ANZ Dev Lounge Session - Feb 2017
•
10 likes•1,002 views
Real-world development Decomposing a serverless skills-based routing application on AWS Presenter: Adam Larter, Principal Solutions Architect, Developer Specialist
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to ANZ Dev Lounge Session - Feb 2017
Similar to ANZ Dev Lounge Session - Feb 2017 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
ANZ Dev Lounge Session - Feb 2017
- 1. Adam Larter Principal Solutions Architect, Developer Specialist Real-world development Decomposing a serverless skills-based routing application on AWS
- 2. CUSTOMER SPECIFICATION • A system that can direct my customers’ queries to the best-suited team member with the right skills to help the customer • A mobile app that my staff use to see tasks assigned to them • Push notifications to alert team members when there’s work to do • Staff ‘accept’ and ‘complete’ tasks as they work on them • Automatic staff registration – no admin intervention • An admin portal to securely manage and monitor activity D E V L O U N G E
- 3. • The ability to see trends – busy times of the day so I can schedule staff • The ability to create new departments and specialisations • The ability to send ad-hoc messages to team members, and re-assign tasks if need be • A simple interface for my team members and of course, my customers • Ability to embrace the API economy and create a SaaS offering that provides throttling and quota management CUSTOMER SPECIFICATION D E V L O U N G E
- 4. • Use AWS IoT Buttons as the customer interface – simple button press • Multi-modal use of the buttons – single, long and double press actions • No relational databases – all NoSQL • Microservice architecture • Serverless! And Service-full! • Low-cost, low-operational maintenance TECHNICAL SPECIFICATION D E V L O U N G E
- 5. • Infrastructure as code – complete DR story for my system • Integrated security from user app/admin portal to back-end • Decoupled, asynchronous processing where possible • Fast development iteration D E V L O U N G E TECHNICAL SPECIFICATION
- 6. D E V L O U N G E AWS IoT BUTTON
- 8. Amazon API Gateway AWS Lambda Amazon CognitoAmazon DynamoDB Host and route our API calls, manage quotas, security and SDK generation Execute our app’s business logic without having to worry about servers Integrated AuthZ and AuthN Highly durable and performant data store D E V L O U N G E MAIN AWS COMPONENTS
- 9. ARCHITECTURE Amazon CloudFront Amazon API Gateway AWS IoT AWS IoT rule AWS Lambda Function Amazon DynamoDB Amazon SNS AWS Lambda Function Amazon Elasticsearch Service AWS Lambda Functions Decoupled statistics processing IoT Ingress processing Web API handling Statistics engine Data ingress & API processing Amazon Cognito Mobile apps Websites API ConsumersAuth
- 10. DEPLOYMENT D E V L O U N G E
- 11. Options for serverless DevOps deployment on AWS Toolchain deployment (CI/CD) Frameworks (Claudia.js, Chalice, Serverless.com Kappa, etc.) Manual deployment (Console/CLI) Code in-place Whole stack update (SAM / CloudFormation)
- 12. Serverless Application Model (SAM) / CloudFormation Declaratively define your serverless environment including API Gateway endpoints and Lambda functions – Swagger import supported Manual & CI/CD pipelines AWS Console AWS CLI scripting Serverless frameworks Claudia.js / Serverless.com (Python & NodeJS), Chalice, Zappa, Kappa and others DEPLOYMENT OPTIONS D E V L O U N G E
- 13. AWS SAM is a specification that defines serverless applications Defines simplified CloudFormation syntax for expressing serverless resources Covers APIs (API Gateway), Lambda functions, event source mappings and Amazon DynamoDB tables Lambda environment variables and event sources AWS SERVERLESS APPLICATION MODEL (SAM) D E V L O U N G E
- 14. AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Resources: MySimpleFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs4.3 CodeUri: s3://<source-bucket>/MyCode.zip Policies: AmazonDynamoDBFullAccess Environment: Variables: TABLE_NAME: !Ref Table Events: MyUploadEvent: Type: S3 Properties: Id: !Ref MyBucket Events: Create MyBucket: Type: AWS::S3::Bucket Environment variable declarations Function definition Event source mapping Function execution policy / role AWS SERVERLESS APPLICATION MODEL (SAM)
- 15. DESIGN TIPS D E V L O U N G E
- 16. • Automate the base infrastructure with CloudFormation/SAM • Use a developer automation tool to do the heavy lifting and support fast, iterative development – grunt, gulp, npm… your favourite tool du jour • Layout your project from the start to allow for local runs, local testing and easy deployment into your AWS Dev environment • Every developer in your team has their own full-stack environment and can deploy to it and test prior to checking in code – fast, contention-free iteration when writing and debugging features DESIGN TIPS D E V L O U N G E
- 17. AN ENVIRONMENT FOR EACH DEV + SHARED TEST API Gateway Amazon Cognito AWS Lambda functions Amazon DynamoDB Developer1 API Gateway Amazon Cognito AWS Lambda functions Amazon DynamoDB Developer2 API Gateway Amazon Cognito AWS Lambda functions Amazon DynamoDB SharedTest/UAT CI/CD Source Control Developer deploys fast iterations to dedicated environment CI/CD toolchain deploys committed code to shared test/staging environment using SAM/CloudFormation toProduction
- 18. • Use CloudFormation/SAM to build your dev environment – From. The. Start! Repeatable… Reliable... Reusable... Easily stamp out multiple dev environments • Plan to break your application functionality into decoupled modules and embrace asynchronicity and background processes with CW Events • Never keep application state in your Lambda function code – keep state in a shared cache and cache everything all the time – design for multi-tenancy • Use the right data store – do you REALLY need an RDBMS? D E V L O U N G E DESIGN TIPS
- 19. Agents Capabilities Categories TasksButtons 0..* 1..* *..* 1..* DATA ENTITY RELATIONSHIPS D E V L O U N G E SELECT * FROM TASKS INNER JOIN AGENTS INNER JOIN BUTTONS INNER JOIN CAPABILITIES… Capabilities 1..*
- 20. Agents Categories Tasks Buttons DATA ENTITY RELATIONSHIPS D E V L O U N G E Capabilities Amazon Elasticache memcached or Redis AWS Lambda manages ‘joins’ in the middle-tier and refreshes cache as needed Tasks pulled from DynamoDB SSoT for ancillary data held in DynamoDB
- 21. • Use DynamoDB Local and memcached for testing your data model http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBLocal.html DESIGN TIPS D E V L O U N G E
- 22. • Local config.json for fast, iterative development and environment variables to override config settings at runtime DESIGN TIPS D E V L O U N G E
- 23. Let’s look at some code D E V L O U N G E
- 24. • Local config.json for fast, iterative development and environment variables to override config settings at runtime • Switch behaviour based on the LAMBDA_TASK_ROOT variable to facilitate fast, local testing and iteration • “Finaliser” to give back resources – and design tests to confirm you are calling the finaliser before calling Lambda (language dependent) • Use locks, not just moats when it comes to security DESIGN TIPS D E V L O U N G E
- 25. AWS COGNITO User Pools & Identity Federation D E V L O U N G E
- 26. ADMIN AUTH: COGNITO USER POOLS Mobile apps Admin Portal Partner Services AWS Lambda functions API Gateway Amazon Cognito
- 27. ADMIN AUTH: COGNITO USER POOLS Mobile apps Admin Portal Partner Services AWS Lambda functions API Gateway Amazon Cognito
- 28. ADMIN AUTH: COGNITO USER POOLS Mobile apps Admin Portal Partner Services AWS Lambda functions API Gateway Amazon Cognito 403 – Unauthorised from API GW 403 – Unauthorised from app Cognito Identity Token
- 29. Mobile apps Admin Portal Partner Services AWS Lambda functions API Gateway Amazon Cognito 3rd Party Identity Facebook, Google, Twitter, OpenID etc Public Identity Provider USER AUTH: SIGV4 / IAM
- 30. Mobile apps Admin Portal Partner Services AWS Lambda functions API Gateway Amazon Cognito IAM USER AUTH: SIGV4 / IAM
- 31. Mobile apps Admin Portal Partner Services AWS Lambda functions receive Cognito Identity Id of caller and Identity Pool Id API Gateway Amazon Cognito 403 – Unauthorised from API GW 403 – Unauthorised from app SigV4-signed Url USER AUTH: SIGV4 / IAM
- 32. AMAZON API GATEWAY Integrated security & SDK generation D E V L O U N G E
- 33. Let’s test some code D E V L O U N G E
- 34. • What are we looking for when we test Lambda functions? • Asynchronous calls not returning • Missing ‘completion’ by calling context.done() or context.callback() • Timeouts • Giving back resources like socket connections • How can I test my Lambda functions? • The same way you test standalone NodeJS/Java/Python/CSharp! • Isolate your components/functions so they can be tested • Consider TDD – start with testing before writing code • Test your code’s business logic using local DynamoDB and memcache to reduce reliance on network TESTING LAMBDA FUNCTIONS D E V L O U N G E
- 35. [Test] function testSomething() { ASSERT(true); // todo – I am too busy right now return true; } TESTING ANTI-PATTERN!
- 36. • Amazon Device Farm • Test on real iOS, Android and Fire OS devices in the cloud • Test native apps or web apps • Execute automated tests in popular automation frameworks: • Appium (Java Junit, Java TestNG, Python – for web application testing) • Calabash • Espresso • Junit • XCTest • KIF • Robotium and more TESTING MOBILE APPS D E V L O U N G E
- 37. • Built-in Fuzz Test (Android & iOS) • Randomly sends user interface events to devices and then reports results • Built-in Explorer Test (Android) • Crawls your app by analysing each screen and interacting as if it were an end user • Takes screenshots as it explores • Provide Device Farm with credentials so the test can log in • View actionable test results • Screenshots, videos, logs and performance data • Integrate testing into your workflow • Use the Device Farm API directly or make use of the Jenkins plug-in or Gradle plug-in TESTING MOBILE APPS D E V L O U N G E
- 38. Visualisation with ElasticSearch and graphing frameworks D E V L O U N G E
- 39. • Amazon ElasticSearch – managed service • No need to worry about infrastructure - *aaS! • Script everything – the cluster… the schema... test data... • Define your index mappings explicitly (for example, timestamps and enums) • Always secure access to your domain using a restrictive access policy! • http-aws-es credential helper module on npm VISUALISATION D E V L O U N G E
- 40. CONNECTING TO ES WITH IAM CREDENTIALS D E V L O U N G E
- 41. STATISTICS INDEX FORMAT – NEW BUTTON PRESS D E V L O U N G E
- 42. STATISTICS INDEX FORMAT – TASK COMPLETED D E V L O U N G E
- 43. ES AGGREGATIONS D E V L O U N G E
- 44. • ElasticSearch Getting Started Guide • www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html • ElasticSearch on NodeJS • elasticsearch module on npm • http-aws-es credential helper module on npm • AngularJS web UI framework • angularjs.org • Angular Chart Framework • jtblin.github.io/angular-chart.js/ REFERENCES D E V L O U N G E
- 45. • Grunt – the Javascript task runner • gruntjs.com • Helpful Grunt plug-ins for AWS • grunt-aws-lambda module on npm • grunt-aws module on npm • Mocha test framework • mochajs.org REFERENCES D E V L O U N G E
- 46. • Cognito JWT • jsonwebtoken module on npm • jwk-to-pem module on npm • Render/decode JWT • jwt.io • AWS Code Samples on GitHub • github.com/awslabs • FireOS / Android viewer • Vysor Chrome Extension REFERENCES D E V L O U N G E
- 47. Adam Larter Principal Solutions Architect, Developer Specialist Thank you!