O documento apresenta o serviço AWS Lambda e Amazon API Gateway. AWS Lambda permite executar código sem servidores em resposta a eventos, enquanto API Gateway permite criar, publicar, monitorar e proteger APIs. Juntos, eles permitem construir aplicações serverless escaláveis e seguras. O documento também fornece exemplos de uso e demonstrações das funcionalidades.
2. O que esperar dessa sessão?
Introdução AWS Lambda
• Benefícios
• Como funciona?
• Arquitetura de Referência
• Demo
Introdução AWS API-Gateway
• Benefícios
• Como funciona?
• Arquitetura de Referência
• Demo
5. AWS Lambda
Um serviço de processamento o qual você não tem que pensar em:
• Servidores
• Alta ou baixa capacidade de recursos
• Deploy de aplicações
• Escalabilidade e tolerancia a falhas
• Sistema operacional e atualizações
• Metricas e log
6. AWS Lambda
…Agora tudo pode ser mais fácil.
• Porte seu código para a AWS com bibliotecas nativas
• Execute código em pararelo
• Crie backends, execução baseada em eventos e processamento de dados
Nunca pague por algo parado!
10. O que é serverless AWS?
• Serverless = Não pense em servidores
• Lambda: Recursos computacionais baseado em eventos
• API Gateway: Contrua API’s rest com lambda
• Serverless AWS = Lambda + API Gateway
• “Lambda tem pontencial para ser o ponto focal da nuvem
AWS” – Janakiram MSV (janakiram.com)
13. Como Funciona
1. Upload do código
2. Configure evento e
permissões
3. Lambda executa em
resposta a eventos
4. Pague somente quando
a fução for executada
17. Procesamento de arquivos em tempo real
The Seattle Times utiliza AWS Lambda para redimensionar
as imagens do seu site para diferentes dispositivos como:
Computadores(Desktop e notebooks), tablets e
smartphones
19. Encoding de arquivos
Os estudios de gravação enviam os arquivos para o
Amazon S3. Após o envio uma função Lambda é
executada para iniciar o processo de agregação desses
arquivos, validação, identificação e publicação.
22. Limites
Resource Limits
Duração máxima: 5 minutos
Heap máxima: 1.5 GB
Armazenamento temporário ("/tmp"): 512 MB
Número máximo de processos/threads : 1.024
Tamanho máximo do pacote da aplicação (zip/jar): 50 MB
23. Estendendo AWS Lambda
Use o /tmp como cache
Rode qualquer executável (independente de linguagem)
Use plugins do Grunt e Jenkins para deploys
Slack + Lambda
JAWS: The Server-less Application Framework
28. Seu feedback
Gerenciar múltiplas versões e estágios de uma API é difícil.
Monitorar acessos de desenvolvedores terceiros consome tempo.
29. Seu feedback
Gerenciar múltiplas versões e estágios de uma API é difícil.
Monitorar acessos de desenvolvedores terceiros consome tempo.
Autorizar acessos é desafiador.
30. Seu feedback
Gerenciar múltiplas versões e estágios de uma API é difícil.
Monitorar acessos de desenvolvedores terceiros consome tempo.
Autorizar acessos é desafiador.
Picos de tráfego geram um peso operacional.
31. Seu feedback
Gerenciar múltiplas versões e estágios de uma API é difícil.
Monitorar acessos de desenvolvedores terceiros consome tempo.
Autorizar acessos é desafiador.
Picos de tráfego geram um peso operacional.
E se eu não quiser nenhum servidor?
32. Amazon API Gateway
Hospede múltiplas versões e ambientes das suas APIs
Crie e distribua chaves de API para desenvolvedores
Beneficie-se da Sigv4/JTW/OAuth para autorizar acesso às APIs
Controle e monitore requisições para proteger o backend, Cache ..
Use AWS Lambda!
33. Fluxo de uma chamada API
Internet
Mobile
apps
Websites
Serviços
API
Gateway
Funções
AWS
Lambda
AWS
API
Gateway
cache
Endpoints
na Amazon
Qualquer outro
endpoint
acessível
Amazon
CloudWatc
h
34. Configuração da API
Você pode criar APIs
Definir recursos da API
Definir métodos para o recurso
• Métodos são recurso + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT
35. Deploy da API
Configuração da API pode ser implantado em
um ambiente (stage)
Stages são ambientes diferentes; por exemplo:
• Dev (e.g., example.com/dev)
• Beta (e.g., example.com/beta)
• Prod (e.g., example.com/prod)
Pet Store
dev
beta
gamma
prod
37. Custom domain names
• Você pode configurar custom domain names
• Forneça API Gateway com um certificado HTTPS
• Custom domain names podem ser apontados para um estágio da API
• Aponte para uma API e ambiente (stage)
• Beta (e.g., yourapi.com/beta)
• Prod (e.g., yourapi.com/prod)
38. Segurança – Sigv4
Call login API, no
authentication
required
Cliente API Gateway Backend
/login
AWS
Lambda
fn_login
User
accounts
database
Credentials
verified
Amazon Cognito
developer
authenticated
identities
Access and
secret key
/login
Receives
credentials to
sign API calls
41. Caching API responses
Você pode configurar a chave de cache e TTL da resposta
da API
Itens cacheados retornam sem chamar o backend
Um cache é dedicado para você, por estágio (stage)
0.5 GB a 237 GB de cache
42. API Gateway
Back end
GET - /sayHello
AWS
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
Input/output transforms
43. Input/output transforms
Filtrar resultados de output
• Remover dados privados ou desnecessários
• Filtrar o tamanho do dataset para melhorar a performance da API
GET para POST
• Leia os query string parameters de sua requisição GET e crie um corpo para
fazer requisições POST para seu back end
JSON para XML
• Receba um input JSON e transforme-o em XML para seu back end
• Receba um JSON de uma função AWS Lambda e transforme-o para XML
46. Amazon API Gateway
Recapitulando
AWS Lambda
• Não há servidores para serem
gerenciados
• Escalabilidade contínua
• Medidor de sub-segundo
• Econômico e eficiente
• Desempenho em qualquer escala
• Monitore facilmente as atividades
das APIs
• Agilize o desenvolvimento de APIs
• Controles de segurança flexíveis
• Crie endpoints RESTful para
serviços existentes
• Execute suas APIs sem servidores
Editor's Notes
1 - AWS Lambda automatically runs your code without requiring you to provision or manage servers. Just write the code and upload it to Lambda.
2 - AWS Lambda automatically scales your application by running code in response to each trigger. Your code runs in parallel and processes each trigger individually, scaling precisely with the size of the workload.
3 - With AWS Lambda, you are charged for every 100ms your code executes and the number of times your code is triggered. You don't pay anything when your code isn't running.
verify data formats, audit out-of-range values, filter and copy data to other tables
- Add in API Gateway here as that is a huge use case. You may want to ensure you have the complete list of integrated services.
- You may want to talk a bit about the push versus pull model of invocation, as well as the request response
verify data formats, audit out-of-range values, filter and copy data to other tables
- Add in API Gateway here as that is a huge use case. You may want to ensure you have the complete list of integrated services.
- You may want to talk a bit about the push versus pull model of invocation, as well as the request response
verify data formats, audit out-of-range values, filter and copy data to other tables
- Add in API Gateway here as that is a huge use case. You may want to ensure you have the complete list of integrated services.
- You may want to talk a bit about the push versus pull model of invocation, as well as the request response
verify data formats, audit out-of-range values, filter and copy data to other tables
- Add in API Gateway here as that is a huge use case. You may want to ensure you have the complete list of integrated services.
- You may want to talk a bit about the push versus pull model of invocation, as well as the request response
Let’s look in details at the hierarchical structure of an API
The top level element is the API itself, we call it a REST API.
A rest API can contain many resources, resources are typed objects that are part of your API’s domain. They also represent the path through which the objects will be accessible
You can nest resources, in our example the /pet/{petId} represents an individual pet and is a nested resource of the /pets/ resource.
Each resource can declare methods. Methods are the combination of a resource + an HTTP Verb. We support 7 standard HTTP Verbs, For example, a method is the POST to the /pets/{petId} resources – this would be used to create a new pet
Now that we have declared an API with its resources and methods, we can deploy it to make it accessible to 3rd party developers
APIs are deployed to a Stage
Stages represent environments, for example development of production
In API Gateway Stages are like tags, and developers can create as many stages as they want. A stage is just an alphanumeric string
Stages are part of the path that will be used to reach sources and methods, for example the prod stage will be available at execute-api.apigateway.com/stage/resource
This is a visual representation of how versions and stages are managed by the API Gateway, and how customers can leverage these features for their APIs
The first thing we’ll do is declared a V1 API and start configuring its resources and methods
The next step is to deploy the API to a development stage, we’ll keep deploying to development as we evolve our API
At a certain point, when we are ready for 3rd party developers to access this API, we will publish it to a production stage and distribute API Keys and generated SDKs
All along we will keep deploying APIs to both dev and prod including new features and bug fixed
Eventually we’ll want to make some breaking changes, and work on a much improved v2 API. However, we cannot make breaking changes to the API in production because we have thousands of developers using it.
To manage this situation we’ll simply clone the current state of the v1 API into a new API called v2, and begin development of the new version
By cloning we can keep publishing bug fixes to the first release and supporting users that are calling it with a gentle, gradual deprecation
“… developers feel like they can deliver what they want, when they want to – and that makes for an extremely valuable tool …”
Customers can configure the API Gateway to use a custom domain name they provide instead of the standard AWS domain.
We expect customers to bring their own signed certificate for the HTTPS endpoints
Domain names can be configured to point to an API, our top level item, or directly to a specific stage within an API.
Pointing a custom domain name to an API requires the stage to be included in the path
If the domain name is pointed directly at a stage there is no need for the path variable, resources can be accessed directly form the API root “/”
API Gateway uses throttling to help protect customer backends and send only request that they can handle
To implement throttling we use the token bucket algorithm
Customers can set the number of RPS calls they know their backend can handle, and a rate at which the bucket is refilled
API Gateway uses throttling to help protect customer backends and send only request that they can handle
To implement throttling we use the token bucket algorithm
Customers can set the number of RPS calls they know their backend can handle, and a rate at which the bucket is refilled
Let’s put the two together and look at the execution path of an API call
First, when we receive a request, we will check the dedicated cache (if it’s been configured)
If we have an item in the cache then we can handle the request regardless of the throttling configuration, it will have no effect on our customer’s backend
Next, if we don’t have a cache, we check the throttling configuration and the current throttling state (our bucket)
If we are above the limit we will return a 429 response
Otherwise we will execute the backend call and return the result
As we mentioned our generated SDKs automatically know how to handle throttling responses, and they will perform an exponential backoff while retrying the call
To limit the number of requests their backend can receive, and further bring down latency customers can configure a dedicated cache for each stage of their API
For each method in their APIs customers can configure which parameters between path, query string and headers form the item key in the cache, and assign each item a time to live
API Gateway automatically caches responses where configured and avoids calling the customer’s backend if the cached item is available and valid
Customers have access to APIs to manage their cache in the API Gateway
When a stage is configured with a dedicated cache, and an item is found to be in cache and valid for a request that would otherwise be throttled, the API Gateway will handle the request and return the cached response
Customers can pick for a range of possible cache sizes to provision a dedicated cache from their stage, from 0.5GB all the way up to 237GB
Example of a simple transformation flow
API Gateway + Lambda = Server-less backend
Use AWS Lambda to run business logic
Use API Gateway to expose the AWS Lambda functions as endpoints
Transforms Lambda’s JSON output to XML for their APIs
Let’s look at how request and response data can be transformed in-flight.
We use Apache Velocity as the standard to create, save and execute templates
We have been working with our customers on this and during development we have seen the following use-cases from them
Filter API responses. In many cases legacy APIs tended to return verbose responses with too many objects. Large payloads are a struggle for mobile applications, so customers are using the templates to traverse the response schema and filter the output to return only the necessary fields
RPC to REST. Customers have RPC-style APIs that they wanted to expose to the world in the form of RESTful APIs. RPC often only accept POST calls. Customers used the transform templates to accept a GET call in the API Gateway, then generate the POST body for their backend call reading parameters from the path, query string and headers
Customers who want to leverage Lambda but only run XML APIs have been using the transform templates to receive the JSON output from Lambda, and turn it into an XML before sending it back to the end user. This has allowed them to completely switch their backend technology while causing no disruption for 3rd party developers utilizing their APIs, very neat tablecloth trick. Example: Twilio
API Gateway can generate client SDKs based on a customer’s API definition.
Simply select the deployment the SDK should target, the platform, and setup a couple of parameters and the API Gateway generates an SDK and makes it available to download through an API or the management console
SDK are model-aware and also come with the built-in AWS core that allows them to handle throttling responses and sign requests using AWS Credentials
30 segundos para apresentar a empresa, rapidamente
Os 4 (máximo) maiores desafios do projeto, que foram resolvidos pela utilização da nuvem da AWS
Diagrama de solução, e explicar a solução, vantagens, etc