Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Operating your Production API

1.064 visualizaciones

Publicado el

Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.

  • Inicia sesión para ver los comentarios

Operating your Production API

  1. 1. ©2017, Amazon Web Services, Inc. or its affiliates. All rights reserved Operating your Production API Chris Munns – Senior Developer Advocate - Serverless
  2. 2. About me: Chris Munns -, @chrismunns – Senior Developer Advocate - Serverless – NewYorker – Previously: • Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups – Rochester Institute of Technology: Applied Networking and Systems Administration ’05 – Internet infrastructure geek
  3. 3. Agenda • Brief review of API Gateway/Lambda • MonitoringYour API • Amazon CloudWatch Metrics/Alarms • Amazon CloudWatch Logs • ProtectingYour API • Throttling • Authorization • Usage Plans • ManagingYour API
  4. 4. Amazon API Gateway Create a unified API frontend for multiple micro- services Authenticate and authorize requests to a backend DDoS protection and throttling for your backend Throttle, meter, and monetize API usage by 3rd party developers
  5. 5. API Gateway integrations Internet Mobile Apps Websites Services AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 All publicly accessible endpoints Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service
  6. 6. Cost-effective and efficient No Infrastructure to manage Pay only for what you use Bring Your Own Code Productivity focused compute platform to build powerful, dynamic, modular applications in the cloud Run code in standard languages Focus on business logic AWS Lambda 1 2 3
  7. 7. Meet Doug Doug loves coffee. Doug also writes apps. Doug built TAMPR – A service for sharing reviews of coffee and coffee shops. Doug built the TAMPR backend serverless, with API Gateway and AWS Lambda.
  8. 8. First Reviews of TAMPR “I want to love this app,but every time I try to check-in with my morning coffee, I get errors.” “The app works great if I’m getting an afternoon coffee, but during the mornings it’s almost unusable.” “Too many errors,it never seems to work.”
  9. 9. MonitoringYour API: Amazon CloudWatch Metrics
  10. 10. Amazon CloudWatch Metrics API Gateway Default metrics set: • Count – Total number of invokes received by API Gateway • 4XXError – Number of invokes that generated a 4XX error – (includes throttling) • 5XXError – Number of invokes that generated a 5XX error • Latency – Total time API Gateway took to fully process request • IntegrationLatency – Time API Gateway took to call integration • CacheHitCount – Number of successful cache fetches • CacheMissCount – Number of unsuccessful cache fetches
  11. 11. Amazon CloudWatch Metrics • Detailed metrics – Same set of metrics at method level – Can be enabled globally or only for specific methods GET PUT DELETE
  12. 12. Amazon CloudWatch Metrics Default Metrics • Included for free • Broken down by API stage Detailed Metrics • Standard CloudWatch pricing • Broken down by method
  13. 13. Amazon CloudWatch Alarms • Any metric can be tied to an alarm • Alarm notifications can be sent to Amazon SNS topic • SNS topic can then send to any number of destinations – E-mail address – SQS queue – Lambda Function
  14. 14. CloudWatch Alarms - NEW • Error and Cache metrics now support averages and percentiles • Alarm on the rate of failures in your API, not just raw count!
  15. 15. Example:
  16. 16. Custom CloudWatch Dashboards
  17. 17. Check in with Doug Doug now has alarms to be alerted when his customers get errors calling his serverless API, but how does he know why his customers get errors?
  18. 18. MonitoringYour API: Amazon CloudWatch Logs
  19. 19. Amazon CloudWatch Logs • API Gateway Logging – 2 Levels of logging, ERROR and INFO – Optionally log method request/body content – Set globally in stage, or override per method • Lambda Logging – Logging directly from your code – Basic request information included • Log Pivots – Build metrics based on log filters – Jump to logs that generated metrics
  20. 20. Amazon CloudWatch Logs • So many log streams…
  21. 21. CloudWatch Logs • apilogs - • Search and Stream your API Gateway logs (and Lambda) • Basic syntax highlighting • View API Gateway and Lambda logs together
  22. 22. APILogs Examples: • Install: – pip install apilogs • tail –f for API Gateway/Lambda – apilogs get --api-id xyz123 --stage prod –watch • grep for API Gateway / Lambda – apilogs get --api-id xyz123 --stage test2 --profile myprofile --aws- region us-east-1 --start='2h ago' --end='1h ago' | grep "ERROR"
  23. 23. • Identify performance bottlenecks and errors • Pinpoint issues to specific service(s) in your application • Identify impact of issues on users of the application • Visualize the service call graph of your application AWS X-Ray COMING SOON!
  24. 24. Check in with Doug • Thanks to logging, Doug now knows that his API is generating errors during peak loads because there’s spurious traffic hitting a particular API method at a much higher than expected rate due to a bug in the mobile app. • He now needs a way to to limit the traffic from those devices to let other traffic through.
  25. 25. ProtectingYour API: Throttling
  26. 26. API Gateway Throttling 3 levels of throttling for APIs • API Key level throttling – Configurable in usage plan • Method level throttling – Configurable in stage settings • Account level throttling – Limits can be increased
  27. 27. API Gateway Throttling Token bucket algorithm • Burst – the maximum size of the bucket • Rate – the number of tokens added to the bucket
  28. 28. API Gateway Throttling - NEW • Limits apply in order of most specific to least specific – API Key, Method, Account • Requests throttled for any reason will no longer be billed
  29. 29. Check in with Doug • Thanks to throttling, Doug has limited the impact from the buggy version of the application to only affecting the one method. • He can ship updates to affected customers to re-route traffic as needed.
  30. 30. TAMPR Promotions TAMPR has become popular and coffee shops and roasters are contacting Doug to discuss possibilities of promotions through the app. Doug needs a way to allow these shops to create accounts and create and edit promotions on demand.
  31. 31. ProtectingYour API: Authentication/Authorization
  32. 32. Authentication Type Comparison Feature AWS_IAM CUSTOM COGNITO Authentication X X X Authorization X X Signature V4 X Cognito User Pools X X Third Party Authentication X Additional Costs NONE Pay per authorizer invoke NONE
  33. 33. API Gateway Authorization - NEW CUSTOM Authorizers support additional returned context • Key/value dictionary Requests that fail auth will no longer be billed
  34. 34. Check in with Doug • TAMPR promotions have been a hit and the app is more popular than ever. Doug is now speaking with other services, such as a new site focused on brunch spots, on how they can work together. • Doug wants a way he can expose portions of his API to these third parties, but track their usage for potential billing opportunities.
  35. 35. ProtectingYour API: Usage Plans
  36. 36. API Gateway Usage Plans • API Key Throttling – Rate/Burst per API Key • API Key Usage – Daily usage records • API Key Quota – Periodic limits per API Key
  37. 37. Check in with Doug • TAMPR is continuing to grow and Doug is now bringing in people to help work on updates. • He is looking for ways to formalize the update process.
  38. 38. ManagingYour API
  39. 39. API Gateway Stages • Stages are named links to a deployed version of your API • Recommended for managing API lifecycle – dev/test/prod – alpha/beta/gamma • Support for parameterized values via stage variables
  40. 40. API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway: • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings
  41. 41. Lambda Environment Variables • Key-value pairs that you can dynamically pass to your function • Available via standard environment variable APIs such as process.env for Node.js or os.environ for Python • Can optionally be encrypted via KMS – Allows you to specify in IAM what roles have access to the keys to decrypt the information • Useful for creating environments per stage (i.e. dev, testing, production)
  42. 42. Stage variables and Lambda alias for stages Using Stage Variables in API Gateway together with Lambda function Aliases helps you manage a single API configuration and Lambda function for multiple stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev
  43. 43. Manage MultipleVersions and Stages of your APIs Works like a source repository – clone your API to create a new version: API 1 (v1) Stage (dev) Stage (prod) API 2 (v2) Stage (dev)
  44. 44. Custom Domains • Run your APIs within your own DNS zone • Recommended for supporting multiple versions • -> restapi1 • -> restapi2
  45. 45. Swagger • Portable API definition (JSON/YAML) • Import/Export your API • Swagger extensions for API Gateway • Recommended for tracking changes to your API
  46. 46. Deployment mechanisms SAM - • Serverless Application Model • Extends CloudFormation • Can integrate with CodePipeline for CI/CD solution Chalice - • Python microframework, includes deployment scripts Serverless - • NodeJS, Python, Java and Scala • Describe API and other resources
  47. 47. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0)
  48. 48. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://flourish-demo-bucket/ Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable
  49. 49. Be like Doug • Monitor your APIs with metrics and alarms to find problems. • Use logging to diagnose problems with your APIs. • Make use of throttling and authentication to limit blast radius and protect critical API components. • Make your API available to 3rd parties via usage plans • Manage your API with stages/versions and deployment tools.
  50. 50. Chris Munns @chrismunns
  51. 51.