Post on 17-Mar-2018
Serverless Architectural Patterns and Best Practices
Adrian Hornsby, Technical Evangelist@adhorn
adhorn@amazon.com
2
Agenda
• Serverless characteristics and practices• 3-Tier Web application• Batch processing• Stream processing• Operations automation• Augmentation• IoT actions• Wrap-up/Q&A
3
Spectrum of AWS offerings
AWSLambda
Amazon Kinesis
AmazonS3
Amazon API Gateway
AmazonSQS
AmazonDynamoDB
AWS IoT
Amazon EMR
Amazon ElastiCache
AmazonRDS
Amazon Redshift
Amazon Elasticsearch
Service
Managed Serverless
Amazon EC2
“On EC2”
Amazon Cognito
Amazon CloudWatch
4
Serverless patterns built with functions
Functions are the unit of deployment and scaleScales per request—users cannot over or under-provisionNever pay for idleSkip the boring parts; skip the hard parts
5
Lambda considerations and best practices
AWS Lambda is stateless—architect accordingly• Assume no affinity with underlying compute infrastructure• Local filesystem access and child process may not extend
beyond the lifetime of the Lambda request
6
Lambda considerations and best practicesCan your Lambda functions survive the cold?
• Instantiate AWS clients and database clients outside the scope of the handler to take advantage of connection re-use.
• Schedule with CloudWatch Events for warmth
• ENIs for VPC support are attached during cold start
import sys import logging import rds_configimport pymysql
rds_host = "rds-instance" db_name = rds_config.db_nametry: conn = pymysql.connect( except: logger.error("ERROR:def handler(event, context):
with conn.cursor() as cur:Executes with each
invocation
Executes during cold start
7
Lambda considerations and best practices
How about a file system?• Don’t forget about /tmp (512 MB scratch
space) exports.ffmpeg = function(event,context) { new ffmpeg('./thumb.MP4', function (err, video) { if (!err) { video.fnExtractFrameToJPG('/tmp’)function (error, files) { … }…if (!error) console.log(files); context.done(); ...
8
Pattern 1: 3-Tier Web Application
9
Web application
Data stored in Amazon
DynamoDB
Dynamic content in AWS Lambda
Amazon API Gateway
Browser
Amazon CloudFront
Amazon S3
10
Amazon API Gateway AWS
LambdaAmazon
DynamoDB
AmazonS3
Amazon CloudFront
• Bucket Policies• ACLs
• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS
IAM
AuthZ
IAM
Serverless web app security
• Throttling• Caching• Usage Plans
Browser
11
Amazon API Gateway AWS
LambdaAmazon
DynamoDB
AmazonS3
Amazon CloudFront
• Bucket Policies• ACLs
• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS
IAMAuthZ IAM
Serverless web app security
• Throttling• Caching• Usage Plans
Browser
Amazon CloudFront• HTTPS• Disable Host
Header Forwarding
AWS WAF
12
Amazon API Gateway
AWSLambda
AmazonDynamoDB
AmazonS3
Amazon CloudFront
• Access Logs in S3 Bucket• Access Logs in S3 Bucket
• CloudWatch Metrics-https://aws.amazon.com/cloudfront/reporting/
Serverless web app monitoring
AWS WAF• WebACL Testing• Total Requests• Allowed/Blocked
Requests by ACL
logslogs
• Invocations• Invocation Errors• Duration• Throttled
Invocations
• Latency• Throughput• Throttled Reqs• Returned Bytes• Documentation
• Latency• Count• Cache Hit/Miss• 4XX/5XX Errors
Streams
AWSCloudTrail
BrowserCustom CloudWatch
Metrics & Alarms
13
AWS SAM (Serverless Application Model)AWS
Lambda
Amazon API Gateway
AWS CloudFormation
AmazonS3
AmazonDynamoDB
Package & Deploy
Code/Packages/Swagger
Serverless Template
Serverless Template
w/ CodeUri
package deployCI/CD Tools
Serverless web app lifecycle management
14
Roo
t /
/{proxy+} ANY Your Node.jsExpress app
Greedy variable, ANY method, proxy integration
Simple yet very powerful:
• Automatically scale to meet demand
• Only pay for the requests you receive
15
Amazon API Gateway best practices
• Use mock integrations• Signed URL from API Gateway for large or binary file uploads to
S3• Asynchronous calls for Lambda > 30s
16
Pattern 2: Batch Processing
17
Characteristics
• Large data sets• Periodic or scheduled tasks• Extract Transform Load (ETL) jobs• Usually non-interactive and long running• Many problems fit MapReduce programming model
18
Source data
Source data
Source data
Source data Data Staging Layer/data/source-raw
Data Staging Layer/data/source-validated
Input Validation and Conversion layer
Input Tracking layer
State Management Store
Event-Driven Batch controlled with AWS Lambda
19
Serverless batch processing
AWS Lambda: Splitter
Amazon S3Object
Amazon DynamoDB: Mapper Results
AWS Lambda: Mappers
….
…. AWS Lambda: Reducer
Amazon S3Results
20
Considerations and best practices
• Cascade mapper functions• Lambda languages vs. SQL• Speed is directly proportional to the concurrent Lambda function limit• Use DynamoDB/ElastiCache/S3 for intermediate state of mapper
functions• Lambda MapReduce Reference Architecture
21
Pattern 3: Stream Processing
22
Stream processing characteristics
• High ingest rate• Near real-time processing (low latency from ingest to process)• Spiky traffic (lots of devices with intermittent network connections)• Message durability• Message ordering
23
Serverless stream processing architecture
Sensors
Amazon Kinesis:Stream
Lambda: Stream Processor
S3:Final Aggregated Output
Lambda:Periodic Dump to S3
CloudWatch Events:Trigger every 5 minutes
S3:Intermediate Aggregated
Data
Lambda:Scheduled Dispatcher
KPL:Producer
24
Amazon Kinesis Analytics
Sensors
Amazon Kinesis:Stream
Amazon Kinesis Analytics: Window Aggregation
Amazon Kinesis StreamsProducer S3:
Aggregated Output
CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "DESTINATION_SQL_STREAM"
SELECT STREAM "device_id",
FLOOR("SOURCE_SQL_STREAM_001".ROWTIME TO MINUTE) as "round_ts",
SUM("measurement") as "sample_sum",
COUNT(*) AS "sample_count"
FROM "SOURCE_SQL_STREAM_001"
GROUP BY "device_id", FLOOR("SOURCE_SQL_STREAM_001".ROWTIME TO MINUTE);
Aggregation Time Window
25
Web ClientsUsers
API Gateway
Kinesis StreamInputJSON payload
Kinesis StreamOutputCSV payload
AWS Lambda
Amazon SNS
Kinesis Analytics
Real-time Clickstream Processing with Amazon Kinesis
26
Best practices
• Tune batch size when Lambda is triggered by Amazon Kinesis Streams –reduce number of Lambda invocations
• Tune memory setting for your Lambda function – shorten execution time• Use KPL to batch messages and saturate Amazon Kinesis Stream
capacity
27
Monitoring
Amazon Kinesis Stream metric GetRecords.IteratorAgeMilliseconds maximum
28
Pattern 4: Automation
29
Automation characteristics
• Respond to alarms or events• Periodic jobs • Auditing and Notification• Extend AWS functionality
30
Security and Conformity
• “Trust but verify” with high confidence via events.
• Deployments verified with every change.• Lambda guarantees that each instance is in
compliance with defined security rules. • Triggers shutdown of violations and
notifications. • Compliance and readiness rules can be validated
with every resource change.
31
Auto tagging resources as they start
AWS Lambda: Update Tag
Amazon CloudWatch Events:Rule Triggered
Amazon EC2 InstanceState Changes
Amazon DynamoDB: EC2 Instance Properties
Tag: N/A
Amazon EC2 InstanceState Changes
Tag:Owner=userNamePrincipalID=aws:userid
• AMI• Instances• Snapshot• Volume
32
Auto Start/Shutdown of Instances
AWS Lambda: Policy & Compliance Rules
Amazon CloudWatch Events:Rules Triggered
Amazon SNS: Alert Notifications
33
CapitalOne Cloud Custodian
AWS Lambda: Policy & Compliance Rules
Amazon CloudWatch Events:Rules Triggered
AWS CloudTrail:Events
Amazon SNS: Alert Notifications
Amazon CloudWatch Logs:Logs
Read more here: http://www.capitalone.io/cloud-custodian/docs/index.html
34
Cluster backup using AWS Lambda
AWS Lambda: Backup Rules
Amazon CloudWatch Events:Scheduled Trigger Amazon Redshift Cluster XYZ Snapshot
35
Dynamic DNS for EC2 instances
AWS Lambda: Update Route53
Amazon CloudWatch Events:Rule Triggered
Amazon EC2 InstanceState Changes
Amazon DynamoDB: EC2 Instance Properties
Amazon Route53: Private Hosted Zone
Tag:CNAME = ‘xyz.example.com’
xyz.example.com A 10.2.0.134
36
Pattern 5: Augmentation
37
Augmentation characteristics
• Event-based triggers• Extend AWS functionality• Stitch between services
38
Apply custom logic to content uploaded to S3
AWS Lambda: Custom Logic
Users upload Content
S3:Source Bucket
S3:Destination Bucket
Triggered on PUTs
• Watermarking/thumbnailing• Transcoding• Indexinganddeduplication• Aggregationandfiltering• Preprocessing• Contentvalidation• WAFupdates
39
S3 Bucket DynamoDB
ObjectCreateEvent
Put IndexEntry
Source data
Source data
Source data
Source data
Amazon S3 Metadata Index
40
DynamoDB DynamoDB StreamsPush changes
AWS Lambda
Amazon ElasticsearchService
Index Record
Search Query
Indexing DynamoDB content using ElasticSearch
41
Pattern 6: IoT Actions
42
IoT actions characteristics
• Respond to change in state• Alarm, triggers• Predictive maintenance
43
AWS Lambda
Notifications: Amazon SNS
DynamoDB
AWS IoTSensors Control System
Anomaly Detection Using AWS Lambda
Thanks!@adhornadhorn@amazon.com
.