This talk will be a 2-300 level discussion on Serverless Architectures on AWS. We’ll first explore the Serverless ecosystem on AWS, looking at some particular use cases for Serverless. Looking through the lens of AWS customers, we’ll look at the typical Serverless journey, as well some of the key emerging patterns and benefits of Serverless Architectures. We’ll also touch some of the key challenges in a distributed environment and some potential solutions and tools that customers might want to consider.
11. Use case: Serverless app ecosystems
Alexa, tell Slack to
send, “I’m giving the
demo now.”
Message retrieval through scheduled
polling
Kevin says,
“Break a leg!”
Message upload
(via Slack API)
Team
(channel users)
Slack
12. Customer Story
Hybrid – Front Legacy Webapp
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
API
Gateway
17. Amazon API Gateway: Serverless APIs
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
18. Benefits of Amazon API Gateway
Create a unified API
front end for
multiple
microservices
DDoS protection
and throttling for
back-end systems
Authenticate and
authorize requests
19. Throttle
Usage plans: Throttle specific consumers
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
20. Set daily
quota
Usage plans: Enforce per-consumer quotas
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
21. Track usage
Usage plans: Track API usage
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
response
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudWatch
Amazon
CloudFront
API
Gateway
25. Auth: SigV4 / IAM
Internet
Mobile
apps
Partner
Services
AWS Lambda
functions
Endpoints on
Amazon EC2
Amazon
CloudFront
API
Gateway
Amazon
Cognito
IAM
IAM user / role
acquisition
SigV4 credentials
26. Auth: Custom Lambda authorizer
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
Policy
cache
Endpoints on
Amazon EC2
Any publicly
accessible
endpoint
Amazon
CloudFront
API
Gateway
Lambda custom
Auth function
OAuth
provider
403
30. Sign up and Sign in
1) Identity Token
2) Access Token
3) Refresh Token
31. Accessing AWS Services
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
3. Get Identity Id
4. Identity Id
5. Get Credentials (ID JWT)
AWS Security Token Service
(STS)
8. AWS Temporary Creds
32. User Classification - RBAC
Þ Unauthenticated Users
Þ Default Role
Þ Authenticated Role
Þ Default Role
Þ Choose role from rule
Þ Choose role from token