Slide 1

Slide 1 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with the AWS Cloud Development Kit (CDK) Marek Kuczynski Senior Serverless Solutions Architect Amazon Web Services

Slide 2

Slide 2 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 3

Slide 3 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. We are witnessing a paradigm shift Level of abstraction Focus on business logic Serverless Physical machines Virtual machines Containerization AWS Lambda AWS Fargate • Continuous scaling • Fault tolerance built in • Pay for value • Zero maintenance • Focus on business value

Slide 4

Slide 4 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon EC2 Instances, containers and functions Boots up in minutes Runs for days or much longer Full OS access AWS Fargate Starts in seconds Runs for minutes/hours Limited OS access AWS Lambda Starts in milliseconds Runs up to 15 minutes No OS access

Slide 5

Slide 5 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Lambda AWS Fargate Amazon API Gateway Amazon SNS Amazon SQS AWS Step Functions COMPUTE DATA STORES INTEGRATION AWS AppSync Amazon Aurora Serverless Amazon S3 Amazon DynamoDB Amazon EventBridge

Slide 6

Slide 6 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark A modern three-tier application architecture Presentation Business logic Data Queues/messages Events Events APIs

Slide 7

Slide 7 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Modern, serverless infrastructures A Lambda function in retrieves data from an on-premise system every 5 minutes Amazon CloudWatch Schedule AWS Lambda Ping function Instance or VM Alarm Archive output Update database AWS Cloud Corporate data center

Slide 8

Slide 8 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 9

Slide 9 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 0: Creating infrastructure by hand Your organization’s infrastructure

Slide 10

Slide 10 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code Your organization’s infrastructure deploy.script AWS SDK

Slide 11

Slide 11 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code • Lots of boilerplate • What if something fails and we need to retry? • What if two people try to run the script at once? • Race conditions? resource = getResource(xyz) if (resource == desiredResource) { return } else if (!resource) { createResource(desiredResource) } else { updateResource(desiredResource) } deploy.script

Slide 12

Slide 12 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative infrastructure as code Your organization’s infrastructure infrastructure.txt AWS CloudFormation HashiCorp Terraform AWS SDK

Slide 13

Slide 13 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative infrastructure as code infrastructure.txt • Just a list of each resource to create and its properties, in this case YAML format • Some minor helper functions may be built in to aid in fetching values dynamically Resources: # VPC in which containers will be networked. # It has two public subnets # We distribute the subnets across the first two available subnets # for the region, for high availability. VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] # Two public subnets, where containers can have public IP addresses PublicSubnetOne: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] MapPublicIpOnLaunch: true PublicSubnetTwo: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] MapPublicIpOnLaunch: true

Slide 14

Slide 14 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

Slide 15

Slide 15 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Declarative SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs12.x Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

Slide 16

Slide 16 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS Cloud Development Kit (AWS CDK) Your organization’s infrastructure app.js AWS CloudFormation AWS SDK AWS CDK

Slide 17

Slide 17 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS CDK • Write in a familiar programming language • Create many underlying AWS resources at once with a single construct • Each stack is made up of “constructs,” which are simple classes in the code • Still declarative, no need to handle create vs update cdk_app.js lambda_function.py

Slide 18

Slide 18 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Public Subnet in Availability Zone Public Subnet in Availability Zone 2 Private Subnet in Availability Zone Private Subnet in Availability Zone 2 Internet gateway NAT gateway NAT gateway One CDK construct expands to many underlying resources cdk deploy // Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });

Slide 19

Slide 19 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. One CDK construct expands to many underlying resources 270 lines of AWS CloudFormation YAML I don’t have to write! cdk synth // Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });

Slide 20

Slide 20 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK constructs are available in multiple languages

Slide 21

Slide 21 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 22

Slide 22 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Two levels of container abstraction in AWS CDK • Basic patterns for building Docker images, creating a cluster, task definition, task, or service • Stable release • Common architecture patterns built on top of the basic patterns: a load balanced service, a queue consumer, task scheduled to run at a particular time • Experimental release, we are still working on this!

Slide 23

Slide 23 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs Build a container image import ecs = require('@aws-cdk/aws-ecs’); const image = ecs.ContainerImage.fromAsset("apps/myapp") apps/myapp my- code.js Dockerfile Docker build Amazon EC2 Container Registry myapp registry Container image for your application

Slide 24

Slide 24 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Do you want to stay serverless or do you want to add EC2 instances and run on Amazon EC2? import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); cluster.addCapacity('cluster-capacity', { instanceType: new ec2.InstanceType("t2.xlarge"), desiredCapacity: 3 }); @aws-cdk/aws-ecs Create cluster to run application

Slide 25

Slide 25 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs’); import ecs_patterns = require('@aws-cdk/aws-ecs-patterns'); const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 }); const cluster = new ecs.Cluster(stack, 'Cluster', { vpc }); const myService = new ecs_patterns.LoadBalancedFargateService(stack, "my-service", { cluster, desiredCount: 3, image: ecs.ContainerImage.fromAsset("apps/myapp") }); With a few lines we are automatically building a Docker container locally, pushing it up to the cloud in an Amazon Elastic Container Registry (Amazon ECR), then launching running three copies of it in AWS Fargate, behind a load balancer that distributes traffic across all three. @aws-cdk/aws-ecs-patterns Launch load balanced service

Slide 26

Slide 26 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns Queue consumer const queue = new sqs.Queue(stack); const consumer = new ecs_patterns.QueueProcessingFargateService(stack, "consumer", { cluster, queue, desiredTaskCount: 3, image: ecs.ContainerImage.fromAsset("apps/consumer") }); Amazon Simple Queue Service (Amazon SQS) Create an Amazon SQS queue, plus a service that autoscales according to how many items are waiting in the queue. If the queue backs up, more containers are launched to grab items off the queue.

Slide 27

Slide 27 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns Time scheduled container Execute the container based on a scheduled time or rate. High-availability, low-cost distributed cron jobs! Amazon CloudWatch Every day at 5:00 const ecsScheduledTask = new ScheduledFargateTask(stack, 'ScheduledTask', { cluster, image: ecs.ContainerImage.fromRegistry("apps/my-cron-job"), scheduleExpression: 'rate(1 day)', environment: [{ name: 'TRIGGER', value: 'CloudWatch Events' }], memoryLimitMiB: 256 });

Slide 28

Slide 28 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 29

Slide 29 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparison of operational responsibility AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container-management as a service Amazon EC2 Infrastructure-as-a-Service More opinionated Less opinionated AWS manages Customer manages • Data source integrations • Physical hardware, software, networking, and facilities • Provisioning • Application code • Container orchestration, provisioning • Cluster scaling • Physical hardware, host OS/kernel, networking, and facilities • Application code • Data source integrations • Security config and updates, network config, management tasks • Container orchestration control plane • Physical hardware software, networking, and facilities • Application code • Data source integrations • Work clusters • Security config and updates, network config, firewall, management tasks • Physical hardware software, networking, and facilities • Application code • Data source integrations • Scaling • Security config and updates, network config, management tasks • Provisioning, managing scaling and patching of servers

Slide 30

Slide 30 text

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key considerations when selecting Lambda or Fargate • Is there a trigger or event I can use to launch a function? • Events can be scheduled, API calls or AWS service integrations • Can I easily modify the application code to run on Lambda? • Several runtimes are natively supported, others can be added • Do the cost economics work out (containers vs invocations)? • Calculate the expected cost per day, including maintenance

Slide 31

Slide 31 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. With CDK, you can combine Fargate with Lambda https://github.com/marekq/sqs-fargate-poller

Slide 32

Slide 32 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 33

Slide 33 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • AWS Amplify Console and CLI The fastest way to build mobile and web applications • Serverless Application Model (SAM) CLI Build serverless apps using a declarative YAML template • Cloud Development Kit (CDK) Define cloud resources in your favourite programming language Three serverless framework options from AWS

Slide 34

Slide 34 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The CDK can automate your infrastructure Security group IAM Role • AWS CDK automatically creates security groups and minimal security group rules that allow the load balancer to talk to your tasks • AWS CDK automatically creates an IAM role for your task. You can then easily add minimal access to other resources on your account Application Load Balancer • AWS CDK can automatically create a load balancer and attach it to your service for you Amazon ECR • AWS CDK can automatically build your container image and automatically push it to an automatically created ECR registry

Slide 35

Slide 35 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @aws-cdk/aws-ecs-patterns @aws-cdk/aws-ecs Look for reusable CDK constructs

Slide 36

Slide 36 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. NEW! AWS Solutions Constructs for CDK https://aws.amazon.com/blogs/aws/aws-solutions-constructs-a-library-of-architecture-patterns-for-the-aws-cdk/

Slide 37

Slide 37 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Solutions Constructs for CDK

Slide 38

Slide 38 text

Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Senior Serverless Solutions Architect Twitter: @marekq Email: [email protected]