On-demand image scaling with AWS Lambda and S3

Slide 1

Slide 1 text

On-demand image scaling with AWS Lambda Claudio Mettler

Slide 2

Slide 2 text

Project • Cloudiﬁcation of a monolithic customized CMS based on TYPO3 CMS (PHP/MySQL) for an online news platform • Image scaling built into CMS/template language (TYPO3/ﬂuid) • Unreliable • Slow

Slide 3

Slide 3 text

Template View Helpers    

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

Main Issues • Files on disk/EFS (and all in the same folder too!) • Lots of database queries • Unreliable

Slide 6

Slide 6 text

Replacement requirements • Use S3 (and Cloudfront) • Must be on-demand: required sizes can't be anticipated at time of upload • Minimize high-latency and high-CPU operations in page generating process • Minimize shared state/coupling for robustness

Slide 7

Slide 7 text

Step 1: Encode information in filename Original:  /o/[content hash]-[namespace]-[id]-[w]-[h].jpg • Happens on image upload • Client library takes image file and namespace/id, uploads the file to S3 and returns path

Slide 8

Slide 8 text

Step 2: Derive scaled ﬁlename from original Scaled: /s/[content hash]-[namespace]-[id]-[ow]-[oh]/[w]x[h].jpg • Client library takes original path and scaling conﬁguration, returns scaled path • No interaction with S3 or database necessary • This is all that has to be done on page generation

Slide 9

Slide 9 text

Step 3: Get S3 to act when scaled version doesn't exist • S3 can't trigger lambda and hold the request • It can Issue redirects and append the request path

Slide 10

Slide 10 text

S3 Routing Rules s/ 404 https [api gateway url] prod/s/ 302

Slide 11

Slide 11 text

Step 4: Lambda scaling task • Derive original path from scaled path • Fetch & scale original image • Save to S3 • Redirect back to S3 • For future requests, image will be directly delivered by S3

Slide 12

Slide 12 text

Step 5: Clean up • Trigger cleanup Lambda task every time an original is deleted • Task deletes all scaled versions of the image

Slide 13

Slide 13 text

Security considerations • If i can create arbitrarily scaled versions of an image, so can everyone on the internet • Easy to drive Lambda and S3 costs up with a few HTTP requests

Slide 14

Slide 14 text

Solution: HMAC • Hash Message Authentication Code • Sign request URL with a shared key • Will not prevent people from invoking Lambda • Will prevent expensive operations on Lambda • Ideally, Cloudfront would handle redirects internally and never expose API Gateway URLs

Slide 15

Slide 15 text

Scaled image URL /s/38fff39b6a847fc2d349bd331d9919adf5648ff8- zna-312468-240-160/317x211m.jpg?dyCQEqMUMa9n0LDzuciu7o5Tvvw%3D

Slide 16

Slide 16 text

Demo • 16 JPEG pictures, 2448x2448, 1.2-1.6 MB in size each • Scaled down to 1000x1000

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

No content

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Questions? [email protected] Terraform module: https://github.com/ponyfleisch/lambdaautoscale    PHP Client lib: https://github.com/ponyfleisch/clownfish-client-php