Architekturreview für Serverless-Anwendungen (IT-Tage)

© 2020, Amazon Web Services, Inc. or its Affiliates.
Dennis Kieselhorst
Sr. Solutions Architect
Architekturreview für
Serverless-Anwendungen

View Slide

When you look at the systems you are
building, can you answer the question:
“Are you Well-Architected?”

View Slide

Why does Well-Architected exist?
Learn Measure Improve
To drive better outcomes for customers who build and operate workloads in the cloud

View Slide

What is the AWS Well-Architected Framework?
Design principles Questions
Pillars

View Slide

Pillars of AWS Well-Architected
Security
Cost
Optimization
Operational
Excellence
Performance
Efficiency
Reliability

View Slide

You are
not going
to judge
my work!
It will
make
you
slow!
Here
comes
the audit!
It
blocked
my
project!
Not an audit!

View Slide

The truth is …
It is an objective, constructive
conversation
You will learn AWS best practices
You can leverage it to make
informed architectural decisions
You will lower or mitigate risks
You will build and deploy faster

View Slide

Serverless

View Slide

No server is easier to manage than "no server.”
Werner Vogels—Amazon CTO

View Slide

Serverless removes the undifferentiated heavy lifting
No infrastructure provisioning,
no management
Automatic scaling
Pay for value Highly available and secure

View Slide

Serverless is there for you, at every layer
Compute &
access
Storage
Messaging &
streaming

View Slide

User & identity
management
Delivery at
the edge
Analytics

View Slide

Provisioning &
monitoring
Development
tools

View Slide

Serverless Application Lens - Whitepaper
Defines all areas of Serverless
Applications
Defines common Serverless Use Cases
Defines the Best Practices in regards
to the Well Architected Pillars
https://d1.awsstatic.com/whitepapers/architectu
re/AWS-Serverless-Applications-Lens.pdf

View Slide

Well-Architected Tool
https://aws.amazon.com/well-architected-tool/

View Slide

Now… some best practices by pillar
Security
Cost
Optimization
Operational
Excellence
Performance
Efficiency
Reliability

View Slide

Operational Excellence best practices
Adopt a modern way to build applications
infrastructure as code
separate environments / accounts
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetProductsFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.getProducts
Runtime: nodejs10.x
CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref ProductTable
Events:
GetResource:
Type: Api
Properties:
Path: /products/{productId}
Method: get
ProductTable:
Type: AWS::Serverless::SimpleTable
Amazon CloudWatch
Logs & metrics
AWS X-Ray

View Slide

Adopt a modern way to build applications
infrastructure as code
separate environments / accounts
Amazon CloudWatch
Logs & metrics
AWS X-Ray

View Slide

Observability is the way to govern the serverless
application’s health
• Monitor CloudWatch
Amazon
CloudWatch
Logs and Metrics

View Slide

• Instrument X-Ray
Amazon
CloudWatch
Logs and Metrics
AWS X-Ray
var AWSXRay = require(‘aws-xray-sdk-core‘);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();

View Slide

• Instrument X-Ray
Lambda PowerTools
Lambda PowerTools
for Java
Lambda PowerTools
for Python

View Slide

Security best practices
Control access to your APIs and implement AppSec
• Least privilege
Cognito or a SAML / JWT identity provider
SAM predefined IAM policies
temporary credentials
public or private API Gateway
endpoints
Amazon
Cognito
AWS
Secrets
Manager
+ =
AWS WAF

View Slide

Reliability best practices
Protect your resources and build resiliency into your serverless
application
throttling
back-off and retries
RDS Proxy
long-running transactions AWS Step
Functions
async messaging
• Decouple
• Amazon SQS
• Amazon SNS
Amazon EventBridge to route events reliably
Amazon API
Gateway

View Slide

Performance Effiency best practices
Optimize your serverless application performance
services scaling behavior
• Optimize application code. Yes! Do it again!
on-demand capacity
caching
services integrations
Lambda provisioned concurrency
Lambda Power Tuning to tune power

View Slide

Wait, what’s Lambda Power Tuning?
Visualize and fine-tune the memory / power configuration
of Lambda functions
CleanUpOnError
Lambda Power
Tuning

View Slide

Cost Optimization best practices
Design your application to maximize value
• Reduce your Lambda functions code
asynchronous design patterns
Embedded Metric Format for CloudWatch
log-retention policies
Lambda Power Tuning

View Slide

Some things to remember
Make your functions single purpose, concise, short
Code is debt; write fewer functions
Understand and take advantage of the serverless concurrency model
Share nothing; assume no hardware affinity
Orchestrate with state machines, not application logic
Use events to trigger transactions
Leverage managed services when designing for failures and
duplicates

View Slide

Review Process
Identify a significant workload
Prepare for review
Review architecture
Review results and improvement plan
Create a plan to fix high risk issues

View Slide

Q&A

View Slide

Well-Architected Resources
Whitepapers https://aws.amazon.com/well-architected/
• PDF and Kindle available
• Framework
• Per pillar (operational excellence, reliability,
security, performance efficiency, cost optimization)
• Lenses (Serverless, HPC, IoT, Machine Learning, Analytics, …)
Training https://www.aws.training/Details/Curriculum?id=42037
• Framework
• Pillars
• Review Process
• Tool

View Slide

Thank you!
Dennis Kieselhorst, Sr. Solutions Architect
[email protected]
Feedback form: https://amzn.to/35cfKWx

View Slide

Architekturreview für Serverless-Anwendungen (IT-Tage)

Architekturreview für Serverless-Anwendungen (IT-Tage)

Dennis Kieselhorst

More Decks by Dennis Kieselhorst

Other Decks in Technology

Featured

Transcript