Serverless Architecture on AWS Our Experiences Christopher Phillips
- Slides: 148
Serverless Architecture on AWS Our Experiences Christopher Phillips, Stanley Black & Decker
Christopher Phillips Technical Backend Lead at Stanley Black and Decker 7+ years of development experience Delivered production systems in Node, Erlang, Java Experienced with distributed, highly available, fault tolerant systems • Serverless deployments since September 2015 • • lostcolony@gmail. com
Purpose lostcolony@gmail. com
lostcolony@gmail. com
Summarize the infrastructure we’ve used, the ways we’ve used it, and the lessons we’ve learned, to give you a decent working set of what is useful in going Serverless. lostcolony@gmail. com
Assumptions lostcolony@gmail. com
lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. • You use, plan to use, or are considering using the Cloud (specifically AWS). lostcolony@gmail. com
• You have a sense of humor (or at least will indulge me). • You are involved in technical software decisions. • You use, plan to use, or are considering using the Cloud (specifically AWS). • You have some inkling of what Serverless is. lostcolony@gmail. com
But just in case… lostcolony@gmail. com
Recap lostcolony@gmail. com
lostcolony@gmail. com
AWS as VM farm Application Servers Database Servers Auto Scaling group Elastic Load Balancing Availability Zone #1 lostcolony@gmail. com
VMs with AWS Hosted Services Amazon Route 53 Cloud. Front distribution web app server Elastic Load Balancing logs root volume EC 2 instance security group data volume Amazon EBS snapshot Auto Scaling group Amazon RDS Availability Zone #1 VPC subnet lostcolony@gmail. com Amazon S 3 bucket
Serverless (AWS) Amazon Route 53 Cloud. Front distribution logs Amazon API Gateway AWS Lambda Amazon S 3 bucket VPC subnet Amazon RDS Availability Zone #1 lostcolony@gmail. com
Cons Pros • Costs are more visible • Complexity is hidden • Stateless • Scales trivially • Secure • Costs are more visible • Complexity is hidden. • Stateless can seem harder to reason about • Latency issues (cold start) • Immature tooling • Vendor lock-in (to some degree) lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. Right? lostcolony@gmail. com
So Serverless is just replacing REST APIs with API endpoints that call stateless functions. Right? Of course not. lostcolony@gmail. com
Real Applications™ Are Serious Business ™ lostcolony@gmail. com
lostcolony@gmail. com
Real Applications: • Maintain explicit state lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Real Applications: • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Explicit State lostcolony@gmail. com
lostcolony@gmail. com
Definition Time! lostcolony@gmail. com
Serverless has no shared disk or memory between function invocations (with caveats) lostcolony@gmail. com
Everything you have learned about distributed storage applies to basic storage in Serverless. lostcolony@gmail. com
S 3 Cons Pros • Extremely Cheap • No provisioning required • Trivial to replicate across regions • Version controlled • Very durable, with SLA • Can trigger off of updates • File system-like (no queries) • Eventually consistent lostcolony@gmail. com
Dynamo. DB Cons Pros • Infinitely scalable • Queryable • Can trigger off of updates. • Expensive • Requires explicit throughput provisioning • No. SQL model dictates denormalization and all that entails • Eventually consistent lostcolony@gmail. com
RDS Cons Pros • ACID transactions • Queryable • Familiar • Provisions according to hardware; downtime to scale up. • Limited ways to scale out (read replicas). • Questionable distribution story. • Requires you managing the DB • Should be in a VPC, which has some limitations you need to be aware of. • Complexity when it comes to connection handling. lostcolony@gmail. com
Be wary of disk and memory persistence between function invocations. lostcolony@gmail. com
Summary • Push state to the datastore; don’t rely on memory/disk between function invocations. • The datastore is necessarily distributed; treat it as such • S 3 is cheap, low complexity, but the most restrictive model • Dynamo. DB is expensive, requires adaptive provisioning, and is eventually consistent. • RDS is familiar, moderately expensive, moderately complex, and changes in provisioning require downtime. • There is no one size fits all; evaluate your use case. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Messaging & Responding lostcolony@gmail. com
lostcolony@gmail. com
What if I need some backend processing apart from REST calls? lostcolony@gmail. com
• SQS • Event based triggers • Schedule based triggers • Kinesis • SWF • Lambda Step functions lostcolony@gmail. com
Fundamentally all these services (and others) trigger lambdas based on various events. lostcolony@gmail. com
But with some caveats! lostcolony@gmail. com
Default SQS queues don’t preserve message order. But they’re probably what you want if you need a queue for later processing. lostcolony@gmail. com
SQS also provides FIFO queues, but extremely limited availability. lostcolony@gmail. com
Event based triggers are what they sound like. lostcolony@gmail. com
lostcolony@gmail. com
Scheduled events can be triggered with Cloudwatch lostcolony@gmail. com
lostcolony@gmail. com
You can invoke lambdas directly with the SDK, as well as execute SWF workflows or Lambda Step Functions. lostcolony@gmail. com
What happens when things fail? lostcolony@gmail. com
Lambdas behave differently depending on whether they’re called synchronously, asynchronously, or from a streaming service. lostcolony@gmail. com
Lambdas called synchronously will simply return a failure. Lambdas called asynchronously (from other AWS services) will automatically be queued up and retried a couple times and can be sent to a dead letter queue if retries are used up. Lambdas called from a streaming service will be retried, in order, until success or expiration. lostcolony@gmail. com
So that’s a quick overview of backend infrastructure. What about client pushes? lostcolony@gmail. com
Pushes to phones, triggered from lambdas, are no different from a traditional server environment. lostcolony@gmail. com
Pushes to web clients, however, are. They have no canonical AWS solution (as of writing) lostcolony@gmail. com
But there is a way. lostcolony@gmail. com
AWS Io. T effectively gives you pub/sub capabilities via Web. Sockets (MQTT over Websocket) https: //github. com/lostcolony/examples/blob/master/deviceless_ws. js lostcolony@gmail. com
Consider Polling. lostcolony@gmail. com
Consider Polling. No, seriously. Frequent updates may be cheaper to pick up via batching and polling. lostcolony@gmail. com
If AWS Io. T is too expensive, and polling won’t work…you may actually need server based infrastructure. lostcolony@gmail. com
lostcolony@gmail. com
However, this feature has been lodged with AWS. lostcolony@gmail. com
Summary • Events can trigger lambdas from many other services, and are configured as part of the lambda. • API Gateway is just a particular use case of this. • Events can be synchronous, in which case failure requires you to retry, asynchronous, in which case it will automatically be retried, or streaming, in which case it will retry until expiry, blocking all other events from processing. • AWS Io. T provides a way to have Serverless websockets, but it’s not priced as competitively as it might otherwise be (bulk discounts available though). • Use queues as appropriate; maintain idempotency. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Access Control lostcolony@gmail. com
lostcolony@gmail. com
AWS has IAM for access control. (Identity Access Management). lostcolony@gmail. com
AWS also has Cognito as an identity service. lostcolony@gmail. com
You don’t need to use Cognito for identification, but it’s actually pretty simple to get started. lostcolony@gmail. com
Create a federated identity pool. For its role(s), assign the relevant policy permissions. lostcolony@gmail. com
Amazon|Facebook|Google 1. 2. Log the user in to the service using their API, to get an open. ID token. Call get. Credentials. For. Identity with the appropriate login provider. lostcolony@gmail. com
Custom Identity Provider 1. 2. 3. Create an endpoint that validates user credentials appropriately. On successful validation, create a token with get. Open. Id. Token. For. Developer. Identity. Return this to the client. On the client, call get. Credentials. For. Identity. Use the login provider “cognito-identity. amazonaws. com” lostcolony@gmail. com
2. get. Open. Id. Token. For. Developer. Identity Amazon Cognito AWS Lambda 3. get. Credentials. For. Identity 1. API call Amazon API Gateway temporary security credential Open. Id Token lostcolony@gmail. com
You can also call sts: assume. Role* variants to generate temporary credentials, and to further restrict policies. lostcolony@gmail. com
1. Set up a role in your application account that has a trusted principal of the Cognito bucket in your authentication account. 3. Client calls sts: assume. Role. With. Web. Identity with a role belonging in a second account. Get credentials for that account. 2. Client calls custom API in authentication account for Open. ID token lostcolony@gmail. com
Every AWS service can be accessed with these credentials using AWS Signature Version 4 lostcolony@gmail. com
You can restrict access to your APIs this way, too, but not via the SDK. Use a third party signing library rather than reimplement Sig 4 lostcolony@gmail. com
AWS does not currently have user controlled rate limiting to prevent malicious users from DDo. Sing you. lostcolony@gmail. com
However, stick a Cloud. Front in front of your API Gateway, and you can enable a Web Application Firewall. lostcolony@gmail. com
There is also AWS Shield. This works with the WAF on Cloudfront (and Route 53 at the DNS level) lostcolony@gmail. com
Most usage billed services AWS provides include access limits. Production workloads may need these raised. lostcolony@gmail. com
Some can be automatically raised via code. Most can’t. lostcolony@gmail. com
In general, you still have to have the monitoring and support a traditional solution requires. lostcolony@gmail. com
Summary • IAM is mostly respected by every service. Learn it. • Cognito is an identity provider built to return an Open. ID token • With a Cognito token, or custom code, you can retrieve temporary access credentials to AWS that can be used for most services. • The AWS SDK makes this easy for everything but API Gateway. • For API Gateway, use a Signature 4 library • DDo. S prevention is there, but limited. AWS is actively improving this. • Be aware of usage limitations. Raise as appropriate. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Automation lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
Infrastructure doesn’t change that much. Code does. lostcolony@gmail. com
Serverless - https: //serverless. com/ Apex - http: //apex. run/ Sparta - http: //gosparta. io/ Zappa - https: //github. com/Miserlou/Zappa Chalice - https: //github. com/awslabs/chalice lostcolony@gmail. com
Because these are CLI tools, you can leverage existing CI/CD tools fairly easily, but direct plugins are few. lostcolony@gmail. com
These tools do NOT address spinning up additional infrastructure. lostcolony@gmail. com
For this, use Cloudformations (or your preferred tool of choice) lostcolony@gmail. com
Versioning of both lambdas, and API Gateway stages, is supported, but fiddly. lostcolony@gmail. com
If you maintain config in separate files, consider uploading them to an encrypted S 3 bucket. lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
We’ve had success allowing devs access to a dev AWS account, which has AWS Config enabled. lostcolony@gmail. com
Summary • Use a framework for deploying lambda + API Gateway changes • Use Cloudformations for infrastructure. • There are multiple ways of handling config. Figure out what fits your deployment and security needs best. • Have separate accounts for each environment. • We’ve found a lot of success in allowing devs to make infrastructure changes freely in a dev account, and only on success worrying about the resulting Cloudformations, for deploying to stage, prod, etc. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Monitoring lostcolony@gmail. com
lostcolony@gmail. com
lostcolony@gmail. com
Unsurprisingly, with Serverless, both logging and alerting change. lostcolony@gmail. com
Lambda logs go directly into Cloudwatch, but they are not easily followable, as they’re per function container. lostcolony@gmail. com
Happily, Cloudwatch has pretty decent search and metrics tools. lostcolony@gmail. com
You can set up alarms for these metrics, to post to an SNS queue (and then send out SMS messages, or emails). lostcolony@gmail. com
Following up with asynchronous lambdas. If they fail too many times, what happens? lostcolony@gmail. com
Well, they’re retried (as mentioned before), but otherwise nothing by default. But… lostcolony@gmail. com
Dead letter queues! lostcolony@gmail. com
lostcolony@gmail. com
You can hook a dead letter queue to your function, to send to an SNS topic or SQS queue. lostcolony@gmail. com
lostcolony@gmail. com
So lambda logs go to Cloudwatch. What about knowing (for instance), when I’m running out of throughput for my Dynamo tables? lostcolony@gmail. com
Metrics metrics! lostcolony@gmail. com
Track changes to your infrastructure. Cloudtrail does this if you enable it, and it, too, can post to Cloudwatch. lostcolony@gmail. com
Cloudwatch logs can be copied to S 3 buckets, as input for other tools, processes, etc. lostcolony@gmail. com
Summary • All your logs are belong to Cloudwatch • Cloudwatch tracks a lot of technical metrics for you. • Dead letter queues for your async lambdas that fail too hard. SNS can just email it to you. • Cloudwatch can manually drop logs into S 3 buckets, or automatically stream them to a Kinesis stream. • Those logs can in turn trigger lambdas! • Or just be processed by an AWS aware tool of your choice. lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Latency lostcolony@gmail. com
lostcolony@gmail. com
Latency is not a problem. User experience is. lostcolony@gmail. com
Use Cloudfront. lostcolony@gmail. com
In general, any production facing endpoints should have a Cloudfront instance in front of them, even if you’re not caching. lostcolony@gmail. com
Be careful of caching error codes. lostcolony@gmail. com
lostcolony@gmail. com
The API Gateway also has a separate caching mechanism. It’s not really worth it. lostcolony@gmail. com
Your lambdas take time to spin up. Take that into account. lostcolony@gmail. com
Lambdas cold starting in a VPC take EVEN LONGER, and have additional considerations around ENIs. lostcolony@gmail. com
Rethink your API design. lostcolony@gmail. com
Summary • Worry about latency only when you have to. • Cloudfront all the things (APIs). • Be aware that HTTP errors are by default cached. • Prewarm functions if you need to. • Consider optimizing your API for fewer calls rather than separation of concerns if cost is a factor (with a solid framework this should not affect your library code, just your glue) lostcolony@gmail. com
Real Applications • Maintain explicit state • Transition and communicate about state • Have access controls • Support CI/CD mechanisms • Are monitored • Ideally don’t suffer from noticeable latency • Rely on indirection to provide agility lostcolony@gmail. com
Indirection lostcolony@gmail. com
lostcolony@gmail. com
Route 53 + Certificate Manager lostcolony@gmail. com
Rely on standard ports lostcolony@gmail. com
Use DNS for indirection even within VPCs, and use it for cross regional failover and scale out. lostcolony@gmail. com
Write your lambdas as libraries, and isolate the handler code. lostcolony@gmail. com
lostcolony@gmail. com
Summary • Write your lambdas as libraries, with glue. • AWS has great DNS and certificate utilities, that play very nicely with Serverless. • If you plan to migrate to Serverless, rely on standard ports. lostcolony@gmail. com
And that’s basically it. The AWS docs are good, the services work, we’re pretty happy with our serverless solutions. lostcolony@gmail. com
Questions? lostcolony@gmail. com
Sand: towards high-performance serverless computing
Azure serverless consultants
Indirect speech
Gdpr compliance on aws
Thinking affects our language, which then affects our:
Our census our future
Christ be our light shine in our hearts
Marcus aurelius our life is what our thoughts make it
We bow our hearts
Our census our future
Our life is what our thoughts make it
Money madness short summary
Awareness of ourselves and our environment is
Our awareness of ourselves and our environment is called
God our father christ our brother
Our future is in our hands quotes
Awareness of ourselves and our environment
Awareness of ourselves and our environment is:
Phillips görbe
Phillips curve
Short run phillips curve
Dr jana phillips
Christophe phillips
Dz phillips
Stella_phillips
Saints row
Revelation song phillips craig and dean video
Equação curva de phillips
Exeter math 3-4
Macroeconomics lesson 3 activity 46
Expected vs actual inflation phillips curve
Pepe phillips
Philipsit
Kommunikation tove phillips
Jasmine richardsom
Dz phillips
Phillips 6/6
Phillips curves
Duygu phillips
Phillips medicine dispenser
Phillips materiales dentales
Module 34 featured worksheet the phillips curve
Kommunikation tove phillips
Dr dawn phillips
Chris phillips just develop it
Materiales auxiliares en odontologia
Phillips 66 accounts payable
Susie phillips stanford cheerleader
Donna phillips currault
Anastasia phillips age
King phillips war apush
Metacom significance apush
Todd phillips house
Scott phillips md san antonio
Kısa dönemli phillips eğrisi
J. donald phillips biografia
Robert phillips edelman
Judy phillips management
Brittany keeling
Expected inflation rate phillips curve
Gareth phillips afdb
Julia phillips sandia
Phillips plastics corp
Philips lumi
Kurva phillips
Curva de phillips brasil
Bothersomeness technique
Dalisha key
Courbe de phillips
Jayne phillips
Expected inflation phillips curve
Christophe phillips
Phillips
Physical biology of the cell rob phillips
Phillips staffing
Kitty phillips
Curva de phillips
Phillips curve ap macro
Cycle
Call and return architecture in software engineering
Integral product architecture example
Modular product architecture
Bus design in computer architecture
Www.aws-rehab.at
Target fiscal year end
Personal data mapping
Vocareum aws educate
Aws perimeter security
Skf aws
Aws aurora multi region
Ec2use
Aws iaa
Aws drupal hosting
Aws wind navigator
Aws network firewall multi az
Thousand eyes aws
Does ebay use aws
Aws lambda
Bmkg ofs
Aws sqs queue icon
Aws simple icon
Aws dms icon
Aws rule engine
Amazon fsx
Aws mks
Weather station layout
Elgg aws
Canonical request for signature version 4
Aws cse
Aws simple icon
Computational chemistry aws
Aws strip mining
Btl listing
Ts dps
Sloclr aws
Aws identity and access management
Aws economics
Aws mks
Mongodb aws
Aws hmi
Checkpoint vsec aws
Aws academy cloud foundations (acf)
Aws
Asterisk aws instance
Aws lambda image resize python
Aws enterprise service bus
Silbitz group staßfurt
Aws disaster recovery warm standby
Aws secrets engine
Aws
"sumo logic"
Nagios aws
Aws hp
Fcaw electrode classification
Aws glue gui
Aws simple icons
Stephen schmidt aws
Types of dining
Example of mock up in contrived experiences
Share research experience and knowledge
An account of the personal experiences of an author
What are positive subjective experiences
Chapter 20 guiding storytelling experiences
The importance of social sciences
Guiding play and puppetry experiences
Traveling might satisfy your desire for new experiences.
What are the experiences of latin american countries
Direct experience example
Near-death experiences are ap psych
