Advanced Serverless Architectural Patterns on AWS

Alex Casalboni Technical Evangelist, AWS @alex_casalboni @ 2018, Amazon Web
Services, Inc. or its Affiliates. All rights reserved Advanced Serverless Architectural Patterns on AWS

© 2018 Amazon Web Services, Inc. or its Affiliates. All
rights reserved. About me • Software Engineer & Web Developer • Startupper for 4.5 years • ServerlessDays Organizer • AWS Customer since 2013

rights reserved. Agenda Serverless foundations (quickly, I promise!) Advanced serverless patterns: 1. Web application 2. Stream processing 3. Data lake 4. Machine learning

rights reserved. Compute Spectrum AWS Lambda Amazon Kinesis Amazon S3 Amazon API Gateway Amazon SQS Amazon DynamoDB AWS IoT Amazon EMR Amazon ElastiCache Amazon RDS Amazon Redshift Amazon Elasticsearch Managed Serverless Amazon EC2 Microsoft SQL Server “On Amazon EC2” Amazon Cognito Amazon CloudWatch Amazon Athena AWS X-Ray AWS Step Functions Amazon MQ Amazon SageMaker Amazon Neptune AWS Fargate Amazon DocumentDB

rights reserved. Serverless means… No server or container management Flexible scaling No idle capacity $ High availability

rights reserved. Bootstrap the runtime Start your code Lambda: The execution lifecycle Cold start Warm start Download your code Start new container Time

rights reserved. Tune your function’s resources Only a memory control - % of CPU core and network capacity allocated to a function proportionally Is your code CPU, network or memory-bound? If so, it could be cheaper to choose more memory > Memory, > Cores, > Network

rights reserved. “AWS Lambda Power Tuning” Data-driven cost & performance optimization for AWS Lambda github.com/alexcasalboni/aws-lambda-power-tuning Lambda Power Tuning

rights reserved. Lambda best practices Minimize your package size & use only needed SDK modules Put your dependency (e.g. .jar files) in a separate directory Improve dependency injection with smaller and simpler IoC frameworks that load quickly on startup, like Dagger2 Leverage smaller and faster frameworks like jackson-jr for Java data binding Use environment variables to modify operational behavior Secure secrets/tokens/passwords with Parameter Store and AWS Secrets Manager

rights reserved. AWS Serverless Application Model (SAM) AWS CloudFormation extension (Macro) to simplify serverless apps New serverless resource types: functions, APIs, and tables Local testing with SAM CLI github.com/awslabs/serverless-application-model

rights reserved. Source Build Test Deploy AWS CodeCommit AWS CodeBuild Third Party Tooling AWS CodeDeploy AWS CodePipeline AWS CodeStar AWS code services

rights reserved. Lambda alias traffic shifting & AWS SAM AutoPublishAlias By adding this property AWS SAM will do the following: • Detect when new code is being deployed based on changes to the Amazon S3 URI of the Lambda function • Create and publish an updated version of that function with the latest code • Create an alias with a name you provide and point to the updated version of the Lambda function Deployment preference type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce

@ 2018, Amazon Web Services, Inc. or its Affiliates. All
rights reserved Pattern 1 Web app / microservice / API

rights reserved. Web application (1) DynamoDB Lambda API Gateway Browser CloudFront Amazon S3 Cognito

rights reserved. Choose the right API endpoint type Edge optimized: reduce latency from anywhere on the Internet AWS Region API Gateway Internet edge location edge location edge location CloudFront Distribution API Gateway Managed

rights reserved. Web application (2) DynamoDB Lambda API Gateway Browser CloudFront S3 Cognito Lambda@Edge

rights reserved. Lambda@Edge use cases & blueprints Content customization • Based on user attributes, device properties Visitor session validation • User-agent validation—add an Access- Control-Allow-Header • Validate access token to confirm authentication URL customization • Re-write URLs, pretty URLs A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling

rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Route 53 Lambda DynamoDB Lambda DynamoDB Global Tables

rights reserved. Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon CloudFront Amazon CloudFront Lambda DynamoDB Lambda DynamoDB Global Tables Choose the right API endpoint type Route 53

rights reserved. Regional API Gateway Internet API Gateway Route 53 Lambda DynamoDB Lambda DynamoDB Global Tables Lambda@Edge CloudFront Choose the right API endpoint type AWS us-east-2 AWS us-west-2

rights reserved. Private: expose APIs only inside your VPC AWS Region API Gateway Your VPC AWS Direct Connect On-premises Choose the right API endpoint type

rights reserved. DynamoDB Lambda API Gateway Browser CloudFront Amazon S3 Cognito Serverless web app security

rights reserved. DynamoDB Lambda API Gateway Browser CloudFront S3 Cognito Serverless web app security Static Content • Geo-Restrictions • Signed Cookies • Signed URLs • DDOS Protection • Bucket Policies • ACLs AuthZ • Cross Account • Throttling per method • Resource Policies • Usage Plans • Encryption at Rest • VPC Endpoint • Function policies • Env Variables • Parameters/Secrets

rights reserved. Lambda Authorizer Client Lambda API Gateway DynamoDB IAM Lambda authorizers Two types: TOKEN―authorization token passed in a header REQUEST―all headers, query strings, paths, stage variables, or context variables

rights reserved. GraphQL: A query language for APIs Resources defined by a GraphQL schema Client sends query, server orchestrates data Multiple transports such as HTTP, MQTT, WebSockets Efficient for network bandwidth & dev time Self-documenting - introspection tooling

rights reserved. AWS AppSync DynamoDB Lambda Elasticsearch GraphQL Schema Upload Schema Query Mutation Subscription Real-time Online/Offline AWS AppSync Cognito User Pool Legacy Application Amazon RDS HTTP Resolver

rights reserved Pattern 2 Data processing (stream)

rights reserved. Streaming with Amazon Kinesis Collect, process, and analyze video and data streams in real time Kinesis Data Firehose SQL Kinesis Data Analytics Kinesis Data Streams Kinesis Video Streams

rights reserved. Streaming data ingestion Amazon S3: Buffered files Kinesis Agent Record producers Amazon Redshift: Table loads Amazon Elasticsearch Service: Domain loads Amazon S3: Source record backup Transformed records Put Records Kinesis Firehose: Delivery stream AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw Lookup Transformed

rights reserved. Streaming data ingestion (HTTP) HTTP POST/PUT API Gateway Browser Amazon S3: Buffered files Amazon Redshift: Table loads Amazon Elasticsearch Service: Domain loads Amazon S3: Source record backup AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw Lookup Transformed Transformed records Kinesis Firehose: Delivery stream

rights reserved. Streaming data ingestion (at the edge) Amazon S3: Buffered files Amazon Redshift: Table loads Amazon Elasticsearch Service: Domain loads Amazon S3: Source record backup AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw Lookup Transformed Transformed records Kinesis Firehose: Delivery stream HTTP POST/PUT CloudFront Lambda@Edge Browser

rights reserved. Kinesis Best practices Tune Firehose buffer size and buffer interval • Larger objects = fewer Lambda invocations & Amazon S3 PUTs Enable compression to reduce storage costs Enable Parquet format transformation (columnar) Enable Source Record Backup for transformations • Recover from transformation errors

rights reserved. Kinesis Data Streams and Lambda # of shards corresponds to concurrent invocations of Lambda function Batch size sets maximum # of records per invocation (min 1, max 10K) Data Stream Processor Function Streaming source Other AWS services

rights reserved. Fan-out pattern Trade strict message ordering for higher throughput & lower latency Kinesis Data Streams: Stream Lambda: Dispatcher function Lambda: Processor function Increase throughput, reduce processing latency Streaming source github.com/aws-samples/aws-lambda-fanout

rights reserved. Real-time analytics Data Stream Kinesis Data Analytics: Time window aggregation Kinesis Data Firehose: Error stream S3: Error records Record producers Lambda: Alert function DynamoDB SNS: Notifications

rights reserved. CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "DESTINATION_SQL_STREAM" SELECT STREAM "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE) as "window_ts", SUM("measurement") as "sample_sum", COUNT(*) AS "sample_count" FROM "SOURCE_SQL_STREAM_001" GROUP BY "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE); Kinesis Data Analytics Aggregation 10-minute tumbling window Kinesis Data Analytics: Time window aggregation Source stream Destination stream(s)

rights reserved Pattern 3 Data Lakes

rights reserved. Data lake characteristics Collect, store, process, consume, and analyze organizational data Structured, semi-structured, and unstructured data Decoupled compute and storage Fast automated ingestion Schema on-read Complementary to data warehouses

rights reserved. Serverless data lake S3 Elasticsearch Glue DynamoDB Catalog & search Cognito API Gateway API/UI Athena QuickSight Redshift Spectrum Analytics & processing Lambda Kinesis Streams Kinesis Firehose Direct Connect Ingest AWS IoT KMS CloudTrail IAM Macie Security & auditing

rights reserved. Glue Crawlers Glue Data Catalog QuickSight Redshift Spectrum Athena S3 Bucket(s) How to “serverlessly” query your data lake

rights reserved. Analytics options S3 Select on CSV, JSON and Apache Parquet objects Amazon QuickSight (data exploration) Amazon Athena (SQL queries) AWS Lambda (BYOL) Amazon SageMaker (predictions) Amazon EMR (Hadoop) AWS Glue (ETL)

rights reserved. Athena―Serverless interactive query service Query duration: 44.66 seconds Data scanned: 169.53GB Cost*: $0.85 * $5/TB or $0.005/GB SELECT gram, year, sum(count) FROM ngram WHERE gram = 'just say no' GROUP BY gram, year ORDER BY year ASC;

rights reserved. Athena best practices Partition data s3://my-bucket/my-data/parquet/year=2018/month=11/day=25/ Use columnar formats – Apache Parquet, AVRO, ORC Compress files with splittable compression (bzip2) Optimize file sizes aws.amazon.com/blogs/big-data/top-10-performance-tuning-tips-for-amazon-athena

rights reserved. <demo>

rights reserved. Serverless batch processing (Map/Reduce) Lambda: Splitter S3 Object DynamoDB: Mapper Results Lambda: Mappers …. …. Lambda: Reducer S3 Results

rights reserved. Pywren Python library developed by University of California, Berkeley 10 TFLOPS of peak compute power (default of 1000 concurrent functions) Over 80 GB/sec of read and 60 GB/sec of write performance using S3 http://pywren.io

rights reserved Pattern 4 Machine Learning

rights reserved. M L F R A M E W O R K S & I N F R A S T R U C T U R E The Amazon ML Stack: Broadest & Deepest Set of Capabilities A I S E R V I C E S R E K O G N I T I O N I M A G E P O L L Y T R A N S C R I B E T R A N S L A T E C O M P R E H E N D C O M P R E H E N D M E D I C A L L E X R E K O G N I T I O N V I D E O Vision Speech Chatbots A M A Z O N S A G E M A K E R B U I L D T R A I N F O R E C A S T T E X T R A C T P E R S O N A L I Z E D E P L O Y Pre-built algorithms & notebooks Data labeling (G R O U N D T R U T H ) One-click model training & tuning Optimization ( N E O ) One-click deployment & hosting M L S E R V I C E S F r a m e w o r k s I n t e r f a c e s I n f r a s t r u c t u r e E C 2 P 3 & P 3 d n E C 2 C 5 F P G A s G R E E N G R A S S E L A S T I C I N F E R E N C E Models without training data (REINFORCEMENT LEARNING) Algorithms & models ( A W S M A R K E T P L A C E ) Language Forecasting Recommendations NEW NEW NEW NEW NEW NEW NEW NEW NEW

rights reserved. 1. Upload 2. Submit image Image processing with Amazon Rekognition Image Step Functions 3. Store image Lambda DynamoDB Elasticsearch 8. Store metadata & analysis 4. DetectFaces 7. DetectText 5. DetectLabels 6. DetectModeration

rights reserved. Media analysis solution S3: Web interface Cognito Amazon Rekognition Video: Detect objects, scenes, faces, & celebrities Elasticsearch: Search index API Gateway: REST APIs https://aws.amazon.com/answers/media-entertainment/media-analysis-solution/ AWS Elemental MediaConvert: Transcode videos S3: Media storage Step Functions: Orchestrate analysis Transcribe Comprehend

rights reserved. Amazon Connect (Serverless contact center) Real time and historical analytics High-quality voice capability Call recording Skills-based routing [Automatic Call Distribution (ACD)]

rights reserved. Intelligent call center chatbot Amazon Connect Customer Amazon Lex Lambda: Chatbot Processing DynamoDB: Customer Data SNS: SMS Messaging Customer calls Connect to reschedule an appointment Connect calls Lex chatbot Lex chatbot calls Lambda function to get customer preferences and fulfil Intents Lambda function sends text message confirmation via SNS Customer receives appointment confirmation text message Lambda function writes updates to DynamoDB

rights reserved. Call center analytics Amazon Connect Customers Agents Call recordings S3: Call recordings S3: Call transcripts Step Functions Transcribe Lambda S3: Sentiment, key phrases, entities Step Functions S3 Notifications for call transcripts Comprehend Lambda Athena QuickSight Contact trace records (CTRs) Kinesis Data Streams Kinesis Data Firehose S3: CTRs

Advanced Serverless Architectural Patterns on AWS

Advanced Serverless Architectural Patterns on AWS

More Decks by Alex Casalboni

Other Decks in Programming

Featured

Transcript