Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Serverless by Design

Serverless by Design

AWS User Group Meeting, Cambridge, July 10th, 2018

Serverless technologies bring you to adopt event-driven architectures. I created “Serverless by Design”, an open source tool that can help you to quickly think, build and iterate on a visual representation of your project. First, it can map event-driven architectures to a network model, actually a directed graph, easy to edit and visualize. Services and functions are nodes of the network, and the interaction between services and functions (such as triggers, read/write access, and other integrations) are edges. Then, it can build the starting code of your app using AWS SAM templates. To manage updates, you can configure safe deployments, that can be the starting point to implement a CI/CD pipeline.

Danilo Poccia

July 10, 2018
Tweet

More Decks by Danilo Poccia

Other Decks in Programming

Transcript

  1. Serverless by Design
    Danilo Poccia
    Evangelist, Serverless
    [email protected]
    @danilop
    danilop

    View Slide

  2. View Slide

  3. View Slide

  4. No servers to provision
    or manage
    Scales with usage
    Never pay for idle Availability and
    fault-tolerance built in
    Serverless means…

    View Slide

  5. SERVICES (ANYTHING)
    Changes in
    data state
    Requests to
    endpoints
    Changes in
    resource state
    EVENT SOURCE FUNCTION
    Node.js
    Python
    Java
    C# / F#
    Go
    Serverless applications

    View Slide

  6. Case
    Study

    View Slide

  7. Fannie Mae Serverless Financial Modeling
    Financial Modeling is a Monte-Carlo simulation process to project future cash flows,
    which is used for managing the mortgage risk on daily basis:
    • Underwriting and valuation
    • Risk management
    • Financial reporting
    • Loss mitigation and loan removal
    • ~10 Quadrillion (10#10$%) of cash flow
    projections each month in hundreds
    of economic scenarios.
    • One simulation run of ~ 20 million
    mortgages takes 1.4 hours, >4 times
    faster than the existing process. Federal National Mortgage Association
    The Federal National Mortgage Association
    Case
    Study

    View Slide

  8. Fine-grained pricing
    Buy compute time in 100-ms increments
    Low request charge
    No hourly, daily, or monthly minimums
    No per-device fees
    Never pay for idle
    Free Tier
    1 M requests and 400,000 GB-s of compute
    Every month, every customer

    View Slide

  9. SMART RESOURCE ALLOCATION
    Match resource allocation (up to 3 GB) to logic
    Stats for Lambda function that calculates 1000 times all prime
    numbers <= 1000000
    128 MB 11.722965 sec $0.024628
    256 MB 6.678945 sec $0.028035
    512 MB 3.194954 sec $0.026830
    1024 MB 1.465984 sec $0.024638

    View Slide

  10. Amazon
    S3
    Amazon
    DynamoDB
    Amazon
    Kinesis
    AWS
    CloudFormation
    AWS
    CloudTrail
    Amazon
    CloudWatch
    Amazon
    Cognito
    Amazon
    SNS
    Amazon
    SES
    Cronevents
    (CloudWatch
    Events)
    DATA STORES ENDPOINTS
    DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES
    Event sources that trigger AWS Lambda
    …and more!
    AWS
    CodeCommit
    Amazon
    API Gateway
    Amazon
    Alexa
    AWS IoT AWS Step
    Functions
    © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    Amazon
    SQS

    View Slide

  11. Lambda execution model
    Synchronous (push) Asynchronous (event) Stream-based
    Amazon
    API Gateway
    AWS Lambda
    function
    Amazon
    DynamoDB
    Amazon
    SNS
    /order
    AWS Lambda
    function
    Amazon
    S3
    reqs
    Amazon
    Kinesis
    changes
    AWS Lambda
    service
    function

    View Slide

  12. Lambda permissions model
    Fine-grained security controls for both
    execution and invocation
    Execution policies:
    • Define what AWS resources/API calls this
    function can access via IAM
    • Used in streaming invocations
    • For example, "Lambda function A can read
    from DynamoDB table users"
    Function policies:
    • Used for sync and async invocations
    • For example, "Actions on bucket X can invoke
    Lambda function Z"
    • Resource policies allow for cross-account
    access

    View Slide

  13. Create a unified
    API front end for
    multiple
    microservices
    Authenticate and
    authorize
    requests to a
    backend
    DDoS protection
    and throttling for
    your backend
    Throttle, meter,
    and monetize API
    usage by third-
    party developers
    Amazon API Gateway

    View Slide

  14. API Gateway integrations
    Mobile Apps
    Websites
    Services
    Amazon API Gateway
    API Gateway
    Cache
    Public
    Endpoints on
    Amazon EC2
    Amazon
    CloudWatch
    Monitoring
    All publicly
    accessible
    endpoints
    Lambda
    Functions
    Endpoints
    in VPC
    Applications
    & Services
    in VPC
    Any other
    AWS service
    Fully-managed
    CloudFront
    Distribution
    Edge-Optimized
    Regional
    Private
    Customer-managed
    CloudFront
    Distribution
    Applications
    & Services
    in the same
    AWS Region
    AWS Direct
    Connect
    On-premises

    View Slide

  15. API Gateway – Lambda Proxy Integration
    {
    "resource": "Resource path",
    "path": "Path parameter",
    "httpMethod": "Incoming request's method name",
    "headers": {Incoming request headers},
    "queryStringParameters": {Query string parameters},
    "pathParameters": {Path parameters},
    "stageVariables": {Applicable stage variables},
    "requestContext": {Request context, including
    authorizer-returned key-value pairs},
    "body": "...",
    "isBase64Encoded": true|false
    }
    {
    "statusCode": httpStatusCode,
    "headers": { "headerName": "headerValue", ... },
    "body": "...”,
    "isBase64Encoded": true|false
    }
    Input Format of a Lambda Function for Proxy Integration
    Output Format of a Lambda Function for Proxy Integration
    Amazon
    API Gateway
    AWS
    Lambda

    View Slide

  16. Infrastructure as Code
    AWS CloudFormation
    Provision and manage a collection of related AWS resources.
    Your application = CloudFormation stack
    Input .yaml file and output provisioned AWS resources

    View Slide

  17. Meet
    SAM!

    View Slide

  18. Serverless Application Model (SAM)
    CloudFormation extension optimized for serverless
    New serverless resource types: functions, APIs, and tables
    Supports anything CloudFormation supports
    Open specification (Apache 2.0)
    https://github.com/awslabs/serverless-application-model

    View Slide

  19. AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess
    Events:
    GetHtml:
    Type: Api
    Properties:
    Path: /{proxy+}
    Method: ANY
    SAM template

    View Slide

  20. AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess
    Events:
    GetHtml:
    Type: Api
    Properties:
    Path: /{proxy+}
    Method: ANY
    SAM template
    AWS::Lambda::Function
    AWS::IAM::Role
    AWS::IAM::Policy
    AWS::ApiGateway::RestApi
    AWS::ApiGateway::Stage
    AWS::ApiGateway::Deployment
    AWS::Lambda::Permission

    View Slide

  21. CloudFormation template
    AWSTemplateFormatVersion: '2010-09-09'
    Resources:
    GetHtmlFunctionGetHtmlPermissionProd:
    Type: AWS::Lambda::Permission
    Properties:
    Action: lambda:invokeFunction
    Principal: apigateway.amazonaws.com
    FunctionName:
    Ref: GetHtmlFunction
    SourceArn:
    Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
    ServerlessRestApiProdStage:
    Type: AWS::ApiGateway::Stage
    Properties:
    DeploymentId:
    Ref: ServerlessRestApiDeployment
    RestApiId:
    Ref: ServerlessRestApi
    StageName: Prod
    ListTable:
    Type: AWS::DynamoDB::Table
    Properties:
    ProvisionedThroughput:
    WriteCapacityUnits: 5
    ReadCapacityUnits: 5
    AttributeDefinitions:
    - AttributeName: id
    AttributeType: S
    KeySchema:
    - KeyType: HASH
    AttributeName: id
    GetHtmlFunction:
    Type: AWS::Lambda::Function
    Properties:
    Handler: index.gethtml
    Code:
    S3Bucket: flourish-demo-bucket
    S3Key: todo_list.zip
    Role:
    Fn::GetAtt:
    - GetHtmlFunctionRole
    - Arn
    Runtime: nodejs4.3
    GetHtmlFunctionRole:
    Type: AWS::IAM::Role
    ManagedPolicyArns:
    - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
    - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
    AssumeRolePolicyDocument:
    Version: '2012-10-17'
    Statement:
    - Action:
    - sts:AssumeRole
    Effect: Allow
    Principal:
    Service:
    - lambda.amazonaws.com
    ServerlessRestApiDeployment:
    Type: AWS::ApiGateway::Deployment
    Properties:
    RestApiId:
    Ref: ServerlessRestApi
    Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
    StageName: Stage
    GetHtmlFunctionGetHtmlPermissionTest:
    Type: AWS::Lambda::Permission
    Properties:
    Action: lambda:invokeFunction
    Principal: apigateway.amazonaws.com
    FunctionName:
    Ref: GetHtmlFunction
    SourceArn:
    Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
    ServerlessRestApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
    Body:
    info:
    version: '1.0'
    title:
    Ref: AWS::StackName
    paths:
    "/{proxy+}":
    x-amazon-apigateway-any-method:
    x-amazon-apigateway-integration:
    httpMethod: ANY
    type: aws_proxy
    uri:
    Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
    31/functions/${GetHtmlFunction.Arn}/invocations
    responses: {}

    View Slide

  22. CloudFormation Package/Deploy
    aws cloudformation package \
    --s3-bucket \
    --s3-prefix \
    --template-file template.yaml \
    --output-template-file packaged.yaml
    aws cloudformation deploy \
    --template-file packaged.yaml \
    --stack-name \
    --capabilities CAPABILITY_IAM
    A
    W
    S
    CLI

    View Slide

  23. Serverless by Design

    View Slide

  24. Serverless by Design
    https://sbd.danilop.net
    https://github.com/danilop/ServerlessByDesign
    O
    pen
    Source

    View Slide

  25. Demo #1:
    Infrastructure as Code

    View Slide

  26. Event
    Sourcing

    View Slide

  27. Introducing the new SAM CLI
    Usage: sam [OPTIONS] COMMAND [ARGS]...
    AWS Serverless Application Model (SAM) CLI
    The AWS Serverless Application Model extends AWS CloudFormation to provide
    a simplified way of defining the Amazon API Gateway APIs, AWS Lambda
    functions, and Amazon DynamoDB tables needed by your serverless
    application. You can find more in-depth guide about the SAM specification
    here: https://github.com/awslabs/serverless-application-model.
    Options:
    --debug Turn on debug logging
    --version Show the version and exit.
    --help Show this message and exit.
    Commands:
    init Initialize a serverless application with a...
    package Package an AWS SAM application. This is an alias for 'aws
    cloudformation package'.
    local Run your Serverless application locally for...
    validate Validate an AWS SAM template.
    deploy Deploy an AWS SAM application. This is an alias for 'aws
    cloudformation deploy'.
    A
    W
    S
    SA
    M
    CLI

    View Slide

  28. Introducing the new SAM CLI
    Usage: sam local [OPTIONS] COMMAND [ARGS]...
    Run your Serverless application locally for quick development & testing
    Options:
    --help Show this message and exit.
    Commands:
    generate-event Generate an event
    invoke Invokes a local Lambda function once
    start-api Runs your APIs locally
    A
    W
    S
    SA
    M
    CLI

    View Slide

  29. Introducing the new SAM CLI
    https://github.com/awslabs/aws-sam-cli
    pip install --user aws-sam-cli
    A
    W
    S
    SA
    M
    CLI

    View Slide

  30. Introducing the new SAM CLI
    sam init --runtime nodejs8.10 --name
    cd /
    more README.md
    cd hello_world/
    more app.js
    npm install
    cd ..
    sam local start-api
    sam validate
    sam package --template-file template.yaml \
    --s3-bucket --s3-prefix \
    --output-template-file packaged.yaml
    sam deploy --template-file packaged.yaml \
    --stack-name --capabilities CAPABILITY_IAM
    A
    W
    S
    SA
    M
    CLI

    View Slide

  31. Demo #2:
    AWS SAM CLI

    View Slide

  32. Safe deployments baked into SAM
    Lambda aliases now enable traffic shifting
    CodeDeploy integration for deployment automation
    Deployment automation natively supported in SAM

    View Slide

  33. Safe deployments baked into SAM
    Version – immutable deployment unit
    Alias – pointer to a version
    Lambda Function Foo:
    Alias "Live" - Version 5
    - Version 6
    - Version 7
    5%
    95%

    View Slide

  34. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1

    View Slide

  35. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Globals:
    Function:
    AutoPublishAlias: Live
    DeploymentPreference:
    Type: Canary10Percent10Minutes
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess

    View Slide

  36. Safe deployments baked into SAM
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Globals:
    Function:
    AutoPublishAlias: Live
    DeploymentPreference:
    Type: Canary10Percent10Minutes
    Hooks:
    PreTraffic: !Ref CodeDeployHook_PreTest
    PostTraffic: !Ref CodeDeployHook_PostTest
    Alarms:
    - !Ref DurationAlarm
    - !Ref ErrorAlarm
    Resources:
    GetHtmlFunction:
    Type: AWS::Serverless::Function
    Properties:
    CodeUri: s3://demo-bucket/todo_list.zip
    Handler: index.js
    Runtime: nodejs6.1
    Policies: AmazonDynamoDBReadOnlyAccess

    View Slide

  37. CodeDeploy Console

    View Slide

  38. Amazon API Gateway Canary Deployment

    View Slide

  39. Amazon API Gateway Canary Deployment

    View Slide

  40. Takeaways
    • Separate Business Logic from Event Handler(s)
    • Adapter Pattern
    • Think Event-Driven
    • Event Sourcing, Events are Immutable Information about Your Business
    • Manage your Infrastructure as Code
    • AWS Serverless Application Model (SAM) & AWS CloudFormation
    • Leverage Software Development Best Practices for Your Architecture
    • Use Safe Deployments in Production
    • Canary/Linear Deployments
    • Alarms & Hooks to Monitor Your Business Metrics
    • Build Your CI/CD Pipeline to Speed Up Your Feedback Cycle
    • AWS/SAM CLI + SAM + Your Favorite Tool
    • AWS CodePipeline + CodeBuild + CodeStar

    View Slide

  41. Serverless by Design
    Danilo Poccia
    Evangelist, Serverless
    [email protected]
    @danilop
    danilop

    View Slide