Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Come costruire un'architettura Serverless nel Cloud AWS

379 views

Published on

Durante i laboratori pratici, gli esperti AWS ti mostrano quali strumenti aiutano a sviluppare le applicazioni Serverless in locale e nel cloud AWS e ti aiuteranno a programmare i prossimi passi per iniziare ad utilizzare questa tecnologia nella tua azienda.

  • Be the first to comment

  • Be the first to like this

Come costruire un'architettura Serverless nel Cloud AWS

  1. 1. Come costruire un’architettura serverless nel cloud AWS
  2. 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Agenda Speakers Luca Biachi CTO at Neosperience & AWS Serverless Hero Alex Casalboni Developer Advocate (acasal@amazon.com) Marek Kuczynski Serverless Specialist Solutions Architect (marekku@amazon.com) Diego Natali - Solutions Architect (dnnatali@amazon.com) Chiara Brandle - Solutions Architect (cbrandl@amazon.com) Alfredo Velasco - GTMS Serverless (alfrevel@amazon.com) Luca Spagnoli - Solutions Architect (lucspa@amazon.com) Margherita Bonetto - Solutions Architect (bonetto@amazon.com) Fabio Chiodini - Solutions Architect (chiodf@amazon.com) Time Topic 09h00 - 9h30 Introduction – Serverless on AWS 09h30 - 10h15 Serverless Services: Amazon API Gateway, AWS Lambda, Step Functions 10h15 - 10h30 Break 10h30 - 11h30 Lab I: Serverless Web Application 11h30 - 12h15 Serverless Services: AWS SAM, CI/CD 12h15 - 12h25 Break 12h25 - 13h00 Lab II : CI/CD for Serverless Applications 13h00 Q&A, Wrap-up Chatters
  3. 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Europe (Milan) Region Dal 28 Aprile AWS ha esteso la propria presenza globale con l’apertura della nuova Regione AWS in Italia. La nuova Regione AWS Europe (Milano) offre tecnologie cloud avanzate che abilitano opportunità di innovazione, imprenditorialità e trasformazione digitale. Per ulteriori informazioni sulle componenti e sulle caratteristiche di una Regione AWS, potete visitare il sito aws.amazon.com/local/italy/milan/
  4. 4. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 1 Intro to Serverless
  5. 5. www.neosperience.com | blog.neosperience.com | info@neosperience.com Neosperience Empathy in Technology Building a SaaS Serverless Cloud on AWS September, 18th 2020
  6. 6. Luca Bianchi Who am I? github.com/aletheia https://it.linkedin.com/in/lucabianchipavia https://speakerdeck.com/aletheia Chief Technology Officer @ Neosperience Chief Technology Officer @ WizKey Serverless Meetup and ServerlessDays Italy co-organizer www.bianchiluca.com @bianchiluca
  7. 7. I am here to tell a story..
  8. 8. Empathy in Technology
  9. 9. Best in class customers Consumer Products, Retail & Distribution, Communications & Media Financial Services, Travel & Transportation, GovernmentAutomotive, Health, Industry & Services Fashion, Luxury & Beauty
  10. 10. Neosperience IPO (Feb 20th, 2019)
  11. 11. what makes every customer unique, them in 1:1 experiences and your customer base. Neosperience Cloud Understand Engage Grow
  12. 12. How delivers digital experience innovation Increase customer engagement • Tailor storytelling and call-to-action • Grow the value of the customer • Suggest the most suitable products and services • Accelerate on-boarding and increase conversions • Generate recurring revenues, evolving loyalty into membership • Send personalized notifications • Delight the customer with gamification • Make digital experiences come alive in extended reality • Nudge advocacy 01 Listen to customers
 across channels 02 Deliver relevant
 experiences at scale 03 Transform prospects
 into customers for life Neosperience Cloud allows to create personalized, relevant experiences that strengthen 
 the relationship with the customer across touchpoints: web, app, platforms, point of sale The first digital experience platform to establish empathic relationships with customers that takes into account their uniqueness. A set of application modules condensing multi-disciplinary skills: data scientists, designers, software architects, cognitive, behavioral and social psychologists, to unleash your brand’s potential. Understand Engage Grow Neosperience Cloud
  13. 13. Neosperience Cloud Cloud Understand Engage Grow
  14. 14. why it’s relevant?
  15. 15. Neosperience Cloud Cloud Understand Engage Grow
  16. 16. Neosperience Cloud Cloud Understand Engage Grow
  17. 17. Any complex platform implements a set of different requirements Different requirements • Deep Learning models • Integrating with 3rd party products • Different data types to persist • Need for speed and scalability • Team communication has a lot of friction: IT operation and dev teams
  18. 18. once upon a time…
  19. 19. Neosperience Cloud Cloud Understand Engage Grow Neosperience Cloud Services • Define Cloud Requirements • One endpoint serves multiple requests • It’s called the monolith
  20. 20. Neosperience ( 2008 — 2012 ) The age of the monolith • Multi-region deploy of SpringMVC / Java on Apache Tomcat / JBoss • Shared RDS database managed by Hibernate • Autoscaling group for EC2 instances, Elastic IP Pros ✓ Everything within a single package ✓ Simple CI workflow ✓ Easy services coordination Cons - Lifecycle: one change in code requires a full release of Neosperience - Scalability / Costs: planning autoscale for different usages is not easy - Everything is a REST endpoint
  21. 21. Neosperience Cloud Cloud Understand Engage Grow image video conversation relation interaction behavior Personalised Content Proximity Marketing Nudging & Gamification Image Personalised Commerce Personalised Advertising Customer Base Channels • Start separating concerns • Every component has the same technological stack • Define interfaces between components • It’s called microservices
  22. 22. image video conversation relation interaction behavior Personalised Content Proximity Marketing Nudging & Gamification Image Personalised Commerce Personalised Advertising CustomerBaseChannels Customer 
 Generations Search Customer CI / CD
  23. 23. Neosperience ( 2012 — 2015 ) Separation of concerns • Spring Boot/Cloud on Java Stack • Docker image for each service within NGINX • DynamoDB used as façade towards clients • RDS managed through Spring Data • Coordination service (Module Manager) Pros ✓ Smaller services, same technology for everything ✓ Immutable deployments: from CI to Docker registry ✓ Easy services coordination Cons - Still paying for idle (database, instances) - Manual provisioning of resources (through Beanstalk) - Everything is a REST endpoint
  24. 24. Enter Serverless..
  25. 25. Serverless means
  26. 26. Serverless means no servers.
  27. 27. Serverless means no servers. No hardware to provision or manage No IT service team installing hardware But still it’s someone else server Server VM OS frameworks code your duty
  28. 28. Serverless means no VMs.
  29. 29. Serverless means no VMs. No under or over provisioning Never pay for idle No VM disaster recovery VM OS frameworks code your duty
  30. 30. no patch to install.no OS to config.Serverless means
  31. 31. Serverless means no OS to config. OS is provisioned automatically Patches are installed by vendor Built-in best practices OS frameworks code your duty
  32. 32. Serverless means no schedulers.
  33. 33. Serverless means no schedulers. Code is invoked by platform Language support is packed within runtime Analytics are provided out of the box frameworks code your duty
  34. 34. Serverless means Servicefull. Patrick Debois - 2016 Server VM OS frameworks code your duty
  35. 35. Serverless means Servicefull. Patrick Debois - 2016 Server VM OS frameworks code your duty some one else duty
  36. 36. image video conversation relation interaction behavior Personalised Content Proximity Marketing Nudging & Gamification Image Personalised Commerce Personalised Advertising CustomerBaseChannels Customer 
 Generations Search Customer CI / CD • Move to cloud native adoption • Script cloud resources • Each service has its own persistence • Migrate data models Neosperience Cloud
  37. 37. Neosperience ( 2015 — now ) Here comes Serverless • Triggers to Lambda functions • Each service defines its own persistence • Communication is handled through Kinesis • Immutable deployments Pros ✓ Many small packages ✓ Extremely fast release cycles (smaller changes) ✓ No servers to manage (woot-woot) ✓ Scalability at its best / Cost reduction ✓ There is no difference between dev/stage/ production Cons - Required a shift in team perspective towards software development (there is no one size fits all architecture) - Expensive when utilization close to 100% - No support for dedicated hardware
  38. 38. Some key points we had to address while moving to Serverless and microservices. The questions we faced How micro is a microservice? Decompose your system into domain specific computing units using Domain Driven Development (DDD) Do we want to reinvent the wheel? AWS provides a variety of managed services that can ease out software development, reducing time to market of orders of magnitude. Every time we had to implement a new functionality we asked ourselves whether there was an AWS service for that. How to deal with the outside world? Neosperience is a B2B2C ISV vendor. Our product can be used SaaS by companies or integrated through API. We need to rely on web standards REST and OAuth2 How about vendor lock-in? Serverless does not lock you in. Data does. But it’s the same with languages, tools or frameworks.
  39. 39. Business Domain Support ✓17 different business domains ✓5-10 microservices each domain ✓a dozen of support services (monitoring, maintenance, OAuth2, Organization, multi-tenancy, etc.) Serverless ✓100% Serverless except for ML model training Lambda Functions ✓200+ functions AWS Resources ✓400+ AWS resources ✓managed through a 15+ CloudFormation stacks Adopting microservices can really make our life as ISV better, with a number of benefits Neosperience is a 100% Serverless cloud solution Time to market ✓improved from months to weeks ✓business features released every sprint ✓technical features released multiple times a week Costs ✓reduced by an order of magnitude Team ✓developers provision cloud resources ✓innovation in encouraged, failure impact is bounded ✓shifted from running after business requirements to waiting for business requirements Happiness ! Dev Team has full control on delivery ! Business Team has feature delivery
  40. 40. “in the past were bigger companies that outcompeted smaller companies now are faster companies to outcompete slower companies” — Marc Benioff
  41. 41. http://bit.ly/nsp-serverless-2020 github.com/aletheia @bianchiluca https://it.linkedin.com/in/lucabianchipavia https://speakerdeck.com/aletheia
  42. 42. www.neosperience.com | blog.neosperience.com | info@neosperience.com
  43. 43. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Step Functions AWS Lambda Amazon EventBridge Amazon API Gateway Amazon SNS Main Serverless Services Amazon SQS
  44. 44. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 2 Amazon API Gateway
  45. 45. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Building and managing APIs can be challenging Managing multiple versions and stages of an API is difficult Building monitoring solutions that give you visibility into the health of your APIs is resource intensive Access authorization is a challenge Traffic spikes pose an operational burden Many people ask: What if I don’t want servers at all?
  46. 46. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon API Gateway API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It frees you from the operational burden of implementation, offers reliable network protection, and centralizes authorization decisions within policies so bugs and code concerns are minimized. It also enables you to: • Host multiple versions and stages of your APIs • Create and distribute API Keys to developers • Throttle and monitor requests to protect your backend • Leverage signature version 4 to authorize access to APIs • Perform Request / Response data transformation and API mocking • Reduce latency and DDoS protection through CloudFront • Store API responses through managed caches • Generate SDKs for Java, JavaScript, Java for Android, Objective-C or Swift for iOS, and Ruby
  47. 47. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon API Gateway Benefits 1 54 2 3 6 Fully managed, automatic scaling, pay for value Supports multiple protocols, including RESTful and WebSocket APIs Native connectivity to HTTP endpoints and other AWS services like Lambda Offers industry standard security solutions and customizable options for security needs Privacy enabled: Create APIs that are only accessible from your VPC Swagger support and support for canary deployments
  48. 48. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Types of APIs: Supported Protocol Details RESTful: HTTP APIs & REST APIs WebSocket APIs Client Client • Request / Response • HTTP Methods like GET, POST, etc • Short-lived communication • Stateless • Serverless WebSocket • 2 way communication channel • Long-lived communication • Stateful
  49. 49. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Types of APIs Edge-Optimized (Available with REST APIs) • Uses CloudFront to reduce TLS connection overhead (reduces roundtrip time) • Designed for a globally distributed clients Regional (Available with all types) • Recommended API type for general use cases • Designed for building APIs for clients in the same region Private (Available with REST APIs) • Only accessible from within VPC (and networks connected to VPC) • Designed for building APIs used internally or by private microservices RESTful APIs HTTP APIs are the cheapest, fastest, best choice for building APIs that only require API proxy functionality. For APIs that require API proxy functionality and management features in a single solution, API Gateway also offers REST APIs. WebSocket APIs WebSocket APIs allow you to build real-time two-way communication applications, such as chat apps and streaming dashboards. API Gateway maintains a persistent connection to handle message transfer between a backend service and its clients.
  50. 50. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark RESTful API options: HTTP APIs vs REST APIs HTTP APIs are the best choice for building APIs for a majority of workloads—they offer up to 71% cost savings and 60% latency reduction compared to REST APIs. HTTP APIs are optimized for serverless workloads and HTTP backends, and should be considered first for APIs that only require API proxy functionality. If your APIs require API proxy functionality and API management features in a single solution, API Gateway also offers REST APIs. For a complete side-by-side comparison, visit our documentation.
  51. 51. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark API Architecture Websites Services Amazon API Gateway API Gateway Cache (REST only) Public Endpoints on Amazon EC2 Amazon CloudWatch Monitoring All publicly accessible endpoints Lambda Functions Endpoints in VPC Applications & Services in VPC Any other AWS service Fully-managed CloudFront Distribution Edge-OptimizedRegionalPrivate Applications & Services in the same AWS Region AWS Direct Connect On-premises HTTPS Mobile client Customer-managed CloudFront Distribution
  52. 52. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark API Gateway Features Getting the most out of your APIs
  53. 53. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Request & Response in API Gateway • Customize various error responses Change HTTP status code Modify body content Add headers • Customize specific responses • Modify default 4XX/5XX API Gateway enables elegant error handling. You can customize what your backend returns to create branded 404 responses.
  54. 54. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Request & Response Websites Method Request • Modeling • Validation • Transformation Integration Request Amazon DynamoDB AWS Lambda Amazon S3 Integration Response Amazon DynamoDB AWS Lambda Amazon S3 Method Response • Transformation • Custom Errors Request Response Other AWS & On Premise Services Other AWS & On Premise Services
  55. 55. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Throttling in API Gateway • API Key level throttling Configurable in usage plan • Method level throttling Configurable in stage settings • Account level throttling Limits can be increased API Gateway offers three levels of throttling for APIs.
  56. 56. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Throttling Websites Service Public Endpoints on Amazon EC2 Authorized Mobile client Lambda Functions Any other AWS service All publicly accessible endpoints Mobile client Partner Websites User’s Usage Plan Services Usage Plan Partner Usage Plan Per client Per client & per method Per method Per account (REST only) (REST only)
  57. 57. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Private Integrations in API Gateway • Run inside your VPC Change HTTP status code Modify body content Add headers • HTTP APIs offer private integrations for AWS ALB, AWS NLB, and AWS Cloud Map Easily integrate with AWS ALB & NLB Easily integrate with AWS Cloud Map • REST APIs & WebSocket APIs offer private integrations with AWS NLB Private integrations allow you to route traffic to your VPC.
  58. 58. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark VPC Links (Private Integrations) Endpoints in VPC AWS Direct Connect On-premises Network Load Balancer (NLB) API Gateway VPC Link Client Service Authorized Mobile client Application Load Balancer (ALB) AWS Cloud Map
  59. 59. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Staging in API Gateway • APIs are deployed to staging environments. You choose what to name them. • For example, these environments: Dev (e.g., example.com/dev) Beta (e.g., example.com/beta) Prod (e.g., example.com/prod) API Gateway enables you to set stage variables, allowing the same API to point to different backends. Your APIs are versioned and can be rolled back.
  60. 60. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Staging v0.0.1 v0.0.2 v0.0.3 v0.0.4 v0.0.5 v0.0.6 v0.0.7 v0.0.8 v0.0.9 prod beta dev aliases Prod stage lambdaAlias = prod Dev stage lambdaAlias = dev Beta stage lambdaAlias = beta Stages Stage variable = lambdaAlias API Gateway Lambda function
  61. 61. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Custom Domains in API Gateway • Run your APIs within your own DNS zone • Recommended for supporting multiple versions api.tampr.com/v1 -> restapi1 api.tampr.com/v2 -> restapi2 • Support for cross-region redundancy with regional API endpoints API Gateway enables you to create custom domains for your APIs. It also enables you to point to custom domains from multiple API types.
  62. 62. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Custom Domains https://12345.execute-api.us-east-1.amazonaws.com/prod https://mydomain.com/api-one • Supports HTTP, REST, and WebSocket APIs • SSL Certs managed through ACM • Supports multiple domains through base path mapping
  63. 63. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 3 AWS Lambda
  64. 64. AWS Lambda • Run code without provisioning or managing servers • Pay only for the compute time you consume • Virtually any type of application or backend service • Zero administration • Trigger from other AWS services or call it directly from any web or mobile app
  65. 65. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Serverless applications Event source Services Changes in data state Requests to endpoints Changes in resource state Function Node.js Python Java C# Go Ruby Runtime API
  66. 66. Anatomy of a Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda function Invocation Context object Methods available to interact with runtime information (request ID, log group, more) import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello World!') }
  67. 67. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Lambda execution model Synchronous (push) Asynchronous (event) Stream (Poll-based) /order Amazon API Gateway Lambda function Amazon DynamoDB Amazon Kinesis changes AWS Lambda service function Amazon SNS Amazon S3 reqs Lambda function Amazon SQS + FIFO NEW!!!
  68. 68. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Designate an asynchronous target for Lambda function invocation results. You can set one destination for a success, and another for a failure. AWS Lambda Destinations
  69. 69. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • For Lambda functions consuming events from Kinesis or DynamoDB Streams, it’s now possible to limit the retry count, limit the age of records being retried, configure a failure destination, or split a batch to isolate a problem record. These capabilities will help you deal with potential “poison pill” records that would previously cause streams to pause in processing. • For asynchronous Lambda invocations, you can now set the maximum event age and retry attempts on the event. If either configured condition is met, the event can be routed to a dead letter queue (DLQ), Lambda destination, or it can be discarded. Lambda Streams and Async-based invocations
  70. 70. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • Batch Window: batch records up to 300s before invoke Lambda • Concurrent batches per shard – Process multiple batches from the same shard concurrently. Lambda advanced scaling controls
  71. 71. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The function lifecycle Bootstrap the runtime Start your code Full cold start Partial cold start Warm start Download your code Start new Execution environment AWS optimization Your optimization
  72. 72. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Provisioned Concurrency keeps functions initialized and hyper-ready to respond in double-digit milliseconds. Customers fully control when or how long to enable Provisioned Concurrency. Ideal for latency-sensitive applications You fully control when to enable it No changes required to your code Fully serverless Provisioned Concurrency for AWS Lambda
  73. 73. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • Applications that have strict latency SLAs • Have direct interaction with end-users • Have strict regulatory requirements • Leverage languages that have a slower cold start time or require large deployment packages • Applications that support high- velocity traffic bursts • Serve content such as ads during a live stream • Mobile applications such as games • Marketing blitzes or flash sales Provisioned Concurrency for AWS Lambda
  74. 74. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • Integrate VPC resources in serverless apps • Use new services with Lambda functions (e.g. ElastiCache) VPC to VPC NAT
  75. 75. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Security Model Execution RoleLambda Function + = Allowed Actions IAM Role with: • IAM Policy Permissions + Lambda Trigger Function Policy: • Service or event source to call Lambda
  76. 76. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Versioning Not Enabled Version $LATEST arn:aws:lambda:[region]:[acct-id]:function:[name]:$LATEST
  77. 77. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Versioning Enabled Version $LATEST arn:aws:lambda:[region]:[acct-id]:function:[name]:3 arn:aws:lambda:[region]:[acct-id]:function:[name]:2 arn:aws:lambda:[region]:[acct-id]:function:[name]:1 3 2 1
  78. 78. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Aliases with Versioning Enabled Version $LATEST arn:aws:lambda:[region]:[acct-id]:function:[name]:PROD 3 2
  79. 79. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon SQS FIFO as an event source
  80. 80. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon Elastic File System (EFS) for Lambda • Share data across 1000s of function invocations • Achieve high performance, highly available, durable storage with persistent volumes • Pay only for what you use Availability zone Availability zone EFS Mount Target EFS Mount Target Amazon EFS file system AWS Lambda
  81. 81. New Workloads on AWS Lambda Large File Data manipulation Large Scale Media Processing AI/ML Analytics Realtime applications High Res Images HD Videos Zip/Archives Git MXNet TensorFlow Content Management Web apps Simplify Application Architecture Process files of any size Reduce Costs
  82. 82. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark RDS Proxy Amazon RDS RDS Proxy AWS Secrets Manager AWS IAM Connection Pool SQL / TLS AWS Lambda Functions
  83. 83. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Fully managed, highly available database proxy feature for Amazon RDS. Pools and shares DB connections to make applications more scalable, more resilient to database failures, and more secure. Pool and share DB connections for improved app scaling Increase app availability and reduce DB failover times Manage app data security with DB access controls Fully managed DB proxy, compatible with your database Amazon RDS Proxy
  84. 84. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Lambda Layers Lets functions easily share code: Upload layer once, reference within any function Promote separation of responsibilities, lets developers iterate faster on writing business logic Built in support for secure sharing by ecosystem
  85. 85. Lambda Runtime API Bring any Linux compatible language runtime Powered by new Runtime API - Codifies the runtime calling conventions and integration points At launch, custom runtimes powering Ruby support in AWS Lambda, more runtimes from partners (like Erlang) Custom runtimes distributed as “layers” Rule Stack
  86. 86. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 4 AWS Step Functions
  87. 87. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The art of the state: Coordinating services using AWS Step Functions
  88. 88. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark In a monolith, everything gets deployed together
  89. 89. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark With microservices, we split the work between multiple systems
  90. 90. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Microservices can give us increased agility and scalability
  91. 91. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark But distributed systems can be harder to coordinate and debug
  92. 92. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example orchestration Processing new bank account applications
  93. 93. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  94. 94. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  95. 95. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  96. 96. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  97. 97. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  98. 98. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  99. 99. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  100. 100. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  101. 101. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  102. 102. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  103. 103. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  104. 104. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
  105. 105. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark A state machine Describes a collection of computational steps split into discrete states Has one starting state and always one active state (while executing) The active state receives input, takes some action, and generates output Transitions between states are based on state outputs and rules that we define
  106. 106. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Step Functions Resilient workflow automation Built-in error handling Powerful AWS service integration First-class support for integrating with your own services Auditable execution history and visual monitoring Fully-managed state machines on AWS
  107. 107. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Step Functions The basics
  108. 108. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark How AWS Step Functions work The workflows you build with Step Functions are called state machines, and each step of your workflow is called a state. When you execute your state machine, each move from one state to the next is called a state transition. You can reuse components, easily edit the sequence of steps or swap out the code called by task states as your needs change.
  109. 109. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Amazon States Language https://states-language.net/spec.html { "Comment": "A simple minimal example", "StartAt": "Hello World", "States": { "Hello World": { "Type": "Task", "Resource": "arn:aws:lambda...HelloWorld", "End": true }, [. . .] } }
  110. 110. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Example workflow: opening an account Wait for a callback Parallel Steps Branching Choice Tasks
  111. 111. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Performing a task Call an AWS Lambda Function Wait for a polling worker to perform an activity Pass parameters to an API of an integrated AWS Service
  112. 112. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Performing a task Example: Execute a AWS Lambda Function "Verify Identity Documents": { "Type": "Task", "Parameters": { "name.$": "$.application.name" "identityDoc.$": "$.application.idDocS3path" }, "Resource": "arn:aws:lambda...VerifyIdDocs", "End": true }
  113. 113. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Executing branches in parallel Contains an array of state machines branches to execute in parallel Outputs an array of outputs from each state machine in its branches
  114. 114. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Executing branches in parallel Example: Run two branches in parallel "Perform Automated Checks": { "Type": "Parallel", "Branches": [ { "StartAt": "Verify Identity Documents", "States": { "Verify Identity Documents": { … } } }, { "StartAt": "Check Address", "States": { "Check Address": { … } } } ] }, "ResultPath": "$.checks", "Next": "Human Review Required?" }
  115. 115. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Making a choice Like a switch statement in programming Inspects an array of choice expressions, comparing variables to values Determines which state to transition to next
  116. 116. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Making a choice Example: Choose next step based on state outputs "Human Review Required?": { "Type": "Choice", "Choices": [ { "Variable": "$.checks[0].flagged", "BooleanEquals": true, "Next": "Wait For Review" }, { "Variable": "$.checks[1].flagged", "BooleanEquals": true, "Next": "Wait For Review" } ], "Default": "Approve Application" }
  117. 117. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Waiting for a callback Generates a Task Token and passes it to an integrated service When the recipient process is complete, it calls SendTaskSuccess or SendTaskFailure with the Task Token Workflow then resumes its execution
  118. 118. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Waiting for a callback Example: Pause and wait for an external callback "Type": "Task", "Resource":"arn:aws:states:::lambda:invoke.waitForTaskToken", "Parameters": { "FunctionName": "FlagApplicationForReview", "Payload": { "applicationId.$": "$.application.id", "taskToken.$": "$$.Task.Token" } }, "ResultPath": "$.reviewDecision", "Next": "ReviewApproved?"
  119. 119. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Error handling Failures can happen due to Timeouts, Failed Tasks, or Insufficient Permissions Tasks can Retry when errors occur using a BackoffRate up to MaxAttempts Tasks can Catch specific errors and transition to other states
  120. 120. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Working with AWS Step Functions Visualise in the Console Define in JSON Monitor Executions
  121. 121. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Step Functions Diving deeper
  122. 122. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark State types Task Execute work Choice Add branching logic Wait Add a timed delay Parallel Execute branches in parallel Map Process each of an input array's items with a state machine Succeed Signal a successful execution and stop Fail Signal a failed execution and stop Pass Pass input to output
  123. 123. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Step Functions service integrations Amazon Elastic Container Service AWS Lambda AWS Batch Amazon DynamoDB Amazon SageMaker AWS Glue AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service
  124. 124. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. NEW AWS Step Functions Express Workflows
  125. 125. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Step Functions Express Workflows Orchestrate AWS compute, database, and messaging services at rates up to 100,000 events per second, suitable for high-volume event processing workloads such as IoT data ingestion, microservices orchestration, and streaming data processing and transformation NEW
  126. 126. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Standard vs. express workflows Standard Express Maximum duration 365 days 5 minutes Execution start rate Over 2,000 per second Over 100,000 per second State transition rate Over 4,000 per second per account Nearly unlimited Execution semantics Exactly-once workflow execution At-least-once workflow execution
  127. 127. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Standard vs. express workflows (continued) Standard Express Executions Executions are persisted and have ARNs Executions are not persisted except as log data Execution history Stored in Step Functions, with tooling for visual debugging in the console Sent to Amazon CloudWatch Logs Service integrations Supports all service integrations and activities Supports all service integrations. Does not support activities. Patterns Supports all patterns Does not support Job-run (.sync) or Callback (.wait For Callback)
  128. 128. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Step Functions key benefits Fully-managed service High availability & automatic scaling Visual monitoring & state management Auditable execution history Built-in error handling Pay per use
  129. 129. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 15 minutes break and then… Lab time! Serverless Web Application
  130. 130. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with the AWS Cloud Development Kit (CDK) Marek Kuczynski Senior Serverless Solutions Architect Amazon Web Services @marekq
  131. 131. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  132. 132. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 0: Creating infrastructure by hand Your organization’s infrastructure
  133. 133. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code Your organization’s infrastructure deploy.script AWS SDK
  134. 134. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 1: Imperative infrastructure as code • Lots of boilerplate • What if something fails and we need to retry? • What if two people try to run the script at once? • Race conditions? resource = getResource(xyz) if (resource == desiredResource) { return } else if (!resource) { createResource(desiredResource) } else { updateResource(desiredResource) }deploy.script
  135. 135. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative infrastructure as code Your organization’s infrastructure infrastructure.txt AWS CloudFormation HashiCorp Terraform AWS SDK AWS SAM (Serverless Application Model)
  136. 136. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 2: Declarative stack using CloudFormation template.yml • Just a list of each resource to create and its properties, in this case YAML format • Some minor helper functions may be built in to aid in fetching values dynamically Resources: # VPC in which containers will be networked. # It has two public subnets # We distribute the subnets across the first two available subnets # for the region, for high availability. VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR'] # Two public subnets, where containers can have public IP addresses PublicSubnetOne: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR'] MapPublicIpOnLaunch: true PublicSubnetTwo: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: {Ref: 'AWS::Region'} VpcId: !Ref 'VPC' CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR'] MapPublicIpOnLaunch: true
  137. 137. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model
  138. 138. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Declarative template in SAM AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: ./todo_list_lambda Handler: index.gethtml Runtime: nodejs12.x Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units
  139. 139. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS Cloud Development Kit (AWS CDK) Your organization’s infrastructure app.js AWS CloudFormation AWS SDKAWS CDK
  140. 140. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level 3: AWS CDK • Write in a familiar programming language, no need to learn a new language • Create many underlying AWS resources at once with a single construct • Each stack is made up of “constructs,” which are simple classes in the code • Still declarative, no need to handle create vs update cdk_app.js lambda_function.py
  141. 141. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Public Subnet in Availability Zone Public Subnet in Availability Zone 2 Private Subnet in Availability Zone Private Subnet in Availability Zone 2 Internet gateway NAT gateway NAT gateway One CDK construct expands to many underlying resources cdk deploy// Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });
  142. 142. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. One CDK construct expands to many underlying resources 270 lines of AWS CloudFormation YAML I don’t have to write! cdk synth// Network for all the resources const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });
  143. 143. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK constructs are available in multiple languages
  144. 144. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud Development Kit (AWS CDK) The big picture—from AWS CDK app to provisioned infrastructure CloudFormation Template “compiler” CDK CLI “processor” “assembly language” “source” synthesize deployexecutes
  145. 145. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. A hello world demo Let’s create a simple API Gateway and Lambda function using CDK. Source: https://github.com/marekq/hello-world-cdk
  146. 146. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  147. 147. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. With CDK, you can combine Fargate with Lambda Source: https://github.com/marekq/sqs-fargate-poller
  148. 148. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. X-Ray tracing for both Lambda and Fargate
  149. 149. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  150. 150. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • AWS Amplify Console and CLI The fastest way to build mobile and web applications • Serverless Application Model (SAM) CLI Build serverless apps using a declarative YAML template • Cloud Development Kit (CDK) Define cloud resources in your favourite programming language Three serverless framework options from AWS
  151. 151. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. NEW! AWS Solutions Constructs for CDK https://aws.amazon.com/blogs/aws/aws-solutions-constructs-a-library-of-architecture-patterns-for-the-aws-cdk/
  152. 152. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Solutions Constructs for CDK
  153. 153. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CDK Day conference on 30th September www.cdkday.com
  154. 154. Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Senior Serverless Solutions Architect Twitter: @marekq Email: marekku@amazon.nl
  155. 155. Our workshop after the break • We will build an API using the CDK. • The full manual and code samples can be found at https://cdkworkshop.com/ • As requirements, install the following; • The AWS CDK CLI • VS Code or any code editor with highlighting • Choose your favourite programming language (TypeScript, Python, .NET, Java)

×