Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Invent 2018

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Serverless Architectural Patterns
and Best Practices
Drew Dennis
Solutions Architect
Amazon Web Services
A R C 3 0 5
Maitreya Ranganath
Solutions Architect
Amazon Web Services

Agenda
Serverless foundations
Web application
Stream processing
Data lake
Machine learning

Spectrum of AWS offerings
AWS
Lambda
Amazon
Kinesis
Amazon
S3
Amazon API
Gateway
Amazon
SQS
Amazon
DynamoDB
AWS
IoT
Amazon
EMR
Amazon
ElastiCache
Amazon
RDS
Amazon
Redshift
Amazon ES
Managed Serverless
Amazon EC2
Microsoft SQL
Server
“On Amazon Elastic
Compute Cloud
(Amazon EC2)”
Amazon
Cognito
Amazon
CloudWatch
Amazon
Athena
AWS
X-Ray
AWS Step
Functions
Amazon
MQ
Amazon
SageMaker
Amazon
Neptune

Serverless means …
No server or container
management
Flexible scaling
No idle capacity
$
High availability

Bootstrap
the runtime
Start your
code
Lambda: The execution lifecycle
Cold start
Warm
start
Download
your code
Start new
container
Time

Tune your function’s resources
Lambda exposes only a memory control, with the % of
CPU core and network capacity allocated to a function
proportionally
Is your code CPU, network or memory-bound? If so, it
could be cheaper to choose more memory.
> Memory, > Cores, > Network

Lambda Power Tuning
Alex Casalboni
https://github.com/alexcasalboni/aws-
lambda-power-tuning

Lambda best practices
• Minimize your package size. Use only needed SDK modules.
• Put your dependency .jar files in a separate /lib directory.
• Improve dependency injection with smaller and simpler IoC
frameworks that load quickly on startup, like Dagger2.
• Leverage smaller and faster frameworks like jackson-jr for Java
data binding.
• Use environment variables to modify operational behavior.
• Make sure functions invoked by Amazon SQS don’t exceed the
Visibility Timeout.

AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized
for serverless
New serverless resource types: functions,
APIs, and tables
Global configurations
Local testing with SAM CLI
Open specification (Apache 2.0)
2018: API Gateway Authorizers, CORS, DDB
SSE, managed policies
github.com/awslabs/serverless-application-model

Cloud native IDE in AWS Cloud 9

Source Build Test Deploy
AWS CodeCommit AWS CodeBuild Third Party
Tooling
AWS CodeDeploy
AWS CodePipeline
AWS CodeStar
AWS code services

Lambda alias traffic shifting & AWS SAM
AutoPublishAlias
By adding this property and specifying
an alias name, AWS SAM will do the
following:
• Detect when new code is being
deployed based on changes to the
Amazon Simple Storage Service
(Amazon S3) URI of the Lambda
function
• Create and publish an updated version
of that function with the latest code
• Create an alias with a name you
provide (unless an alias already exists)
and points to the updated version of
the Lambda function
Deployment preference type
Canary10Percent30Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
AllAtOnce
In AWS SAM

Lambda alias traffic shifting & AWS Step Functions
http://amzn.to/2FjlWA7

Web application
Data stored in
Amazon
DynamoDB
Dynamic content in
AWS Lambda
Amazon API
Gateway
Browser
Amazon
CloudFront
Amazon S3
Amazon Cognito

Custom Ink reduces cost by 90%
Custom Ink enables people to design and order
custom t-shirts and gear for their clubs, companies,
charities, family reunions, and more.
"Custom Ink has now reduced
their cost by a factor of 90% ...
and increased service
reliability ... The operations
team can now focus on other
areas since they no longer
need to constantly manage the
service."
”
“
• Clipart and graphics service allows
customers to apply a number of
effects (flip, rotate, palette swaps), to
their own artwork or any piece of
clipart in the Custom Ink library
• Leverages API Gateway and Lambda
for autoscaling to handle peak loads
• Migration completed in three months

Choose the right API endpoint type
Edge optimized: Designed to help you reduce client latency
from anywhere on the Internet
AWS Region
API Gateway
Internet
edge
location
edge
location
edge
location
Amazon
CloudFront Distribution
API Gateway Managed

Web application
Data stored in
Amazon
DynamoDB
Dynamic content in
AWS Lambda
Amazon API
Gateway
Browser
Amazon
CloudFront
Amazon S3
Amazon Cognito
Lambda@Edge

Lambda@Edge use cases and blueprints
• Content customization
• Based on user attributes, device properties
• Visitor session validation
• User-agent validation—add an Access-Control-
Allow-Header
• Validate access token to confirm authentication
• URL customization
• Re-write URLs, pretty URLs
• A/B testing and cookie-based sticky sessions
• “Flip a coin” to select a version of content
displayed to each user
• Security
• Security header insertions (HSTS, X-Content-
Type-Options, and more)
• Bot handling

Regional AWS us-east-2
API Gateway
Internet AWS us-west-2
API Gateway
Amazon
Route 53
Lambda
function
Amazon
DynamoDB
Lambda
function
Amazon
DynamoDB
GlobalTables

API Gateway
API Gateway
Amazon
Route 53
Amazon
CloudFront
Amazon
CloudFront
Lambda
function
Amazon
DynamoDB
Lambda
function
Amazon
DynamoDB
GlobalTables

API Gateway
API Gateway
Amazon
Route 53
Lambda
function
Amazon
DynamoDB
Lambda
function
Amazon
DynamoDB
GlobalTables
Lambda@Edge
Amazon
CloudFront

Private: designed to expose APIs only inside your VPC
AWS Region
API Gateway
YOUR VPC
AWS Direct
Connect
On-premises

Amazon API
Gateway AWS
Lambda
Amazon
DynamoDB
Amazon
S3
Amazon
CloudFront
• Bucket Policies
• ACLs
• OAI
• Geo-Restriction
• Signed Cookies
• Signed URLs
• DDOS Protection
IAM
AuthZ
Serverless web app security
• Cross Account Lambda
• Throttling (per Method)
• Resource Policies
• Usage Plans
Browser
Amazon Cognito
• Encryption at Rest
• VPC Endpoint
• Function policies
• Env Variables

Authorization with Amazon Cognito
Cognito User Pool
(CUP)
Amazon API Gateway
IdP
User A
User B
User C
Cognito Identity Pool
(CIP)
/web
/cip
/cup
AWS
Lambda
Amazon
DynamoDB
Token
AWS Credentials
User B Data
IAM
Authorization
API Resources
C C
A A
A
B
BB
C

Lambda Authorizer
function
Client
Lambda
function
Amazon API
Gateway
Amazon
DynamoDB
AWS Identity &
Access Management
Lambda authorizers
Two types:
• TOKEN―authorization token
passed in a header
• REQUEST―all headers, query
strings, paths, stage variables,
or context variables

GraphQL: A query language for APIs
Resources defined by a GraphQL schema
Client sends query, server orchestrates data
Multiple transports (HTTP, MQTT, WebSockets)
Efficient (network bandwidth, dev time)
Self-documenting (introspection with tooling)

AWS AppSync
DynamoDB
Table
Lambda
Function
Amazon ES
GraphQL
Schema
Upload
Schema
GraphQL
Query
Mutation
Subscription
Real-time
Online/Offline
AppSync
API
Cognito
User Pool
Legacy
Application
Amazon RDS
https://
HTTP Resolver

Streaming with Amazon Kinesis
Easily collect, process, and analyze video and data streams in real time
Capture, process, and
store video streams
Kinesis Video
Streams
Load data streams into
data stores
Kinesis Data
Firehose
SQL
Analyze data streams
with SQL
Kinesis Data
Analytics
Capture, process, and
store data streams
Kinesis Data
Streams

Streaming data ingestion
Amazon CloudWatch:
Delivery metrics
Amazon S3:
Buffered files
Kinesis
Agent
Record
producers Amazon Redshift:
Table loads
Amazon Elasticsearch Service:
Domain loads
Amazon S3:
Source record backup
AWS Lambda:
Transformations &
enrichment
Amazon DynamoDB:
Lookup tables
Raw records
Lookup
Transformed records
Transformed recordsRaw records
Kinesis Data Firehose:
Delivery stream

Streaming data ingestion
Amazon CloudWatch:
Delivery metrics
Amazon S3:
Buffered files
Amazon Redshift:
Table loads
Amazon ElasticSearch Service:
Domain loads
Amazon S3:
Source record backup
AWS Lambda:
Transformations &
enrichment
Amazon DynamoDB:
Lookup tables
Raw records
Lookup
Transformed records
Transformed records
Raw Records
(HTTP
POST/PUT)
Amazon Kinesis Firehose:
Delivery stream
Amazon
CloudFront
Lambda@Edge
Browser

Best practices
Tune Kinesis Data Firehose buffer size and buffer interval
Larger objects = fewer Lambda invocations, fewer Amazon S3 PUTs
Enable compression to reduce storage costs
Enable Source Record Backup for transformations
Recover from transformation errors
Follow Amazon Redshift best practices for loading data

Amazon Kinesis Data Streams and AWS Lambda
• Number of Kinesis Data Streams shards corresponds to concurrent invocations
of Lambda function
• Batch size sets maximum number of records per Lambda function invocation
Kinesis Data Streams:
Stream
AWS Lambda:
Processor function
Streaming source Other AWS services

Fan-out pattern
Fan-out pattern trades strict message ordering versus higher throughput & lower latency
Stream
Lambda:
Dispatcher function
Lambda:
Processor function
Increase throughput, reduce processing latency
Streaming source

Real-time analytics
Ingest stream
Kinesis Data Analytics:
Time window aggregation
Kinesis Data Firehose:
Error stream
Amazon S3:
Error records
Record
producers
AWS Lambda:
Alert function
Amazon DynamoDB:
Device thresholds
Amazon SNS:
Notifications

CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO
"DESTINATION_SQL_STREAM"
SELECT STREAM "device_id",
STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE) as
"window_ts",
SUM("measurement") as "sample_sum",
COUNT(*) AS "sample_count"
FROM "SOURCE_SQL_STREAM_001"
GROUP BY "device_id",
STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE);
Amazon Kinesis Data Analytics
Aggregation
10-minute tumbling window
Kinesis Data Analytics:
Time window aggregation
Source stream Destination stream

Customer Reference: Otonomo
A dedicated platform for safe and simple exchange of connected car data to enable
an ecosystem of services and applications
• Ingesting 200M+ events per day
• 500K+ events/sec at peak
• Various consumer types for different use cases
• Persisting large amount of data in Amazon S3
• Real-time sub-second processing optimized for
stream processing
• Kinesis Data Analytics
• Anomaly detection / Insights / K-Top analysis
• Easily run SQL / Windowing functions on stream
Key Takeaways:
• Amazon S3 for data lake
• Decoupling of storage and
compute
• Scale independently
• Serverless + managed
• Focus on core business

Compare related services
Amazon MQ Amazon Kinesis
Data Streams
Amazon SQS
(Standard)
Amazon SQS
(FIFO)
Amazon SNS
Serverless No Yes Yes Yes Yes
Guaranteed
Ordering
Yes Yes, within Shard No Yes, within
Message Group
No
Message access Pull or Push Pull or Push (HTTP/2) Pull Pull Push
Delivery Exactly-once At-least-once At-least-once Exactly-once Retries
Data retention
period
Unlimited 7 days 14 days 14 days Until retries
complete
Parallel consumers Yes Multiple Consumers
per Shard with
independent iterators
Multiple Readers
(but only one
message per
Reader at a time)
One consumer
at a time
Multiple
Subscribers per
topic
Delivery
destination types
ActiveMQ clients Kinesis Consumers
(KCL, Lambda, SDK)
SQS Readers,
Lambda
SQS Readers HTTP/S, Mobile
Push, SMS, Email,
SQS, Lambda
Row/object size Unlimited 1 MB 256 KB (TB with S3) 256 KB 256 KB

Data lake characteristics
Collect, store, process, consume, and analyze all organizational data
Structured, semi-structured, and unstructured data
Decoupled compute and storage
Fast automated ingestion
Schema on read
AI/ML and BI/analytical use cases
Complementary to data warehouses

AWS serverless data lake
Amazon
S3
bucket(s)
Amazon ESAWS
Glue
Amazon
DynamoDB
Catalog & search
AWS Key
Management
Service (AWS KMS)
AWS
CloudTrail
IAM Amazon
Macie
Security & auditing
Amazon
Cognito
Amazon
API
Gateway
IAM
API/UI
Amazon
Athena
Amazon
QuickSight
Amazon
Redshift
Spectrum
Analytics & processing
AWS
Glue
AWS
Lambda
Amazon
Kinesis
Data
Streams
Amazon
Kinesis
Data
Firehose
AWS
Direct
Connect
Ingest
AWS
IoT

The foundation is Amazon S3
No need to run compute
clusters for storage
Virtually unlimited number of
objects and volume
Very high bandwidth – No
aggregate throughput limit
Multiple storage classes
Versioning
Encryption
S3 Select
CloudTrail Data Events
S3 Analytics and Inventory
S3 object tagging
Block Public Access

Search and Data Catalog
DynamoDB as metadata
repository
Amazon Elasticsearch
Service
AWS Lambda
Metadata Index
(DynamoDB)
Search Index
(Amazon ES)
ObjectCreated
ObjectDeleted PutItem
Update Index
S3 Bucket
https://aws.amazon.com/answers/big-data/data-lake-solution/
Catalog & Search

AWS Glue
Crawlers
AWS Glue
Data Catalog
Amazon
QuickSight
Amazon
Redshift
Spectrum
Amazon
Athena
S3
Bucket(s)
Catalog & Search
Instantly query your data lake on Amazon S3

Analytics
S3 Select on CSV, JSON and Apache Parquet objects
Amazon QuickSight
Amazon Athena
AWS Lambda
Predictions with Amazon SageMaker
Amazon EMR
AWS Glue (ETL)

Athena―Serverless interactive query service
44.66 seconds...Data scanned: 169.53GB
Cost: $5/TB or $0.005/GB = $0.85
SELECT gram, year, sum(count) FROM ngram
WHERE gram = 'just say no'
GROUP BY gram, year ORDER BY year ASC;

Athena best practices
Partition data
s3://bucket/flight/parquet/year=2018/month=11/day=25/
Columnar formats – Apache Parquet, AVRO, ORC
Compress files with splittable compression (bzip2)
Optimize file sizes
https://aws.amazon.com/blogs/big-data/top-10-performance-tuning-
tips-for-amazon-athena/

Serverless batch processing
AWS Lambda:
Splitter
Amazon S3
Object
Amazon DynamoDB:
Mapper Results
AWS Lambda:
Mappers
….
….
AWS Lambda:
Reducer
Amazon S3
Results
Analytics & Processing

Fannie Mae achieves 4x faster modeling
One simulation run of ~ 20
million mortgages takes
1.5 hours, >4 times faster
than the existing process.
• Fannie Mae uses a financial
modeling process for managing
mortgage risk on a daily basis.
• Monte-Carlo simulation process to
project future cash flows.
• 10 quadrillion (10𝑥1015
) of cash flow
projections each month in hundreds
of economic scenarios.

Pywren
• PyWren Python library provides 10 TFLOPS of peak compute power
with new default – 1000 concurrent functions
• Achieve over 60 GB/sec of read and 50 GB/sec of write performance
using Amazon S3
http://pywren.io/

The AWS machine learning stack
Frameworks KERAS
Platforms
Amazon SageMaker Amazon Mechanical Turk
Serverless
API-driven services
A M A Z O N
R E K O G N I T I O N
A M A Z O N
R E K O G N I T I O N
V I D E O
A M A Z O N
P O L L Y
A M A Z O N
T R A N S C R I B E
A M A Z O N
T R A N S L A T E
A M A Z O N
C O M P R E H E N D
A M A Z O N L E X
Vision Language
Conversational
chatbots

2. Submit
image
4. DetectFaces 7. DetectText
1. Upload
3. Store image Lambda Step Functions
5. DetectLabels 6. DetectModerationLabels
8. Store metadata &
analysis
DynamoDB
Amazon ES
Image processing with Amazon Rekognition Image

Media analysis solution
S3:
Web interface
Amazon Cognito
Amazon Rekognition Video:
Detect objects, scenes,
faces, & celebrities
Amazon ES:
Search index
API Gateway:
REST APIs
https://aws.amazon.com/answers/media-entertainment/media-analysis-solution/
AWS Elemental MediaConvert:
Transcode videos
S3:
Media storage
Step Functions:
Orchestrate
analysis

Amazon Connect
Serverless contact center solution
Real time and
historical analytics
High-quality
voice capability
Call
recording
Skills-based routing
[Automatic Call Distribution (ACD)]

Intelligent call center chatbot
Amazon
Connect
Customer
Amazon Lex AWS
Lambda:
Chatbot
Processing
DynamoDB:
Customer
Data
Amazon SNS:
SMS Messaging
Customer calls
Connect to
reschedule an
appointment
Connect calls
Lex chatbot
Lex chatbot calls
Lambda function
to get customer
preferences and
fulfil Intents
Lambda function
sends text message
confirmation via SNS
Customer receives
appointment
confirmation text
message
Lambda
function
writes updates
to DynamoDB

Call center analytics
Amazon
Connect
Customers
Agents
Contact trace records (CTRs)
Kinesis Data
Streams
Kinesis Data
Firehose
S3: CTRs
Call
recordings
S3: Call
recordings
S3: Call
transcripts
Step Functions:
Orchestrate
S3: Sentiment,
key phrases,
entities
Step Functions:
Orchestrate
S3 Notifications
for call
transcripts
Athena
Amazon
QuickSight

Summary
“No server is easier to manage than no server” - Werner Vogels, Amazon CTO
Never pay for idle & scale as you grow
Apply serverless patterns for common use-cases:
Web applications
Stream processing
Data lake
Machine learning
What will you build with serverless?

Related sessions
ARC303 Architecture Patterns of Serverless Stream Processing at Scale
Monday, November 26
5:30 PM - 6:30 PM | Aria West, Level 3, Starvine 10, Table 6
Tuesday, November 27
5:30 PM - 6:30 PM | Aria West, Level 3, Starvine 10, Table 4
ARC304 Architecture Patterns of Serverless Microservices
2:30PM– 3:30PM | MGM, Level 3, North Concourse 306
ARC214 Using Containers and Serverless to Deploy Microservices
10:00AM – 11:00AM | Aria East, Plaza Level, Orovada 3

Thank you!

Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Invent 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Invent 2018

Similar to Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Invent 2018 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Serverless Architectural Patterns and Best Practices (ARC305-R2) - AWS re:Invent 2018