Slide 1

Slide 1 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building Global Services with Serverless Marek Kuczynski Senior Specialist Serverless Solutions Architect Amazon Web Services marekq

Slide 2

Slide 2 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. In this session… • Reasons to build a global, serverless service • Handing data replication and deployments between regions • Using the edge network and caching • Rewriting requests in flight using Lambda @ Edge • Q&A

Slide 3

Slide 3 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fast, responsive websites generate more business https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/

Slide 4

Slide 4 text

It’s important to decrease latency for end-users ~50m s ~350ms

Slide 5

Slide 5 text

Accelerate using the CloudFront CDN

Slide 6

Slide 6 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivery acceleration (1/2) SYN SYN-ACK GET /index.jsp 20ms SYN GET /index.jsp 80ms 200 OK CloudFront Edge location SYN-ACK 200 OK Non CloudFront user 200ms Origin SYN SYN-ACK GET /index.jsp 200 OK CloudFront 1st user 180ms on cache miss 100ms

Slide 7

Slide 7 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivery acceleration (2/2) 20ms 80ms CloudFront Edge location Origin GET /index.jsp 200 OK SYN SYN-ACK SYN-ACK GET /index.jsp 200 OK GET /index.jsp 200 OK CloudFront 2nd user 120ms on cache miss 2x acceleration CloudFront 3rd user 40ms on cache hit 5x acceleration

Slide 8

Slide 8 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Test performance from your location; S3 transfer acceleration https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html

Slide 9

Slide 9 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Serverless components are highly available Region Availability zone a Availability zone b Availability zone c Serverless Services

Slide 10

Slide 10 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Availability Zones AZ AZ AZ AZ Transit Transit Datacenter Datacenter Datacenter AWS Region AWS Availability Zone (AZ)

Slide 11

Slide 11 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A pattern for multi region architectures Region Availability zone a Availability zone b Availability zone c Application Region Availability zone a Availability zone b Availability zone c Application Application Application Application Application

Slide 12

Slide 12 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Improve availability and disaster recovery Applications in US West Applications in US East Users from San Francisco Users from New York Service 1 Service 2 Service 3 Service 4 Service 1 Service 2 Service 3 Service 4

Slide 13

Slide 13 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 14

Slide 14 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Ruby PowerShell Bring your own runtime

Slide 15

Slide 15 text

AWS Serverless Spectrum On-Premises Cloud Less More Compute Virtual Machine Amazon EC2 AWS Elastic Beanstalk AWS Lambda Fargate Databases MySQL MySQL on EC2 Amazon RDS MySQL Amazon Aurora Amazon Aurora Serverless Amazon DynamoDB Storage Storage Amazon S3 Messaging ESBs Amazon MQ Amazon Kinesis Amazon SNS / SQS Analytics Hadoop Hadoop on EC2 Amazon EMR Amazon Elasticsearch Service Amazon Athena ECS EKS

Slide 16

Slide 16 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A serverless web application Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3

Slide 17

Slide 17 text

Demo - building a global messaging system https://github.com/marekq/global-serverless-chat

Slide 18

Slide 18 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating the deployment

Slide 19

Slide 19 text

Deploy your application using SAM CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

Slide 20

Slide 20 text

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./lambda Handler: index.handler Runtime: python3.7 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

Slide 21

Slide 21 text

Marek GitHub Package repo https://github.com/ marekq/global- serverless-chat AWS CodePipeline Orchestrates all steps AWS CodeBuild To build, test and package the Lambda resources AWS CloudFormation To deploy infrastructure AWS infrastructure Lambda, API Gateway, DynamoDB, etc. Amazon S3 to store built Lambda artifacts

Slide 22

Slide 22 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 23

Slide 23 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build high performance, globally distributed applications Low latency reads & writes to locally available tables Disaster proof with multi-region redundancy Easy to set up and no application rewrites required Globally dispersed users Replica (N. America) Replica (Europe) Replica (Asia) Global App Global Table Amazon DynamoDB Global Tables Fully managed, multi-master, multi-region database

Slide 24

Slide 24 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Setting up DynamoDB replication

Slide 25

Slide 25 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 cross-region replication Bucket with objects Bucket with objects

Slide 26

Slide 26 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 27

Slide 27 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global routing with Route 53

Slide 28

Slide 28 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route53: Traffic Policy

Slide 29

Slide 29 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Health checks with Route 53

Slide 30

Slide 30 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying API Gateways across regions AWS eu-west-1 API Gateway Internet AWS us-east-1 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

Slide 31

Slide 31 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use the Application Load Balancer with Lambda Enables easier transition from existing compute stacks using the Application Load Balancer Mix and match compute options to build your backends Robust load balancer controls (health checks, programmable rules engine, traffic shaping) Amazon ALB Amazon EC2 AWS Fargate AWS Lambda

Slide 32

Slide 32 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Global Accelerator

Slide 33

Slide 33 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global Accelerator routing

Slide 34

Slide 34 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Two static, anycast IP addresses available https://global.marek.host/

Slide 35

Slide 35 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Set traffic dials to your destinations across regions

Slide 36

Slide 36 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global Accelerator Application Load Balancer Lambda Function DynamoDB Global Table Route 53 Latency Routing API Gateway Regional API Lambda Function DynamoDB Global Table Route 53 vs API Gateway for multi region connectivity

Slide 37

Slide 37 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 38

Slide 38 text

Amazon CloudFront AWS Lambda Lambda@Edge Lambda@Edge

Slide 39

Slide 39 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS location AWS location AWS location AWS location AWS location AWS location

Slide 40

Slide 40 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Origin AWS location AWS location AWS location AWS location AWS location AWS location Compute Storage Database

Slide 41

Slide 41 text

Using Lambda@Edge for routing traffic AWS eu-west-1 API Gateway Internet AWS us-east-1 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables Lambda@Edge Amazon CloudFront

Slide 42

Slide 42 text

Lambda@Edge use cases and blueprints • Content customization • Based on user attributes, device properties • Visitor session validation • User-agent validation—add an Access-Control- Allow-Header • Validate access token to confirm authentication • URL customization • Re-write URLs, pretty URLs • A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user • Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling

Slide 43

Slide 43 text

How is Lambda@Edge different from Lambda? • Nodejs 8.10, Nodejs 10.x and Python 3.7 are supported runtimes. • The maximum function runtime can be 5 seconds for viewer requests and 30 seconds for origin requests. • You cannot access resources in your VPC. • Updating a Lambda@Edge function takes a few minutes. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-lambda-at-edge

Slide 44

Slide 44 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront triggers CloudFront cache Users Viewer request Viewer response Origin response Origin Origin request

Slide 45

Slide 45 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Viewer request events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin response Origin request Viewer request

Slide 46

Slide 46 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Viewer request events Executed on every request before the CloudFront cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached

Slide 47

Slide 47 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Route on user agent User agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin request event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?

Slide 48

Slide 48 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Generate redirect User agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin request event Cloudfront-Viewer-Country? Accept-Language?

Slide 49

Slide 49 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Short demo

Slide 50

Slide 50 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pretty URLs for user/API experience https://tiles.example.com/zoom/x/y.jpg S3 bucket tiles-v1.s3.amazonaws.com Legacy service old-tile-service.example.net Elastic Load Balancing tile-service-123456.us-east-1 .amazonaws.com

Slide 51

Slide 51 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Pretty URLs https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin request event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response

Slide 52

Slide 52 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transparent global expansion Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com

Slide 53

Slide 53 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Origin selection id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu

Slide 54

Slide 54 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Origin response events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin request Viewer request Origin response

Slide 55

Slide 55 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin response: Image processing User agent CloudFront distribution www.example.com Origin response event PUT S3 bucket images-origin.s3.amazonaws.com Viewer request event

Slide 56

Slide 56 text

Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Senior Specialist Serverless Solutions Architect Amazon Web Services marekq