Uploaded bydehms
408 views

Going Serverless

This document discusses serverless architecture using AWS services. It describes how Open Class Tickets uses AWS Lambda for backend business logic, API Gateway to access the logic, and DynamoDB for data persistence. It also covers authentication with Cognito, event handling with SNS, ticket delivery with SES, file storage with S3, and management with CloudFront. Infrastructure is defined with CloudFormation. Key benefits are no servers to manage and continuous scaling, while potential downsides include vendor lock-in and cold start latency.

Embed presentation

Downloaded 19 times
Going Serverless… Dirk Ehms, Open Class Tickets  Serverless Computing  Serverless Architecture  Serverless Operations
Open Class Tickets https://unsplash.com/photos/NSVJAAXOYHs
Open Class Tickets - Platform Tickets - Studio App Management Console Business Logic e-Tickets Building Blocks
Open Class Tickets - Facts  Pure Serverless  Software as a Service (SaaS)  Multi Tenant  Frameworks and Technologies  Back-end Business Logic: AWS Lambda  Tickets – Studio App: Ionic3 (Angular, HTML5, Cordova)  Attendee e-Tickets: Apple Wallet (Passbook)  Management Console: Bootstrap, Angular  Dev-Tools: Serverless Framework
Tickets–StudioApp Amazon Polly
1. Create Ticket Assemble pass.json file Collect artwork as PNG files Create manifest.json file Create digital signature file for manifest Zip it all up and change extension to *.pkpass icon.pgn, logo.png, strip.png WWDR intermediate cert, Pass-signing cert + private key Apple Wallet
1. Create Ticket AWS Lambda  Heart of AWS Serverless Computing  Never pay for idle: pay as you go  Event driven, multiple event sources  Available in (almost) all regions
1. Create Ticket (2) System Architecture Mobile Client Web Browser AWS SDK AWS AWS Lambda Internet
2. API to access business logic API Gateway  Important part of the AWS Serverless Infrastructure  Provides (consistent) RESTful APIs  But API-ID changes per redeploy  API protection and monitoring  Supports  Proxy integration  Binary support
2. API to access business logic System Architecture Internet https://90varu7pzb.execute-api.eu-central-1.amazonaws.com/prod/tickets ionic
3. Persist ticket data Amazon DynamoDB  NoSQL database, fully managed  Replicated continuously to 3 AZs  Read / Write Provisioning  Different multi tenant database approaches  Tenant field per table  Separate tables per tenant  AWS account per tenant  Alternative: RDS (Managed Service)
3. Persist attendee data System Architecture Internet Mobile Client ionic
4. Authenticate and Authorize Cognito User Pool, Cognito Identity Pool  API Gateway: Provides 3 types of authorization  User Pools Authorizers  AWS IAM authorization  Custom Authorizers  JSON Web Tokens (JWT)  Custom fields :: tenantId  No data export function (IaC -> don’t remove)
User Pool 1. Authenticate   2. JWT tokens Cognito User Pool 4. Authenticate Users (2) 3. Call API Gateway  … AWS SDK
User Pool Identity Pool 6. Request AWS creds   7. Temporary AWS creds AWS Security Token Service (STS) Cognito User Pool + Cognito Identity Pool 4. Authenticate Users (3) AWS SDK 9. Call API Gateway  …
5. Event Handling Simple Notification Service (SNS)  Publish/Subscribe Messaging  One SNS topic per event type  Mobile Notifications  Push notifications  SMS  Alternatives:  DDB Streams  Amazon Kinesis Streams
5. Event Handling (2) API Gateway SNS AWS Lambda DynamoDB (Projection) DynamoDB System Architecture Internet Mobile Client ionic
6. Send Ticket to attendee Simple Email Service (SES)  Sending and receiving emails  Available in only 3 Region  (us-east-1, us-west-2, eu-west-1)  Starts in Sandbox mode  200 emails per day to verified addresses  Handling Bounces and Complaints  Define rules for receiving emails
6. Send Ticket to attendee (3) API Gateway SNS AWS Lambda SES DynamoDB Internet Mobile Client ionic System Architecture
7. Store Resource Files Amazon S3 (Simple Storage Service)  Event Bucket  Ticket Bucket (Apple Wallet)  Tenant Resource Bucket  Email Template  Ticket Images  Management Console:  Static Website hosting
7. Store Resource Files (2) API Gateway SNS AWS Lambda S3 Bucket DynamoDB System Architecture Internet Mobile Client ionic
8. Provide a Management Console Amazon CloudFront  Content Delivery Network (CDN-Service)  Configure Tenant Settings  Management Console:  Static Website hosting -> S3 Bucket  Alternative: S3 Bucket direct access
9. Use Custom Domains and HTTPS AWS Certificate Manager (ACM)  Custom Domains must be verified to be used  API Gateway  Base path mapping  Now integrated with AWS Certificate Manager  Amazon CloudFront
10. Hide Secrets AWS Key Management Service (KMS)  Create and control the encryption keys  Each customer master key costs $1/month KMS_ENCRYPT_CMD=”aws kms encrypt --key-id $AWS_KMS_ARN --output text --query CiphertextBlob” export SECRET_ENCRYPTED=$( echo $( $KMS_ENCRYPT_CMD --plaintext ”secret" ) )
10. Hide Secrets (2) AWS Key Management Service (KMS) const aws = require('aws-sdk'); const kms = new aws.KMS(); ... kms.decrypt({ CiphertextBlob: new Buffer(process.env.SECRET_ENCRYPTED, 'base64') }, (err, data) => { if (err) { return callback(err); } const decrypted = data.Plaintext.toString('ascii'); console.log('AFTER DECRYPTION:' + decrypted); });
Infrastructure as Code (IaC) AWS CloudFormation  Create templates of your infrastructure  CloudFormation provisions AWS resources based on dependency needs  Nested CloudFormation stacks vs cross-stack references  Alternatives: Terraform, CLI
Infrastructure as Code (2) AWS CloudFormation  Lambda-backed Custom Resource  Insert DB records  (Create Cognito instances)  Delete Your Stacks But Keep Your Data  Beware of renaming immutable attributes  Best practice: resource-only CloudFormation stack "myS3Bucket" : { "Type" : "AWS::S3::Bucket", "DeletionPolicy" : "Retain" }
Summary Pros  No servers to manage  Don’t pay for idle servers  Continuous Scaling  Fits well with microservices Cons  Vendor lock-in  Depending on single AWS region  Cold server latency  Doesn't support legacy apps  Local development & testing
Hype Driven Development https://blog.daftcode.pl/hype-driven-development-3469fc2e9b22 A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be. ★ ★ ★ Wayne Gretzky
Thank You

More Related Content

PPTX
Serverless computing
byDmitriy Ivanov
 
PDF
Aws cli
byAnh Vu Pham
 
PPTX
Aws lambda and accesing AWS RDS - Clouddictive
byClouddictive
 
PDF
AWS Lambda from the Trenches
byYan Cui
 
PDF
Serverless - When to FaaS?
byBenny Bauer
 
PDF
Serverless with IAC - terraform과 cloudformation 비교
by재현 신
 
PDF
AWS Step Function with API Gateway Integration - Metin Kale, Chicago
byAWS Chicago
 
PPTX
Aws meetup building_lambda
byAdam Book
 
Serverless computing
byDmitriy Ivanov
 
Aws cli
byAnh Vu Pham
 
Aws lambda and accesing AWS RDS - Clouddictive
byClouddictive
 
AWS Lambda from the Trenches
byYan Cui
 
Serverless - When to FaaS?
byBenny Bauer
 
Serverless with IAC - terraform과 cloudformation 비교
by재현 신
 
AWS Step Function with API Gateway Integration - Metin Kale, Chicago
byAWS Chicago
 
Aws meetup building_lambda
byAdam Book
 

Similar to Going Serverless

PDF
Scaling your Mobile App Development in the Cloud - DevNexus
byTara Walker
 
PPTX
Aws slides
byprincesly
 
PDF
AWS.pdf
byNambi Nam
 
PDF
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
byAmazon Web Services Korea
 
PDF
Building Cloud-powered Mobile Apps
byDanilo Poccia
 
PDF
Build a mobile app serverless with AWS Lambda
byTheFamily
 
PDF
The iot acdemy_awstraining_part4_aws_lab
byThe IOT Academy
 
PDF
Application Server-less Web Applications - Serverless Toronto Meetup
byDaniel Zivkovic
 
PPTX
Building Cloud-Powered Mobile Apps
byDanilo Poccia
 
PDF
Como construir suas aplicações escaláveis sem servidores
byAlexandre Santos
 
PPT
Sameer Mitter | What are Amazon Web Services (AWS)
bySameer Mitter
 
PPTX
Building Cloud-powered Mobile Apps
byDanilo Poccia
 
PDF
Serverless meetup
bymarcel panse
 
PPTX
Aws slides
byVinay Gali
 
PPTX
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
PPTX
Building Secure Architectures on AWS
byManojAccTest
 
PDF
Building Event-Driven Serverless Applications - AWS - Danilo Poccia
byIT Talent College
 
PPTX
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
byMongoDB
 
PPTX
It's 10pm, Do You Know Where Your Access Keys Are?
byKen Johnson
 
PDF
Websites go Serverless - AWS Summit Berlin
byBoaz Ziniman
 
Scaling your Mobile App Development in the Cloud - DevNexus
byTara Walker
 
Aws slides
byprincesly
 
AWS.pdf
byNambi Nam
 
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
byAmazon Web Services Korea
 
Building Cloud-powered Mobile Apps
byDanilo Poccia
 
Build a mobile app serverless with AWS Lambda
byTheFamily
 
The iot acdemy_awstraining_part4_aws_lab
byThe IOT Academy
 
Application Server-less Web Applications - Serverless Toronto Meetup
byDaniel Zivkovic
 
Building Cloud-Powered Mobile Apps
byDanilo Poccia
 
Como construir suas aplicações escaláveis sem servidores
byAlexandre Santos
 
Sameer Mitter | What are Amazon Web Services (AWS)
bySameer Mitter
 
Building Cloud-powered Mobile Apps
byDanilo Poccia
 
Serverless meetup
bymarcel panse
 
Aws slides
byVinay Gali
 
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
Building Secure Architectures on AWS
byManojAccTest
 
Building Event-Driven Serverless Applications - AWS - Danilo Poccia
byIT Talent College
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
byMongoDB
 
It's 10pm, Do You Know Where Your Access Keys Are?
byKen Johnson
 
Websites go Serverless - AWS Summit Berlin
byBoaz Ziniman
 

Recently uploaded

PDF
How to Evaluate a High Performance Database
byScyllaDB
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
How to Evaluate a High Performance Database
byScyllaDB
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 

Going Serverless

  • 1.
    Going Serverless… Dirk Ehms,Open Class Tickets  Serverless Computing  Serverless Architecture  Serverless Operations
  • 2.
  • 3.
    Open Class Tickets- Platform Tickets - Studio App Management Console Business Logic e-Tickets Building Blocks
  • 4.
    Open Class Tickets- Facts  Pure Serverless  Software as a Service (SaaS)  Multi Tenant  Frameworks and Technologies  Back-end Business Logic: AWS Lambda  Tickets – Studio App: Ionic3 (Angular, HTML5, Cordova)  Attendee e-Tickets: Apple Wallet (Passbook)  Management Console: Bootstrap, Angular  Dev-Tools: Serverless Framework
  • 5.
  • 6.
    1. Create TicketAssemble pass.json file Collect artwork as PNG files Create manifest.json file Create digital signature file for manifest Zip it all up and change extension to *.pkpass icon.pgn, logo.png, strip.png WWDR intermediate cert, Pass-signing cert + private key Apple Wallet
  • 7.
    1. Create Ticket AWSLambda  Heart of AWS Serverless Computing  Never pay for idle: pay as you go  Event driven, multiple event sources  Available in (almost) all regions
  • 8.
    1. Create Ticket(2) System Architecture Mobile Client Web Browser AWS SDK AWS AWS Lambda Internet
  • 9.
    2. API toaccess business logic API Gateway  Important part of the AWS Serverless Infrastructure  Provides (consistent) RESTful APIs  But API-ID changes per redeploy  API protection and monitoring  Supports  Proxy integration  Binary support
  • 10.
    2. API toaccess business logic System Architecture Internet https://90varu7pzb.execute-api.eu-central-1.amazonaws.com/prod/tickets ionic
  • 11.
    3. Persist ticketdata Amazon DynamoDB  NoSQL database, fully managed  Replicated continuously to 3 AZs  Read / Write Provisioning  Different multi tenant database approaches  Tenant field per table  Separate tables per tenant  AWS account per tenant  Alternative: RDS (Managed Service)
  • 12.
    3. Persist attendeedata System Architecture Internet Mobile Client ionic
  • 13.
    4. Authenticate andAuthorize Cognito User Pool, Cognito Identity Pool  API Gateway: Provides 3 types of authorization  User Pools Authorizers  AWS IAM authorization  Custom Authorizers  JSON Web Tokens (JWT)  Custom fields :: tenantId  No data export function (IaC -> don’t remove)
  • 14.
    User Pool 1. Authenticate  2. JWT tokens Cognito User Pool 4. Authenticate Users (2) 3. Call API Gateway  … AWS SDK
  • 15.
    User Pool Identity Pool 6.Request AWS creds   7. Temporary AWS creds AWS Security Token Service (STS) Cognito User Pool + Cognito Identity Pool 4. Authenticate Users (3) AWS SDK 9. Call API Gateway  …
  • 16.
    5. Event Handling SimpleNotification Service (SNS)  Publish/Subscribe Messaging  One SNS topic per event type  Mobile Notifications  Push notifications  SMS  Alternatives:  DDB Streams  Amazon Kinesis Streams
  • 17.
    5. Event Handling(2) API Gateway SNS AWS Lambda DynamoDB (Projection) DynamoDB System Architecture Internet Mobile Client ionic
  • 18.
    6. Send Ticketto attendee Simple Email Service (SES)  Sending and receiving emails  Available in only 3 Region  (us-east-1, us-west-2, eu-west-1)  Starts in Sandbox mode  200 emails per day to verified addresses  Handling Bounces and Complaints  Define rules for receiving emails
  • 19.
    6. Send Ticketto attendee (3) API Gateway SNS AWS Lambda SES DynamoDB Internet Mobile Client ionic System Architecture
  • 20.
    7. Store ResourceFiles Amazon S3 (Simple Storage Service)  Event Bucket  Ticket Bucket (Apple Wallet)  Tenant Resource Bucket  Email Template  Ticket Images  Management Console:  Static Website hosting
  • 21.
    7. Store ResourceFiles (2) API Gateway SNS AWS Lambda S3 Bucket DynamoDB System Architecture Internet Mobile Client ionic
  • 22.
    8. Provide aManagement Console Amazon CloudFront  Content Delivery Network (CDN-Service)  Configure Tenant Settings  Management Console:  Static Website hosting -> S3 Bucket  Alternative: S3 Bucket direct access
  • 23.
    9. Use CustomDomains and HTTPS AWS Certificate Manager (ACM)  Custom Domains must be verified to be used  API Gateway  Base path mapping  Now integrated with AWS Certificate Manager  Amazon CloudFront
  • 24.
    10. Hide Secrets AWSKey Management Service (KMS)  Create and control the encryption keys  Each customer master key costs $1/month KMS_ENCRYPT_CMD=”aws kms encrypt --key-id $AWS_KMS_ARN --output text --query CiphertextBlob” export SECRET_ENCRYPTED=$( echo $( $KMS_ENCRYPT_CMD --plaintext ”secret" ) )
  • 25.
    10. Hide Secrets(2) AWS Key Management Service (KMS) const aws = require('aws-sdk'); const kms = new aws.KMS(); ... kms.decrypt({ CiphertextBlob: new Buffer(process.env.SECRET_ENCRYPTED, 'base64') }, (err, data) => { if (err) { return callback(err); } const decrypted = data.Plaintext.toString('ascii'); console.log('AFTER DECRYPTION:' + decrypted); });
  • 26.
    Infrastructure as Code(IaC) AWS CloudFormation  Create templates of your infrastructure  CloudFormation provisions AWS resources based on dependency needs  Nested CloudFormation stacks vs cross-stack references  Alternatives: Terraform, CLI
  • 27.
    Infrastructure as Code(2) AWS CloudFormation  Lambda-backed Custom Resource  Insert DB records  (Create Cognito instances)  Delete Your Stacks But Keep Your Data  Beware of renaming immutable attributes  Best practice: resource-only CloudFormation stack "myS3Bucket" : { "Type" : "AWS::S3::Bucket", "DeletionPolicy" : "Retain" }
  • 28.
    Summary Pros  No serversto manage  Don’t pay for idle servers  Continuous Scaling  Fits well with microservices Cons  Vendor lock-in  Depending on single AWS region  Cold server latency  Doesn't support legacy apps  Local development & testing
  • 29.
    Hype Driven Development https://blog.daftcode.pl/hype-driven-development-3469fc2e9b22 Agood hockey player plays where the puck is. A great hockey player plays where the puck is going to be. ★ ★ ★ Wayne Gretzky
  • 30.