Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Running Serverless at The Edge (CTD302) - AWS re:Invent 2018

376 views

Published on

AWS Lambda enables you to run code without provisioning or managing servers in an AWS Region. Lambda@Edge provides the same benefits, but runs closer to your end users, enabling you to assemble and deliver content, on-demand, to create low-latency web experiences. Come and join us for examples of how customers can move significant workloads they previously managed with server fleets to truly serverless website backends. Sentient Technologies, an artificial intelligence technology company, will share how they use Lambda@Edge for solving various use cases such as leveraging AI to improve customer engagement and uplift website conversions, and many more.

  • Be the first to comment

Running Serverless at The Edge (CTD302) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Running Serverless at The Edge George John Sr. Product Manager Amazon CloudFront/Lambda@Edge C T D 3 0 2 Tyler Foster VP, Technology Sentient Technologies
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What’s covered in this session • Overview of Serverless & AWS Lambda • Deep dive into Lambda@Edge • Lambda@Edge usecases • Sentient’s usecase for Lambda@Edge
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related reInvent sessions CTD405 – Optimizing Lambda@Edge for Performance and Cost Efficiency Tuesday, Nov 27th, 4:00PM – 5:00PM | Venetian, Level 2, Veronese 2406 Wednesday, Nov 28th, 5:30PM – 6:30PM | MGM, Level 3, North Concourse 306 CTD409 – High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workflows Thursday, Nov 29th, 12:15PM – 1:15PM | MGM, Level 1, Grand Ballroom 122 CTD301 – How Disney Streaming Services and TrueCar Deliver Web Applications for Scale, Performance, and Availability Tuesday, Nov 27th , 1:45PM – 2:45PM | MGM, Level 1, Grand Ballroom 122
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNS Amazon SES Cron events DATA STORES ENDPOINTS DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES Event sources that trigger AWS Lambda and more! AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions Amazon CloudFront
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudFront (Event Source) AWS Lambda AWS Lambda@Edge Lambda@Edge
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda@Edge Globally distributed No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Bring your code closer to end users to improve viewer experience
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location Note: You have to select N.Virginia (us-east-1) when creating Lambda@Edge functions
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Origin Compute Database Storage Why CloudFront + Lambda@Edge?
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudFront Origin AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon CloudFront + Lambda@Edge Origin AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Cache End user/viewer Amazon S3 CloudFront events for Lambda@Edge Viewer request Amazon CloudFront Location Origin Amazon ALB/ELB/EC2 HTTP Server Origin request Origin responseViewer response Cache Miss ScenarioCache Hit Scenario
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Anatomy of a Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda Function Invocation Context object Methods available to interact with runtime information (request ID, log group, etc.) public String handleRequest(Book , Context context) { saveBook(book); return book.getName() + " saved!"; }
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Let’s look at a Lambda@Edge function exports.handler = (event, context, callback) => { /* viewer-request and origin-request events have the request as input */ const request = event.Records[0].cf.request; /* viewer-response and origin-response events have the response as input */ /* const response = event.Records[0].cf.response; */ /* Do the processing – say add a header */ /* When I am done I let CloudFront what to do next */ callback(null, request); } Lambda@Edge supports Node.js (JavaScript runtime)
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Request Event { "Records": [ { "cf": { "config": { "distributionDomainName": "d123.cloudfront.net", "distributionId": "EDFDVBD6EXAMPLE", "eventType": "viewer-request", }, "request": { "body": { "action": "read-only", "data": "eyJ1c2VybmFt=", "encoding": "base64", "inputTruncated": false }, "clientIp": ”1.2.3.4", "querystring": "size=large", "uri": "/picture.jpg", "method": "GET", "headers": { "host": [ { "key": "Host", "value": "d111111abcdef8.cloudfront.net" } ], "user-agent": [ { "key": "User-Agent", "value": "curl/7.51.0"} ] }, …… "origin": { "custom": { "customHeaders": { "my-origin-custom-header": [{ "key": ”My-Custom-Header", "value": "Test"}]}, "domainName": "example.com", "keepaliveTimeout": 5, "path": "/custom_path", "port": 443, "protocol": "https", "sslProtocols": [ "TLSv1", "TLSv1.1" ] }, "s3": { "authMethod": "origin-access- identity", "customHeaders": { "my-origin-custom-header": [ { "key": "My-Custom-Header", "value": "Test" } ] }, "domainName": "my- bucket.s3.amazonaws.com", "path": "/s3_path", "region": "us-east-1" }
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Response Event "Records": [ { "cf": { "config": { "distributionDomainName": "d123.cloudfront.net", "distributionId": "EDFDVBD6EXAMPLE", "eventType": "viewer-response", "requestId": "xGN7KWpVEmB" }, "request": { "clientIp": "2001:0db8:85a3:0:0:8a2e:0370:7334", "method": "GET", "uri": "/picture.jpg", "querystring": "size=large", "headers": { "host": [ { "key": "Host", "value": "d111111abcdef8.cloudfront.net" } ], "user-agent": [ { "key": "User-Agent", "value": "curl/7.18.1" } ] } }, "response": { "status": "200", "statusDescription": "OK", "headers": { "server": [ { "key": "Server", "value": "MyCustomOrigin" } ], "set-cookie": [ { "key": "Set-Cookie", "value": "theme=light" }, { "key": "Set-Cookie", "value": "sessionToken=abc123; Expires=Wed, 09 Jun 2021 10:18:14 GMT" } ] } } } }
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; if (request.headers['cloudfront-viewer-country']) { const countryCode = request.headers['cloudfront- viewer-country'][0].value; if (countryCode === 'UK' || countryCode === 'DE' || countryCode === 'IE' ) { const domainName = 'eu.example.com'; request.origin.custom.domainName = domainName; request.headers['host'] = [{key: 'host', value: domainName}]; } } callback(null, request); }; • Based on the location of the end viewer • Route the viewer’s request to the appropriate backend origin server for latency, data locality, load balancing or other reasons
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Inject Security Headers End user Headers are cached for subsequent requests CloudFront Cache Amazon CloudFront Location Origin response Insert headers (CORS, HSTS, CSP, etc.) Origin
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 'use strict'; exports.handler = (event, context, callback) => { const response = event.Records[0].cf.response; const headers = response.headers; const headerName = 'Strict-Transport-Security'; const headerValue = 'max-age=31536000; includeSubDomains'; headers[headerName.toLowerCase()] = [{ key: headerName, value: headerValue }]; callback(null, response); }; Inject Security Headers Tip: For a complete example, refer to AWS Blog - Adding HTTP headers using Lambda@Edge https://amzn.to/2FopHbt
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2. Securely access origin Origin request End user Signed URL or Signed Cookies CloudFront Cache Amazon CloudFront Location Origin S3 OAI or Custom headers Web server Tip: For a complete example, refer to AWS Blog - Serving private content https://amzn.to/2A4QJPg Lambda function to sign URL
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3. Stateless Authorization End user HTTP 403, 3XX, etc. NO JWT JWT JWT public key Viewer Request Access decision CloudFront Cache Amazon CloudFront Location Tip: For complete example, refer to AWS Blog Authorization@Edge https://amzn.to/2JMFq56 Legacy application S3 Bucket Origin application OK
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4. Stateful Authorization End user Viewer Request CloudFront Cache Amazon CloudFront Location NO Paywall message, 403, redirect, etc. $ HTTP request Entitlement service Access decision Origin OK
  27. 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Template rendering <h1>{ page.title }</h1> {{ for section in page.sections }} <h2>{ section.title }</h2> <p>{ section.body }</p> {{ endfor }} "page": { "title": "Hello", "sections": [ { "title": "Introduction", "body": "The quick..." }, { ... } ] Static Content Dynamic Content
  29. 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Template Rendering End user Cache Behavior /blog Origin Request Event Outbound network calls Rendered template Cached response CloudFront cache Amazon CloudFront Location S3 Bucket blog-templates.s3.amazonaws.com DynamoDB table blog-posts
  30. 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. const templateBucket = 'blog-templates- 123456789012'; const postTable = 'blog-posts'; var AWS = require('aws-sdk'); var Mustache = require('mustache'); var s3 = new AWS.S3({region: 'us-east-1'}); var documentClient = new AWS.DynamoDB.DocumentClient({ region: 'us-east-1'}); exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const response = { status: '200', statusDescription: 'OK', headers: { 'cache-control': [{ key: 'Cache-Control', value: 'max-age=2628000, public’ }], 'content-type': [{ key: 'Content-Type', value: 'text/html; charset=utf-8’ }]}}; Example – Template rendering const ddbParams = { TableName: postTable, Key: { slug: request['uri'].slice(1) }}; documentClient.get(ddbParams, function(err, resp) { if (err) { callback(err, null); return; } const template = resp['Item']['template']; const data = resp['Item']['data']; const s3Params = { Bucket: templateBucket, Key: template }; s3.getObject(s3Params, function(err, s3resp) { if (err) { callback(err, null); return; } const body = s3resp.Body.toString('utf-8'); response.body = Mustache.render(body, data); callback(null, response); }); }); };
  31. 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2. Website Personalization End user Origin Request Event Accept-Language? CloudFront-Is-Desktop-Viewer? CloudFront-Is-Mobile-Viewer Cloudfront-Viewer-Country? CloudFront cache Amazon CloudFront Location HTTP redirect www.example.com/de
  32. 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example – Redirects exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const headers = request.headers; let url = 'https://example.com/'; if (headers['cloudfront-viewer-country']) { const countryCode = headers['cloudfront-viewer- country'][0].value; if (countryCode === ‘UK') { url = 'https://uk.example.com/'; } else if (countryCode === 'US') { url = 'https://us.example.com/'; } } const response = { status: '302', statusDescription: 'Found', headers: { location: [{ key: 'Location', value: url, }], }, }; callback(null, response);};
  33. 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Cache End user Fetch Image Amazon S3 Origin Origin response event If image doesn’t exist, generate and save Amazon CloudFront Location Origin 3. Dynamic Image Manipulation Tip: For complete example, refer to AWS Blog - Resizing Images with Lambda@Edge https://amzn.to/2KEiWnt
  34. 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Cache New user Waiting room site on S3 Amazon CloudFront Location Origin 4. Visitor prioritization Tip: For complete example, refer to AWS Blog - Visitor Prioritization https://amzn.to/2OVfxyv Prioritized user Backend application Origin Request
  35. 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Cache End user Amazon S3 5. Cache key customization Viewer request Amazon CloudFront Edge Location Origin • A video distribution company had playback session ID in URL, that was logged in CloudFront access logs, for billing/tracking their customer usage • But this led to poor Cache Hit Ratio since multiple copies of the same object cached • Leveraged Lambda@Edge to rewrite the URI for a more optimal Cache key • Original URL: http://customer.com/34542-942820/file1 • Rewritten URL: http://customer.com/file1
  36. 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  37. 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Content Based Routing CloudFront Cache End user Amazon S3 (Tokyo) Amazon CloudFront Edge Location Amazon ALB/ELB/EC2 (London) HTTP Server (Customer’s data center) Origin request Amazon S3 (N Virginia) Route based on: 1. Incoming Request properties (URL, Headers, Query String, Cookies) 2. External sources (Amazon DynamoDB, other public HTTP Endpoints) Origin
  38. 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Balancing across origins CloudFront Cache End user Amazon CloudFront Edge Location Amazon ALB Origin request Amazon ALB 1. End user location in a custom header 2. Lambda function inspects that header, and routes user to appropriate origin AWS Region (Frankfurt) AWS Region (London)
  39. 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2. Data locality / Low Latency CloudFront Cache End user Amazon CloudFront Edge Location Origin request Amazon S3 (Frankfurt) Amazon S3 (N Virginia) Amazon S3 (Sydney) Amazon S3 (Mumbai) Inspect CloudFront provided Header “CloudFront-Viewer- Country”, to route the request to appropriate S3 bucket Origin
  40. 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3. A/B Testing CloudFront Cache End user Amazon CloudFront Edge Location Origin request Origin A Origin B 1. Check to see if this is an active session. (Say, using a cookie.) 2. For active sessions, set the origin based on the value in the cookie. 3. For a new session, decide whether to show A or B variant. And set the origin accordingly.
  41. 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; desiredOrigin = decide(request); /* Set custom origin fields*/ request.origin = { custom: { domainName: desiredOrigin, port: 443, protocol: 'https', } }; request.headers['host'] = [{ key: 'host', value: desiredOrigin }]; callback(null, request); }; Example – A/B Testing function decide(request) { if (request.headers[‘my-session- cookie’]) { cookie = request.headers[‘my- session-cookie’].value; return decodeOrigin(cookie); } else { return chooseOrigin(request); } };
  42. 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4. Search Engine Optimization Origin Request Inspect User Agent: • Is good bot? • Is bad bot? • Is real user? CloudFront cache Amazon CloudFront Location End User Pre-rendered, crawler friendly version of app Server-rendered app NO
  43. 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5.Origin Failover CloudFront Cache End user Amazon CloudFront Location Primary Origin (US) Secondary Origin (EU)
  44. 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Running Serverless at The Edge Tyler Foster VP, Technology Sentient Technologies C T D 3 0 2 45
  45. 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. These are transformational times. Transformation requires innovation. Innovation requires experimentation. “If you’re not trying 100 ideas, or even 1,000 ideas, you’ll get stuck.” Peter Diamandis Futurist / Founder of XPRIZE
  46. 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Accelerates and automates experience optimization • Drives better results faster • Frees resources • Empowers innovation Evolutionary Experience Optimization
  47. 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Genome • Test dozens of ideas at the same time • Assess thousands of combinations • Analyze performance of each element individually and in combination • Learn the best combination to achieve the optimization goal(s) for right now
  48. 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How Ascend Works • Multiple user experiences tested in generations • Each generation learns from the previous • Each generation gets closer to the current optima • Mutation continues to explore the space for changes in behavior
  49. 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. System Characteristics < 50ms average impact, consistent across globally-distributed participants / end users Big swings in traffic depending on the season, who is experimenting, and changes in traffic source
  50. 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront behavior in front of 7 regions, each with 3-10 m4-large instances behind Elastic Load Balancing, supported by 3-node Amazon ElastiCache (Redis) clusters The Old Way Batch Participants Customers website runtime.* CloudFront Participant Impact Static Assets API Worker rt.* ElastiCache
  51. 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. • High latency • High cost to scale • Difficult to support new regions • A lot of under utilized resources, even with auto-scaling The Issues
  52. 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ascend Participant API Participant Impact Customer Impact Batch Participants Customers website participant.* CloudFront Events Event Logs Allocation Allocation Logs Static Assets
  53. 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ascend Architecture Participants Customers website participant.* CloudFront Participant API (Geographically Distributed) Allocation Allocation Logs Event Logs Events Event Logs Allocation Stream Event Stream Event Store Athena Allocation Store editor.* Scheduler Auto-Seg API Worker Worker Worker Participant Impact Customer Impact Batch Event Transform Allocation Transform Static Assets
  54. 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Participant API – Request Flow in Excruciating Detail
  55. 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Outcome Low latency • All work is done in the participants closest edge location Extremely inexpensive scale and almost automatically supports new regions • Lambda@Edge automatically distributes and spins up instances based on utilization in new regions No unutilized resources in our Participant APIs • With CloudFront, Lambda@Edge, CloudWatch, Amazon Kinesis Data Firehose, Amazon Simple Storage Service (Amazon S3), Lambda, and Amazon Athena we have predictable cost per request, which allows for a stable margin 0 10 20 30 40 50 60 0 100 200 300 400 500 600 700 800 900 1000 Millions Total AWS Costs versus ALL Lambda Traffic - Aug 1 through Aug 25, 2018 Series2 Series3 Series4 Series6 Series8 Series9 Series14 Series21 Series25 Series28 Series34
  56. 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ascend Participant API - Allocation Participants Customers website participant.* CloudFront Allocation Logs • Bot Detection • Traffic Filtering (Allocation) • Content Negotiation Participant Impact Batch
  57. 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Quick & Dirty Good Bot Detection This is good when you need to deliver specific content for SEO. You can use this in a Viewer Request or Origin Request triggered lambda. const BOT_PATTERN_QUICK = /.*AdsBot-Google.*|.*Amazon Route 53.*|.*PhantomJS.*|.*googlebot.*|.*slurp.*|.*Yahoo Ad Monitoring.*|.*BingPreview.*|.*bingbot.*|.*gomezagent.*|.*Google Page Speed Insights.*|.*Pingdom.*|.*yandex.*|.* catchpoint.*|.*PTST.*|.*AppEngine- Google.*|.*googleweblight.*/i; module.exports = function(userAgent) { if (!userAgent){ // Missing user agent should be considered NOT a bot return false; } return BOT_PATTERN_QUICK.test(userAgent); }
  58. 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Use AWS WAF for Full Bots For full bots, you’re better off using the AWS WAF. The Node.js Regular Expression implementation gets pretty slow when you try to match the top 10,000 entries in the IAB spiders and bots list. If you don’t believe me, here’s the regex at 4pt font. Give it a try.  (Admittedly, you could tune this for better performance, but you’re still better off with AWS WAF) const BOT_PATTERN_FULL = /.*1job.*|.*abot.*|.*agentname.*|.*apachebench.*|.*applesyndication.*|.*ask jeeves.*|.*ask+jeeves.*|.*atomz.*|.*avantgo.*|.*baiduspider.*|.*blitzbot.*|.*bloglines.*|.*bordermanager.*|.*changedetection.*|.*check_http.*|.*checkurl.*|.*chkd.*|.*contype.*|.*Download Ninja.*|.*Download+Ninja.*|.*dts agent.*|.*dts+agent.*|.*favorg.*|.*getright.*|.*golem.*|.*gomezagent.*|.*googlebot.*|.*grabber.*|.*ia_archive.*|.*ichiro.*|.*IEAutoDiscovery.*|.*indy library.*|.*indy+library.*|.*infolink.*|.*internet ninja.*|.*internet+ninja.*|.*internetseer.*|.*isilo.*|.*jakarta.*|.*jobo.*|.*justview.*|.*keynote.*|.*larbin.*|.*libwww- perl.*|.*linkbot.*|.*linkchecker.*|.*linklint.*|.*linkscan.*|.*linkwalker.*|.*lisa.*|.*lwp.*|.*lydia.*|.*magus bot.*|.*magus+bot.*|.*mediapartners-google.*|.*mfc_tear_sample.*|.*microsoft scheduled cache content download service.*|.*microsoft url control.*|.*microsoft+scheduled+cache+content+download+service.*|.*microsoft+url+control.*|.*miva.*|.*mj12bot.*|.*monitor.*|.*mozilla/5.0 (compatible; msie 5.0).*|.*mozilla/5.0+(compatible;+msie+5.0).*|.*ms frontpage.*|.*MS Search.*|.*ms+frontpage.*|.*MS+Search.*|.*MSNPTC.*|.*nbot.*|.*newsnow.*|.*nomad.*|.*nutch.*|.*nutscrape.*|.*ocelli.*|.*patric.*|.*pluck.*|.*plumtree.*|.*powermarks.*|.*psbot.*|.*rpt-http.*|.*rssreader.*|.*scooter.*|.*seekbot.*|.*sherlock.*|.*shopwiki.*|.*slurp.*|.*sucker.*|.*templeton.*|.*/teoma.*|.*thunderstone.*|.*t-h-u-n-d-e-r-s-t-o- n-e.*|.*topix.*|.*ukonline.*|.*ultraseek.*|.*urchin.*|.*vagabondo.*|.*web downloader.*|.*web+downloader.*|.*webauto.*|.*webcapture.*|.*webcheck.*|.*WebCopier.*|.*webtool.*|.*wget.*|.*xenu.*|.*yacy.*|.*zealbot.*|.*zeusbot.*|.*ez publish link validator.*|.*ez+publish+link+validator.*|.*Goldfire.*|.*SiteVigil.*|.*iOpus.*|.*Microsoft BITS.*|.*Microsoft+BITS.*|.*heritrix.*|.*yahoofeedseeker.*|.*internal zero-knowledge agent.*|.*internal+zero-knowledge+agent.*|.*SurveyBot/.*|.*Liferea.*|.*YahooSeeker.*|.*FindLinks.*|.*oodlebot.*|.*AdsBot-Google.*|.*KHTE.*|.*KTXN.*|.*Advanced Email Extractor.*|.*Advanced+Email+Extractor.*|.*webbot.*|.*panscient.com.*|.*Snoopy.*|.*bot/1.0.*|.*UniversalSearch.*|.*Maxamine.*|.*Argus.*|.*Google Wireless Transcoder.*|.*Google+Wireless+Transcoder.*|.*ClickAJob.*|.*JobRapido.*|.*Python-urllib.*|.*iSearch.*|.*http://bot.ims.ca.*|.*System Center Operations Manager.*|.*System+Center+Operations+Manager.*|.*JoeDog.*|.*websitepulse.*|.*BitvoUserAgent.*|.*Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813).*|.*Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;1813).*|.*Paros.*|.*Watchmouse.*|.*proximic.*|.*Scoutjet.*|.*Twiceler.*|.*Pingdom.*|.*Europarchive.*|.*Webmetrics.*|.*holmes.*|.*AlertSite.*|.*Yahoo Pipes.*|.*Yahoo+Pipes.*|.*SimplePie.*|.*Drupal.*|.*HTMLParser.*|.*SnapPreviewBot.*|.*FDM 3.x.*|.*FDM+3.x.*|.*Trovit.*|.*RiverglassScanner.*|.*Wepbot.*|.*Siteimprove.*|.*archive.org.*|.*VocusBot.*|.*BLP_bbot.*|.*W3C_Validator.*|.*Dotbot.*|.*(simulated_by_Webserver_Stress_Tool).*|.*Linguee Bot.*|.*Linguee+Bot.*|.*WAPT.*|.*updatepatrol.*|.*SiteCon.*|.*twitterbot.*|.*richmetrics.com/bot.*|.*bingbot.*|.*WWW- Mechanize.*|.*Google Web Preview.*|.*Google+Web+Preview.*|.*ADGBOT.*|.*httpunit.*|.*HttpComponents.*|.*Twisted PageGetter.*|.*Twisted+PageGetter.*|.*AppEngine- Google.*|.*YioopBot.*|.*Flamingo_SearchEngine.*|.*Atomic_Email_Hunter.*|.*FeedBurner.*|.*talktalk.*|.*facebookexternalhit.*|.*adbeat.*|.*SJN.*|.*outbrain.*|.*TweetmemeBot.*|.*WASALive.*|.*wikiwix-bot.*|.*Ezooms.*|.*HiScan.*|.*d24y-aegis.*|.*Google- HotelAdsVerifier.*|.*FupBot.*|.*moatbot.*|.*VMCbot.*|.*companydatatree.*|.*CookieReports.*|.*BingPreview.*|.*Scan.*|.*flamingosearch.*|.*Reconnoiter.*|.*Feed43.*|.*auditbot.*|.*Genieo.*|.*NerdByNature.*|.*Python-httplib.*|.*Cutbot.*|.*Server Density External Llama.*|.*Server+Density+External+Llama.*|.*MNA Digital Circonus Check.*|.*MNA+Digital+Circonus+Check.*|.*scanalert.*|.*catchpoint.*|.*discoverybot.*|.*Jooblebot.*|.*bitlybot.*|.*ADR).*|.*YottaaMonitor.*|.*AdometryBot.*|.*TSMbot.*|.*PhantomJS.*|.*tagscanner.*|.*LoadImpactPageAnalyzer.*|.*CFSCHEDULE.*|.*searchme.com/support/.*|.*MetaURI.*|.*cXensebot.*|.*linkdex.*|.*SearchBot.*|.*ColdFusion.*|.*Open Web Analytics Bot.*|.*Open+Web+Analytics+Bot.*|.*YahooExternalCache.*|.*HP SiteScope.*|.*HP+SiteScope.*|.*Nielsen.*|.*Feedzilla.*|.*Superfeedr.*|.*Java/.*|.*MixrankBot.*|.*Squider.*|.*topsy.com/butterfly/.*|.*Neustar.*|.*InAGist URL Resolver.*|.*InAGist+URL+Resolver.*|.*Crowsnest/.*|.*kraken/.*|.*JS-Kit URL Resolver.*|.*JS- Kit+URL+Resolver.*|.*python-requests/.*|.*Scrapy/.*|.*imgsizer.*|.*PTST.*|.*WeSEE:Search.*|.*ContextAd Bot.*|.*ContextAd+Bot.*|.*ADmantX.*|.*Google-HTTP-Java- Client.*|.*YahooCacheSystem.*|.*Typhoeus.*|.*Twikle.*|.*EbuzzingFeedBot.*|.*Cliqzbot.*|.*CrystalSemanticsBot.*|.*Livelapbot.*|.*evidon.*|.*automationtest.*|.*WeSEE:Ads/.*|.*riddler.io.*|.*LongURL API.*|.*LongURL+API.*|.*LOCKSS cache.*|.*LOCKSS+cache.*|.*Go 1.1 package http.*|.*Go+1.1+package+http.*|.*google_partner_monitoring.*|.*SiteExplorer.*|.*A6-Indexer.*|.*VigLink.*|.*HTTP_Request2.*|.*binlar.*|.*BUbiNG.*|.*spbot.*|.*LinkTiger.*|.*newspaper/0.0..*|.*twibble.io.*|.*GoogleSecurityScanner.*|.*RKG Url Verifier.*|.*RKG+Url+Verifier.*|.*MaxPoint Bot.*|.*MaxPoint+Bot.*|.*Worldwatch/.*|.*WebNotifier/.*|.*oia.OWA.*|.*Google Page Speed Insights.*|.*Google+Page+Speed+Insights.*|.*Site24x7.*|.*RediffNewsBot.*|.*WinHttpRequest.*|.*aiHitBot.*|.*help.coccoc.com.*|.*Adsense-Snapshot-Google.*|.*prerender.*|.*COMODO SSL Checker.*|.*COMODO+SSL+Checker.*|.*RuxitSynthetic.*|.*EngageBDR.*|.*intergator.*|.*Yahoo Ad Monitoring.*|.*Yahoo+Ad+Monitoring.*|.*Applebot.*|.*flipboard.com/browserproxy.*|.*ArgClrInt.*|.*Halebot.*|.*SkypeUriPreview.*|.*AHC/.*|.*Lyttbot.*|.*DYbot/.*|.*Apache- HttpClient/4..*|.*WeSEE_Bot.*|.*bl.uk_lddc_bot.*|.*special_archiver.*|.*SemrushBot.*|.*alexa site audit.*|.*alexa+site+audit.*|.*PRTGCloudBot.*|.*Domain Re-Animator Bot.*|.*Domain+Re-Animator+Bot.*|.*GigablastOpenSource/.*|.*Amazon Route 53 Health Check Service.*|.*Amazon+Route+53+Health+Check+Service.*|.*ZnajdzFoto/Image.*|.*(compatible; Optimizer).*|.*(compatible;+Optimizer).*|.*Moreover/5.1.*|.*Spundge/0.1.*|.*CaptoraBot.*|.*ltx71.*|.*Google News.*|.*Google+News.*|.*AppleNewsBot.*|.*Freshbot/.*|.*eContext/.*|.*tangjiutao.*|.*kulturarw3.*|.*SearchmetricsBot.*|.*evaliant.*|.*sqlmap.*|.*web.nli.org.il/sites/NLI/English/collections.*|.*Masabeeh/Masabeeh.*|.*omgili.*|.*CloudEndure Scanner.*|.*CloudEndure+Scanner.*|.*Nmap Scripting Engine.*|.*Nmap+Scripting+Engine.*|.*SmartBriefBot.*|.*FartBot.*|.*GCE x86.*|.*GCE+x86.*|.*Sgalerts.*|.*HubSpot Marketing Grader.*|.*HubSpot+Marketing+Grader.*|.*Facebot.*|.*NeumobBot.*|.*Macros-Web-Automation.*|.*Go-http-client.*|.*AppInsights.*|.*SpringBot.*|.*Clickagy Intelligence Bot.*|.*Clickagy+Intelligence+Bot.*|.*BoogleBot.*|.*webScrapy.*|.*searchbutton.org.*|.*naver.me/bot.*|.*pinterest.com/bot.*|.*BrandVerity.*|.*AddThis.com.*|.*Mediatoolkitbot.*|.*MetaCommentBot.*|.*Wotbox/.*|.*googleweblight.*|.*CJBot.*|.*aport.*|.*b2w.*|.*combine.*|.*crawl.*|.*crescent.*|.*curl.*|.*dialer.*|.*fetch.*|.*grub.*|.*harvest.*|.*h ttrack.*|.*ibot.*|.*ng/2.0.*|.*obot.*|.*pita.*|.*sohu.*|.*spider.*|.*teleport.*|.*webtrends.*|.*worm.*|.*yandex.*|.*Daum.*|.*OrangeBot.*|.*Seznam.*|.*mshots.*|.*web scraper.*|.*Flinkhubbot.*|.*JobboerseBot.*|.*like Gecko; Hound.*|.*Google-Shopping-Quality.*/i;
  59. 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2. Useful Content for Traffic Filtering Standard Headers • User-Agent – Device Type, Platform, Browser • IP – Location, ISP, Network Info • Referer – Requesting Page In AJAX or asset request • Origin – Current Origin Scope • Accept-Language – Language Preferences CloudFront Specific Headers (Origin Request-Only) • CloudFront-Is-Desktop-Viewer • CloudFront-Is-Mobile-Viewer • CloudFront-Is-Tablet-Viewer • CloudFront-Viewer-Country const bot = require('bot'); exports.handler = (event, context, callback) => { const { headers } = event.Records[0].cf.request; const ua = headers['user-agent'][0].value; // Perform filtering using User-Agent if (bot(ua)) { … } };
  60. 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Use Origin Request Event for Location Info If you want to access the CloudFront-Viewer-Country header, you’ll need to use an Origin Request event.
  61. 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Whitelist Headers in CloudFront Behavior CloudFront will only pass the headers you’ve whitelisted. Note: When debugging, always check your CloudFront Behavior configuration. This is where we found the cause of most issues.
  62. 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3. Simple Content Negotiation Useful for… • Delivering custom JavaScript • Delivering device specific images • Delivering localized assets • And other stuff Most content negotiation can be handled in Viewer Requests, before the edge-cache lookup. const allocate = require('allocate'); exports.handler = (event, context, callback) => { const { request } = event.Records[0].cf; const allocation = allocate(request); // If allocated, rewrite origin if (allocation) { console.log(JSON.stringify(allocation)); request.uri = `/candidates/${allocation.cid}.js`; } callback(null, request); };
  63. 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – You Can Rewrite the Whole Origin Useful for… • Proxying requests to third-party services • Using customer-specific Amazon S3 buckets const origin = 'my-es-bucket.s3.amazonaws.com'; request.origin = { s3: { domainName: origin, region: '', authMethod: 'none', path: ’’, customHeaders: {} } }; request.headers['host'] = [ { key: 'host', value: origin} ]; ...
  64. 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip: Use Another CF Behavior as an Origin Participants Origin Request Viewer Request Origin CloudFront Cache If you need the data or functionality that is specific to an Origin Request triggered Lambda, you can use another CloudFront Behavior, to significantly improve your performance of cache-able origin calls.
  65. 65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ascend Participant API - Events Participants Customers website participant.* CloudFront Events Logs • Accessing request body • Content Validation • Persisting data through CloudFront Participant Impact Batch
  66. 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Handle Millions of Client Messages a Minute With CloudWatch Lambda@Edge CloudWatch Data Firehose S3Lambda Athena Participants participant.* CloudFront
  67. 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4. Accessing the Request Body Lambda@Edge recently started allowing access to the request body, which allows you to build far cleaner interfaces. const querystring = require('querystring'); exports.handler = (event, context, callback) => { const { request } = event.Records[0].cf; if (request.method === 'POST') { const body = Buffer .from(request.body.data, 'base64') .toString(); const params = querystring.parse(body); // Log for later processing console.log(JSON.stringify(params)); } return callback(null, request); };
  68. 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Allow Access to Body in Your Behavior Configuration
  69. 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Make Simple Requests to Avoid CORS Pre-flights You can avoid the pesky ORIGIN request that proceeds your cross-origin request by using a “Simple request”. Either way, always set your Access-Control-Max-Age. Definition of “Simple request” Simple Methods GET, HEAD, POST Simple Headers Accept, Accept-Language, Content-Language, Content-Type, DPR, Downlink, Save-Data, Viewport- Width, Width Simple Content Types application/x-www-form-urlencoded multipart/form-data text/plain
  70. 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5. Content Validation with JSON Schema JSON schema provides a simple and robust mechanism for validating request bodies and query strings. const querystring = require('querystring'); const validate = require('jsonschema').validate; const schemas = require('./schemas'); exports.handler = (event, context, callback) => { const { request } = event.Records[0].cf; … const body = …; const params = querystring.parse(body); if (!validate(schemas.event)) { // Handle invalid request } // Log for later processing console.log(JSON.stringify(params)); … return callback(null, request); };
  71. 71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Creating Message Subscriptions CloudWatch messages are stored in the region where the Lambda was executed, and you can’t subscribe until the log group in the region is created. Solution: Use a Lambda triggered when a log group is created in a new region to create the subscription. Sample Code https://github.com/tfoster/aws_reinvent_2018
  72. 72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Logging data for later processing Subscribing to messages in the logs is easy when they’re JSON, and if you want to get tricky you can use the RequestId to track cost per request. START RequestId: c8f81037-d235-11e8-a0a0-337a26a790b2 Version: 130 2018-10-17T17:55:08.249Z c8f81037-d235-11e8-a0a0-337a26a790b2 { … } END RequestId: c8f81037-d235-11e8-a0a0-337a26a790b2 REPORT RequestId: c8f81037-d235-11e8-a0a0-337a26a790b2 Duration: 82.04 ms Billed Duration: 100 ms Memory Size: 128 MB Max Memory Used: 21 MB LOG STRUCTURE
  73. 73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tip – Use Parquet Serialization for Stored Messages With a couple clicks when you’re setting up your Amazon Kinesis Data Firehose, you can turn on Parquet serialization for your stored messages. This lets you work in JSON in your transform Lambda, and then automatically convert the messages to the more efficient Parquet format.
  74. 74. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. George John georjohn@amazon.com linkedin.com/in/find-george-john Tyler Foster tyler.foster@sentient.ai linkedin.com/in/tylerfoster
  75. 75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×