© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building Global Services with Serverless! Marek Kuczynski Sr Solutions Architect - startups Amazon Web Services marekq

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. In this session… Reasons to build a global, serverless service Handing data replication and deployments between regions Using the edge network and caching Q&A

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fast, responsive websites generate more business https://www.gigaspaces.com/blog/amazon-found-every-100ms-of-latency-cost-them-1-in-sales/

Critical to improve latency for end-users ~50m s ~350ms

Accelerate using CloudFront

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudFront: Global content delivery network § Accelerate static and dynamic content § Global infrastructure § Highly secure § Massively scalable § Self service § Priced to minimize cost

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Global Accelerator

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S3 transfer acceleration https://s3-accelerate-speedtest.s3-accelerate.amazonaws.com/en/accelerate-speed-comparsion.html

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-region Region Availability zone a Availability zone b Availability zone c Application Region Availability zone a Availability zone b Availability zone c Application Application Application Application Application

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Serverless components Region Availability zone a Availability zone b Availability zone c Serverless Services

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why serverless components?? No provisioning, no management Pay for value Fault Tolerant and Automatic scaling Highly available and secure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Ruby PowerShell Bring your own runtime

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. A simple web application – single region Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo of a serverless blog – https://marek.rocks

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. My Demo of a serverless blog – https://marek.rocks

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying to a second region – DynamoDB AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build high performance, globally distributed applications Low latency reads & writes to locally available tables Disaster proof with multi-region redundancy Easy to set up and no application rewrites required Globally dispersed users Replica (N. America) Replica (Europe) Replica (Asia) Global App Global Table Amazon DynamoDB Global Tables Fully managed, multi-master, multi-region database

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Setting up DynamoDB replication

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 cross-region replication Bucket with objects Bucket with objects

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deploying to a second region – API GW and Lambda AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example minimal developer’s pipeline: MyBranch-Source Source CodeCommit Build test-build-source CodeBuild MyDev-Deploy create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda This pipeline: • Three Stages • Builds code artifact • One Development environment • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running test functions

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How to get started? AWS CodeStar • Quickly bootstraps your project • Includes the CI/CD pipeline • Integrates well with 3rd party tools • Setup to development in minutes

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Amazon CloudFront Amazon CloudFront Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Choose the right API endpoint type Regional AWS us-east-2 API Gateway Internet AWS us-west-2 API Gateway Amazon Route 53 Lambda function Amazon DynamoDB Lambda function Amazon DynamoDB Global Tables Lambda@Edge Amazon CloudFront

Amazon CloudFront AWS Lambda Lambda@Edge Lambda@Edge

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS location AWS location AWS location AWS location AWS location AWS location

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Origin AWS location AWS location AWS location AWS location AWS location AWS location Compute Storage Database

Lambda@Edge use cases and blueprints • Content customization • Based on user attributes, device properties • Visitor session validation • User-agent validation—add an Access-Control- Allow-Header • Validate access token to confirm authentication • URL customization • Re-write URLs, pretty URLs • A/B testing and cookie-based sticky sessions • “Flip a coin” to select a version of content displayed to each user • Security • Security header insertions (HSTS, X-Content- Type-Options, and more) • Bot handling

How is Lambda@Edge different from Lambda? • Nodejs 8.10, Nodejs 10.x and Python 3.7 are supported. • The maximum function runtime can be 5 seconds for viewer requests and 30 seconds for origin requests. • You cannot access resources in your VPC. • Updating a Lambda@Edge function takes a few minutes. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-lambda-at-edge

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront triggers CloudFront cache Users Viewer request Viewer response Origin response Origin Origin request

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Viewer request events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin response Origin request Viewer request

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Viewer request events Executed on every request before the CloudFront cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Route on user agent User agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin request event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Generate redirect User agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin request event Cloudfront-Viewer-Country? Accept-Language?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Short demo

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Doing the same using cookies https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda- examples-redirect-to-signin-page

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pretty URLs for user/API experience https://tiles.example.com/zoom/x/y.jpg S3 bucket tiles-v1.s3.amazonaws.com Legacy service old-tile-service.example.net Elastic Load Balancing tile-service-123456.us-east-1 .amazonaws.com

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Pretty URLs https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin request event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Transparent global expansion Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin request: Origin selection id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront cache Origin response events CloudFront cache User agents Viewer request HTTP origins Viewer response Origin response Origin request Viewer response Origin request Viewer request Origin response

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Origin response: Image processing User agent CloudFront distribution www.example.com Origin response event PUT S3 bucket images-origin.s3.amazonaws.com Viewer request event

Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski marekq