Slides from my session at Goto Stockholm where I talked about AWS Lambda and how it can be used to build reliable, scalable & low-cost applications, without servers for you to manage.
Special thanks to James Hall at Parallax for allowing me to talk about the awesome application that they built using AWS Lambda, Amazon API Gateway & Amazon DynanmoDB :)
5. AWS LAMBDA: INTERNET-SCALE COMPUTE PLATFORM
DEPLOY YOUR CODE IN SECONDS
SUB-SECOND METERING
NO SERVERS TO PROCURE, PROVISION OR MANAGE
6. MOBILE
CHAT APP
AD DATA ANALYTICS
AND ROUTING
MOBILE APP
ANALYTICS
IMAGE CONTENT
FILTERING
REAL-TIME VIDEO
AD BIDDING
NEWS CONTENT
PROCESSING
GENE SEQUENCE
SEARCH
CLOUD
TELEPHONY
DATA
PROCESSING
WEB
APPLICATIONS
WEB APPLICATIONSTHREAT INTELLIGENCE
AND ANALYTICS
NEWS CONTENT
PROCESSING
GAME METRICS ANALYTICS
SERVERLESS WEB APPLICATIONS
11. 1. User visits
HTTPS
GET /
S3 with
CloudFront
2. CSS & JS
HTTPS
GET
*.js
*.css
S3 with
CloudFront
index.html
3. Lang detect
API Gateway
w/
Lambda
HTTPS
GET
/users/
country
HTTPS
POST
/users/
update
4. User fills details
API Gateway
w/
Lambda
Inserted into
DynamoDB
PAGE LIFECYCLE
12. 5.
6.
7. 8.
5. FB Login
Hits Facebook
Hosted Endpoint
via Facebook
Javascript SDK
6. YouTube
YouTube iframe
7. Start recording
API Gateway w/
Lambda
Responds with
S3 upload token
Uploads directly
to S3 bucket
over HTTPS
using token
8. Upload recording
PAGE LIFECYCLE
HTTPS
GET
api.facebook.com
HTTPS
GET
youtube.com
{
“email”: “xyz”,
“profile_id”: 123
}
HTTPS
GET
/recordings/token
HTTPS
POST
bucket.s3.amazon/UID/
recording-X.mp3
13. 10. 11.
12. 13.
9. Submit details
API Gateway w/
Lambda
10. Artwork gen
HTTPS
POST
/users/generate_
artwork
API Gateway w/
Lambda.
Create image,
put on S3, return
S3 image URL
11. Artwork display
CloudFront w/ S3
HTTPS
GET
/domain.com/UID.png
AddThis.js is
populated with
the share texts,
and includes the
S3 URL
HTTP
GET
addthis.com/file.js
HTTPS
POST
/users/
update
{ url:
“domain.com/
UID.png” }
12. Social share 13. Social share
HTTPS
GET
https://twitter.com/intent/
tweet?text=XYZ
Directly hits the
social media
service
PAGE LIFECYCLE
15. NODE.JS
WEB APP
SERVER-SENT EVENT
STREAMING RESPONSE
QUERY
S3
LAMBDA CASCADE
FUNCTION N
LAMBDA CASCADE
FUNCTION 0 LAMBDA
COUNTING
FUNCTION 0
USER
LAMBDA
COUNTING
FUNCTION 0
LAMBDA
COUNTING
FUNCTION 0
LAMBDA
COUNTING
FUNCTION 0
2. SERVERLESS DATA PROCESSING
WEB UI CASCADE PROCESS
17. AWS IoT
DEVICE SDK
Set of client libraries to
connect, authenticate and
exchange messages
DEVICE GATEWAY
Communicate with devices via
MQTT and HTTP
AUTHENTICATION
AUTHORIZATION
Secure with mutual
authentication and encryption
RULES ENGINE
Transform messages
based on rules and route
to AWS Services
AWS Services
- - - - -
3rd Party
Services
DEVICE SHADOW
Persistent thing state during
intermittent connections
APPLICATIONS
AWS IoT
API
DEVICE REGISTRY
Identity and Management of
your things
24. Function Schedules: The how-to guide
✓ How can I keep a function warm (no cold starts)?
Schedule it!
✓ How can I poll a queue (like SQS)?
Schedule a function to read the queue.
✓ How can I get more timers?
Have one scheduled function async invoke other functions.
✓ How can I get granularity finer than 1 minute?
Run a background timer in your scheduled function.
25. Function Versioning: The how-to guide
✓ How can I get mutable configuration info?
Read it (e.g. from DynamoDB) during function initialization.
Wrap your config in a function and call it from your published code.
✓ How do I “roll back” in AWS Lambda?
Using aliases, just switch what the alias points to.
(As a collection, add API Gateway stages or CloudFormation.)
✓ How do I do blue/green deployments?
AWS Lambda handles fleet deployments, but if you want to shape traffic,
put a second “traffic cop” function in front.
✓ How can I lock a client/device onto an old version?
Point them directly to that version’s ARN.
26. AWS Lambda VPC basics
• All Lambda functions run in a VPC, all the time
• You never need to “turn on” security – it’s always on
• You can also grant Lambda functions access to resources in your own VPC
• How: Add VPC subnet IDs and security group IDs to the function config
• Typical uses: RDB, ElastiCache, private EC2 endpoints
• Allows access to peered VPCs, VPN endpoints, and private S3 endpoints
• Functions configured for VPC access lose internet access…
• unless you have managed NAT or a NAT instance in the VPC
• …Even if you have “Auto-assign Public IP” enabled
• …Even if you have an internet gateway set up in your VPC
• …Even if your security group allows all outbound traffic
27. AWS Lambda VPC feature: Best practices
✓ VPC is optional – don’t turn in on unless you need it.
✓ The ENIs used by Lambda’s VPC feature count against
your quota.
Ensure you have enough to match your peak concurrency levels
(we’ll consolidate where we can).
DO NOT delete or rename these ENIs! ☺
✓ Ensure your subnets have enough IPs for those ENIs.
✓ Specify at least one subnet in each Availability Zone
Otherwise, Lambda will obey, but can’t be as fault-tolerant.
28. Serverless web app architecture
1. Amazon S3 for serving static content
2. AWS Lambda for dynamic content
3. Amazon API Gateway for https access
4. Amazon DynamoDB for NoSQL data storage
Dynamic content in
AWS Lambda
Data stored in
Amazon
DynamoDB
API GatewayStatic content in
Amazon S3
29. The serverless compute manifesto
Functions are the unit of deployment and scaling.
No machines, VMs, or containers visible in the programming model.
Permanent storage lives elsewhere.
Scales per request. Users cannot over- or under-provision capacity.
Never pay for idle (no cold servers/containers or their costs).
Implicitly fault-tolerant because functions can run anywhere.
BYOC – Bring your own code.
Metrics and logging are a universal right.