Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cassandra Bonner, Solutions Architect
February 2...
Agenda
ØThe AWS Serverless Ecosystem
ØServerless Use Cases
ØServerless APIs
ØSample Application
ØFAQ
The AWS Serverless Ecosystem
Progression to Serverless
Monolithic
Application
Services Microservices Serverless
The Serverless Ecosystem
AWS
Lambda
Amazon
Kinesis
Amazon
S3
Amazon API
Gateway
Amazon
SQS
AWS IoT
Amazon
Cognito
Amazon
C...
Serverless
Simple but usable primitives Scales with usage
Pay only usage Built in availability & fault tolerance
Serverless Use Cases
Use case: Event-Driven Serverless data processing
Example: Amazon S3 bucket triggers
Amazon S3 bucket events
Original obje...
Use case: Serverless web apps
Dynamic content
AWS Lambda
Data in Amazon
DynamoDB
API
Gateway
Static content
in Amazon S3
B...
Use case: Serverless mobile and IoT apps
AWS Lambda
Amazon
DynamoDB
Use case: Serverless app ecosystems
Alexa, tell Slack to
send, “I’m giving the
demo now.”
Message retrieval through schedu...
Customer Story
Hybrid – Front Legacy Webapp
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gatewa...
Internet
AWS Lambda
functions
CRM
Amazon
CloudWatch
Amazon
CloudFront
Amazon
API Gateway
Customer Story
Hybrid Event-Drive...
AWS
Step Functions
Serverless APIs
Amazon API Mandate (2002)
Amazon API Gateway: Serverless APIs
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
respon...
Benefits of Amazon API Gateway
Create a unified API
front end for
multiple
microservices
DDoS protection
and throttling fo...
Throttle
Usage plans: Throttle specific consumers
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
...
Set daily
quota
Usage plans: Enforce per-consumer quotas
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functio...
Track usage
Usage plans: Track API usage
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
API
Gateway
r...
API Gateway Authorisation: 3 Types
Auth: Amazon Cognito User Pools
Internet
Mobile
apps
Partner
Services
AWS Lambda
functions
Endpoints on
Amazon EC2
Amazon
...
Cognito User Pools
Auth: SigV4 / IAM
Internet
Mobile
apps
Partner
Services
AWS Lambda
functions
Endpoints on
Amazon EC2
Amazon
CloudFront
API...
Auth: Custom Lambda authorizer
Internet
Mobile
apps
Websites
Partner
Services
AWS Lambda
functions
Policy
cache
Endpoints ...
Sample Application
Sample Application
https://tinyurl.com/h67u35j
SpaceFinder High-Level View
Sign up and Sign in
1) Identity Token
2) Access Token
3) Refresh Token
Accessing AWS Services
Amazon Cognito
User Pools
Amazon Cognito
Federated Identities
3. Get Identity Id
4. Identity Id
5. ...
User Classification - RBAC
Þ Unauthenticated Users
Þ Default Role
Þ Authenticated Role
Þ Default Role
Þ Choose role from r...
RBAC Granular Roles
Granular Role Classification
Granular API Security – get/del resources
IAM Policy Variables
DEMO
There has never been
a better time to build
GO BUILD!!
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You!
FAQs
https://github.com/awslabs/aws-serverless-auth-reference-app
Upcoming SlideShare
Loading in …5
×

A Brief Look at Serverless Architecture

1,526 views

Published on

This talk will be a 2-300 level discussion on Serverless Architectures on AWS. We’ll first explore the Serverless ecosystem on AWS, looking at some particular use cases for Serverless. Looking through the lens of AWS customers, we’ll look at the typical Serverless journey, as well some of the key emerging patterns and benefits of Serverless Architectures. We’ll also touch some of the key challenges in a distributed environment and some potential solutions and tools that customers might want to consider.

Published in: Technology
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

A Brief Look at Serverless Architecture

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cassandra Bonner, Solutions Architect February 2017 APIdays A Brief Look at Serverless Architecture
  2. 2. Agenda ØThe AWS Serverless Ecosystem ØServerless Use Cases ØServerless APIs ØSample Application ØFAQ
  3. 3. The AWS Serverless Ecosystem
  4. 4. Progression to Serverless Monolithic Application Services Microservices Serverless
  5. 5. The Serverless Ecosystem AWS Lambda Amazon Kinesis Amazon S3 Amazon API Gateway Amazon SQS AWS IoT Amazon Cognito Amazon CloudWatch Amazon Glacier Amazon AppStream Amazon Athena Amazon Lex Amazon Polly Amazon Rekognition Mobile Analytics AWS Step Functions Amazon SNSAmazon Pinpoint
  6. 6. Serverless Simple but usable primitives Scales with usage Pay only usage Built in availability & fault tolerance
  7. 7. Serverless Use Cases
  8. 8. Use case: Event-Driven Serverless data processing Example: Amazon S3 bucket triggers Amazon S3 bucket events Original object Compressed object 1 2 3 AWS Lambda
  9. 9. Use case: Serverless web apps Dynamic content AWS Lambda Data in Amazon DynamoDB API Gateway Static content in Amazon S3 Browser
  10. 10. Use case: Serverless mobile and IoT apps AWS Lambda Amazon DynamoDB
  11. 11. Use case: Serverless app ecosystems Alexa, tell Slack to send, “I’m giving the demo now.” Message retrieval through scheduled polling Kevin says, “Break a leg!” Message upload (via Slack API) Team (channel users) Slack
  12. 12. Customer Story Hybrid – Front Legacy Webapp Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch API Gateway
  13. 13. Internet AWS Lambda functions CRM Amazon CloudWatch Amazon CloudFront Amazon API Gateway Customer Story Hybrid Event-Driven Workflow Completion Third Party Amazon DynamoDb N Systems AWS Step Functions
  14. 14. AWS Step Functions
  15. 15. Serverless APIs
  16. 16. Amazon API Mandate (2002)
  17. 17. Amazon API Gateway: Serverless APIs Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
  18. 18. Benefits of Amazon API Gateway Create a unified API front end for multiple microservices DDoS protection and throttling for back-end systems Authenticate and authorize requests
  19. 19. Throttle Usage plans: Throttle specific consumers Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
  20. 20. Set daily quota Usage plans: Enforce per-consumer quotas Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
  21. 21. Track usage Usage plans: Track API usage Internet Mobile apps Websites Partner Services AWS Lambda functions API Gateway response cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudWatch Amazon CloudFront API Gateway
  22. 22. API Gateway Authorisation: 3 Types
  23. 23. Auth: Amazon Cognito User Pools Internet Mobile apps Partner Services AWS Lambda functions Endpoints on Amazon EC2 Amazon CloudFront API Gateway Amazon Cognito Websites User login Built-in auth check OIDC token OIDC token Any publicly accessible endpoint
  24. 24. Cognito User Pools
  25. 25. Auth: SigV4 / IAM Internet Mobile apps Partner Services AWS Lambda functions Endpoints on Amazon EC2 Amazon CloudFront API Gateway Amazon Cognito IAM IAM user / role acquisition SigV4 credentials
  26. 26. Auth: Custom Lambda authorizer Internet Mobile apps Websites Partner Services AWS Lambda functions Policy cache Endpoints on Amazon EC2 Any publicly accessible endpoint Amazon CloudFront API Gateway Lambda custom Auth function OAuth provider 403
  27. 27. Sample Application
  28. 28. Sample Application https://tinyurl.com/h67u35j
  29. 29. SpaceFinder High-Level View
  30. 30. Sign up and Sign in 1) Identity Token 2) Access Token 3) Refresh Token
  31. 31. Accessing AWS Services Amazon Cognito User Pools Amazon Cognito Federated Identities 3. Get Identity Id 4. Identity Id 5. Get Credentials (ID JWT) AWS Security Token Service (STS) 8. AWS Temporary Creds
  32. 32. User Classification - RBAC Þ Unauthenticated Users Þ Default Role Þ Authenticated Role Þ Default Role Þ Choose role from rule Þ Choose role from token
  33. 33. RBAC Granular Roles
  34. 34. Granular Role Classification
  35. 35. Granular API Security – get/del resources
  36. 36. IAM Policy Variables
  37. 37. DEMO
  38. 38. There has never been a better time to build GO BUILD!!
  39. 39. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You!
  40. 40. FAQs https://github.com/awslabs/aws-serverless-auth-reference-app

×