchronous, in which case it will automatically be retried, or streaming, in which case it will retry until expiry, blocking all other events from processing. • AWS Io. T provides a way to have Serverless websockets, but it’s not priced as competitively as it might otherwise be (bulk discounts available though). • Use queues as appropriate; maintain idempotency. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Access Control lostcolony@gmail. com
lostcolony@gmail. com
AWS has IAM for access control. (Identity Access Management). lostcolony@gmail. com
AWS also has Cognito as an identity service. lostcolony@gmail. com
You don’t need to use Cognito for identification, but it’s actually pretty simple to get started. lostcolony@gmail. com
Create a federated identity pool. For its role(s), assign the relevant policy permissions. lostcolony@gmail. com
Amazon|Facebook|Google 1. 2. Log the user in to the service using their API, to get an open. ID token. Call get. Credentials. For. Identity with the appropriate login provider. lostcolony@gmail. com
Custom Identity Provider 1. 2. 3. Create an endpoint that validates user credentials appropriately. On successful validation, create a token with get. Open. Id. Token. For. Developer. Identity. Return this to the client. On the client, call get. Credentials. For. Identity. Use the login provider “cognito-identity. amazonaws. com” lostcolony@gmail. com
2. get. Open. Id. Token. For. Developer. Identity Amazon Cognito AWS Lambda 3. get. Credentials. For. Identity 1. API call Amazon API Gateway temporary security credential Open. Id Token lostcolony@gmail. com
You can also call sts: assume. Role* variants to generate temporary credentials, and to further restrict policies. lostcolony@gmail. com
1. Set up a role in your application account that has a trusted principal of the Cognito bucket in your authentication account. 3. Client calls sts: assume. Role. With. Web. Identity with a role belonging in a second account. Get credentials for that account. 2. Client calls custom API in authentication account for Open. ID token lostcolony@gmail. com
Every AWS service can be accessed with these credentials using AWS Signature Version 4 lostcolony@gmail. com
You can restrict access to your APIs this way, too, but not via the SDK. Use a third party signing library rather than reimplement Sig 4 lostcolony@gmail. com
AWS does not currently have user controlled rate limiting to prevent malicious users from DDo. Sing you. lostcolony@gmail. com
However, stick a Cloud. Front in front of your API Gateway, and you can enable a Web Application Firewall. lostcolony@gmail. com
There is also AWS Shield. This works with the WAF on Cloudfront (and Route 53 at the DNS level) lostcolony@gmail. com
Most usage billed services AWS provides include access limits. Production workloads may need these raised. lostcolony@gmail. com
Some can be automatically raised via code. Most can’t. lostcolony@gmail. com
In general, you still have to have the monitoring and support a traditional solution requires. lostcolony@gmail. com
Summary • IAM is mostly respected by every service. Learn it. • Cognito is an identity provider built to return an Open. ID token • With a Cognito token, or custom code, you can retrieve temporary access credentials to AWS that can be used for most services. • The AWS SDK makes this easy for everything but API Gateway. • For API Gateway, use a Signature 4 library • DDo. S prevention is there, but limited. AWS is actively improving this. • Be aware of usage limitations. Raise as appropriate. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Automation lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
Infrastructure doesn’t change that much. Code does. lostcolony@gmail. com
Serverless - https: //serverless. com/ Apex - http: //apex. run/ Sparta - http: //gosparta. io/ Zappa - https: //github. com/Miserlou/Zappa Chalice - https: //github. com/awslabs/chalice lostcolony@gmail. com
Because these are CLI tools, you can leverage existing CI/CD tools fairly easily, but direct plugins are few. lostcolony@gmail. com
These tools do NOT address spinning up additional infrastructure. lostcolony@gmail. com
For this, use Cloudformations (or your preferred tool of choice) lostcolony@gmail. com
Versioning of both lambdas, and API Gateway stages, is supported, but fiddly. lostcolony@gmail. com
If you maintain config in separate files, consider uploading them to an encrypted S 3 bucket. lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
We’ve had success allowing devs access to a dev AWS account, which has AWS Config enabled. lostcolony@gmail. com
Summary • Use a framework for deploying lambda + API Gateway changes • Use Cloudformations for infrastructure. • There are multiple ways of handling config. Figure out what fits your deployment and security needs best. • Have separate accounts for each environment. • We’ve found a lot of success in allowing devs to make infrastructure changes freely in a dev account, and only on success worrying about the resulting Cloudformations, for deploying to stage, prod, etc. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Monitoring lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
Unsurprisingly, with Serverless, both logging and alerting change. lostcolony@gmail. com
Lambda logs go directly into Cloudwatch, but they are not easily followable, as they’re per function container. lostcolony@gmail. com
Happily, Cloudwatch has pretty decent search and metrics tools. lostcolony@gmail. com
You can set up alarms for these metrics, to post to an SNS queue (and then send out SMS messages, or emails). lostcolony@gmail. com
Following up with asynchronous lambdas. If they fail too many times, what happens? lostcolony@gmail. com
Well, they’re retried (as mentioned before), but otherwise nothing by default. But… lostcolony@gmail. com
Dead letter queues! lostcolony@gmail. com
lostcolony@gmail. com
You can hook a dead letter queue to your function, to send to an SNS topic or SQS queue. lostcolony@gmail. com
lostcolony@gmail. com
So lambda logs go to Cloudwatch. What about knowing (for instance), when I’m running out of throughput for my Dynamo tables? lostcolony@gmail. com
Metrics metrics! lostcolony@gmail. com
Track changes to your infrastructure. Cloudtrail does this if you enable it, and it, too, can post to Cloudwatch. lostcolony@gmail. com
Cloudwatch logs can be copied to S 3 buckets, as input for other tools, processes, etc. lostcolony@gmail. com
Summary • All your logs are belong to Cloudwatch • Cloudwatch tracks a lot of technical metrics for you. • Dead letter queues for your async lambdas that fail too hard. SNS can just email it to you. • Cloudwatch can manually drop logs into S 3 buckets, or automatically stream them to a Kinesis stream. • Those logs can in turn trigger lambdas! • Or just be processed by an AWS aware tool of your choice. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Latency lostcolony@gmail. com
lostcolony@gmail. com
Latency is not a problem. User experience is. lostcolony@gmail. com
Use Cloudfront. lostcolony@gmail. com
In general, any production facing endpoints should have a Cloudfront instance in front of them, even if you’re not caching. lostcolony@gmail. com
Be careful of caching error codes. lostcolony@gmail. com
lostcolony@gmail. com
The API Gateway also has a separate caching mechanism. It’s not really worth it. lostcolony@gmail. com
Your lambdas take time to spin up. Take that into account. lostcolony@gmail. com
Lambdas cold starting in a VPC take EVEN LONGER, and have additional considerations around ENIs. lostcolony@gmail. com
Rethink your API design. lostcolony@gmail. com
Summary • Worry about latency only when you have to. • Cloudfront all the things (APIs). • Be aware that HTTP errors are by default cached. • Prewarm functions if you need to. • Consider optimizing your API for fewer calls rather than separation of concerns if cost is a factor (with a solid framework this should not affect your library code, just your glue) lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Indirection lostcolony@gmail. com
lostcolony@gmail. com
Route 53 + Certificate Manager lostcolony@gmail. com
Rely on standard ports lostcolony@gmail. com
Use DNS for indirection even within VPCs, and use it for cross regional failover and scale out. lostcolony@gmail. com
Write your lambdas as libraries, and isolate the handler code. lostcolony@gmail. com
lostcolony@gmail. com
Summary • Write your lambdas as libraries, with glue. • AWS has great DNS and certificate utilities, that play very nicely with Serverless. • If you plan to migrate to Serverless, rely on standard ports. lostcolony@gmail. com
And that’s basically it. The AWS docs are good, the services work, we’re pretty happy with our serverless solutions. lostcolony@gmail. com
Questions? lostcolony@gmail. com
- Sand: towards high-performance serverless computing
- Azure serverless consultants
- Indirect speech
- Gdpr compliance on aws
- Thinking affects our language, which then affects our:
- Our census our future
- Christ be our light shine in our hearts
- Marcus aurelius our life is what our thoughts make it
- We bow our hearts
- Our census our future
- Our life is what our thoughts make it
- Money madness short summary
- Awareness of ourselves and our environment is
- Our awareness of ourselves and our environment is called
- God our father christ our brother
- Our future is in our hands quotes
- Awareness of ourselves and our environment
- Awareness of ourselves and our environment is:
- Phillips görbe
- Phillips curve
- Short run phillips curve
- Dr jana phillips
- Christophe phillips
- Dz phillips
- Stella_phillips
- Saints row
- Revelation song phillips craig and dean video
- Equação curva de phillips
- Exeter math 3-4
- Macroeconomics lesson 3 activity 46
- Expected vs actual inflation phillips curve
- Pepe phillips
- Philipsit
- Kommunikation tove phillips
- Jasmine richardsom
- Dz phillips
- Phillips 6/6
- Phillips curves
- Duygu phillips
- Phillips medicine dispenser
- Phillips materiales dentales
- Module 34 featured worksheet the phillips curve
- Kommunikation tove phillips
- Dr dawn phillips
- Chris phillips just develop it
- Materiales auxiliares en odontologia
- Phillips 66 accounts payable
- Susie phillips stanford cheerleader
- Donna phillips currault
- Anastasia phillips age
- King phillips war apush
- Metacom significance apush
- Todd phillips house
- Scott phillips md san antonio
- Kısa dönemli phillips eğrisi
- J. donald phillips biografia
- Robert phillips edelman
- Judy phillips management
- Brittany keeling
- Expected inflation rate phillips curve
- Gareth phillips afdb
- Julia phillips sandia
- Phillips plastics corp
- Philips lumi
- Kurva phillips
- Curva de phillips brasil
- Bothersomeness technique
- Dalisha key
- Courbe de phillips
- Jayne phillips
- Expected inflation phillips curve
- Christophe phillips
- Phillips
- Physical biology of the cell rob phillips
- Phillips staffing
- Kitty phillips
- Curva de phillips
- Phillips curve ap macro
- Cycle
- Call and return architecture in software engineering
- Integral product architecture example
- Modular product architecture
- Bus design in computer architecture
- Www.aws-rehab.at
- Target fiscal year end
- Personal data mapping
- Vocareum aws educate
- Aws perimeter security
- Skf aws
- Aws aurora multi region
- Ec2use
- Aws iaa
- Aws drupal hosting
- Aws wind navigator
- Aws network firewall multi az
- Thousand eyes aws
- Does ebay use aws
- Aws lambda
- Bmkg ofs
- Aws sqs queue icon
- Aws simple icon
- Aws dms icon
- Aws rule engine
- Amazon fsx
- Aws mks
- Weather station layout
- Elgg aws
- Canonical request for signature version 4
- Aws cse
- Aws simple icon
- Computational chemistry aws
- Aws strip mining
- Btl listing
- Ts dps
- Sloclr aws
- Aws identity and access management
- Aws economics
- Aws mks
- Mongodb aws
- Aws hmi
- Checkpoint vsec aws
- Aws academy cloud foundations (acf)
- Aws
- Asterisk aws instance
- Aws lambda image resize python
- Aws enterprise service bus
- Silbitz group staßfurt
- Aws disaster recovery warm standby
- Aws secrets engine
- Aws
- "sumo logic"
- Nagios aws
- Aws hp
- Fcaw electrode classification
- Aws glue gui
- Aws simple icons
- Stephen schmidt aws
- Types of dining
- Example of mock up in contrived experiences
- Share research experience and knowledge
- An account of the personal experiences of an author
- What are positive subjective experiences
- Chapter 20 guiding storytelling experiences
- The importance of social sciences
- Guiding play and puppetry experiences
- Traveling might satisfy your desire for new experiences.
- What are the experiences of latin american countries
- Direct experience example
- Near-death experiences are ap psych