Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Serverless Development Deep Dive

160 views

Published on

Serverless Development Deep Dive

  • Be the first to comment

Serverless Development Deep Dive

  1. 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Paul Maddox, Amazon Web Services Developer Technologies March 2018 Serverless Development Deep Dive
  2. 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About me Paul Maddox Developer Technologies Amazon Web Services • 16 years of dev, sysadmin, and systems architecture background. • Awful at keeping track of time when coding. • Awful at staying away from coding. • Go/Java/C/Node • Creator of AWS SAM Local Twitter: @paulmaddox Email: pmaddox@amazon.com @paulmaddox
  3. 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. "Serverless requires me to develop in a completely different way" Myth Busting Time…
  4. 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect from this session • Overview of serverless development • Building a serverless API • CI/CD with AWS CodeBuild/CodePipeline • Development Frameworks • Deploying with AWS SAM • Testing/debugging locally with AWS SAM Local • Security • Amazon Cognito User Pools • Customer Authorizers
  5. 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A serverless world… No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in
  6. 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Event based architectures SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C#
  7. 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common serverless use cases Web applications • Static websites • Complex web apps • Packages for Flask and Express Data processing • Real-time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps and services • Mobile • IoT </></> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT automation • Policy engines • Extending AWS services • Infrastructure management
  8. 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Lambda Bring your own code • Node.js, Java, Python, C#, Go • Bring your own libraries (even native ones) Simple resource model • Select power rating from 128 MB to 3 GB • CPU and network allocated proportionately Flexible use • Synchronous or asynchronous • Integrated with other AWS services Flexible authorization • Securely grant access to resources and VPCs • Fine-grained control for invoking your functions © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  9. 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Lambda Authoring functions • WYSIWYG editor or upload packaged .zip • Third-party plugins (Eclipse, Visual Studio) Monitoring and logging • Metrics for requests, errors, and throttles • Built-in logs to Amazon CloudWatch Logs Programming model • Use processes, threads, /tmp, sockets normally • AWS SDK built in (Python and Node.js) Stateless • Persist data using external storage • No affinity or access to underlying infrastructure © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  10. 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine-grained pricing Buy compute time in 100-ms increments Low request charge No hourly, daily, or monthly minimums No per-device fees Never pay for idle Free Tier 1 M requests and 400,000 GB-s of compute Every month, every customer © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  11. 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SMART RESOURCE ALLOCATION Match resource allocation (up to 3 GB!) to logic Stats for Lambda function that calculates 1000 times all prime numbers <= 1000000 128 MB 11.722965 sec $0.024628 256 MB 6.678945 sec $0.028035 512 MB 3.194954 sec $0.026830 1024 MB 1.465984 sec $0.024638
  12. 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNSAmazon SES Cron events DATA STORES ENDPOINTS DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES Event sources that trigger AWS Lambda …and more! AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions
  13. 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda execution model Synchronous (push) Asynchronous (event) Stream-based Amazon API Gateway AWS Lambda function Amazon DynamoDBAmazon SNS /order AWS Lambda function Amazon S3 reqs Amazon Kinesis changes AWS Lambda service function
  14. 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Internet Mobile Apps Websites Services AWS Lambda functions AWS All private (VPC) or publicly accessible endpoints Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service Endpoints on Amazon EC2 AWS Step Functions
  15. 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Create a unified API front end for multiple microservices Authenticate and authorize requests to a backend DDoS protection and throttling for your backend Throttle, meter, and monetize API usage by third- party developers Amazon API Gateway © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  16. 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway – Lambda Proxy Integration { "resource": "Resource path", "path": "Path parameter", "httpMethod": "Incoming request's method name", "headers": {Incoming request headers}, "queryStringParameters": {Query string parameters}, "pathParameters":{Path parameters}, "stageVariables": {Applicable stage variables}, "requestContext": {Request context, including authorizer-returned key-value pairs}, "body": "...", "isBase64Encoded": true|false } { "statusCode": httpStatusCode, "headers": { "headerName": "headerValue", ... }, "body": "...”, "isBase64Encoded": true|false } Input Format of a Lambda Function for Proxy Integration Output Format of a Lambda Function for Proxy Integration
  17. 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building an API with Serverless
  18. 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Frameworks Chalice
  19. 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ClaudiaJS Node.js framework for deploying projects to AWS Lambda and Amazon API Gateway • Has sub projects for microservices, chat bots and APIs • Simplified deployment with a single command • Use standard NPM packages, no need to learn swagger • Manage multiple versions https://claudiajs.com https://github.com/claudiajs/claudia app.js: var ApiBuilder = require('claudia-api-builder') var api = new ApiBuilder(); module.exports = api; api.get('/hello', function () { return 'hello world'; }); $ claudia create --region us-east-1 --api-module app
  20. 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice Python serverless “microframework” for AWS Lambda and Amazon API Gateway • A command line tool for creating, deploying, and managing your app • A familiar and easy to use API for declaring views in python code • Automatic Amazon IAM policy generation https://github.com/aws/chalice https://chalice.readthedocs.io app.py: from chalice import Chalice app = Chalice(app_name="helloworld") @app.route("/") def index(): return {"hello": "world"} $chalice deploy Chalice
  21. 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice – a bit deeper from chalice import Chalice from chalice import BadRequestError app = Chalice(app_name='apiworld-hot') FOOD_STOCK = { 'hamburger': 'yes’, 'hotdog': 'no' } @app.route('/') def index(): return {'hello': 'world'} @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}') def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT']) def add_food(food): return {"value": food} Chalice
  22. 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice – a bit deeper from chalice import Chalice from chalice import BadRequestError app = Chalice(app_name='apiworld-hot') FOOD_STOCK = { 'hamburger': 'yes’, 'hotdog': 'no' } @app.route('/') def index(): return {'hello': 'world'} @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}') def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT']) def add_food(food): return {"value": food} Chalice application routes error handling http method support
  23. 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Meet SAM!
  24. 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model
  25. 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM template AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable
  26. 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM template AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units
  27. 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tip: SAM templates can contain ANY AWS CloudFormation resource
  28. 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM template <- this becomes this ->
  29. 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice – generating a SAM template $ chalice package out Creating deployment package $ tree out Out ├── deployment.zip └── sam.json 0 directories, 2 files Chalice
  30. 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introducing SAM Local CLI tool for local testing of serverless apps Works with Lambda functions and “proxy- style” APIs Response object and function logs available on your local machine Currently supports Java, Node.js and Python https://github.com/awslabs/aws-sam-local
  31. 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. If(!feelingLucky) { demogods.pray(); } demo.start();
  32. 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. InternetMobile/Web apps AWS Lambda functions AWS API Gateway Other AWS services What we just deployed…
  33. 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security is job zero.
  34. 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The serverless API stack places where we can secure our application InternetMobile/Web apps AWS Lambda functions AWS API Gateway Other AWS services
  35. 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Security Several mechanisms for adding Authz/Authn to our API: • IAM Permissions • Use IAM policies and AWS credentials to grant access • Custom Authorizers • Use Lambda to validate a bearer token (OAuth or SAML as examples) or request parameters and grant access • Cognito User Pools • Create a completely managed user management system
  36. 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cognito User Pools Add user sign-up and sign- in easily to your mobile and web apps without worrying about server infrastructure Serverless Authentication and User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory 1 2 3
  37. 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cognito User Pools - User Flows User Sign-Up and Sign-In User Profile Data Forgot Password Token Based Authentication Email or Phone Number Verification SMS Multifactor Authentication
  38. 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cognito User Pool Authorizer Supports authentication, but not authorization. Super easy! E.g. you can lock down an API to Cognito User Pool users, but you don’t get fine grained control over who can access which API resources.
  39. 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom Authorizer Supports authentication and authorization and super flexible! • Function input: HTTP headers (e.g. Authorization header) • Function output: Policy (e.g. allow GET /{userid}/profile, deny GET /admin) • Result is cached for the input parameters (300 seconds default) InternetMobile/Web apps AWS Lambda functions AWS API Gateway Other AWS services Custom Authorizer Function
  40. 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice – adding Cognito User Pools from chalice import Chalice from chalice import BadRequestError from chalice import CognitoUserPoolAuthorizer app = Chalice(app_name='apiworld-hot') authorizer = CognitoUserPoolAuthorizer( 'MyPool', provider_arns=['arn:aws:cognito:...:userpool/name']) ... ... @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}’, methods=['GET'], authorizer=authorizer) def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT'], authorizer=authorizer) def add_food(food): return {"value": food} Chalice
  41. 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chalice – adding Cognito User Pools from chalice import Chalice from chalice import BadRequestError from chalice import CognitoUserPoolAuthorizer app = Chalice(app_name='apiworld-hot') authorizer = CognitoUserPoolAuthorizer( 'MyPool', provider_arns=['arn:aws:cognito:...:userpool/name']) ... ... @app.route('/list_foods') def list_foods(): return FOOD_STOCK.keys() @app.route('/check_stock/{food}’, methods=['GET'], authorizer=authorizer) def check_stock(food): try: return {'in_stock': FOOD_STOCK[food]} except KeyError: raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys()))) @app.route('/add_food/{food}', methods=['PUT'], authorizer=authorizer) def add_food(food): return {"value": food} Chalice authorization required for certain routes/methods adding authorization
  42. 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary It’s never been easier to build and launch APIs! Serverless APIs: • No management of servers • Pay for what you use and not for idle resources! • Instantly scale up without turning any knobs or provisioning any resources • Tooling to get started in minutes with incredibly minimal code needed • Built in high availability built into multiple places in the application stack • Authentication and Authorization built into multiple places in the application stack
  43. 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. aws.amazon.com/serverless
  44. 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. aws.amazon.com/serverless/developer-tools
  45. 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you

×