Slide 1

Slide 1 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Danilo Poccia Evangelist, Serverless [email protected] @danilop danilop Building Serverless APIs With the AWS API Gateway and AWS AppSync

Slide 2

Slide 2 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 3

Slide 3 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…

Slide 4

Slide 4 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications

Slide 5

Slide 5 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Lambda Bring your own code • Node.js, Java, Python, C#, Go • Bring your own libraries (even native ones) Simple resource model • Select power rating from 128 MB to 3 GB • CPU and network allocated proportionately Flexible use • Synchronous or asynchronous • Integrated with other AWS services Flexible authorization • Securely grant access to resources and VPCs • Fine-grained control for invoking your functions

Slide 6

Slide 6 text

Lambda permissions model Fine grained security controls for both execution and invocation: Execution policies: • Define what AWS resources/API calls can this function access via IAM • Used in streaming invocations • E.g. “Lambda function A can read from DynamoDB table users” Function policies: • Used for sync and async invocations • E.g. “Actions on bucket X can invoke Lambda function Z" • Resource policies allow for cross account access

Slide 7

Slide 7 text

Lambda execution model Synchronous (push) Asynchronous (event) Stream-based Amazon API Gateway AWS Lambda function Amazon DynamoDB Amazon SNS /order AWS Lambda function Amazon S3 reqs Amazon Kinesis changes AWS Lambda service function

Slide 8

Slide 8 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Lambda Authoring functions • Cloud9 • WYSIWYG editor or upload packaged .zip • Third-party plugins (Eclipse, Visual Studio) Monitoring and logging • Metrics for requests, errors, and throttles • Built-in logs to Amazon CloudWatch Logs • X-Ray integration Programming model • Use processes, threads, /tmp, sockets normally • AWS SDK built in (Python and Node.js) Stateless • Persist data using external storage • No affinity or access to underlying infrastructure

Slide 9

Slide 9 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Anatomy of a Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda Function Invocation Context object Methods available to interact with runtime information (request ID, log group, etc.) public String handleRequest(Book book, Context context) { saveBook(book); return book.getName() + " saved!"; }

Slide 10

Slide 10 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNS Amazon SES Cron events DATA STORES ENDPOINTS DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES Event sources that trigger AWS Lambda and more! AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions

Slide 11

Slide 11 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine-Grained Pricing Buy compute time in 100ms increments Low request charge No hourly, daily, or monthly minimums No per-device fees Never pay for idle Free Tier 1M requests and 400,000 GB-s of compute. Every month, every customer.

Slide 12

Slide 12 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Lambda use cases Web Applications • Static websites • Complex web apps • Packages for Flask and Express Data Processing • Real time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps & services • Mobile • IoT Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT Automation • Policy engines • Extending AWS services • Infrastructure management

Slide 13

Slide 13 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Create a unified API frontend for multiple micro- services Authenticate and authorize requests to a backend DDoS protection and throttling for your backend Throttle, meter, and monetize API usage by third-party developers

Slide 14

Slide 14 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway integrations Internet Mobile Apps Websites Services AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service YOUR VPC Endpoints in Your VPC Regional API Endpoints All publicly accessible endpoints AWS Lambda functions

Slide 15

Slide 15 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Security Several mechanisms for adding Authz/Authn to our API: • IAM Permissions • Use IAM policies and AWS credentials to grant access • Custom Authorizers • Use Lambda to validate a bearer token(Oauth or SAML as examples) or request parameters and grant access • Cognito User Pools • Create a completely managed user management system

Slide 16

Slide 16 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Authentication type comparison Feature AWS_IAM TOKEN REQUEST COGNITO Authentication X X X X Authorization X X X Signature V4 X Cognito User Pools X X X Third-Party Authentication X X Multiple Header Support X Additional Costs NONE Pay per authorizer invoke Pay per authorizer invoke NONE

Slide 17

Slide 17 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gateway responses Allows customization of various error responses • Change HTTP status code • Modify body content • Add headers Can customize specific responses and/or modify default 4XX/5XX

Slide 18

Slide 18 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway throttling Three levels of throttling for APIs API Key level throttling—configurable in usage plan Method level throttling—configurable in stage settings Account level throttling—limits can be increased

Slide 19

Slide 19 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway throttling Token bucket algorithm Burst—the maximum size of the bucket Rate—the number of tokens added to the bucket

Slide 20

Slide 20 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway usage plans API Key Throttling Rate/Burst per API Key API Key Quota Periodic limits per API Key API Key Usage Daily usage records

Slide 21

Slide 21 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom domains Run your APIs within your own DNS zone Recommended for supporting multiple versions api.tampr.com/v1 -> restapi1 api.tampr.com/v2 -> restapi2 Support for cross-region redundancy with regional API endpoints NEW

Slide 22

Slide 22 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon DynamoDB AWS Lambda Amazon API Gateway Amazon DynamoDB AWS Lambda Amazon API Gateway Amazon Route53 eu-west-1 us-east-1 Global Tables https://global.domain.com/

Slide 23

Slide 23 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway – Lambda Proxy Integration { "resource": "Resource path", "path": "Path parameter", "httpMethod": "Incoming request's method name", "headers": {Incoming request headers}, "queryStringParameters": {Query string parameters}, "pathParameters":{Path parameters}, "stageVariables": {Applicable stage variables}, "requestContext": {Request context, including authorizer-returned key-value pairs}, "body": "...", "isBase64Encoded": true|false } { "statusCode": httpStatusCode, "headers": { "headerName": "headerValue", ... }, "body": "...”, "isBase64Encoded": true|false } Input Format of a Lambda Function for Proxy Integration Output Format of a Lambda Function for Proxy Integration

Slide 24

Slide 24 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Lambda + Amazon API Gateway Demo

Slide 25

Slide 25 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Environment Variables • Key-value pairs that you can dynamically pass to your function • Available via standard environment variable APIs such as process.env for Node.js or os.environ for Python • Can optionally be encrypted via AWS Key Management Service (KMS) • Allows you to specify in IAM what roles have access to the keys to decrypt the information • Useful for creating environments per stage (i.e. dev, testing, production)

Slide 26

Slide 26 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings

Slide 27

Slide 27 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stage Variables and Lambda Aliases Using Stage Variables in API Gateway together with Lambda function Aliases you can manage a single API configuration and Lambda function for multiple environment stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev

Slide 28

Slide 28 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version.”

Slide 29

Slide 29 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version.”

Slide 30

Slide 30 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version. To minimize this impact, you can implement the routing-config parameter of the Lambda alias that allows you to point to two different versions of the Lambda function and dictate what percentage of incoming traffic is sent to each version.” – AWS Lambda docs on “Traffic Shifting Using Aliases” aws lambda update-alias --name alias name --function-name function- name --routing-config AdditionalVersionWeights={”6"=0.05}

Slide 31

Slide 31 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 1 2 3 = prod 4 5 6 = prod 5% My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --routing-config AdditionalVersionWeights={”6"=0.05}

Slide 32

Slide 32 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 5 6 = prod My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --function-version 6 --routing-config ''

Slide 33

Slide 33 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS Step Functions Blog link: http://amzn.to/2FjlWA7

Slide 34

Slide 34 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction

Slide 35

Slide 35 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction

Slide 36

Slide 36 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM AutoPublishAlias By adding this property and specifying an alias name, AWS SAM will do the following: • Detect when new code is being deployed based on changes to the Lambda function's Amazon S3 URI. • Create and publish an updated version of that function with the latest code. • Create an alias with a name you provide (unless an alias already exists) and points to the updated version of the Lambda function. Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce In SAM:

Slide 37

Slide 37 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction In SAM: Note: You can specify a maximum of 10 alarms

Slide 38

Slide 38 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NEW: Can deploy AWS Lambda!! Uses AWS SAM to deploy serverless applications Supports Lambda Alias Traffic Shifting enabling canaries and blue|green deployments Can rollback based on CloudWatch Metrics/Alarms Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions) AWS CodeDeploy + Lambda

Slide 39

Slide 39 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CodeDeploy comes with a number of added capabilities: • Custom deployment configurations. Examples: • “Canary 5% for 1 hour” • “Linear 20% every 1 hour” • Notification events via SNS on success/failure/rollback • Console with visibility on deploy status, history, and rollbacks. AWS CodeDeploy + Lambda

Slide 40

Slide 40 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy + Lambda

Slide 41

Slide 41 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Canary Support Use canary release deployments to gradually roll out new APIs in Amazon API Gateway: • configure percent of traffic to go to a new stage deployment • can test stage settings and variables • API gateway will create additional Amazon CloudWatch Logs group and CloudWatch metrics for the requests handled by the canary deployment API • To rollback: delete the deployment or set percent of traffic to 0 NEW!

Slide 42

Slide 42 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL: A Query Language for APIs Resources defined by a GraphQL schema Client sends query, server orchestrates data Multiple transports (HTTP, MQTT, WebSockets) Efficient (network bandwidth, dev time) Self-documenting (introspection w/tooling)

Slide 43

Slide 43 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Is REST dead then? • When data drives UI • Structured data • Query-driven • Client-driven development Use GraphQL • When you leverage HTTP • Caching • Content types • Hypermedia (HATEOS) • For resources (e.g., Amazon S3) Use REST Pick the appropriate protocol for your use case

Slide 44

Slide 44 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL Schema type Event { id: ID! name: String where: String when: String description: String comments: [Comment] } type Comment { commentId: String! eventId: ID! content: String! createdAt: String! }

Slide 45

Slide 45 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL Schema Mutation type Mutation { createEvent( name: String!, when: String!, where: String!, description: String! ): Event deleteEvent(id: ID!): Event commentOnEvent( eventId: ID!, content: String!, createdAt: String! ): Comment }

Slide 46

Slide 46 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL Schema Mutation Query type Query { getEvent(id: ID!): Event listEvents( limit: Int = 10, nextToken: String ): EventConnection }

Slide 47

Slide 47 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL Schema Mutation Query Subscription type Subscription { subscribeToEventComments(eventId: String!): Comment @aws_subscribe(mutations: ["commentOnEvent"]) }

Slide 48

Slide 48 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GraphQL Schema Mutation Query Subscription Realtime? YES Batching? YES Pagination? YES Relations? YES Aggregations? YES Search? YES Offline? YES

Slide 49

Slide 49 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AppSync DynamoDB Table Lambda Function Elasticsearch Service GraphQL Schema Upload Schema GraphQL Query Mutation Subscription Real-time Offline AppSync API Cognito User Pool

Slide 50

Slide 50 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AppSync DynamoDB Table Lambda Function Elasticsearch Service GraphQL Schema Upload Schema GraphQL Query Mutation Subscription Real-time Offline AppSync API Cognito User Pool Legacy Application

Slide 51

Slide 51 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AppSync DynamoDB Table Lambda Function Elasticsearch Service GraphQL Schema Upload Schema GraphQL Query Mutation Subscription Real-time Offline DynamoDB to Elasticsearch Sync Function AppSync API Cognito User Pool

Slide 52

Slide 52 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AppSync DynamoDB Table Lambda Function Elasticsearch Service GraphQL Schema Autogenerate Schema GraphQL Query Mutation Subscription Real-time Offline AppSync API Cognito User Pool Upload Schema

Slide 53

Slide 53 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS AppSync Demo

Slide 54

Slide 54 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://sbd.danilop.net O pen Source Serverless by Design

Slide 55

Slide 55 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Danilo Poccia Evangelist, Serverless [email protected] @danilop danilop