Serverless and Lambda@Edge - AWS UG The Hague

Transcript

1. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Building Global Services with Serverless! Marek Kuczynski Sr Solutions Architect - startups Amazon Web Services marekq

2. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. In this session… Reasons to build a global, serverless service Handing data replication and deployments between regions Using the edge network and caching Q&A

3. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Fast, responsive websites generate more business https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/

4. Critical to improve latency for end-users ~50m s ~350ms

5. Accelerate using CloudFront

6. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Amazon CloudFront: Global content delivery network § Accelerate static and dynamic content § Global infrastructure § Highly secure § Massively scalable § Self service § Priced to minimize cost

7. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. AWS Global Accelerator

8. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved.

9. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S3 transfer acceleration https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html

10. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Multi-region Region Availability zone a Availability zone b Availability zone c Application Region Availability zone a Availability zone b Availability zone c Application Application Application Application Application

11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Serverless components Region Availability zone a Availability zone b Availability zone c Serverless Services

12. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Why serverless components?? No provisioning, no management Pay for value Fault Tolerant and Automatic scaling Highly available and secure

13. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Ruby PowerShell Bring your own runtime

14. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. A simple web application – single region Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3

15. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Demo of a serverless blog – https://marek.rocks

16. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. My Demo of a serverless blog – https://marek.rocks

17. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Deploying to a second region – DynamoDB AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

18. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Build high performance, globally distributed applications Low latency reads & writes to locally available tables Disaster proof with multi-region redundancy Easy to set up and no application rewrites required Globally dispersed users Replica (N. America) Replica (Europe) Replica (Asia) Global App Global Table Amazon DynamoDB Global Tables Fully managed, multi-master, multi-region database

19. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Setting up DynamoDB replication

20. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon S3 cross-region replication Bucket with objects Bucket with objects

21. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Deploying to a second region – API GW and Lambda AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

22. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

23. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function

    Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

24. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function

    Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable

25. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Example minimal developer’s pipeline: MyBranch-Source Source CodeCommit Build test-build-source CodeBuild MyDev-Deploy create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda This pipeline: • Three Stages • Builds code artifact • One Development environment • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running test functions

26. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. How to get started? AWS CodeStar • Quickly bootstraps your project • Includes the CI/CD pipeline • Integrates well with 3rd party tools • Setup to development in minutes

27. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Amazon CloudFront Amazon CloudFront Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

28. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables Lambda@Edge Amazon CloudFront

29. Amazon CloudFront AWS Lambda Lambda@Edge Lambda@Edge

30. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Write once, run Lambda functions globally N Virginia AWS location AWS location AWS location AWS location AWS location AWS location

31. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Lambda@Edge Origin AWS location AWS location AWS location AWS location AWS location AWS location Compute Storage Database

32. Lambda@Edge use cases and blueprints • Content customization • Based

    on user attributes, device properties • Visitor session validation • User-agent validation—add an Access-Control- Allow-Header • Validate access token to confirm authentication • URL customization • Re-write URLs, pretty URLs • A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user • Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling

33. How is Lambda@Edge different from Lambda? • Nodejs 8.10, Nodejs

    10.x and Python 3.7 are supported. • The maximum function runtime can be 5 seconds for viewer requests and 30 seconds for origin requests. • You cannot access resources in your VPC. • Updating a Lambda@Edge function takes a few minutes. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-lambda-at-edge

34. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront triggers CloudFront cache Users Viewer request Viewer response Origin response Origin Origin request

35. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront cache Viewer request events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin response Origin request Viewer request

36. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Viewer request events Executed on every request before the CloudFront cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached

37. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Route on user agent User agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin request event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?

38. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Generate redirect User agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin request event Cloudfront-Viewer-Country? Accept-Language?

39. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Short demo

40. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Doing the same using cookies https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda- examples-redirect-to-signin-page

41. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Pretty URLs for user/API experience https://tiles.example.com/zoom/x/y.jpg S3 bucket tiles-v1.s3.amazonaws.com Legacy service old-tile-service.example.net Elastic Load Balancing tile-service-123456.us-east-1 .amazonaws.com

42. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Pretty URLs https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin request event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response

43. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Transparent global expansion Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com

44. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin request: Origin selection id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu

45. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. CloudFront cache Origin response events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin request Viewer request Origin response

46. © 2018, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Origin response: Image processing User agent CloudFront distribution www.example.com Origin response event PUT S3 bucket images-origin.s3.amazonaws.com Viewer request event

47. Thank you! © 2019, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Marek Kuczynski marekq