Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (12)
Similar a Serverless
Similar a Serverless (20)
Último
Último (20)
Serverless
- 2. Typical Serverless Architecture Copyright © 2016 classicprogrammerpaintings.com All Rights Reserved.
- 3. Agenda • Frontend • Add security with Cognito and Google Identity Provider • Store Data in Dynamo DB • Build Microservice with Lambda • Deploy source code into S3 Bucket
- 5. Add security with Cognito and Google Identity Provider 1. Obtain Google IDP Client Id: 2. Update index.html with Google Client Id 3. Update Identity Pool config.json with Google Client Id 4. Create a new Identity Pool 5. Update javascript config file(s) with Identity Pool Id
- 6. variable "login_provider" { default = "105303240909-am1nkfpr1fmo9d2bce5pbkv.apps.googleusercontent.com" } resource "template_file" "login_provider_config" { template = "${file("${path.module}/../conf/cognito/config.json.tpl")}" vars { login_provider = "${var.login_provider}" } provisioner "local-exec" { command ="echo "${self.rendered}" > ${path.module}/../conf/cognito/config.json" } }
- 7. Store Data in DynamoDB saveAnswer: function(problemId, answer) { return cognito.identity.then(function(identity) { var db = new AWS.DynamoDB.DocumentClient(); var item = { TableName: 'answers', Item: { userId: identity.id, problemId: problemId, answer: answer } }; return cognito.sendAwsRequest(db.put(item), function(){ return saveAnswer(problemId, answer); }) }) }
- 8. { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynaeleteItem", "dynamodb:modb:DGetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem" ], "Resource": ["arn:aws:dynamodb:us-east-1:1111111111:table/problems"], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${cognito-identity.amazonaws.com:sub}"]} } }] } IAM Permission Policy
- 9. Build Microservice with Lambda Frontend code checkAnswer: function(problemId, answer) { return cognito.identity.then(function(identity) { var lambda = new AWS.Lambda(); var params = { FunctionName: 'spa_checkAnswer', Payload: JSON.stringify({ problemId: problemId, answer: answer }) }; return cognito.sendAwsRequest(lambda.invoke(params), function(){ return checkAnswer(problemId, answer); }) }) }
- 10. Build Microservice with Lambda Backend code 'use strict'; let doc = require('dynamodb-doc'); let dynamo = new doc.DynamoDB(); exports.handler = (event, context, callback) => { let params = { TableName : "problems", KeyConditionExpression: "problemId = :problemId", ExpressionAttributeValues: { ":problemId":event.problemId } }; dynamo.query(params, function(err, data) { if (err) { callback(Error("Unable to query: " + JSON.stringify(event) + " .Error:" + JSON.stringify(err))); } else { if (data.Items.length > 0) { let test = data.Items[0].Code.replace('__', event.answer) + '; problem();'; context.succeed(eval(test)); } else { callback(Error("Problem not found")); } } }); };
- 11. API Gateway Copyright © 2016 Amazon Web Services All Rights Reserved.
- 12. Swagger definition { "swagger": ... "paths": { "/get-tenants": { "get": { "responses": { "200": { "description": "List of tenants", "schema": {"$ref": "#/definitions/Tenants" } }} "x-amazon-apigateway-integration": { "type": "aws", "uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03- 31/functions/arn:aws:lambda:us-east- 1:111111111111:function:${func}/invocations", "httpMethod": "POST", "credentials":"arn:aws:iam::111111111111:role/${invoke-lambda}", ...
- 13. First Deployment 1. Deploy infrastructure $ terraform apply 2. Deploy the content to s3 bucket $ npm install $ aws s3 sync app/ s3://s3-spa.demos3.com/ --acl public-read --profile spa 3. Import DynamoDB data $ aws dynamodb batch-write-item --request-items file://conf/dynamodb/sampledata/Problems.json --profile spa 4. Enjoy http://s3-spa.demos3.com.s3-website-us-east-1.amazonaws.com
- 14. Alternatives • Cloud Formation (CF stack) • Boto3 • Troposphere
- 15. References • Serverless Single Page Apps – Ben Rady • AWS Lambda in Action - Danilo Poccia • https://aws.amazon.com/documentation/ • https://www.terraform.io/ • https://github.com/yegor86/spa-aws
- 16. Questions
Notas del editor
- AWS Lambda is arguably the most exciting service released in AWS since EC2. Lambda is a service that lets you run code on someone else’s machine, in this case EC2. All you need to do is pick the runtime your code can run in, and provide the code. Currently, the supported runtimes are: - Node.js: v0.10.36, v4.3.2 - Java: Java 8 - Python: Python 2.7 Developing applications using Lambda differs from the way we are typically used to, in terms of codebase management, tooling, frameworks, testing and deployment. On one hand, Lambda offers us the entire AWS ecosystem with simple configurations, and on the other, it requires us to rethink how we approach building even small applications. There aren’t yet enough success stories and best practices out there to give one the confidence to build large applications using Lambda, but there’s enough information to start farming out computation heavy processes to Lambda. Lambda especially shines because of its ability to scale along with its workload. API Gateway is another exciting service on AWS that aims to ease the task of creating APIs. You define your resources and their models, request transformations, locations where requests should be proxied to, response transformations; and you get a functioning API without deploying a single machine. An API Gateway endpoint can use a Lambda function as its backend, which is the sweet spot touted by serverless architecture advocates. I recently created a small project using Lambda and API Gateway. You can find the project source following the link: https://github.com/yegor86/spa-aws One major pain point of using Lambda and API Gateway is the difficulty of setting things up, so the project uses Terraform to ease that difficulty. Terraform is a tool that lets you define configurations, which it can run to provision resources on datacenters by providers such as AWS, Azure and Google Cloud. In this project, Terraform is used to provision the Lambda function and API Gateway resources. With Terraform installed, the project can be deployed by simply invoking: - terraform apply terraform destroy Like every system in its early life, API Gateway and Lambda have minor bugs and areas of improvement. Overall, the combination of these technologies is lethal, and I’m interested in seeing how functionality in existing applications can be chipped away to harness the strengths of these so-called serverless architectures.
- There is no standardized way to design server less applications. No 2-3-4-.. layers architecture either. All we know you have to govern a bunch of different components. You need to get something more than just building/configuration management tool to get the components together It is yet to understand how to design and develop such systems. And, what is most important, yet to prove whether these systems are production ready
- I will walk you through the steps of building and deploying a serverless web application
- Use you favorite Java script framework to build a frontend. I would recommend you to keep an eye on ThoughtWorks. ThoughtWorks publishes ‘hot’ technologies on regular basis I am using AngularJs now.
- Amazon Cognito lets you easily add user sign-in to your mobile and web apps. With Amazon Cognito, you can also authenticate users through social identity providers such as Facebook, Twitter, or Amazon, or by using your own identity solution. In our application we will do all the steps above using Terraform. Alternatively, you can do all this steps manually or using shell scripting intensively
- Terraform comes in play when you want to have Infrastructure as a code Automated integration of Amazon/Azure/Google Cloud services Put all necessary IDs, ARNs and other services/resource identifier into the right place in your source code Terraform enables us with ability to specify client id once within terraform. Then it renders config templates with the corresponding resource identifiers. With Terraform you can - Resolve all dependencies, - Quickly Undo/Redo changes - Avoid boilerplate code (using modules)
- This call is possible thanks to Fine-Grained Access Control for DynamoDB To implement this kind of fine-grained access control, you write an IAM permissions policy that specifies conditions for accessing database.
- The permissions policy grants permissions that allow a set of DynamoDB actions on the problems table. It uses the dynamodb:LeadingKeys condition key to restrict access for unauthorized users. The Condition entry in this policy uses a substitution variable to grab the Cognito ID from the request. This ensures that only authenticated Cognito users can access the table, and that they only have access to the documents that they created. All you need is to attach this policy to Cognito IAM Role and you will be able to access DB from client’s code completely secure
- Sometimes you want to hide the logic from prying eyes for security reason or don’t want to share the code Lambda supports ES6 out of the box now. Don’t need to transpile the code anymore
- As we’ve seen, invoking Lambda functions via the AWS SDK with Cognito credentials can be a great way to integrate custom services into your applications, but what if you want to provide public access to a Lambda function? You can make these functions accessible via an unauthenticated HTTP request using the Amazon API gateway. The Amazon API Gateway maps APIs to Lambda functions through endpoints that you define with each function.
- Aws added several Swagger extensions which help us to define API via Swagger. Swagger is a simple yet powerful representation of your RESTful API JSON and YAML are supported formats
- Boto3 worth looking at if you want to get find-grained control over your infrastructure. You will have to deal with plenty of python code then Troposphere is also written in python. Simplify usage of Cloud Formation