© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building Global Services with Serverless Marek Kuczynski Senior Specialist Serverless Solutions Architect Amazon Web Services marekq

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. In this session… • Reasons to build a global, serverless service • Handing data replication and deployments between regions • Using the edge network and caching • Rewriting requests in flight using Lambda @ Edge • Q&A

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fast, responsive websites generate more business https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/

It’s important to decrease latency for end-users ~50m s ~350ms

Accelerate using the CloudFront CDN

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivery acceleration (1/2) SYN SYN-ACK GET /index.jsp 20ms SYN GET /index.jsp 80ms 200 OK CloudFront Edge location SYN-ACK 200 OK Non CloudFront user 200ms Origin SYN SYN-ACK GET /index.jsp 200 OK CloudFront 1st user 180ms on cache miss 100ms

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivery acceleration (2/2) 20ms 80ms CloudFront Edge location Origin GET /index.jsp 200 OK SYN SYN-ACK SYN-ACK GET /index.jsp 200 OK GET /index.jsp 200 OK CloudFront 2nd user 120ms on cache miss 2x acceleration CloudFront 3rd user 40ms on cache hit 5x acceleration

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Test performance from your location; S3 transfer acceleration https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Serverless components are highly available Region Availability zone a Availability zone b Availability zone c Serverless Services

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Availability Zones AZ AZ AZ AZ Transit Transit Datacenter Datacenter Datacenter AWS Region AWS Availability Zone (AZ)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A pattern for multi region architectures Region Availability zone a Availability zone b Availability zone c Application Region Availability zone a Availability zone b Availability zone c Application Application Application Application Application

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Improve availability and disaster recovery Applications in US West Applications in US East Users from San Francisco Users from New York Service 1 Service 2 Service 3 Service 4 Service 1 Service 2 Service 3 Service 4

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Ruby PowerShell Bring your own runtime

AWS Serverless Spectrum On-Premises Cloud Less More Compute Virtual Machine Amazon EC2 AWS Elastic Beanstalk AWS Lambda Fargate Databases MySQL MySQL on EC2 Amazon RDS MySQL Amazon Aurora Amazon Aurora Serverless Amazon DynamoDB Storage Storage Amazon S3 Messaging ESBs Amazon MQ Amazon Kinesis Amazon SNS / SQS Analytics Hadoop Hadoop on EC2 Amazon EMR Amazon Elasticsearch Service Amazon Athena ECS EKS

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A serverless web application Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3

Demo - building a global messaging system https://github.com/marekq/global-serverless-chat

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating the deployment

Deploy your application using SAM CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./lambda Handler: index.handler Runtime: python3.7 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

Marek GitHub Package repo https://github.com/ marekq/global- serverless-chat AWS CodePipeline Orchestrates all steps AWS CodeBuild To build, test and package the Lambda resources AWS CloudFormation To deploy infrastructure AWS infrastructure Lambda, API Gateway, DynamoDB, etc. Amazon S3 to store built Lambda artifacts

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build high performance, globally distributed applications Low latency reads & writes to locally available tables Disaster proof with multi-region redundancy Easy to set up and no application rewrites required Globally dispersed users Replica (N. America) Replica (Europe) Replica (Asia) Global App Global Table Amazon DynamoDB Global Tables Fully managed, multi-master, multi-region database

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Setting up DynamoDB replication

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 cross-region replication Bucket with objects Bucket with objects

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global routing with Route 53

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route53: Traffic Policy

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Health checks with Route 53

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying API Gateways across regions AWS eu-west-1 API Gateway Internet AWS us-east-1 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use the Application Load Balancer with Lambda Enables easier transition from existing compute stacks using the Application Load Balancer Mix and match compute options to build your backends Robust load balancer controls (health checks, programmable rules engine, traffic shaping) Amazon ALB Amazon EC2 AWS Fargate AWS Lambda

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Global Accelerator

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global Accelerator routing

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Two static, anycast IP addresses available https://global.marek.host/

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Set traffic dials to your destinations across regions

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global Accelerator Application Load Balancer Lambda Function DynamoDB Global Table Route 53 Latency Routing API Gateway Regional API Lambda Function DynamoDB Global Table Route 53 vs API Gateway for multi region connectivity

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Amazon CloudFront AWS Lambda Lambda@Edge Lambda@Edge

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS location AWS location AWS location AWS location AWS location AWS location

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Origin AWS location AWS location AWS location AWS location AWS location AWS location Compute Storage Database

Using Lambda@Edge for routing traffic AWS eu-west-1 API Gateway Internet AWS us-east-1 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables Lambda@Edge Amazon CloudFront

Lambda@Edge use cases and blueprints • Content customization • Based on user attributes, device properties • Visitor session validation • User-agent validation—add an Access-Control- Allow-Header • Validate access token to confirm authentication • URL customization • Re-write URLs, pretty URLs • A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user • Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling

How is Lambda@Edge different from Lambda? • Nodejs 8.10, Nodejs 10.x and Python 3.7 are supported runtimes. • The maximum function runtime can be 5 seconds for viewer requests and 30 seconds for origin requests. • You cannot access resources in your VPC. • Updating a Lambda@Edge function takes a few minutes. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-lambda-at-edge

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront triggers CloudFront cache Users Viewer request Viewer response Origin response Origin Origin request

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Viewer request events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin response Origin request Viewer request

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Viewer request events Executed on every request before the CloudFront cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Route on user agent User agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin request event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Generate redirect User agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin request event Cloudfront-Viewer-Country? Accept-Language?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Short demo

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pretty URLs for user/API experience https://tiles.example.com/zoom/x/y.jpg S3 bucket tiles-v1.s3.amazonaws.com Legacy service old-tile-service.example.net Elastic Load Balancing tile-service-123456.us-east-1 .amazonaws.com

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Pretty URLs https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin request event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transparent global expansion Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Origin selection id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Origin response events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin request Viewer request Origin response

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin response: Image processing User agent CloudFront distribution www.example.com Origin response event PUT S3 bucket images-origin.s3.amazonaws.com Viewer request event

Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Senior Specialist Serverless Solutions Architect Amazon Web Services marekq