Session on serverless solution architecture with focus on AWS presented at the Worldwide software architect summit

1. @runcyoommen
https://runcy.me
Solution Architecture In

2. |In brief|
1. #Serverless – Introduction, Evolution & Advantages
2. AWS Serverless – Example Solution Architecture
 DynamoDB – Setup tables/attributes/items
 IAM - Required roles
 Lambda - Make functions
 API Gateway - Appropriate triggers
 S3 - Host the static web files
 ACM - Generate appropriate certificate
 CloudFront - Create a global distribution
 Route 53 - DNS redirection
3. AWS Full-Stack Serverless
 AWS Amplify – Introduction and Capabilities

3. Career
 Principal SDE, SONICWALL, 17+ yrs. industry experience
primarily in systems, cloud (private/public), security, networking
 10x multi-cloud certified (GCP, AWS, Azure, CNCF)
 Patent (India) in cloud security around distributed data storage
 Interested in serverless, containers and cloud native offerings.
Firm believer of a multi-hybrid cloud future
Community
 Organizer of GDG Cloud, AWS user Group and Cloud Native
meetup groups in Bangalore
 Regular speaker at domestic and international cloud, tech &
security conferences
 Multiple hackathon wins in cloud/security topics.
 Recognized by Google as a community influencer
[~]$ whoami
runcyoommen
https://runcy.me

4. What does “Serverless” mean?
Reference:
https://en.wikipedia.org/wiki/Serverless_computing
“Serverless computing is a cloud
computing execution model in which the
cloud provider runs the server, and
dynamically manages the allocation of
machine resources.”

7. How did we get here?

9. What are we
building today?

12. Pre-requisites to begin
• AWS free-tier account
• Get the source code
https://github.com/roommen/runcystees
• Basic knowledge of Python, HTML, JS, CSS
• A good IDE like Visual Studio Code
• Assumption: You have a registered domain

13. 1. Setting up the DB
• Select ‘DynamoDB’ from the services list
(under Database section)
• Click ‘Create table’ to get started

14. • Provide table name, primary key
• Leave the rest as default settings

15. • Start adding the items by clicking
on ‘Create item’
• Really simple DB schema consisting of
id (Primary key) and desc of the tees

16. 2. Relevant IAM roles
• Select ‘IAM’ from the services list
(under Security, Identity & Compliance)
• Create a new role
• Select Lambda as the service that will use this role
• Click Next to attach the permissions

17. • Attach the below given pre-defined policies
• Add appropriate tags (optional but good practice)

18. Provide an appropriate name and create the role

19. 3. Let’s make some ‘FaaS’
• Select ‘Lambda’ from the services list
(under Compute)
• Provide name, runtime and choose the role

20. In this web app example, we have:
 Show Tee Description – handled by ShowTeeDesc.py
For Python with Lambda, zip all source code and
dependencies (if any)

21. • Boto3 is the only dependency; it need not be
packaged as it’s part of Python runtime in Lambda
• You should now have
showTeeDesc.zip created
• Verify contents of the zip file - Ensure it looks
identical to screenshot

22. • Now in the Lambda screen, upload the zip file created earlier and
change the Handler info to showTeeDesc.lambda_handler
• The format of Handler should be <python_filename>.lambda_handler

23. • Provide appropriate description
and keep the memory and
timeout as is
• Click on ‘Save’ to create the Lambda function
• Created function will be displayed as below

24. 4. Integration with API Gateway
• Select ‘API Gateway’ from the services
list (under Networking & Content Delivery)
• Click ‘Create API’
• Choose the protocol, name and other details

25. • Choose ‘Create Resource’ from the Actions menu.
• Make sure to ‘Enable API Gateway CORS’

26. Resource created - showteedesc
• Select the resource
and now click ‘Create
Method’
• Choose ‘POST’ method

27. Configure POST method - showteedesc
• Select appropriate region and the function that
we had created earlier for integration

28. • Select a method and click
“Enable CORS”
• On the next screen, leave everything as is and click
“Enable CORS and replace existing headers”

29. • Select “Deploy API” from ‘Actions’
Choose [New Stage] and provide
appropriate values

30. • After deployment, the APIs would be available under stage
• Click on POST method created for /showteedesc and see
the API endpoint

31. • Enable the APIs – Edit the JS function
• Integrate the APIs with the relevant functions
defined in runcystees.js to have it invoked

32. Bringing it all together…
index.html runcystees.js
showTeeDesc.py
SERVERLESS
TRINITY

33. 5. Host web files on S3
• Select ‘S3’ from the services list
(under Storage)
• Click ‘Create bucket’
• Provide appropriate ‘Bucket
name’ and ‘Region’
• Click ‘Create’

34. • Select the bucket that you created earlier
• From the “Properties” tab, select ‘Static
website hosting’

35. • Provide appropriate
‘Index doc’ and hit
Save
• You will now see an
‘Endpoint’ available
which will serve you
the website content

36. • Click on the
‘Permissions’ tab
• Select ‘Bucket Policy’
• Entering the policy makes it world readable
Policy: https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html#add-bucket-policy-public-access

37. 6. Generate certificate
• Select ‘Certificate Manager’ from the
services (under Security, Identity & Compliance)
• Click ‘Request a certificate’
• Select ‘Request a public certificate’
• Choose region as N. Virginia

38. Enter domain name
for generating the
certificate
Select ‘DNS
validation’

39. • Choose ‘Create record in Route 53’ to make
the appropriate DNS entry for certificates
• An entry would be created under Route 53
• Certificate status would be shown as Issued (~15 mins)

40. 7. Make CloudFront distribution
• Select ‘CloudFront’ from the services
(under Networking & Content Delivery)
• Click ‘Create Distribution’
• Select ‘Web’ as the delivery
method for content

41. • Provide ‘Origin Domain Name’ as the S3 bucket
• Set protocol policy as
‘Redirect HTTP to
HTTPS’

42. • Provide
appropriate
CNAME entries
• Select the
certificate created
earlier from the
custom list

43. • Click on ‘Create Distribution’
• Wait for the distribution to be created (~30 mins)
• Set the default root object as the first html page

44. • Select ‘Route 53’ from the services list
(under Networking & Content Delivery)
8. DNS redirection
• Select the Hosted Zone displayed for
your domain
• Click on the ‘Create Record Set’ button

45. • Create a CNAME record set
• Provide CloudFront domain name as the value

46. • The website is ** NOW LIVE **
https://tees.runcy.me

47. What is AWS Amplify?
Easy to use JavaScript
library and toolchain for
building cloud-powered
mobile and web apps
• Creates and deploys sophisticated
serverless backends – FAST!

48. • CLI provides support for
authentication, analytics,
functions, RESTGraphQL
APIs…
• Toolchain uses AWS
CloudFormation and
enables you to add, modify
and share configurations

49. Hosting for static assets and websites
• Distributes content to end users with low
latency and high data transfer speeds
• Perform local testing of AWS
Lambda functions and deploy
• Provides a secure, durable and
scalable object storage infra

50. Easily create APIs and generate client code
• Define APIs using the
GraphQL Schema
Definition Language (SDL)
• Toolchain expands and transforms a full
CloudFormation template that implements
your data model

51. • Connects your front-end apps to AWS services
JavaScript Library
SPA Frameworks Supported
• Vue
• React
• React Native
• Angular
• Ionic

52. What sort of services are supported?
• Authentication (Amazon Cognito)
• Storage (Amazon S3 & DynamoDB)
• Function (AWS Lambda)
• API (AWS AppSync & API Gateway)
• Hosting (Amazon S3 & CloudFront)
• Analytics (Amazon Pinpoint)
• Interactions (Amazon Lex)

54. @runcyoommen