This document provides an overview of building serverless web applications using AWS Lambda and Amazon API Gateway. It discusses moving from a monolithic to microservices architecture with Lambda functions. It introduces the AWS Serverless Application Model (SAM) for defining serverless applications using CloudFormation templates. SAM supports Lambda functions, APIs, and other resources. The document also demonstrates sample SAM and CloudFormation templates and discusses frameworks like ClaudiaJS and Chalice for developing serverless applications.

1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Leo Zhadanovsky
Presented By Randall Hunt
May 2017
SMC302
Building Serverless Web Applications

2. Who Am I?
• Technical Evangelist at AWS
• Formerly of SpaceX and NASA
• randhunt@amazon.com
• @jrhunt on twitter
• These slides are not just mine!
Many people at AWS contributed.
• Thanks Leo!

3. About Me
Who: Leo Zhadanovsky / @leozh / leozh@amazon.com
What: Principal Solutions Architect
Previous:
Director of Systems Engineering @ DNC / Obama for America 2012

4. What to expect from the session
• Concepts
• Design patterns
• Tooling
• Demo

5. AWS Lambda Concepts

6. Benefits of Lambda
No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in

7. Never pay for Idle
EVENT DRIVEN CONTINUOUS SCALING PAY BY USAGE

8. Function versioning and aliases
• Versions = immutable copies of
code + configuration
• Aliases = mutable pointers to
versions
• Each version/alias gets its own
ARN
• Enables rollbacks, staged
promotions, “locked” behavior for
client
Lambda Function
Version $LATEST
Lambda Function
Version 123
Lambda Function
DEV Alias
Lambda Function
BETA Alias
Lambda Function
PROD Alias

9. Lambda Environment Variables
• Key-value pairs
• Available via standard environment variable
access, such as process.env, or os.environ
• Can optionally be encrypted via AWS KMS

10. Common Lambda Use Cases
Web
Applications
• Static websites
• Complex web
apps
• Packages for
Flask and
Express
Data
Processing
• Real time
• MapReduce
• Batch
Chatbots
• Powering
chatbot logic
Backends
• Apps &
services
• Mobile
• IoT
</></>
Amazon
Alexa
• Powering
voice-enabled
apps
• Alexa Skills
Kit
Autonomous
IT
• Policy engines
• Extending
AWS services
• Infrastructure
management

11. Amazon API Gateway Concepts

12. Unify multiple microservices
under single API front-end
Authenticate and
Authorize Requests
Throttling and DDoS Protection
Amazon API Gateway

13. Amazon EC2 Instances
Lambda Functions
Other AWS Services
API Gateway
On Premise Servers
/v1/user /v1/user/image
Unified API

14. SIGv4 Lambda Custom Auth
{ }
API Keys
• Invoke with Caller Credentials
• AWS Identity and Access
Management (IAM) Roles
• Amazon Cognito
• Per Method Authorization
• OAuth
• On Premise Authentication
• Custom built auth
• Usage Plans
• Quotas per API Key
• Throttling per API Key
• Per Method Authorization
Auth

15. Throttling / DDoS / Scaling
DDoS Protection
• Layer 7 and Layer 3 Protection
• Cloudfront in front of API Gateway
Throttling
• Usage Plans
• Quotas per API Key
• Throttling per API Key
Scaling
• Auto Scaling
• Caching Layer

16. API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API Gateway
• Lambda Function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings

17. Design Patterns

18. Monolithic Application

19. Drawbacks of Monolithic Architecture
Hard to Iterate Fast CI/CD Time ConsumingHard to Scale Efficiently
Reliability Challenges

20. Benefits of Microservices Architecture
Increased Agility Easy to Scale Improved Innovation
Reduced Human Errors

21. Monolithic Serverless Web Application

22. Monolithic - What does it look like?
GET /pets
PUT /pets
DELETE /pets
GET /describe/pet/$id
PUT /describe/pet/$id
EVENT DRIVEN ONE LARGE LAMBDA FUNCTION

23. Monolithic - Pros and Cons
• Single Handler
• Handles all GET/PUT/POST/UPDATE/DELETE
• Very Large Lambda Function
• Have to build a routing mechanism
• Larger blast radius
Cons:
Pros:
• Sometimes its easier to comprehend a less
distributed system
• Deployments “could” be faster

24. How can we make this better?

25. Moving from Monolithic to Microservices Architecture
Microservices ArchitectureMonolithic

26. Microservices Serverless Web Application

27. Microservices - What does it look like?
EVENT DRIVEN ONE LAMBDA PER HTTP METHOD
GET /pets
PUT /pets
DELETE /pets
GET /describe/pet/$id
PUT /describe/pet/$id

28. Microservices - Pros and Cons
• Can be harder to debug (X-ray can help with this!)
• Multiple Lambda Functions to Manage (Use SAM!!!!)
Cons:
Pros:
• Easier for teams to work Autonomously
• Separation of components
• Fine grained deployments (Integration testing is important)
• Can be easier to debug
• Agile

29. What does it look like put together?
Amazon
S3
Amazon
API Gateway
S3 stores all of your static
content: CSS, JS, Images, etc.
API Gateway handles all of
your application routing.
Lambda runs all of the logic
behind your website. Such as
a Create/Read/Update/Delete
service.

30. How do I manage it?
MEET SAM
USE SAM TO BUILD TEMPLATES THAT DEFINE
YOUR SERVERLESS APPLICATIONS
DEPLOY YOUR SAM TEMPLATE
WITH AWS CLOUDFORMATION

31. AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized
for serverless
New serverless resource types: functions,
APIs, and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)

32. AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
CloudFormation Template

33. SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

34. Frameworks
Chalice

35. ClaudiaJS
var ApiBuilder = require('claudia-api-builder')
var api = new ApiBuilder();
module.exports = api;
api.get('/hello', function () {
return 'hello world';
});
app.js
$ claudia create --region us-east-1 --api-module app

36. Chalice
from chalice import Chalice
app = Chalice(app_name="helloworld")
@app.route("/")
def index():
return {"hello": "world"}
app.py
$ deploy
Your chalice application is available at: https://endpoint/dev

37. DEMO!

38. Wrap-Up
Things to remember:
• AWS SAM (Serverless Application Model)
• Helps you define your entire Serverless application
• Lots of frameworks out there to help you get started
quickly
• ClaudiaJS, Zappa, Sparta, Apex, Chalice, aws-
serverless-express, Lambada, Serverless Framework
• If you’re just getting started, Start small!
• If you have questions, don’t be afraid to ask, the
community around Serverless is fantastic!

39. Thank you!
Twitter: @leozh
Email: leozh@amazon.com