Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Serverless Architectural Patterns

818 views

Published on

Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your account by automatically reacting to rule violations to your security policy.

Join us in this talk to see some architectural design patterns that have emerged with Lambda, and how to pick the right event source based on the tradeoffs you want. Here are a few patterns that we'll cover in the talk: pub-sub, cron, push-pull, saga and decoupled invocation.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Serverless Architectural Patterns

  1. 1. @theburningmonk#VoxxedBristol #serverless Serverless Design Patterns Yan Cui
  2. 2. “Serverless”
  3. 3. 2014
  4. 4. Gojko Adzic It is serverless the same way WiFi is wireless. http://bit.ly/2yQgwwb
  5. 5. Serverless means… don’t pay for it if no-one uses it don’t need to worry about scaling don’t need to provision and manage servers
  6. 6. “Function-as-a-Service” AWS Lambda Azure Functions Google Cloud Functions Auth0 Webtask Spotinst Functions Kubeless IBM Cloud Functions
  7. 7. AWS Lambda
  8. 8. AWS Lambda API Gateway IOT SNS Kinesis CloudWatch
  9. 9. IaaS Function Application Runtime Container OS Virtualization Hardware CaaS Function Application Runtime Container OS Virtualization Hardware PaaS Function Application Runtime Container OS Virtualization Hardware FaaS Function Application Runtime Container OS Virtualization Hardware User User (scalable unit) Provider
  10. 10. IaaS Function Application Runtime Container OS Virtualization Hardware CaaS Function Application Runtime Container OS Virtualization Hardware PaaS Function Application Runtime Container OS Virtualization Hardware FaaS Function Application Runtime Container OS Virtualization Hardware User User (scalable unit) Provider
  11. 11. Serverless FaaS other services… Database Storage BI
  12. 12. SERVERLESS WILL FUNDAMENTALLY CHANGE HOW WE BUILD BUSINESS AROUND TECHNOLOGY AND HOW YOU CODE. Simon Wardley
  13. 13. more Scalable (and scales faster!)
  14. 14. Cheaper (don’t pay for idle servers)
  15. 15. Resilience (built-in redundancy and multi-AZ)
  16. 16. idea production choose language + framework master language + framework figure out deployment configure AMI configure ELB configure autoscaling capacity planning over-provision for launch are we doing microservices? configure CI/CD
  17. 17. idea production choose language + framework master language + framework figure out deployment configure AMI configure ELB configure autoscaling capacity planning over-provision for launch are we doing microservices? configure CI/CD
  18. 18. idea production greater Velocity from idea to product
  19. 19. minimise Undifferentiated heavy-lifting
  20. 20. Less ops responsibility on your shoulders
  21. 21. http://bit.ly/2Dpidje
  22. 22. events are an enabler for COMPOSABILITY
  23. 23. AWS LAMBDA is the...
  24. 24. PATTERNS
  25. 25. WARNING!!
  26. 26. DESIGN PATTERNS DO NOT GUARANTEE SUCCESS
  27. 27. Pattern /pat(ə)n/ A pattern is the repeated or regular way in which something happens or is done.
  28. 28. http://bit.ly/2Goq5mY
  29. 29. there are no silver bullets
  30. 30. UNDERSTAND YOUR PROBLEMS AND CONSTRAINTS OVER FOLLOWING A PATTERN. me
  31. 31. Pattern /pat(ə)n/ A pattern is the repeated or regular way in which something happens or is done.
  32. 32. Yan Cui http://theburningmonk.com @theburningmonk Principal Engineer @
  33. 33. available in Austria, Switzerland, Germany, Japan, Canada, Italy and US
  34. 34. available on 30+ platforms
  35. 35. ~1,000,000 concurrent viewers
  36. 36. We’re hiring! Visit engineering.dazn.com to learn more. follow @dazneng for updates about the engineering team
  37. 37. follow @dazneng for updates about the engineering team We’re hiring! Visit engineering.dazn.com to learn more. WE’RE HIRING!
  38. 38. AWS user since 2009
  39. 39. AWS user since 2009
  40. 40. https://www.youtube.com/watch?v=pptsgV4bKv8
  41. 41. https://bit.ly/production-ready-serverless
  42. 42. http://bit.ly/2C9LwIM
  43. 43. @theburningmonk#VoxxedBristol #serverless Cron
  44. 44. AWS LambdaCloudWatch Events
  45. 45. CloudWatch Events
  46. 46. @theburningmonk#VoxxedBristol #serverless Ops Automation
  47. 47. AWS Lambda CloudWatch Logs
  48. 48. CloudWatch Logs
  49. 49. AWS Lambda CloudWatch Logs AWS Lambda
  50. 50. CloudWatch Logs
  51. 51. AWS Lambda CloudWatch Logs CloudTrail
  52. 52. CloudWatch Events
  53. 53. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda
  54. 54. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda AWS Lambda
  55. 55. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda AWS Lambda
  56. 56. auto-update CloudWatch retention policy auto-create alarms for new APIs auto-create dashboards for new APIs alert on suspicious console logins alert on EC2 activities in unused regions …
  57. 57. @theburningmonk#VoxxedBristol #serverless Web Apps
  58. 58. CloudFront S3 Browser
  59. 59. API Gateway AWS Lambda DynamoDBRoute53 CloudFront S3 Browser
  60. 60. API Gateway AWS Lambda DynamoDBRoute53 CloudFront S3 Browser Cognito
  61. 61. Federated Identities Sync User Flows Registration Verify email/phone Secure sign-in Forgotten password Change password Sign out Cognito User Pools
  62. 62. Federated Identities Sync Leading Practices Secure password handling with SRP protocol Encrypt all data server-side Password policies Token-based authentication MFA Support CAPTCHA Cognito User Pools
  63. 63. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate
  64. 64. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token
  65. 65. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token
  66. 66. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token
  67. 67. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token IAM credential
  68. 68. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers API Gateway S3 DynamoDB SNSIOT Kinesis authenticate token token IAM credential IAM credential
  69. 69. what about Multi-Region support?
  70. 70. https://aws.amazon.com/dynamodb/global-tables
  71. 71. http://amzn.to/2Bwb5j6
  72. 72. API Gateway AWS Lambda DynamoDB Route53 CloudFront S3 Browser API Gateway AWS Lambda eu-west-1 us-east-1
  73. 73. http://bit.ly/2FGKsuA
  74. 74. @theburningmonk#VoxxedBristol #serverless Data Lakes
  75. 75. S3 Buckets
  76. 76. S3 Buckets IAM
  77. 77. S3 Buckets KMSIAM
  78. 78. S3 Buckets KMS MacieIAM
  79. 79. S3 BucketsKinesis Streams Kinesis Firehose KMS MacieIAM
  80. 80. S3 BucketsKinesis Streams AWS Lambda KMS MacieIAM Kinesis Firehose
  81. 81. S3 BucketsKinesis Streams AWS Lambda KMS MacieIAM AWS Lambda Kinesis Firehose
  82. 82. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda Kinesis Firehose
  83. 83. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda DynamoDB ElasticSearch Kinesis Firehose
  84. 84. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda Google BigQuery Kinesis Firehose
  85. 85. S3 BucketsKinesis Streams AWS Lambda AWS Lambda Athena QuickSight KMS MacieIAM AWS Lambda Kinesis Firehose
  86. 86. S3 BucketsKinesis Streams AWS Lambda AWS Lambda Athena QuickSight KMS MacieIAM AWS Lambda Kinesis Firehose
  87. 87. @theburningmonk#VoxxedBristol #serverless Event Driven
  88. 88. http://bit.ly/2Dpidje
  89. 89. Kinesis
  90. 90. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B
  91. 91. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B
  92. 92. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda
  93. 93. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT
  94. 94. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT
  95. 95. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT AWS Lambda AWS Lambda
  96. 96. build loosely-coupled system through events
  97. 97. service A service B service C service D bounded context bounded context
  98. 98. service A service B service C service D bounded context bounded context
  99. 99. service A service B service C service D
  100. 100. service A service B service C service D
  101. 101. service A service B service C service D
  102. 102. service A service B service C service Dbackward-compatible?
  103. 103. bounded context DON’T use events to orchestrate workflows within the same bounded context
  104. 104. bounded context adds unnecessary complexity to logging, tracing, and end-to-end reporting
  105. 105. bounded context the workflow doesn’t exist as a standalone concept, but as the sum of a series of loosely connected parts
  106. 106. Step Functions use Step Functions instead
  107. 107. Step Functions don’t forget to emit events from the workflow
  108. 108. Step Functions so others can react to state changes that happened as part of the workflow
  109. 109. @theburningmonk#VoxxedBristol #serverless Decoupled Invocation
  110. 110. Decoupled Invocation How can a service handle normal request loads, peak request loads, and a continuous period of high load without failing?
  111. 111. business logic requires expensive processing
  112. 112. API Gateway max integration timeout is 29 seconds http://amzn.to/2BwW5Bx
  113. 113. downstream systems not as scalable
  114. 114. decouple reply from the initial request
  115. 115. APIClient POST /do_something
  116. 116. workerAPIClient POST /do_something 202 /result_location do work
  117. 117. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work
  118. 118. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work work done
  119. 119. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work work done GET /result_location 200 OK
  120. 120. amortises spikes in load
  121. 121. allows fast response back to caller whilst promises to finish work later
  122. 122. allows flexible retry strategies by removing the urgency of having to reply to caller right away
  123. 123. DynamoDB API Gateway POST task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready PutItem
  124. 124. DynamoDB API Gateway POST task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  125. 125. DynamoDB API Gateway 202 task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  126. 126. use “created at” timestamp to timeout polling requests and avoid infinite retry
  127. 127. DynamoDBAPI Gateway GET task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  128. 128. DynamoDBAPI Gateway 202 task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  129. 129. DynamoDB task id created at result xxx { … } xxx <null> … … task results done UpdateItem xxx xxx … SQS
  130. 130. DynamoDBAPI Gateway GET task id created at result xxx xxx { … } xxx xxx <null> … … … task results done
  131. 131. DynamoDBAPI Gateway 200 { … }
  132. 132. control parallelism with Lambda reserved concurrency setting
  133. 133. also consider using Kinesis Streams or DynamoDB Streams as queue
  134. 134. if you use SNS, make sure to enable maxReceivesPerSecond delivery policy (otherwise, invocation-per-message means no amortisation)
  135. 135. @theburningmonk#VoxxedBristol #serverless Pub-Sub
  136. 136. msg broker subscriber subscriber subscriber subscriber …
  137. 137. one message, many consumers
  138. 138. good for decoupling data processing
  139. 139. independent failures partial failures are easier to manage
  140. 140. SNS, Kinesis Streams, DynamoDB Streams, etc…
  141. 141. SNS
  142. 142. 2 retries then DLQ SNS
  143. 143. 2 retries then DLQ invocation per msg SNS
  144. 144. 2 retries then DLQ invocation per msg might run into throttling limits consider impact on downstream SNS
  145. 145. suffers from temporary issues
  146. 146. msg/s time max throughput erred and retried
  147. 147. msg/s time max throughput erred and retried
  148. 148. msg/s time max throughput downstream outage
  149. 149. Kinesis
  150. 150. retried until success Kinesis
  151. 151. retried until success invocation per shard Kinesis
  152. 152. better handling of temporary issues
  153. 153. msg/s time processed max throughput amortised received
  154. 154. msg/s time max throughput downstream outage processed received
  155. 155. DynamoDB Streams DynamoDB
  156. 156. Kinesis Streams or DynamoDB Streams?
  157. 157. what is your source of truth?
  158. 158. limited to events from one table
  159. 159. records describe DynamoDB events, not events from your domain
  160. 160. auto-scales no. of shards
  161. 161. cannot extend data retention beyond 24 hours
  162. 162. charged based on no. of requests ($0.02 per 100,000 read request units)
  163. 163. 1 msg/s for a month, 1KB per msg $0.47 1 x 60s x 60m x 24hr x 30days @ $0.014 per mil + 24hrs x 30days @ $0.015 per hr $10.836 1 x 60s x 60m x 24hr x 30days @ $0.5 per mil $1.296 DynamoDB StreamsSNSKinesis Streams 1 Write Capacity Unit @ $0.47 per unit
  164. 164. 1k msg/s for a month, 1KB per msg 1k x 60s x 60m x 24hr x 30days @ $0.014 per mil + 24hrs x 30days @ $0.015 per hr $47.088 1k x 60s x 60m x 24hr x 30days @ $0.5 per mil $1296.00 DynamoDB StreamsSNSKinesis Streams $470.00 1k Write Capacity Unit @ $0.47 per unit
  165. 165. DON’T take these projections at face value!
  166. 166. SNS
  167. 167. no restriction on destination target SNS
  168. 168. no restriction on destination target need to handle partial failures & retries SNS
  169. 169. @theburningmonk#VoxxedBristol #serverless Saga
  170. 170. pattern for managing failures where each action has a compensating action for rollback
  171. 171. https://www.youtube.com/watch?v=xDuwrtwYHu8
  172. 172. Begin transaction Start book hotel request End book hotel request Start book flight request End book flight request Start book car rental request End book car rental request End transaction
  173. 173. model actions and compensating actions as Lambda functions
  174. 174. actions
  175. 175. compensating actions
  176. 176. state machine in AWS Step Functions as the coordinator for the saga
  177. 177. AWS Step Functions http://bit.ly/2uTJBE3
  178. 178. input
  179. 179. source code available here: https://github.com/theburningmonk/lambda-saga-pattern
  180. 180. API Gateway and Kinesis Authentication & authorisation (IAM, Cognito) Testing Running & Debugging functions locally Log aggregation Monitoring & Alerting X-Ray Correlation IDs CI/CD Performance and Cost optimisation Error Handling Configuration management VPC Security Leading practices (API Gateway, Kinesis, Lambda) Canary deployments http://bit.ly/prod-ready-serverless get 40% off with: ytcui
  181. 181. #VoxxedBristol #serverless @theburningmonk Thank You!

×