Serverless by Design

Serverless by Design
Danilo Poccia
Evangelist, Serverless
[email protected]
@danilop
danilop

View Slide

View Slide

No servers to provision
or manage
Scales with usage
Never pay for idle Availability and
fault-tolerance built in
Serverless means…

View Slide

SERVICES (ANYTHING)
Changes in
data state
Requests to
endpoints
Changes in
resource state
EVENT SOURCE FUNCTION
Node.js
Python
Java
C# / F#
Go
Serverless applications

View Slide

Case
Study

View Slide

• PhotoVogue is an online photography platform. Launched in
2011 and part of Vogue Italia - which is owned by Condé Nast
Italia - it allows upcoming photographers to showcase their work.
• Amazon S3, AWS Lambda, Amazon API Gateway, Amazon CloudFront
• The Benefits
• Quicker provisioning, from days to hours
• 90% faster
• Cut IT costs by around 30%
• Seamless scalability
Case
Study

View Slide

Fannie Mae Serverless Financial Modeling
Financial Modeling is a Monte-Carlo simulation process to project future cash flows,
which is used for managing the mortgage risk on daily basis:
• Underwriting and valuation
• Risk management
• Financial reporting
• Loss mitigation and loan removal
• ~10 Quadrillion (10#10$%) of cash flow
projections each month in hundreds
of economic scenarios.
• One simulation run of ~ 20 million
mortgages takes 1.4 hours, >4 times
faster than the existing process.
Federal National Mortgage Association
The Federal National Mortgage Association
Case
Study

View Slide

Fine-grained pricing
Buy compute time in 100-ms increments
Low request charge
No hourly, daily, or monthly minimums
No per-device fees
Never pay for idle
Free Tier
1 M requests and 400,000 GB-s of compute
Every month, every customer

View Slide

SMART RESOURCE ALLOCATION
Match resource allocation (up to 3 GB) to logic
Stats for Lambda function that calculates 1000 times all prime
numbers <= 1000000
128 MB 11.722965 sec $0.024628
256 MB 6.678945 sec $0.028035
512 MB 3.194954 sec $0.026830
1024 MB 1.465984 sec $0.024638

View Slide

Amazon S3 Amazon
DynamoDB
Amazon
Kinesis
AWS
CloudFormation
AWS CloudTrail Amazon
CloudWatch
Amazon
Cognito
Amazon SNS
Amazon
SES
Cron events
DATA STORES ENDPOINTS
DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES
Event sources that trigger AWS Lambda
…and more!
AWS
CodeCommit
Amazon
API Gateway
Amazon
Alexa
AWS IoT AWS Step
Functions

View Slide

Lambda execution model
Synchronous (push) Asynchronous (event) Stream-based
Amazon
API Gateway
AWS Lambda
function
Amazon
DynamoDB
Amazon
SNS
/order
AWS Lambda
function
Amazon
S3
reqs
Amazon
Kinesis
changes
AWS Lambda
service
function

View Slide

Lambda permissions model
Fine-grained security controls for both
execution and invocation
Execution policies:
• Define what AWS resources/API calls this
function can access via IAM
• Used in streaming invocations
• For example, "Lambda function A can read
from DynamoDB table users"
Function policies:
• Used for sync and async invocations
• For example, "Actions on bucket X can invoke
Lambda function Z"
• Resource policies allow for cross-account
access

View Slide

Create a unified
API front end for
multiple
microservices
Authenticate and
authorize
requests to a
backend
DDoS protection
and throttling for
your backend
Throttle, meter,
and monetize API
usage by third-
party developers
Amazon API Gateway

View Slide

API Gateway integrations
Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
Amazon
CloudFront
YOUR VPC
Endpoints in
Your VPC
Regional API Endpoints
All publicly
accessible endpoints
AWS Lambda
functions
Any other
AWS service

View Slide

Amazon API Gateway – Lambda Proxy Integration
{
"resource": "Resource path",
"path": "Path parameter",
"httpMethod": "Incoming request's method name",
"headers": {Incoming request headers},
"queryStringParameters": {Query string parameters},
"pathParameters": {Path parameters},
"stageVariables": {Applicable stage variables},
"requestContext": {Request context, including authorizer-returned key-value pairs},
"body": "...",
"isBase64Encoded": true|false
}
{
"statusCode": httpStatusCode,
"headers": { "headerName": "headerValue", ... },
"body": "...”,
"isBase64Encoded": true|false
}
Input Format of a Lambda Function for Proxy Integration
Output Format of a Lambda Function for Proxy Integration

View Slide

© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.
AWS AppSync
A managed service for application data using GraphQL with
real-time capabilities and an offline programming model
Real-time
collaboration
Offline programming
model with sync
Flexible database
options
Fine-grained
access control

View Slide

Infrastructure as Code
AWS CloudFormation
Provision and manage a collection of related AWS resources.
Your application = CloudFormation stack
Input .yaml file and output provisioned AWS resources

View Slide

Meet
SAM!

View Slide

Serverless Application Model (SAM)
CloudFormation extension optimized for serverless
New serverless resource types: functions, APIs, and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)

View Slide

AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://demo-bucket/todo_list.zip
Handler: index.js
Runtime: nodejs6.1
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
SAM template

View Slide

Resources:
GetHtmlFunction:
Properties:
Handler: index.js
Runtime: nodejs6.1
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
SAM template
AWS::Lambda::Function
AWS::IAM::Role
AWS::IAM::Policy
AWS::ApiGateway::RestApi
AWS::ApiGateway::Stage
AWS::ApiGateway::Deployment
AWS::Lambda::Permission

View Slide

CloudFormation template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${GetHtmlFunction.Arn}/invocations

View Slide

CloudFormation Package/Deploy
aws cloudformation package \
--s3-bucket \
--s3-prefix packages \
--template-file template.yaml \
--output-template-file packaged.json
aws cloudformation deploy \
--template-file packaged.json \
--stack-name \
--capabilities CAPABILITY_IAM
A
W
S
CLI

View Slide


View Slide

https://sbd.danilop.net
https://github.com/danilop/ServerlessByDesign
O
pen
Source

View Slide

Demo #1:
Infrastructure as Code

View Slide

Event
Sourcing

View Slide

Safe deployments baked into SAM
Lambda aliases now enable traffic shifting
CodeDeploy integration for deployment automation
Deployment automation natively supported in SAM

View Slide

Version – immutable deployment unit
Alias – pointer to a version
Lambda Function Foo:
Alias "Live" - Version 5
- Version 6
- Version 7
5%
95%

View Slide

Resources:
GetHtmlFunction:
Properties:
Handler: index.js
Runtime: nodejs6.1

View Slide

Globals:
Function:
AutoPublishAlias: Live
DeploymentPreference:
Type: Canary10Percent10Minutes
Resources:
GetHtmlFunction:
Properties:
Handler: index.js
Runtime: nodejs6.1

View Slide

Globals:
Function:
AutoPublishAlias: Live
DeploymentPreference:
Type: Canary10Percent10Minutes
Hooks:
PreTraffic: !Ref CodeDeployHook_PreTest
PostTraffic: !Ref CodeDeployHook_PostTest
Alarms:
- !Ref DurationAlarm
- !Ref ErrorAlarm
Resources:
GetHtmlFunction:
Properties:
Handler: index.js
Runtime: nodejs6.1

View Slide

CodeDeploy Console

View Slide

Demo #2:
Safe Deployments

View Slide

Takeaways
• Separate Business Logic from Event Handler(s)
• Adapter Pattern
• Think Event-Driven
• Event Sourcing, Events are Immutable Information about Your Business
• Manage your Infrastructure as Code
• AWS Serverless Application Model (SAM) & AWS CloudFormation
• Leverage Software Development Best Practices for Your Architecture
• Use Safe Deployments in Production
• Canary/Linear Deployments
• Alarms & Hooks to Monitor Your Business Metrics
• Build Your CI/CD Pipeline to Speed Up Your Feedback Cycle
• AWS CLI + SAM + Your Favorite Tool
• AWS CodePipeline + CodeBuild + CodeStar

View Slide

Danilo Poccia
Evangelist, Serverless
[email protected]
@danilop
danilop

View Slide

Serverless by Design

Serverless by Design

Danilo Poccia

More Decks by Danilo Poccia

Other Decks in Programming

Featured

Transcript