Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series

4,179 views

Published on

Serverless architectures involve building applications and services with infrastructure resources that require zero administration. When building and operating web applications, you have to provision and manage servers to run your application code, install and operate distributed databases, and scale servers to handle API requests. AWS provides you a stack of scalable, fully-managed services that eliminates these operational complexities.

In this session, we will briefly review how you can build web applications using a serverless architecture. We will run through a demo of setting up a simple serverless blogging web application that allows user authentication and the ability to create posts and comments. We will dive into the details of how AWS Lambda, Amazon API Gateway, Amazon S3, Amazon DynamoDB, and Amazon Cognito are used in each component of the web application.

Learning Objectives:
• Review components and benefit of serverless architectures
• Learn how to build a serverless blogging web application

Published in: Technology

Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Brittany Doncaster, Solutions Architect, AWS May 24, 2016 Deep Dive on Serverless Web Applications
  2. 2. Agenda  Overview of Serverless Architecture  Anatomy of a Web Application  Securing the Web Application  Demo  Other Options
  3. 3. Overview of Serverless Architectures Serverless? What’s that mean?
  4. 4. What is Serverless? Provisioning and Utilization Operations and Management Scaling Availability and Fault Tolerance Removes the need for….
  5. 5. Benefits of Serverless? Provisioning and Utilization Operations and Management Scaling Availability and Fault Tolerance Which leads to…. Low Cost Simple Low Latency Scalable Reliable
  6. 6. Platform of Serverless Products Storage DatabaseCompute Messaging and QueuesGateways User Management Internet of Things Machine LearningStreaming Analytics
  7. 7. Real-time Processing Streams Files
  8. 8. ETL
  9. 9. IoT Backends
  10. 10. Web Application Serverless Architecture
  11. 11. Anatomy of a Web Application
  12. 12. What makes up a web application? Let’s break it down…
  13. 13. What makes up a web application?
  14. 14. What makes up a web application?
  15. 15. What makes up a web application?
  16. 16. Serverless Web Application
  17. 17. Where did all the servers go?
  18. 18. Static Website Hosting on S3 - refresher  Specify an index document (i.e. index.html)  Specify an error document  Objects publicly readable  Supports redirects  All Requests  Conditional bucket with objects
  19. 19. API Gateway - refresher Create Configure Publish Maintain Monitor Secure
  20. 20. API Gateway – Stage Variables  Key/Value pairs used for configuration  Used for different stages of API  Specify a Lambda function name  Pass to backend
  21. 21. Lambda  Serverless, event-driven compute  Code is: NodeJS, Python, JVM based  Specify memory allocated  Determine what invokes the functions  API Gateway, S3, DynamoDB, Kinesis, SNS, SES, Cognito, Cloudwatch Logs, Cloudwatch Events, CloudFormation, Config, Scheduled Events
  22. 22. Lambda – Versioning and Aliases Versioning  ARN for each one (immutable)  Versions of functions for Dev, Staging, Prod Aliases  Point to a version  Have an ARN also  Event sources point to Alias ARNs
  23. 23. Lambda – Dynamic Configuration One option:  Pull Configs from DDB  Write values to global vars  Code uses global vars Lambda Function Amazon DynamoDB
  24. 24. DynamoDB - refresher  NoSQL database  Keys: Hash Key and (optional) Range Key  Tips:  Plan your keys  Think about your queries
  25. 25. Serverless Web Application
  26. 26. …..but what’s missing from this architecture?
  27. 27. Authentication/Authorization
  28. 28. Securing your Serverless Web Application
  29. 29. AWS IAM and AWS STS temporary security credential AWS STS AWS cloud client 1 2 permissionsrole AWS IAM OR Amazon API Gateway Action: [‘s3:*’,’sts:Get*’] Effect: Allow Resource: *
  30. 30. Securing API Gateway
  31. 31. Cognito and STS
  32. 32. Authentication Options with Cognito Federated Identity Providers • Amazon • Facebook • Google Custom Developed Authentication System Cognito Identity User Pools (Preview)
  33. 33. Unauthenticated vs Authenticated roles  Ability to define both in Cognito  Start out unauthenticated switch to authenticated!  browsing a blogging site then log in to post or comment
  34. 34. Example IAM Policy for API Gateway { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], "Resource": [ "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments/*", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/users", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/login" ] } ] }
  35. 35. Cognito – Authentication Flow Amazon API Gateway AWS Lambda
  36. 36. Other Security Features  IAM Roles for Lambda Functions  Client-side Encryption library using KMS for DynamoDB
  37. 37. Demo
  38. 38. Demo App Architecture AWS Lambda Functions web browser Amazon S3 Call Unauthenticated APIs methods StaticContent Amazon DynamoDB Amazon Cognito Obtain User Credentials Amazon API Gateway encrypted user data AWS Lambda Functions Amazon DynamoDB Amazon API Gateway Authentication APIs Obtain Authenticated User Credentials AWS STS AWS Lambda Functions – Logic for POST Functions Amazon DynamoDB Amazon API Gateway – POST Functions Call Authenticated APIs methods 3 2 4 5 6 1 AWS KMS
  39. 39. Other Options
  40. 40. Authentication Options Cognito: • Federated Identity Providers (Amazon, Facebook, Google) • Cognito Identity User Pools Federated Web Identities • Interact directly with STS and 3rd party identity providers
  41. 41. Authorization Options with API Gateway API Gateway Lambda Auth function Client Request w/ a bearer token Policy is cached Policy is evaluated AWS Lambda functions Endpoints on Amazon EC2 Context + Token Principal + Policy 403 Denied Allowed Any other publicly accessible endpoint
  42. 42. Some Tidbits  Authorization failures to API Gateway get returned as a CORS error  Lambda Functions as stage variable values = manual permissions configuration
  43. 43. Architect to be Serverless Fully Managed  No provisioning  Zero administration  High availability Developer Productivity  Focus on the code that matters  Innovate rapidly  Reduce time to market Continuous Scaling  Automatically  Scale up and scale down
  44. 44. Q&A

×