Building API Driven Microservices

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris Munns – Senior Developer Advocate – AWS
Serverless
Building API-
Driven
Microservices

About me:
Chris Munns - munns@amazon.com, @chrismunns
• Senior Developer Advocate - Serverless
• New Yorker
• Previously:
• AWS Business Development Manager – DevOps, July ’15 - Feb ‘17
• AWS Solutions Architect Nov, 2011- Dec 2014
• Formerly on operations teams @Etsy and @Meetup
• Little time at a hedge fund, Xerox and a few other startups
• Rochester Institute of Technology: Applied Networking and Systems
Administration ’05
• Internet infrastructure geek

https://secure.flickr.com/photos/mgifford/4525333972
Why are we
here today?

The Future

“Software is Eating the World” – Marc Andreessen
“APIs are Eating Software” – Dr. Steve Willmott
Fun fact: Apis is the “Genus” for Honey Bees

A look back at
development at
Amazon..
https://secure.flickr.com/photos/pixelthing/15806918992/

2001
monolithic application
+
monolithic teams

Monolith development lifecycle
developers
releasetestbuild
delivery pipelineapp

Single-purpose
Connect only through APIs
Connect over HTTPS
Largely “black boxes” to
each other
“Microservices”

> 60 million deployments a year*
Thousands of teams
× Microservice architecture
× Continuous delivery
× Multiple environments
*2016 number

Building your API
https://secure.flickr.com/photos/spenceyc/7481166880

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic API technology stack
?API
“server”
?API
backend

API Management Challenges
Managing multiple versions and stages of an API is difficult.
Monitoring third-party developers’ access is time consuming.
Access authorization is a challenge.
Traffic spikes create an operational burden.
Dealing with increased management overhead

Introducing Amazon API Gateway
Amazon API Gateway is a fully managed service that
makes it easy for developers to create, publish, maintain,
monitor, and secure APIs at any scale:
• Host multiple versions and stages of your APIs
• Create and distribute API Keys to developers
• Throttle and monitor requests to protect your backend
• Leverage signature version 4 to authorize access to APIs
• Request / Response data transformation and API mocking
• Reduced latency and DDoS protection through CloudFront
• Optional Managed cache to store API responses
• SDK Generation for Java, JavaScript, Java for Android,
Objective-C or Swift for iOS, and Ruby
• Swagger support

API Gateway integrations
Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
Amazon
CloudFront
Any other AWS
service
YOUR VPC
Endpoints in
Your VPC
Regional API Endpoints
All publicly accessible
endpoints
AWS Lambda
functions

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic API technology stack
?API
backend
API Gateway

Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2
Amazon
CloudWatch
Monitoring
Amazon
CloudFront
Any other AWS
service
YOUR VPC
Endpoints in
Your VPC
Regional API Endpoints
All publicly accessible
endpoints
AWS Lambda
functions
API Gateway backend integrations

AWS Compute Services
Amazon
EC2
Amazon
Elastic
Container
Service
(ECS)
AWS
Lambda

Deploying Microservices on Amazon EC2
Recommendation:
• Single service per host
• Start with small instance sizes
• Leverage Auto Scaling and AWS Elastic
Load Balancing/Application Load
Balancer/Network Load Balancer(if in
VPC)
• Automate the ability to pump out these
environments easily
• Leverage CodeDeploy, CloudFormation,
Elastic Beanstalk or Opsworks
Auto Scaling group
EC2 Instance EC2 Instance EC2 Instance
region
Elastic Load
Balancing

Deploying Microservices with ECS
Recommendation
• Put multiple services per host
• Make use of larger hosts with much more
CPU/RAM
• Run helper services on the same host as
other dependent services
• Leverage Auto Scaling and AWS Elastic Load
Balancing/Application Load Balancer/Network
Load Balancer(if in VPC)
• Use AWS Fargate for even less administrative
overhead!
region
Guest OS
Bins/Libs
Bins/Lib
s
App2App1
EC2 Instance
Network Load
Balancer
Public
Application
Load Balancer

No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
Serverless means…

SERVICES (ANYTHING)
Changes in
data state
Requests to
endpoints
Changes in
resource state
EVENT SOURCE FUNCTION
Node.js
Python
Java
C#
Go
Serverless applications

Anatomy of a Lambda function
Handler() function
Function to be executed
upon invocation
Event object
Data sent during
Lambda Function
Invocation
Context object
Methods available to
interact with runtime
information (request ID,
log group, etc.)
public String handleRequest(Book book, Context context) {
saveBook(book);
return book.getName() + " saved!";
}

Lambda
function
2. Lambda
function invoked
1. API call made
against API Gateway
API clients
Amazon API
Gateway
Lambda
function
Lambda
function
2. API call made directly
against backing AWS service
API clients
Amazon API
Gateway
API clients
Amazon
S3
Amazon
Kinesis
Amazon
DynamoDB
etc..
2. Step Functions
workflow is executed
1. API call made
against API Gateway
Amazon API
Gateway
API clients
AWS Step
Functions
1. API call made
against API Gateway

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
API Gateway AWS Lambda
functions

Secure your API
https://www.flickr.com/photos/modernrelics/1093797721/

InternetMobile/Web
apps
AWS
Databases/
Data stores
Basic Serverless API technology stack
functions
places where we can secure our application

Amazon API Gateway Security
Several mechanisms for adding Authz/Authn to our API:
• IAM Permissions
• Use IAM policies and AWS credentials to grant access
• Lambda Authorizers
• Use Lambda to validate a bearer token(Oauth or SAML as
examples) or request parameters and grant access
• Cognito User Pools
• Create a completely managed user management system

API Gateway Lambda Authorizers
Use an AWS Lambda function to invoke whatever authorizer
logic/method you want!
For example this HTTP Basic Auth example which can be found in the
AWS Serverless Application Repository:

Cognito User Pools
Add user sign-up and sign-
in easily to your mobile and
web apps without worrying
about server infrastructure
Serverless Authentication
and User Management
Verify phone numbers and
email addresses and offer
multi-factor authentication
Enhanced Security
Features
Launch a simple, secure,
low-cost, and fully managed
service to create and
maintain a user directory
that scales to 100s of
millions of users
Managed User Directory
1 2 3

Deploying your
applications
https://secure.flickr.com/photos/simononly/15386966677

Stages are named links to a deployed
version of your API
Recommended for managing API lifecycle
• Dev/test/prod
• Alpha/beta/gamma
Support for parameterized values through
stage variables
API Stages

API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings

Stage Variables and Lambda Aliases
Using Stage Variables in API Gateway together with Lambda function Aliases
you can manage a single API configuration and Lambda function for multiple
environment stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev

Amazon API Gateway Canary Support
Use canary release deployments to gradually roll out new APIs
in Amazon API Gateway:
• configure percent of traffic to go to a new stage deployment
• can test stage settings and variables
• API gateway will create additional Amazon CloudWatch Logs group
and CloudWatch metrics for the requests handled by the canary
deployment API
• To rollback: delete the deployment or set percent of traffic to 0
• Explore new technologies in your API backend:
• New languages
• New frameworks
• Try Lambda in place of other HTTP endpoints!
• Migrate an API from on-premises to AWS via private endpoint
integrations in VPC

v1API
Clients
All publicly and
privately
accessible
endpoints
Backends
in AWS
api.mydomain.com/prod
All traffic to currently deployed version

API
Clients
All publicly and
privately
accessible
endpoints
Backends
in AWS
v1
90%
v2
10%
10% traffic to new deployment of stage, rest to previous version

v2API
Clients
All publicly and
privately
accessible
endpoints
Backends
in AWS
All traffic to new deployed version

How can I connect
my clients to my
API backed by API
Gateway?
https://www.flickr.com/photos/lachlanhardy/4150836513/

SDK work flow:
Service
developer
swagger
Node.js
Client SDK
myservice-1.1.1
module
Private Repo
API v1.1.1
Service
Client
v1.1.1

SDK work flow:
Service
developer
swagger
Private Repo
Service
Client
v1.1.1
API v1.1.1
API v2.0.0 Node.js
Client SDK
myservice-2.0.0
module
Service
Client
v2.0.0

https://secure.flickr.com/photos/jasoneppink/499531891
Can’t move fast if you
can’t measure what's
going on.

Metrics and logging are a universal right!
CloudWatch Metrics:
• 7 Built in metrics for Lambda
• Invocation Count, Invocation duration, Invocation
errors, Throttled Invocation, Iterator Age, DLQ
Errors, Concurrency
• Can call “put-metric-data” from your function code
for custom metrics
• 7 Built in metrics for API-Gateway
• API Calls Count, Latency, 4XXs, 5XXs, Integration
Latency, Cache Hit Count, Cache Miss Count
• Error and Cache metrics support averages and
percentiles

Metrics and logging are a universal right!
CloudWatch Logs:
• API Gateway Logging
• 2 Levels of logging, ERROR and INFO
• Optionally log method request/body content
• Set globally in stage, or override per method
• Lambda Logging
• Logging directly from your code with your language’s equivalent
of console.log()
• Basic request information included
• Log Pivots
• Build metrics based on log filters
• Jump to logs that generated metrics
• Export logs to AWS ElastiCache or S3
• Explore with Kibana or Athena/QuickSight

AWS X-Ray Integration with Serverless
• API Gateway inserts a tracing
header into HTTP calls as well
as reports data back to X-Ray
itself
• Lambda instruments incoming
requests for all supported
languages and can capture
calls made in code
var AWSXRay = require(‘aws-xray-sdk-core‘);
AWSXRay.middleware.setSamplingRules(‘sampling-rules.json’);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();

X-Ray Trace Example

How do I figure out what’s wrong?
These tools are here, so use them!
1. Turn on X-Ray now
1. look at wrapping your own calls with it via the X-Ray SDKs
2. Don’t underestimate the power of logging in Lambda
1. Simple “debug: in functionX” statements work great and are
easy to find in CloudWatch Logs
3. The most valuable metrics are the ones closest to your
customer/use-case
1. How many gizmos did this function call/create/process/etc

Where do you ..
https://secure.flickr.com/photos/stevendepolo/5749192025/

API definition as code:
• Portable API definition
• JSON/YAML
• Import/Export your API
• Amazon API Gateway extensions
• Can be used independently or as
part of a CloudFormation template
• Rich 3rd party ecosystem of tools
Swagger – now OpenAPI Specification(OAS)

Node.js framework for deploying projects
to AWS Lambda and Amazon API
Gateway
• Has sub projects for microservices,
chat bots and APIs
• Simplified deployment with a single
command
• Use standard NPM packages, no need
to learn swagger
• Manage multiple versions
https://claudiajs.com
https://github.com/claudiajs/claudia
app.js:
var ApiBuilder = require('claudia-api-
builder')
var api = new ApiBuilder();
module.exports = api;
api.get('/hello', function () {
return 'hello world';
});
$ claudia create --region us-east-1 --api-module app
ClaudiaJS

Chalice
Python serverless “microframework” for
AWS Lambda and Amazon API Gateway
• A command line tool for creating,
deploying, and managing your app
• A familiar and easy to use API for
declaring views in python code
• Automatic Amazon IAM policy
generation
https://github.com/aws/chalice
https://chalice.readthedocs.io
app.py:
from chalice import Chalice
app = Chalice(app_name="helloworld")
@app.route("/")
def index():
return {"hello": "world"}
$chalice deploy
Chalice

from chalice import BadRequestError
app = Chalice(app_name='apiworld-hot')
FOOD_STOCK = {
'hamburger': 'yes’,
'hotdog': 'no'
}
@app.route('/')
def index():
return {'hello': 'world'}
@app.route('/list_foods')
def list_foods():
return FOOD_STOCK.keys()
@app.route('/check_stock/{food}')
def check_stock(food):
try:
return {'in_stock': FOOD_STOCK[food]}
except KeyError:
raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys())))
@app.route('/add_food/{food}', methods=['PUT'])
def add_food(food):
return {"value": food}
Chalice
application routes
error handling
http method support
Chalice – a bit deeper

Chalice – adding Cognito User Pools
from chalice import BadRequestError
from chalice import CognitoUserPoolAuthorizer
app = Chalice(app_name='apiworld-hot')
authorizer = CognitoUserPoolAuthorizer( 'MyPool', provider_arns=['arn:aws:cognito:...:userpool/name'])
...
...
@app.route('/list_foods')
def list_foods():
return FOOD_STOCK.keys()
@app.route('/check_stock/{food}’, methods=['GET'], authorizer=authorizer)
def check_stock(food):
try:
return {'in_stock': FOOD_STOCK[food]}
except KeyError:
raise BadRequestError("Unknown food '%s', valid choices are: %s" % (food, ', '.join(FOOD_STOCK.keys())))
@app.route('/add_food/{food}', methods=['PUT'], authorizer=authorizer)
def add_food(food):
return {"value": food}
authorization
required for certain
routes/methods
adding
authorization
Chalice

AWS Serverless Application Model (SAM)
CloudFormation extension optimized for
serverless
New serverless resource types: functions, APIs,
and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model

SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells CloudFormation this is a SAM
template it needs to “transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with 5
Read & Write units

From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
<-THIS
BECOMES THIS->
SAM template

AWS SAM CLI SAM Local
Relaunched/GA’d on May 8th!
CLI tool for local building, validating, testing of
serverless apps
Works with Lambda functions and “proxy-style”
APIs
Response object and function logs available on
your local machine
Uses open source docker-lambda images to mimic
Lambda’s execution environment:
• Emulates timeout, memory limits, runtimes
https://github.com/awslabs/aws-sam-cli

FIN, ACK
It’s never been easier to build and launch APIs!
Serverless APIs:
• No management of servers
• Pay for what you use and not for idle resources!
• Instantly scale up without turning any knobs or provisioning any resources
• Tooling to get started in minutes with incredibly minimal code needed
• Built in high availability built into multiple places in the application stack
• Authentication and Authorization built into multiple places in the application stack
InternetMobile/Web
apps
AWS
Databases/
Data stores
functions

Chris Munns
munns@amazon.com
@chrismunnshttps://www.flickr.com/photos/theredproject/3302110152/

?
https://secure.flickr.com/photos/dullhunk/202872717/

Building API Driven Microservices

More Related Content

Similar to Building API Driven Microservices

More from Chris Munns

Recently uploaded

Building API Driven Microservices

Editor's Notes