Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Serverless Design Patterns

238 views

Published on

Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.

Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.

Published in: Technology
  • Be the first to comment

Serverless Design Patterns

  1. 1. SERVERLESS DESIGN PATTERNS
  2. 2. 2014
  3. 3. “Serverless”
  4. 4. Gojko Adzic It is serverless the same way WiFi is wireless. http://bit.ly/2yQgwwb
  5. 5. Serverless means… don’t pay for it if no-one uses it don’t need to worry about scaling don’t need to provision and manage servers
  6. 6. “Function-as-a-Service” AWS Lambda Azure Functions Google Cloud Functions Auth0 Webtask Spotinst Functions Kubeless IBM Cloud Functions
  7. 7. AWS Lambda
  8. 8. AWS Lambda API Gateway IOT SNS Kinesis CloudWatch
  9. 9. IaaS Function Application Runtime Container OS Virtualization Hardware CaaS Function Application Runtime Container OS Virtualization Hardware PaaS Function Application Runtime Container OS Virtualization Hardware FaaS Function Application Runtime Container OS Virtualization Hardware User User (scalable unit) Provider
  10. 10. IaaS Function Application Runtime Container OS Virtualization Hardware CaaS Function Application Runtime Container OS Virtualization Hardware PaaS Function Application Runtime Container OS Virtualization Hardware FaaS Function Application Runtime Container OS Virtualization Hardware User User (scalable unit) Provider
  11. 11. Serverless FaaS other Database Storage BI
  12. 12. SERVERLESS WILL FUNDAMENTALLY CHANGE HOW WE BUILD BUSINESS AROUND TECHNOLOGY AND HOW YOU CODE. Simon Wardley
  13. 13. more Scalable (and scales faster!)
  14. 14. Cheaper (don’t pay for idle servers)
  15. 15. Resilience (built-in redundancy and multi-AZ)
  16. 16. idea production choose language + framework master language + framework figure out deployment configure AMI configure ELB configure autoscaling capacity planning over-provision for launch are we doing microservices? configure CI/CD
  17. 17. idea production choose language + framework master language + framework figure out deployment configure AMI configure ELB configure autoscaling capacity planning over-provision for launch are we doing microservices? configure CI/CD
  18. 18. idea production greater Velocity from idea to product
  19. 19. minimise Undifferentiated heavy-lifting
  20. 20. Less ops responsibility on your shoulders
  21. 21. https://www.youtube.com/watch?v=pptsgV4bKv8
  22. 22. http://bit.ly/2Dpidje
  23. 23. events are an enabler for COMPOSABILITY
  24. 24. AWS LAMBDA is the...
  25. 25. PATTERNS
  26. 26. WARNING!!
  27. 27. A DESIGN PATTERN IS NOT... A RECIPE FOR SUCCESS
  28. 28. Pattern /pat(ə)n/ A pattern is the repeated or regular way in which something happens or is done.
  29. 29. UNDERSTAND YOUR PROBLEMS AND CONSTRAINTS OVER FOLLOWING A PATTERN. me
  30. 30. http://bit.ly/2Goq5mY
  31. 31. I’m not trying to sell you a “magic” elixir!
  32. 32. there are no silver bullets
  33. 33. Pattern /pat(ə)n/ A pattern is the repeated or regular way in which something happens or is done.
  34. 34. Yan Cui http://theburningmonk.com @theburningmonk Principal Engineer @
  35. 35. “Netflix for sports” offices in London, Leeds, Katowice and Tokyo
  36. 36. available in Austria, Switzerland, Germany, Japan and Canada
  37. 37. available on 30+ platforms
  38. 38. ~500,000 concurrent viewers
  39. 39. “Netflix for sports” offices in London, Leeds, Katowice and Tokyo We’re hiring! Visit engineering.dazn.com to learn more. follow @DAZN_ngnrs for updates about the engineering team.
  40. 40. AWS user since 2009
  41. 41. http://bit.ly/yubl-serverless
  42. 42. http://bit.ly/2Cdsai5
  43. 43. CRON
  44. 44. AWS LambdaCloudWatch Events
  45. 45. CloudWatch Events
  46. 46. OPS AUTOMATION
  47. 47. AWS Lambda CloudWatch Logs
  48. 48. CloudWatch Logs
  49. 49. AWS Lambda CloudWatch Logs AWS Lambda
  50. 50. CloudWatch Logs
  51. 51. AWS Lambda CloudWatch Logs CloudTrail
  52. 52. CloudWatch Events
  53. 53. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda
  54. 54. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda AWS Lambda
  55. 55. AWS Lambda CloudWatch Logs CloudWatch Events CloudTrail AWS Lambda AWS Lambda
  56. 56. auto-update CloudWatch retention policy auto-create alarms for new APIs auto-create dashboards for new APIs alert on suspicious console logins alert on EC2 activities in unused regions …
  57. 57. WEB APPS
  58. 58. CloudFront S3 Browser
  59. 59. API Gateway AWS Lambda DynamoDBRoute53 CloudFront S3 Browser
  60. 60. API Gateway AWS Lambda DynamoDBRoute53 CloudFront S3 Browser Cognito
  61. 61. Federated Identities Sync User Flows Registration Verify email/phone Secure sign-in Forgotten password Change password Sign out Cognito User Pools
  62. 62. Federated Identities Sync Leading Practices Secure password handling with SRP protocol Encrypt all data server-side Password policies Token-based authentication MFA Support CAPTCHA Cognito User Pools
  63. 63. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate
  64. 64. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token
  65. 65. Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token
  66. 66. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token
  67. 67. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers authenticate token token IAM credential
  68. 68. validate Cognito Federated Identities Cognito User Pools Facebook TwitterGoogle … identity providers API Gateway S3 DynamoDB SNSIOT Kinesis authenticate token token IAM credential IAM credential
  69. 69. what about Multi-Region support?
  70. 70. https://aws.amazon.com/dynamodb/global-tables
  71. 71. http://amzn.to/2Bwb5j6
  72. 72. API Gateway AWS Lambda DynamoDB Route53 CloudFront S3 Browser API Gateway AWS Lambda eu-west-1 us-east-1
  73. 73. http://bit.ly/2FGKsuA
  74. 74. DATA LAKES
  75. 75. S3 Buckets
  76. 76. S3 Buckets IAM
  77. 77. S3 Buckets KMSIAM
  78. 78. S3 Buckets KMS MacieIAM
  79. 79. S3 BucketsKinesis Streams Kinesis Firehose KMS MacieIAM
  80. 80. S3 BucketsKinesis Streams AWS Lambda KMS MacieIAM Kinesis Firehose
  81. 81. S3 BucketsKinesis Streams AWS Lambda KMS MacieIAM AWS Lambda Kinesis Firehose
  82. 82. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda Kinesis Firehose
  83. 83. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda DynamoDB ElasticSearch Kinesis Firehose
  84. 84. S3 BucketsKinesis Streams AWS Lambda AWS Lambda KMS MacieIAM AWS Lambda Google BigQuery Kinesis Firehose
  85. 85. S3 BucketsKinesis Streams AWS Lambda AWS Lambda Athena QuickSight KMS MacieIAM AWS Lambda Kinesis Firehose
  86. 86. S3 BucketsKinesis Streams AWS Lambda AWS Lambda Athena QuickSight KMS MacieIAM AWS Lambda Kinesis Firehose
  87. 87. EVENT DRIVEN
  88. 88. http://bit.ly/2Dpidje
  89. 89. Kinesis
  90. 90. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B
  91. 91. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B
  92. 92. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda
  93. 93. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT
  94. 94. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT
  95. 95. Kinesis API Gateway AWS Lambda API GatewayAWS Lambda service-A service-B AWS Lambda AWS Lambda AWS Lambda DynamoDBIOT AWS Lambda AWS Lambda
  96. 96. build loosely-coupled system through events
  97. 97. service A service B service C service D bounded context bounded context
  98. 98. service A service B service C service D bounded context bounded context
  99. 99. service A service B service C service D
  100. 100. service A service B service C service D
  101. 101. service A service B service C service D
  102. 102. service A service B service C service Dbackward-compatible?
  103. 103. bounded context DON’T use events to orchestrate workflows within the same bounded context
  104. 104. bounded context adds unnecessary complexity to logging, tracing, and end-to-end reporting
  105. 105. bounded context the workflow doesn’t exist as a standalone concept, but as the sum of a series of loosely connected parts
  106. 106. Step Functions use Step Functions instead
  107. 107. Step Functions don’t forget to emit events from the workflow
  108. 108. Step Functions so others can react to state changes that happened as part of the workflow
  109. 109. DECOUPLED INVOCATION
  110. 110. Decoupled Invocation How can a service handle normal request loads, peak request loads, and a continuous period of high load without failing?
  111. 111. business logic requires expensive processing
  112. 112. API Gateway max integration timeout is 29 seconds http://amzn.to/2BwW5Bx
  113. 113. downstream systems not as scalable
  114. 114. decouple reply from the initial request
  115. 115. APIClient POST /do_something
  116. 116. workerAPIClient POST /do_something 202 /result_location do work
  117. 117. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work
  118. 118. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work work done
  119. 119. workerAPIClient POST /do_something 202 /result_location GET /result_location 202 /result_location do work work done GET /result_location 200 OK
  120. 120. amortises spikes in load
  121. 121. allows fast response back to caller whilst promises to finish work later
  122. 122. allows flexible retry strategies by removing the urgency of having to reply to caller right away
  123. 123. DynamoDB API Gateway POST task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready PutItem
  124. 124. DynamoDB API Gateway POST task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  125. 125. DynamoDB API Gateway 202 task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  126. 126. use “created at” timestamp to timeout polling requests and avoid infinite retry
  127. 127. DynamoDBAPI Gateway GET task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  128. 128. DynamoDBAPI Gateway 202 task id created at result xxx xxx <null> xxx xxx <null> … … … task results not ready SQS
  129. 129. DynamoDB task id created at result xxx { … } xxx <null> … … task results done UpdateItem xxx xxx … SQS
  130. 130. DynamoDBAPI Gateway GET task id created at result xxx xxx { … } xxx xxx <null> … … … task results done
  131. 131. DynamoDBAPI Gateway 200 { … }
  132. 132. also consider using Kinesis Streams or DynamoDB Streams as queue
  133. 133. but SNS is a poor choice (invocation-per-message means no amortisation)
  134. 134. PUB-SUB
  135. 135. msg broker subscriber subscriber subscriber subscriber …
  136. 136. one message, many consumers
  137. 137. good for decoupling data processing
  138. 138. independent failures partial failures are easier to manage
  139. 139. SNS, Kinesis Streams, DynamoDB Streams, etc…
  140. 140. SNS
  141. 141. 2 retries then DLQ SNS
  142. 142. 2 retries then DLQ invocation per msg SNS
  143. 143. 2 retries then DLQ invocation per msg might run into throttling limits consider impact on downstream SNS
  144. 144. suffers from temporal issues
  145. 145. msg/s time max throughput erred and retried
  146. 146. msg/s time max throughput erred and retried
  147. 147. msg/s time max throughput downstream outage
  148. 148. Kinesis
  149. 149. retried until success Kinesis
  150. 150. retried until success invocation per shard Kinesis
  151. 151. better handling of temporal issues
  152. 152. msg/s time processed max throughput amortised received
  153. 153. msg/s time max throughput downstream outage processed received
  154. 154. DynamoDB Streams DynamoDB
  155. 155. Kinesis Streams or DynamoDB Streams?
  156. 156. what is your source of truth?
  157. 157. limited to events from one table
  158. 158. records describe DynamoDB events, not events from your domain
  159. 159. auto-scales no. of shards
  160. 160. cannot extend data retention beyond 24 hours
  161. 161. charged based on no. of requests ($0.02 per 100,000 read request units)
  162. 162. 1 msg/s for a month, 1KB per msg $0.47 1 x 60s x 60m x 24hr x 30days @ $0.014 per mil + 24hrs x 30days @ $0.015 per hr $10.836 1 x 60s x 60m x 24hr x 30days @ $0.5 per mil $1.296 DynamoDB StreamsSNSKinesis Streams 1 Write Capacity Unit @ $0.47 per unit
  163. 163. 1k msg/s for a month, 1KB per msg 1k x 60s x 60m x 24hr x 30days @ $0.014 per mil + 24hrs x 30days @ $0.015 per hr $47.088 1k x 60s x 60m x 24hr x 30days @ $0.5 per mil $1296.00 DynamoDB StreamsSNSKinesis Streams $470.00 1k Write Capacity Unit @ $0.47 per unit
  164. 164. DON’T take these projections at face value!
  165. 165. SNS
  166. 166. no restriction on destination target SNS
  167. 167. no restriction on destination target need to handle partial failures & retries SNS
  168. 168. SAGA
  169. 169. pattern for managing failures where each action has a compensating action for rollback
  170. 170. https://www.youtube.com/watch?v=xDuwrtwYHu8
  171. 171. Begin transaction Start book hotel request End book hotel request Start book flight request End book flight request Start book car rental request End book car rental request End transaction
  172. 172. model actions and compensating actions as Lambda functions
  173. 173. actions
  174. 174. compensating actions
  175. 175. state machine in AWS Step Functions as the coordinator for the saga
  176. 176. AWS Step Functions http://bit.ly/2uTJBE3
  177. 177. input
  178. 178. source code available here: https://github.com/theburningmonk/lambda-saga-pattern
  179. 179. API Gateway and Kinesis Authentication & authorisation (IAM, Cognito) Testing Running & Debugging functions locally Log aggregation Monitoring & Alerting X-Ray Correlation IDs CI/CD Performance and Cost optimisation Error Handling Configuration management VPC Security Leading practices (API Gateway, Kinesis, Lambda) Canary deployments http://bit.ly/prod-ready-serverless get 40% off with: ytcui
  180. 180. @theburningmonk theburningmonk.com github.com/theburningmonk

×