Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Serverless by Design

Serverless by Design

Voxxed Days, Athens, June 2nd, 2018

Serverless technologies bring you to adopt event-driven architectures. I created “Serverless by Design”, an open source tool that can help you to quickly think, build and iterate on a visual representation of your project. First, it can map event-driven architectures to a network model, easy to edit and visualize. Services and functions are nodes of the network, and the interaction between services and functions (such as triggers, read/write access, and other integrations) are edges. Then, it can build the starting code of your app using AWS SAM templates, or the Serverless Framework. Have a look at the tool, and help add more functionalities if you like it.

Danilo Poccia

June 02, 2018
Tweet

More Decks by Danilo Poccia

Other Decks in Programming

Transcript

  1. Serverless by Design
    Danilo Poccia
    Evangelist, Serverless
    [email protected]
    @danilop
    danilop

    View Slide

  2. View Slide

  3. View Slide

  4. No servers to provision
    or manage
    Scales with usage
    Never pay for idle Availability and
    fault-tolerance built in
    Serverless means…

    View Slide

  5. SERVICES (ANYTHING)
    Changes in
    data state
    Requests to
    endpoints
    Changes in
    resource state
    EVENT SOURCE FUNCTION
    Node.js
    Python
    Java
    C# / F#
    Go
    Serverless applications

    View Slide

  6. Case
    Study

    View Slide

  7. • PhotoVogue is an online photography platform. Launched in
    2011 and part of Vogue Italia - which is owned by Condé Nast
    Italia - it allows upcoming photographers to showcase their work.
    • Amazon S3, AWS Lambda, Amazon API Gateway, Amazon CloudFront
    • The Benefits
    • Quicker provisioning, from days to hours
    • 90% faster
    • Cut IT costs by around 30%
    • Seamless scalability
    Case
    Study

    View Slide

  8. Fannie Mae Serverless Financial Modeling
    Financial Modeling is a Monte-Carlo simulation process to project future cash flows,
    which is used for managing the mortgage risk on daily basis:
    • Underwriting and valuation
    • Risk management
    • Financial reporting
    • Loss mitigation and loan removal
    • ~10 Quadrillion (10#10$%) of cash flow
    projections each month in hundreds
    of economic scenarios.
    • One simulation run of ~ 20 million
    mortgages takes 1.4 hours, >4 times
    faster than the existing process.
    Federal National Mortgage Association
    The Federal National Mortgage Association
    Case
    Study

    View Slide

  9. Fine-grained pricing
    Buy compute time in 100-ms increments
    Low request charge
    No hourly, daily, or monthly minimums
    No per-device fees
    Never pay for idle
    Free Tier
    1 M requests and 400,000 GB-s of compute
    Every month, every customer

    View Slide

  10. SMART RESOURCE ALLOCATION
    Match resource allocation (up to 3 GB) to logic
    Stats for Lambda function that calculates 1000 times all prime
    numbers <= 1000000
    128 MB 11.722965 sec $0.024628
    256 MB 6.678945 sec $0.028035
    512 MB 3.194954 sec $0.026830
    1024 MB 1.465984 sec $0.024638

    View Slide

  11. Amazon S3 Amazon
    DynamoDB
    Amazon
    Kinesis
    AWS
    CloudFormation
    AWS CloudTrail Amazon
    CloudWatch
    Amazon
    Cognito
    Amazon SNS
    Amazon
    SES
    Cron events
    DATA STORES ENDPOINTS
    DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES
    Event sources that trigger AWS Lambda
    …and more!
    AWS
    CodeCommit
    Amazon
    API Gateway
    Amazon
    Alexa
    AWS IoT AWS Step
    Functions

    View Slide

  12. Lambda execution model
    Synchronous (push) Asynchronous (event) Stream-based
    Amazon
    API Gateway
    AWS Lambda
    function
    Amazon
    DynamoDB
    Amazon
    SNS
    /order
    AWS Lambda
    function
    Amazon
    S3
    reqs
    Amazon
    Kinesis
    changes
    AWS Lambda
    service
    function

    View Slide

  13. Lambda permissions model
    Fine-grained security controls for both
    execution and invocation
    Execution policies:
    • Define what AWS resources/API calls this
    function can access via IAM
    • Used in streaming invocations
    • For example, "Lambda function A can read
    from DynamoDB table users"
    Function policies:
    • Used for sync and async invocations
    • For example, "Actions on bucket X can invoke
    Lambda function Z"
    • Resource policies allow for cross-account
    access

    View Slide

  14. Create a unified
    API front end for
    multiple
    microservices
    Authenticate and
    authorize
    requests to a
    backend
    DDoS protection
    and throttling for
    your backend
    Throttle, meter,
    and monetize API
    usage by third-
    party developers
    Amazon API Gateway

    View Slide

  15. API Gateway integrations
    Internet
    Mobile Apps
    Websites
    Services
    AWS Lambda
    functions
    AWS
    API Gateway
    Cache
    Endpoints on
    Amazon EC2
    Amazon
    CloudWatch
    Monitoring
    Amazon
    CloudFront
    YOUR VPC
    Endpoints in
    Your VPC
    Regional API Endpoints
    All publicly
    accessible endpoints
    AWS Lambda
    functions
    Any other
    AWS service

    View Slide

  16. Amazon API Gateway – Lambda Proxy Integration
    {
    "resource": "Resource path",
    "path": "Path parameter",
    "httpMethod": "Incoming request's method name",
    "headers": {Incoming request headers},
    "queryStringParameters": {Query string parameters},
    "pathParameters": {Path parameters},
    "stageVariables": {Applicable stage variables},
    "requestContext": {Request context, including authorizer-returned key-value pairs},
    "body": "...",
    "isBase64Encoded": true|false
    }
    {
    "statusCode": httpStatusCode,
    "headers": { "headerName": "headerValue", ... },
    "body": "...”,
    "isBase64Encoded": true|false
    }
    Input Format of a Lambda Function for Proxy Integration
    Output Format of a Lambda Function for Proxy Integration

    View Slide

  17. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.
    AWS AppSync
    A managed service for application data using GraphQL with
    real-time capabilities and an offline programming model
    Real-time
    collaboration
    Offline programming
    model with sync
    Flexible database
    options
    Fine-grained
    access control

    View Slide

  18. Infrastructure as Code
    AWS CloudFormation
    Provision and manage a collection of related AWS resources.
    Your application = CloudFormation stack
    Input .yaml file and output provisioned AWS resources

    View Slide

  19. Meet
    SAM!

    View Slide

  20. Serverless Application Model (SAM)
    CloudFormation extension optimized for serverless
    New serverless resource types: functions, APIs, and tables
    Supports anything CloudFormation supports
    Open specification (Apache 2.0)

    View Slide

  21. AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess
    Events:
    GetHtml:
    Type: Api
    Properties:
    Path: /{proxy+}
    Method: ANY
    SAM template

    View Slide

  22. AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess
    Events:
    GetHtml:
    Type: Api
    Properties:
    Path: /{proxy+}
    Method: ANY
    SAM template
    AWS::Lambda::Function
    AWS::IAM::Role
    AWS::IAM::Policy
    AWS::ApiGateway::RestApi
    AWS::ApiGateway::Stage
    AWS::ApiGateway::Deployment
    AWS::Lambda::Permission

    View Slide

  23. CloudFormation template
    AWSTemplateFormatVersion: '2010-09-09'
    Resources:
    GetHtmlFunctionGetHtmlPermissionProd:
    Type: AWS::Lambda::Permission
    Properties:
    Action: lambda:invokeFunction
    Principal: apigateway.amazonaws.com
    FunctionName:
    Ref: GetHtmlFunction
    SourceArn:
    Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
    ServerlessRestApiProdStage:
    Type: AWS::ApiGateway::Stage
    Properties:
    DeploymentId:
    Ref: ServerlessRestApiDeployment
    RestApiId:
    Ref: ServerlessRestApi
    StageName: Prod
    ListTable:
    Type: AWS::DynamoDB::Table
    Properties:
    ProvisionedThroughput:
    WriteCapacityUnits: 5
    ReadCapacityUnits: 5
    AttributeDefinitions:
    - AttributeName: id
    AttributeType: S
    KeySchema:
    - KeyType: HASH
    AttributeName: id
    GetHtmlFunction:
    Type: AWS::Lambda::Function
    Properties:
    Handler: index.gethtml
    Code:
    S3Bucket: flourish-demo-bucket
    S3Key: todo_list.zip
    Role:
    Fn::GetAtt:
    - GetHtmlFunctionRole
    - Arn
    Runtime: nodejs4.3
    GetHtmlFunctionRole:
    Type: AWS::IAM::Role
    ManagedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
    - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
    AssumeRolePolicyDocument:
    Version: '2012-10-17'
    Statement:
    - Action:
    - sts:AssumeRole
    Effect: Allow
    Principal:
    Service:
    - lambda.amazonaws.com
    ServerlessRestApiDeployment:
    Type: AWS::ApiGateway::Deployment
    Properties:
    RestApiId:
    Ref: ServerlessRestApi
    Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
    StageName: Stage
    GetHtmlFunctionGetHtmlPermissionTest:
    Type: AWS::Lambda::Permission
    Properties:
    Action: lambda:invokeFunction
    Principal: apigateway.amazonaws.com
    FunctionName:
    Ref: GetHtmlFunction
    SourceArn:
    Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
    ServerlessRestApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
    Body:
    info:
    version: '1.0'
    title:
    Ref: AWS::StackName
    paths:
    "/{proxy+}":
    x-amazon-apigateway-any-method:
    x-amazon-apigateway-integration:
    httpMethod: ANY
    type: aws_proxy
    uri:
    Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
    31/functions/${GetHtmlFunction.Arn}/invocations

    View Slide

  24. CloudFormation Package/Deploy
    aws cloudformation package \
    --s3-bucket \
    --s3-prefix packages \
    --template-file template.yaml \
    --output-template-file packaged.json
    aws cloudformation deploy \
    --template-file packaged.json \
    --stack-name \
    --capabilities CAPABILITY_IAM
    A
    W
    S
    CLI

    View Slide

  25. Serverless by Design

    View Slide

  26. Serverless by Design
    https://sbd.danilop.net
    https://github.com/danilop/ServerlessByDesign
    O
    pen
    Source

    View Slide

  27. Demo #1:
    Infrastructure as Code

    View Slide

  28. Event
    Sourcing

    View Slide

  29. Safe deployments baked into SAM
    Lambda aliases now enable traffic shifting
    CodeDeploy integration for deployment automation
    Deployment automation natively supported in SAM

    View Slide

  30. Safe deployments baked into SAM
    Version – immutable deployment unit
    Alias – pointer to a version
    Lambda Function Foo:
    Alias "Live" - Version 5
    - Version 6
    - Version 7
    5%
    95%

    View Slide

  31. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1

    View Slide

  32. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Globals:
    Function:
    AutoPublishAlias: Live
    DeploymentPreference:
    Type: Canary10Percent10Minutes
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess

    View Slide

  33. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Globals:
    Function:
    AutoPublishAlias: Live
    DeploymentPreference:
    Type: Canary10Percent10Minutes
    Hooks:
    PreTraffic: !Ref CodeDeployHook_PreTest
    PostTraffic: !Ref CodeDeployHook_PostTest
    Alarms:
    - !Ref DurationAlarm
    - !Ref ErrorAlarm
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess

    View Slide

  34. CodeDeploy Console

    View Slide

  35. Demo #2:
    Safe Deployments

    View Slide

  36. Takeaways
    • Separate Business Logic from Event Handler(s)
    • Adapter Pattern
    • Think Event-Driven
    • Event Sourcing, Events are Immutable Information about Your Business
    • Manage your Infrastructure as Code
    • AWS Serverless Application Model (SAM) & AWS CloudFormation
    • Leverage Software Development Best Practices for Your Architecture
    • Use Safe Deployments in Production
    • Canary/Linear Deployments
    • Alarms & Hooks to Monitor Your Business Metrics
    • Build Your CI/CD Pipeline to Speed Up Your Feedback Cycle
    • AWS CLI + SAM + Your Favorite Tool
    • AWS CodePipeline + CodeBuild + CodeStar

    View Slide

  37. Serverless by Design
    Danilo Poccia
    Evangelist, Serverless
    [email protected]
    @danilop
    danilop

    View Slide