Serverless Architectural Patterns: Collision 2018

3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications

4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless patterns built with functions • Functions are the unit of deployment and scale • Scales per request—users cannot over or under- provision • Never pay for idle • Skip the boring parts; skip the hard parts

5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda considerations and best practices AWS Lambda is stateless—architect accordingly • Assume no affinity with underlying compute infrastructure • Local filesystem access and child process may not extend beyond the lifetime of the Lambda request

6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda considerations and best practices Can your Lambda functions survive the cold? • Instantiate AWS clients and database clients outside the scope of the handler to take advantage of connection re- use. • Schedule with CloudWatch Events for warmth • ENIs for VPC support are attached during cold start import sys import logging import rds_config import pymysql rds_host = "rds-instance" db_name = rds_config.db_name try: conn = pymysql.connect( except: logger.error("ERROR: def handler(event, context): with conn.cursor() as cur: Executes with each invocation Executes during cold start

7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda considerations and best practices How about a file system? • Don’t forget about /tmp (512 MB scratch space) exports.ffmpeg = function(event,context) { new ffmpeg('./thumb.MP4', function (err, video) { if (!err) { video.fnExtractFrameToJPG('/tmp’ ) function (error, files) { … } … if (!error) console.log(files); context.done(); ...

8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Best Practices • Minimize package size to necessities • Separate the Lambda handler from core logic • Use Environment Variables to modify operational behavior • Self-contain dependencies in your function package • Leverage “Max Memory Used” to right-size your functions • Delete large unused functions (75GB limit)

10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web application Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3 Amazon Cognito

11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bustle Achieves 84% Cost Savings with AWS Lambda Bustle is a news, entertainment, lifestyle, and fashion website targeted towards women. With AWS Lambda, we eliminate the need to worry about operations Tyler Love CTO, Bustle ” “ • Bustle had trouble scaling and maintaining high availability for its website without heavy management • Moved to serverless architecture using AWS Lambda and Amazon API Gateway • Experienced approximately 84% in cost savings • Engineers are now focused on innovation

12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway AWS Lambda Amazon DynamoDB Amazon S3 Amazon CloudFront • Bucket Policies • ACLs • Origin Access Identity (OAI) • Geo-Restriction • Signed Cookies • Signed URLs • DDOS Protection IAM AuthZ IAM Serverless web app security • Throttling • Caching • Usage Plans • ACM Static Content Browser Amazon Cognito

13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom Authorizer Lambda functionClient Lambda function Amazon API Gateway Amazon DynamoDB AWS Identity & Access Management Custom Authorizers SAML Two types: • TOKEN - authorization token passed in a header • REQUEST – all headers, query strings, paths, stage variables or context variables.Custom Authorizer Cognito User Pool

14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Authorization with Amazon Cognito Cognito User Pool (CUP) Amazon API Gateway Web Identity Provider User A User B User C Cognito Identity Pool (CIP) /web /cip /cup AWS Lambda Amazon DynamoDB Token AWS Credentials UserAData User B Data UserC Data IAM Authorization IAM Authorization Cognito UP Authorizer API Resources C C A A A B BB

15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Region with API Gateway us-west-2 us-east-1 Client Amazon Route 53 Regional API Endpoint Regional API Endpoint Custom Domain Name Custom Domain Name API Gateway API Gateway Lambda Lambda api.mycorp.com CNAME CNAM E

16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Region with API Gateway us-west-2 us-east-1 Client Amazon Route 53 Regional API Endpoint Regional API Endpoint Custom Domain Name Custom Domain Name API Gateway API Gateway Lambda Lambda api.mycorp.com CNAME CNAM E DynamoDB DynamoDB

17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Useful Frameworks for Serverless Web Apps • AWS Chalice (Python, Flask/Bottle) Similar to third-party frameworks, such as Zappa or Claudia.js https://github.com/aws/chalice • AWS Serverless Express (Node.js, Express) Run Node.js Express apps https://github.com/awslabs/aws-serverless-express • Java (HttpServlet, Spring, Spark and Jersey) https://github.com/awslabs/aws-serverless-java-container • Go (Gin, Negroni, GorillaMux, HandlerFunc) https://github.com/awslabs/aws-lambda-go-api-proxy

19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless Data Lake Characteristics • Collect/Store/Process/Consume and Analyze all organizational data • Structured/Semi-Structured/Unstructured data • AI/ML and BI/Analytical use cases • Fast automated ingestion • Schema on Read • Complementary to EDW • Decoupled Compute and Storage

20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Data Lake S3 Bucket(s) Key Management Service Amazon Athena AWS CloudTrail Amazon Cognito AWS IAM Amazon Kinesis Streams Amazon Kinesis Firehose Amazon ES Amazon QuickSight AWS Glue Amazon DynamoDB Amazon Macie Amazon API Gateway AWS IAM Amazon Redshift Spectrum AWS Direct Connect Ingest Catalog & Search Security & Auditing API/UI Analytics & Processing AWS Glue AWS Lambda

21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Foundation…Amazon S3 • No need to run compute clusters for storage • Virtually unlimited number of objects and volume • Very high bandwidth – no aggregate throughput limit • Multiple storage classes • Versioning • Encryption • AWS CloudTrail Data Events • S3 Analytics and Inventory • AWS Config automated checks • S3 Object Tagging • S3 Select (NEW!) • Glacier Select (NEW!)

22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Search and Data Catalog • DynamoDB as Metadata repository • Amazon Elasticsearch Catalog & Search AWS Lambda AWS Lambda Metadata Index (DynamoDB) Search Index (Amazon ES) ObjectCreated ObjectDeleted PutItem Update Stream Update Index Extract Search Fields S3 Bucket https://aws.amazon.com/answers/big-data/data-lake-solution/

23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instantly query your data lake on Amazon S3 AWS Glue Crawlers AWS Glue Data Catalog Amazon QuickSight Amazon Redshift Spectrum Amazon Athena S3 Bucket(s) Catalog & Search

24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Analytics and Processing • Amazon QuickSight • Amazon Athena • AWS Lambda • Predictive Analytics • Amazon EMR • AWS Glue (ETL) Analytics & Processing

25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Athena – Serverless Interactive Query Service 44.66 seconds...Data scanned: 169.53GB Cost: $5/TB or $0.005/GB = $0.85 SELECT gram, year, sum(count) FROM ngram WHERE gram = 'just say no' GROUP BY gram,year ORDER BY year ASC; Analytics & Processing

26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Athena – Best Practices • Partition data s3://bucket/flight/parquet/year=1991/month=1/day=2/ • Columnar formats – Apache Parquet, AVRO, ORC • Compress files with splittable compression (bzip2) • Optimize file sizes https://aws.amazon.com/blogs/big-data/top-10-performance-tuning-tips- for-amazon-athena/ Analytics & Processing

27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless batch processing AWS Lambda: Splitter Amazon S3 Object Amazon DynamoDB: Mapper Results AWS Lambda: Mappers …. …. AWS Lambda: Reducer Amazon S3 Results Analytics & Processing

28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fannie Mae Serverless Financial Modeling Financial Modeling is a Monte-Carlo simulation process to project future cash flows , which is used for managing the mortgage risk on daily basis: • Underwriting and valuation • Risk management • Financial reporting • Loss mitigation and loan removal • ~10 Quadrillion (10#10$%) of cash flow projections each month in hundreds of economic scenarios. • One simulation run of ~ 20 million mortgages takes 1.4 hours, >4 times faster than the existing process. Federal National Mortgage Association

30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stream processing characteristics • High ingest rate • Near real-time processing (low latency from ingest to process) • Spiky traffic (lots of devices with intermittent network connections) • Message durability • Message ordering

31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Streaming data ingestion Amazon CloudWatch: Delivery metrics Amazon S3: Buffered files Kinesis Agent Record Producers Amazon Redshift: Table loads Amazon Elasticsearch Service: Domain loads Amazon S3: Source record backup AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw records Lookup Transformed records Transformed recordsRaw records Amazon Kinesis Firehose: Delivery stream

32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Tune Firehose buffer size and buffer interval • Larger objects = fewer Lambda invocations, fewer S3 PUTs • Enable compression to reduce storage costs • Enable Source Record Backup for transformations • Recover from transformation errors • Follow Amazon Redshift Best Practices for Loading Data • How to handle time series, sorted data

33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sensor data collection IoT rules IoT actions MQTT Amazon S3: Raw records Amazon Kinesis Firehose: Delivery stream Amazon S3: Batched records Amazon Kinesis Streams: Real-time stream AWS IoT: Data collection IoT Sensors Real-time analytics applications

35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time analytics Amazon Kinesis Streams: Ingest stream Amazon Kinesis Analytics: Time window aggregation Amazon Kinesis Streams: Aggregates stream Amazon Kinesis Firehose: Error stream Amazon S3: Error records Record Producers AWS Lambda: Alert function Amazon DynamoDB: Device thresholds AWS SNS: Notifications

36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "DESTINATION_SQL_STREAM" SELECT STREAM "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '1' MINUTE) as "window_ts", SUM("measurement") as "sample_sum", COUNT(*) AS "sample_count" FROM "SOURCE_SQL_STREAM_001" GROUP BY "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '1' MINUTE); Amazon Kinesis Analytics Aggregation 1-minute tumbling window Amazon Kinesis Analytics: Time window aggregation Source stream Destination stream

37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time analytics Amazon Kinesis Streams: Ingest stream Amazon Kinesis Analytics: Time window aggregation Amazon Kinesis Streams: Aggregates stream Amazon Kinesis Firehose: Error stream Amazon S3: Error records Record Producers AWS Lambda: Alert function Amazon DynamoDB: Device thresholds AWS SNS: Notifications

38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Streams and AWS Lambda Amazon Kinesis: Stream AWS Lambda: Processor function Streaming source Other AWS services • Number of Amazon Kinesis Streams shards corresponds to concurrent invocations of Lambda function • Batch size sets maximum number of records per Lambda function invocation

39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fan-out pattern Fan-out pattern trades strict message ordering vs higher throughput & lower latency Amazon Kinesis: Stream Lambda: Dispatcher function Lambda: Processor function Increase throughput, reduce processing latency Streaming source

40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thomson Reuters – Product Insight Solution for usage analysis tracking: Capture, analyze, and visualize analytics data generated by offerings, providing insights to help product teams continuously improve the user experience Throughput: Tested 4,000 requests / second Growing to 10,000 requests / second or 25 Billion requests / month Latency: new events to user dashboards in less than 10 seconds Durable: no data loss since inception

41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Tune batch size when Lambda is triggered by Amazon Kinesis Streams • Higher batch size = fewer Lambda invocations • Tune memory setting for your Lambda function • Higher memory = shorter execution time • Use Kinesis Producer Library (KPL) to batch messages and saturate Amazon Kinesis Stream capacity

43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation characteristics • Periodic jobs • Event triggered workflows • Enforce security policies • Audit and notification • Respond to alarms • Extend AWS functionality … All while being Highly Available, Scalable and Auditable

44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Ops Automator Amazon CloudWatch: Time-based events AWS Lambda: Event handler AWS Lambda: Task executors AWS SNS: Error and warning notifications Resources in multiple AWS Regions and Accounts Amazon EC2 Instances Tags OpsAutomatorTaskList CreateSnapshotAmazon DynamoDB: Task configuration & tracking Amazon CloudWatch: Logs Amazon Redshift Clusters https://aws.amazon.com/answers/infrastructure-management/ops-automator/

45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Image recognition and processing Web App Amazon DynamoDB: Image meta-data & tags Amazon Cognito: User authentication Amazon S3: Image uploads AWS Step Functions: Workflow orchestration Start state machine execution 1 Extract image meta-data 2 Amazon Rekognition: Object detection Invoke Amazon Rekognition Generate image thumbnail 3 3Store meta-data and tags 4 https://github.com/awslabs/lambda-refarch-imagerecognition

47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce security policies RDP from 0.0.0.0/0 RDP from 0.0.0.0/0 CloudWatch Event Bus in another AWS Account New Security Group ingress rule Amazon CloudWatch Events: Rule AWS Lambda: Remediate and alert AWS SNS: Email alert Ingress rule deleted

48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Gracefully handle API throttling by retrying with an exponential back- off algorithm (AWS SDKs do this for you) • Publish custom metrics from your Lambda function that are meaningful for operations (e.g. number of EBS volumes snapshotted) • Enable X-Ray tracing for your Lambda functions • Document how to disable event triggers for your automation when troubleshooting

50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. I need a way to protect the capacity of a Lambda function from others running in the same account. Customer feedback I want to temporarily disable a function. Can you create a “dev mode” for functions? Lambda can overwhelm my legacy systems with too many calls

51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. I need a way to protect the capacity of a Lambda function from others running in the same account. Customer Feedback I want to temporarily disable a function. Can you create a “dev mode” for functions? Lambda can overwhelm my legacy systems with too many calls Insight: Concurrency control is a key element of managing functions in a serverless app.

52. Lambda: Concurrency metric Lambda: Per-function concurrency throttles Enterprise connectivity What you can do with it 1. Limit concurrency to legacy systems 2. Protect serverless production services from other functions in the same account 3. Temporarily disable a function 4. Develop functions with limited billing and “runaway” protection © 2017, Amazon Web Services, Inc. or its Affiliates.All rights reserved.

53. VPC (PrivateLink) integrations Access services and data in your VPC from an API Regional endpoints Fast, region-specific API endpoints Enterprise connectivity: API Gateway © 2017, Amazon Web Services, Inc. or its Affiliates.All rights reserved.

57. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways Use DevOps tools to automate your serverless deployments Apply serverless patterns for common use-cases: • Web App/Microservice/API • Data Lake • Stream Processing • Operations Automation • Enterprise Systems What will you build with Serverless?

Serverless Architectural Patterns: Collision 2018

You are reading a preview.

Check these out next

Serverless Architectural Patterns: Collision 2018

More Related Content

Slideshows for you (20)

Similar to Serverless Architectural Patterns: Collision 2018 (20)

More from Amazon Web Services (20)