Getting Started with Serverless and Container Architectures

AWS Cloud Kata for Start-Ups and Developers
Hong
Kong
Getting Started with Serverless
and Container Architectures
Dickson Yue
Solutions Architect, AWS

Operational complexity - “I want to run some code in the cloud”
• …but ops are complicated, and I don’t have an ops guy
Undifferentiated instances - “I want flexibility to use the code I like”
• …but OS and runtime configuration? Don’t really care.
Capacity management concerns - “My business scales with users and requests”
• …but I don’t want a planning exercise to reserve and provision capacity
Low utilization but high scale - “I want infinite scale”
• …but I only want to pay for calls I actually make
Run some code
in the cloud

What compute options do we have?
• VMs
• Machine as the unit of scale
• Abstracts the hardware
• Containers
• Application as the unit of scale
• Abstracts the OS
• Serverless
• Functions as the unit of scale
• Abstracts the language runtime
ECS
EC2
AWS Lambda

How do I choose?
• VMs
• “I want to configure machines,
storage, networking, and my OS”
• Containers
• “I want to run servers, configure
applications, and control scaling”
• Serverless
• “Run my code when it’s needed”
ECS
EC2
AWS Lambda

Conatiner

Self managed EC2
Elastic Beanstalk
Elastic container service (ECS)
Deployment options

Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing One Host is Straightforward

Managing a Fleet is Hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
AZ 1 AZ 2
AZ 3

What is EC2 Container Service?

Cluster Management Made Easy
No cluster software to install and manage
Manages cluster state
Manages containers
Control and monitoring
Scale from one to tens of thousands of
containers

Cluster Management: Resource
Management
Docker
Task
EC2 Instance
Container
Docker
Task
EC2 Instance
Container
Task
Container
Docker
EC2 Instance
Task
Container
AZ 1 AZ 2

Cluster Management: Scheduling
Docker
Task
EC2 Instance
Container
Docker
Task
EC2 Instance
Container
Task
Container
Docker
EC2 Instance
Task
Container
AZ 1 AZ 2

Amazon ECS: Resource Management
Docker
Task
Container Instance
Container
Task
Container
Docker
Task
Container Instance
Container
Task
Container
Docker
Task
Container Instance
Container
Task
Container
AZ 1 AZ 2
Cluster Management Engine

Security
Isolation boundaries through EC2
instances
VPC only
Security Group and IAM roles support

Performance at Scale
Building block for distributed applications
Coordinates and automates container
deployment
Launch thousands of containers in
seconds

Designed for use with other AWS
services
Elastic Load Balancing
Amazon Elastic Block Store
Amazon Virtual Private Cloud
AWS Identity and Access Management
AWS CloudTrail

Key Components
Clusters
Containers
Task Definitions
Service

Typical User Workflow
I have a Docker
image, and I want to
run the image on a
cluster

Push Image(s)
Amazon ECR
Docker Hub
Or

Create Task Definition Amazon ECS
Task Definition
- Image
- CPU, memory
- Port mapping
- CMD

Run Instances EC2
Use custom AMI with
Docker support and
ECS Agent. Instances
will register with
default cluster.

Describe Cluster Amazon ECS
Get information about
cluster state and
available resources

Run Task
or
Create Service
Amazon ECS
Using the task definition
created above

Amazon ECSDescribe Cluster
Get information about
cluster state and
running containers

DEMO

Command
aws elb create-load-balancer --cli-input-json file://elb-ecs.json
aws ecs create-cluster --cluster-name "ecs-demo"
aws autoscaling create-launch-configuration --cli-input-json file://launch-config.json --user-data
file://userdata.txt
aws autoscaling create-auto-scaling-group --cli-input-json file://auto-scaling-group.json
aws ecs list-container-instances --cluster ecs-demo
docker build -t dicksonyue/kata-demo:v5 .
docker run -d -p 8080:8080 dicksonyue/kata-demo:v5
docker push
aws ecs register-task-definition --cli-input-json file://ecs-task.json
aws ecs update-service --cluster ecs-demo --service vote-app-service --desired-count 2 --task-
definition kata-demo-task:5

Task
{
"family": "vote-app-task",
"containerDefinitions": [
{ "name": ”kata-demo-container",
"image": "dicksonyue/kata-demo:v2",
"cpu": 10,
"memory": 500,
"portMappings": [
{
"containerPort": 8080,
"hostPort": 8080
}
],
"essential": true,
"command": [
"npm", "start"
]
}
]
}

Service
{
"cluster": "ecs-demo",
"serviceName": "vote-app-service",
"taskDefinition": "vote-app-task",
"loadBalancers": [
{
"loadBalancerName": "ecs-demo-ecs-elb",
"containerName": ”kata-demo-container",
"containerPort": 8080
}
],
"desiredCount": 1,
"role": "ecsServiceRole”
}

Serverless

2) Continuous Scaling1) No Servers to Manage
AWS Lambda automatically scales your
application by running code in response to
each trigger. Your code runs in parallel and
processes each trigger individually, scaling
precisely with the size of the workload.
3) Subsecond Metering
With AWS Lambda, you are charged for
every 100ms your code executes and the
number of times your code is triggered.
You don't pay anything when your code
isn't running.
AWS Lambda automatically runs your code
without requiring you to provision or
manage servers. Just write the code and
upload it to Lambda.
Benefits of AWS Lambda

How Lambda works
S3 event
notifications
DynamoDB
Streams
Kinesis
events
Cognito
events
SNS
events
Custom
events
CloudTrail
events LambdaDynamoDB
Kinesis S3
Any custom
Redshift
SNS
Any AWS

AWS Lambda, API Gateway, and AWS IoT
regions
Available regions
Singapore
Sydney

Lambda usage scenarios

Use case: Data processing
Example: Amazon S3 bucket triggers
Amazon S3 bucket events
Original object
Compressed object
1
2
3
AWS Lambda

Use case: Dynamic data ingestion
“I want to apply custom logic to process
content being uploaded to my data store”.
• PDF watermarking
• Image thumbnailing and transcoding
• Document metadata Indexing
• Log aggregation and filtering
• RSS feed processing
• Media content validation

Use case: Realtime data stream processing: Amazon Kinesis
“I want to apply custom logic to process logs being
uploaded through my Kinesis stream”.
• Client activity tracking
• metrics generation
• data cleansing
• Log filtering
• indexing and searching
• Log routing

Use case: mobile backend
1. AWS Mobile SDK + Amazon Cognito for mobile app
Or AWS IoT for devices
2. AWS Lambda runs the code
3. Amazon API Gateway (if you want your own endpoint)
4. Amazon DynamoDB holds the data
AWS Lambda
Amazon
DynamoDB

Use case: Serverless web apps
1. Amazon S3 for serving static content
2. AWS Lambda for dynamic content
3. Amazon API Gateway for https access
4. Amazon DynamoDB for NoSQL data storage
Dynamic content
in AWS Lambda
Data stored in
Amazon
DynamoDB
API GatewayStatic content in
Amazon S3

Use case: Alexa apps + Slack = serverless bots!
Alexa, tell Slack to
send, “I’m giving the
demo now.”
Message retrieval through scheduled
polling
Kevin says,
“Break a leg!”
Message upload
(via Slack API)
Team
(channel users)
Slack

Additional scenarios
Cognito
CloudFormationLambda
Lambda
SNS Lambda
LambdaDynamoDB

1. Image uploading service
2. Image processing service
Face wall service
Dashboard service
3. Data feed services
Input
Image
S3
S3
Output
Image
Metadata DB
App Metric
Lambda
Camera uploads photos with AWS SDK to S3
S3 triggers Lambda event.
Lambda function detects faces, outputs cropped
images to S3 and stores metadata in DynamoDB
Web application pulls data from face wall and
dashboard services through API gateway which
triggers Lambda function.
$$ charged by
Exec time per 100ms
Storage per GB
Number of requests
Read/Write throughput

Recent launches and
best practices

re:Invent 2015
• Python
• Scheduled functions
• Longer running times (5 min.)
• Versioning
Recent launches
Since re:Invent
• Higher code storage limits (from 5 GB to
75 GB)
• Custom VPC
• 1-minute schedules
• New regional launch
• Node.js 4.3.2
• 1-click CORs setup
• Stage variables
• Custom (Lambda) authorizers
• Builtin Swagger import/export
• AWS CloudFormation support for API
Gateway and versions

Function schedules: The how-to guide
How can I keep a function warm (no cold starts)?
Schedule it!
How can I poll a queue (like SQS)?
Schedule a function to read the queue.
How can I get more timers?
Have one scheduled function async invoke other functions.
How can I get granularity finer than 1 minute?
Run a background timer in your scheduled function.

Function versioning: The how-to guide
How can I get mutable configuration info?
Read it (e.g. from DynamoDB) during function initialization.
Wrap your config in a function and call it from your published code.
How do I “roll back” in AWS Lambda?
Using aliases, just switch what the alias points to.
(As a collection, add API Gateway and/or CloudFormation.)
How do I do blue/green deployments?
AWS Lambda handles fleet deployments, but if you want to shape
traffic, put a second “traffic cop” function in front.
How can I lock a client/device onto an old version?
Point them directly to that version’s ARN.

AWS Lambda VPC basics
All Lambda functions run in a VPC, all the time
You never need to “turn on” security – it’s always on
You can also grant Lambda functions access to resources in your own VPC
How: Add VPC subnet IDs and security group IDs to the function config
Typical uses: RDB, ElastiCache, private EC2 endpoints
Allows access to peered VPCs, VPN endpoints, and private S3 endpoints
Functions configured for VPC access lose internet access…
unless you have managed NAT or a NAT instance in the VPC
…Even if you have “Auto-assign Public IP” enabled
…Even if you have an internet gateway set up in your VPC
…Even if your security group allows all outbound traffic

AWS Lambda VPC Best practices
VPC is optional – don’t turn in on unless you need it.
The ENIs used by Lambda’s VPC feature count against
your quota.
Ensure you have enough to match your peak concurrency levels
(we’ll consolidate where we can).
DO NOT delete or rename these ENIs! 
Ensure your subnets have enough IPs for those ENIs.
Specify at least one subnet in each Availability Zone
Otherwise, Lambda will obey, but can’t be as fault-tolerant.

Container
ECS
Cluster
Task & Service
AWS CLI or ECS CLI
Summary
Serverless
Lambda
Use cases
Best practices
New feature

Hong
Kong
Thank you

Getting Started with Serverless and Container Architectures

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Getting Started with Serverless and Container Architectures

Similar to Getting Started with Serverless and Container Architectures (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

Getting Started with Serverless and Container Architectures