Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Serverless and Lambda@Edge - AWS UG The Hague

Serverless and Lambda@Edge - AWS UG The Hague

Marek Kuczynski

August 21, 2019
Tweet

More Decks by Marek Kuczynski

Other Decks in Technology

Transcript

  1. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Building Global Services with Serverless! Marek Kuczynski Sr Solutions Architect - startups Amazon Web Services marekq
  2. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. In this session… Reasons to build a global, serverless service Handing data replication and deployments between regions Using the edge network and caching Q&A
  3. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Fast, responsive websites generate more business https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/
  4. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon CloudFront: Global content delivery network § Accelerate static and dynamic content § Global infrastructure § Highly secure § Massively scalable § Self service § Priced to minimize cost
  5. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Global Accelerator
  6. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S3 transfer acceleration https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html
  7. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Multi-region Region Availability zone a Availability zone b Availability zone c Application Region Availability zone a Availability zone b Availability zone c Application Application Application Application Application
  8. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Serverless components Region Availability zone a Availability zone b Availability zone c Serverless Services
  9. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Why serverless components?? No provisioning, no management Pay for value Fault Tolerant and Automatic scaling Highly available and secure
  10. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Ruby PowerShell Bring your own runtime
  11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. A simple web application – single region Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3
  12. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo of a serverless blog – https://marek.rocks
  13. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. My Demo of a serverless blog – https://marek.rocks
  14. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Deploying to a second region – DynamoDB AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables
  15. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Build high performance, globally distributed applications Low latency reads & writes to locally available tables Disaster proof with multi-region redundancy Easy to set up and no application rewrites required Globally dispersed users Replica (N. America) Replica (Europe) Replica (Asia) Global App Global Table Amazon DynamoDB Global Tables Fully managed, multi-master, multi-region database
  16. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Setting up DynamoDB replication
  17. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon S3 cross-region replication Bucket with objects Bucket with objects
  18. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Deploying to a second region – API GW and Lambda AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables
  19. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model
  20. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function

    Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units
  21. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function

    Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable
  22. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Example minimal developer’s pipeline: MyBranch-Source Source CodeCommit Build test-build-source CodeBuild MyDev-Deploy create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda This pipeline: • Three Stages • Builds code artifact • One Development environment • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running test functions
  23. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. How to get started? AWS CodeStar • Quickly bootstraps your project • Includes the CI/CD pipeline • Integrates well with 3rd party tools • Setup to development in minutes
  24. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Amazon CloudFront Amazon CloudFront Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables
  25. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables Lambda@Edge Amazon CloudFront
  26. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Write once, run Lambda functions globally N Virginia AWS location AWS location AWS location AWS location AWS location AWS location
  27. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Lambda@Edge Origin AWS location AWS location AWS location AWS location AWS location AWS location Compute Storage Database
  28. Lambda@Edge use cases and blueprints • Content customization • Based

    on user attributes, device properties • Visitor session validation • User-agent validation—add an Access-Control- Allow-Header • Validate access token to confirm authentication • URL customization • Re-write URLs, pretty URLs • A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user • Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling
  29. How is Lambda@Edge different from Lambda? • Nodejs 8.10, Nodejs

    10.x and Python 3.7 are supported. • The maximum function runtime can be 5 seconds for viewer requests and 30 seconds for origin requests. • You cannot access resources in your VPC. • Updating a Lambda@Edge function takes a few minutes. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-lambda-at-edge
  30. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront triggers CloudFront cache Users Viewer request Viewer response Origin response Origin Origin request
  31. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront cache Viewer request events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin response Origin request Viewer request
  32. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Viewer request events Executed on every request before the CloudFront cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached
  33. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Route on user agent User agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin request event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?
  34. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Generate redirect User agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin request event Cloudfront-Viewer-Country? Accept-Language?
  35. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Doing the same using cookies https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda- examples-redirect-to-signin-page
  36. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Pretty URLs for user/API experience https://tiles.example.com/zoom/x/y.jpg S3 bucket tiles-v1.s3.amazonaws.com Legacy service old-tile-service.example.net Elastic Load Balancing tile-service-123456.us-east-1 .amazonaws.com
  37. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Pretty URLs https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin request event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response
  38. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Transparent global expansion Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com
  39. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Origin selection id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu
  40. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront cache Origin response events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin request Viewer request Origin response
  41. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin response: Image processing User agent CloudFront distribution www.example.com Origin response event PUT S3 bucket images-origin.s3.amazonaws.com Viewer request event
  42. Thank you! © 2019, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Marek Kuczynski marekq