Más contenido relacionado La actualidad más candente (20) Similar a Serverless Architecture - Design Patterns and Best Practices (20) Más de Amazon Web Services (20) Serverless Architecture - Design Patterns and Best Practices1. Nickk Sun – Solutions Architect
July 2018
Serverless Architecture
Design Patterns and Best Practices
nickksun
2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Agenda
• Serverless Foundations
• Web application
• Stream processing
• Data Lake
• Operations automation
3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Spectrum of AWS offerings
AWS
Lambda
Amazon
Kinesis
Amazon
S3
Amazon API
Gateway
Amazon
SQS
Amazon
DynamoDB
AWS IoT
Amazon
EMR
Amazon
ElastiCache
Amazon
RDS
Amazon
Redshift
Amazon ES
Managed Serverless
Amazon EC2
Microsoft SQL
Server
“On EC2”
Amazon
Cognito
Amazon
CloudWatch
AWS
AppSync
AWS Glue
Amazon
Athena
4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Serverless means…
• No servers to provision or manage
• Never pay for idle
• Built-in High-Availability and Disaster Recovery
• Scales with usage
5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda considerations and best practices
Can your Lambda functions survive
the cold?
• Instantiate AWS clients and database
clients outside the scope of the handler
to take advantage of container re-use.
• Schedule with CloudWatch Events for
warmth
• Logic for “pre-warm” events
• ENIs for VPC support are attached
during cold start
import sys
import logging
import rds_config
import pymysql
rds_host = "rds-instance"
db_name = rds_config.db_name
try:
conn = pymysql.connect(
except:
logger.error("ERROR:
def handler(event, context):
with conn.cursor() as cur:
Executes with
each invocation
Executes during
cold start
6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda Best Practices
• Minimize package size to necessities
• Separate the Lambda handler from core logic
• Use Environment Variables to modify operational
behavior
• Self-contain dependencies in your function package
• Leverage “Max Memory Used” to right-size your
functions
• Delete large unused functions (75GB limit)
7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS X-Ray Integration with Serverless
• Lambda instruments incoming requests
for all supported languages
• Lambda runs the X-Ray daemon on all
languages with an SDK
var AWSXRay = require(‘aws-xray-sdk-core‘);
AWSXRay.middleware.setSamplingRules(‘sampling-rules.json’);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();
8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
X-Ray Trace Example
Cold start
9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Serverless Application Model (SAM)
• CloudFormation extension optimized for
serverless
• New serverless resource types:
functions, APIs, and tables
• Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model
10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SAM CLI
• Develop and test Lambda locally
• Invoke functions with mock serverless
events
• Local template validation
• Local API Gateway with hot- reloading
https://github.com/awslabs/aws-sam-cli
11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CodeDeploy and Lambda Canary Deployments
• Direct a portion of traffic
to a new version
• Monitor stability with
CloudWatch
• Initiate rollback if needed
• Incorporate into your SAM
templates
DeploymentPreference:
Type: Canary10Percent30Minutes AWS
CodeDeploy
12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pattern 1: Web App / Microservice / API
13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Web application
Data stored in
Amazon
DynamoDB
Dynamic content
in AWS Lambda
Amazon API
Gateway
Browser
Amazon
CloudFront
Amazon
S3
Amazon Cognito
14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon API
Gateway AWS
Lambda
Amazon
DynamoDB
Amazon
S3
Amazon
CloudFront
• Bucket Policies
• ACLs
• OAI
• Geo-Restriction
• Signed Cookies
• Signed URLs
• DDOS Protection
IAM
IAM
IAM
Serverless web app security
• Throttling
• Caching
• Usage Plans
• ACM
Static Content
Browser
Amazon Cognito
15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Custom
Authorizer
Lambda function
Client
Lambda
function
Amazon API
Gateway
Amazon
DynamoDB
AWS Identity &
Access Management
Custom Authorizers
SAML
Two types:
• TOKEN - authorization token
passed in a header
• REQUEST – all headers, query
strings, paths, stage variables or
context variables.
16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Authorization with Amazon Cognito
Cognito User Pool
(CUP)
Amazon API Gateway
Web Identity
Provider
User A
User B
User C
Cognito Identity Pool
(CIP)
/web
/cip
/cup
AWS
Lambda
Amazon
DynamoDB
Token
AWS Credentials
UserAData
User B Data
UserC
Data
IAM
Authorization
IAM
Authorization
Cognito UserPool
Authorizer
API Resources
C C
A A
A
B
BB
17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-Region with API Gateway
us-west-2
us-east-1
Client
Amazon
Route 53
Regional
API
Endpoint
Regional
API
Endpoint
Custom
Domain
Name
Custom
Domain
Name
API Gateway
API Gateway
Lambda
Lambda
api.mycorp.com
CNAME
CNAM
E
DynamoDB
Global Tables
18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data stored in
Amazon
DynamoDB
Dynamic content
in AWS Lambda
Amazon API
Gateway
Browser
Amazon
CloudFront
Amazon
S3
Amazon Cognito
AWS AppSync
19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
GraphQL
20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Real-Time App After AppSync
/graphql
AWS AppSync
Subscription
Amazon
DynamoDB
Amazon
Elasticsearch
AWS Lambda
Third-party service
21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Useful Frameworks for Serverless Web Apps
• AWS Chalice
Python Serverless Framework
https://github.com/aws/chalice
Familiar decorator-based api similar to Flask/Bottle
Similar to 3rd Party frameworks, Zappa or Claudia.js
• AWS Serverless Express
Run Node.js Express apps
https://github.com/awslabs/aws-serverless-express
• Java - HttpServlet, Spring, Spark and Jersey
https://github.com/awslabs/aws-serverless-java-container
22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pattern 2: Stream Processing
23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Stream processing characteristics
• High ingest rate
• Near real-time processing (low latency from ingest to
process)
• Spiky traffic (lots of devices with intermittent network
connections)
• Message durability
• Message ordering
24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Streaming data ingestion
Kinesis
Agent
Record
Producers
Amazon CloudWatch:
Delivery metrics
Amazon S3:
Buffered files
Amazon Redshift:
Table loads
Amazon ElasticSearch Service:
Domain loads
Transformed recordsRaw records
Amazon Kinesis Firehose:
Delivery stream
AWS Lambda:
Transformations &
enrichment
Amazon DynamoDB:
Lookup tables
Raw records
Lookup
Transformed records
Amazon S3:
Source record backup
Raw records
25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices
• Tune Firehose buffer size and buffer interval
• Larger objects = fewer Lambda invocations, fewer S3 PUTs
• Enable compression to reduce storage costs
• Enable Source Record Backup for transformations
• Recover from transformation errors
• Amazon Redshift Best Practices for Loading Data
https://docs.aws.amazon.com/redshift/latest/dg/c_loading-data-best-practices.html
26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Sensor data collection
IoT
rules
IoT
actions
MQTT
Amazon S3:
Raw records
Amazon Kinesis Firehose:
Delivery stream
Amazon S3:
Batched records
Amazon Kinesis Streams:
Real-time stream
AWS IoT:
Data collection
IoT Sensors
Real-time processing
applications
27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Kinesis Streams and AWS Lambda
Amazon Kinesis:
Stream
AWS Lambda:
Processor function
Streaming source Other AWS services
• Number of Amazon Kinesis Streams shards corresponds to concurrent
invocations of Lambda function
• Batch size sets maximum number of records per Lambda function
invocation
• Scaling – UpdateShardCount - limits:
• can only scale up to double shard count
• cannot perform more than twice per 24 hours per stream
• cannot down below half of current shard count for a stream
28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Fan-out pattern
Trades strict message ordering vs higher throughput & lower latency
Amazon Kinesis:
Stream
Lambda:
Dispatcher function
Lambda:
Processor function
Increase throughput, reduce processing latency
Streaming source
29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices
• Tune batch size when Lambda is triggered by Amazon Kinesis
Streams
• Higher batch size = fewer Lambda invocations
• Tune memory setting for your Lambda function
• Higher memory = shorter execution time
• Use Kinesis Producer Library (KPL) to batch messages and saturate
Amazon Kinesis Stream capacity
https://github.com/awslabs/amazon-kinesis-producer
30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pattern 3: Data Lake
31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Serverless Data Lake Characteristics
• Collect/Store/Process/Consume and Analyze all
organizational data
• Structured/Semi-Structured/Unstructured data
• AI/ML and BI/Analytical use cases
• Fast automated ingestion
• Decoupled Compute and Storage
32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Serverless Data Lake
S3
Bucket(s)
Key
Management
Service
Amazon
Athena
AWS
CloudTrail
Amazon
Cognito
AWS IAM
Amazon
Kinesis
Streams
Amazon
Kinesis
Firehose
Amazon
QuickSight
Amazon
Macie
Amazon API
Gateway
AWS IAM
Amazon
Redshift
Spectrum
AWS
Direct
Connect
Ingest
Amazon ESAWS Glue
Amazon
DynamoDB
Catalog & Search
Security & Auditing
API/UI
Analytics & Processing
AWS Glue
AWS
Lambda
33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
The Foundation…S3
• No need to run compute
clusters for storage
• Virtually unlimited number
of objects and volume
• Very high bandwidth – no
aggregate throughput limit
• Multiple storage classes
• Versioning
• Encryption
• CloudTrail Data Events
• S3 Analytics and Inventory
• S3 Object Tagging
• AWS Config automated
checks
34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Record configuration changes continuously
• Time-series view of resource changes
• Archive & Compare
• Enforce best practices
• Automatically roll-back unwanted changes
• Trigger additional workflow
AWS
Config
Amazon
Config Rules
AWS Config & Config Rules
35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS
Config
Amazon
Config Rules
Amazon
S3 Bucket
AWS SNS
Lambda
remediation
function
PUBLIC
PRIVATE
36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Update Index
Update Stream
Search and Data Catalog
• DynamoDB as Metadata
repository
• Amazon Elasticsearch
Catalog & Search
AWS Lambda
AWS Lambda
Metadata Index
(DynamoDB)
Search Index
(Amazon ES)
ObjectCreated
ObjectDeleted PutItem
Extract Search Fields
S3 Bucket
https://aws.amazon.com/answers/big-data/data-lake-solution/
37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Instantly query your data lake on Amazon S3
AWS Glue
Crawlers
AWS Glue
Data Catalog
Amazon
QuickSight
Amazon
Redshift
Spectrum
Amazon
Athena
S3
Bucket(s)
Catalog & Search
ETL
Target databases
AWS Glue
38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Athena – Serverless Interactive Query
Service
44.66 seconds...Data scanned: 169.53GB
Cost: $5/TB or $0.005/GB = $0.85
SELECT gram, year, sum(count) FROM ngram
WHERE gram = 'just say no'
GROUP BY gram,year ORDER BY year ASC;
Analytics & Processing
39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Athena – Best Practices
• Partition data
s3://bucket/flight/parquet/year=1991/month=1/day=2/
OR
ALTER TABLE <tablename> ADD PARTITION ……
• Aggregated Queries -> Columnar formats
Apache Parquet, AVRO, ORC
• Optimize file sizes
• Compress files with splittable compression (bzip2)
https://aws.amazon.com/blogs/big-data/top-10-performance-tuning-tips-for-
amazon-athena/
Analytics & Processing
40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Serverless batch processing
AWS Lambda:
Splitter
Amazon S3
Object
Amazon DynamoDB:
Mapper Results
AWS Lambda:
Mappers
….
….
AWS Lambda:
Reducer
Amazon S3
Results
Analytics & Processing
41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pattern 4: Operations Automation
42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automation characteristics
• Periodic jobs
• Event triggered workflows
• Enforce security policies
• Audit and notification
• Respond to alarms
• Extend AWS functionality
… All while being Highly Available, Scalable and Auditable
43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Ops Automator
Amazon CloudWatch:
Time-based events
AWS Lambda:
Event handler
AWS Lambda:
Task executors
AWS SNS:
Error and warning notifications
Resources in multiple AWS
Regions and Accounts
Amazon EBS Volumes
Tags
OpsAutomatorTaskList CreateSnapshot
Amazon DynamoDB:
Task configuration & tracking
Amazon CloudWatch:
Logs
Amazon Redshift Clusters
https://aws.amazon.com/answers/infrastructure-management/ops-automator/
Amazon DynamoDB
44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Image recognition and processing
Web App
Amazon DynamoDB:
Image meta-data & tags
Amazon Cognito:
User authentication
Amazon S3:
Image uploads
AWS Step Functions:
Workflow orchestration
Start state machine execution
1
Extract image meta-data
2
Amazon Rekognition:
Object detection
Invoke Rekognition
Generate image thumbnail
3
3Store meta-data and tags
4
https://github.com/awslabs/lambda-refarch-imagerecognition
45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Step Functions state machine
46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scanner & Probe Protection
OWASP Top 10 Protection
Bad Bot & Scraper
Protection
IP Whitelist / Blacklist
Known Attacker Protection
HTTP Flood Protection
AWS
WAF
Amazon API
Gateway
AWS Step
Functions
Amazon S3
Bucket
Access
Logs
Application Requests
(Static + Dynamic)
Honey Pot
Endpoint
AWS Lambda
Access Handler
AWS ShieldAmazon
CloudFront
Amazon API
Gateway
Static
Hosting in S3
X
47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Detected Attack
Blacklist
Router
New Attack Type
Manual Approval
Update WAF
Scraper ACL
Update WAF
BadBot ACL
Update EC2
Guest Firewall
Known Attack
Start
End
48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Detected Attack
New Attack Type
Manual Approval
Known Attack
Start
End
Update WAF
Scraper ACL
Update WAF
BadBot ACL
Update EC2
Guest Firewall
Blacklist
Router
49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Detected Attack
New Attack Type
Manual Approval
Known Attack
Start
End
Update WAF
Scraper ACL
Update WAF
BadBot ACL
Update EC2
Guest Firewall
Blacklist
Router
50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scanner & Probe Protection
OWASP Top 10 Protection
Bad Bot & Scraper
Protection
IP Whitelist / Blacklist
Known Attacker Protection
HTTP Flood Protection
AWS
WAF
Amazon API
Gateway
AWS Step
Functions
AWS Lambda
Log Parser
AWS Guard
Duty
Amazon S3
Bucket
Access
Logs
Application Requests
(Static + Dynamic)
Honey Pot
Endpoint
AWS Lambda
Guard Duty and 3rd Party IP Lists
AWS Lambda
Access Handler
Amazon CloudWatch
AWS ShieldAmazon
CloudFront
Amazon API
Gateway
Static
Hosting in S3
51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/events/aws-innovate/
Thursday, 19 July 2018
52. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary
Apply serverless patterns for common use-cases:
• Web application
• Stream processing
• Data Lake Foundation
• Operations automation
What will you build with Serverless?
54. Dev Day Australia 2018
Tuesday, 7 August 2018
City: Melbourne
Venue: Melbourne Convention & Exhibition Centre
Registration: https://aws.amazon.com/devday/australia/
Live: twitch.tv/aws
https://live.awsevents.com