Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless...
Transcript of Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless...
![Page 1: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/1.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
David Richardson
VP of Serverless, AWS
Operations &
event-driven architectures
![Page 2: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/2.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Elements of a modern application
Modular
services
As managed
as possible
Automated
& standardized
Everyone’s
responsibility
Purpose
built
Architectural
patterns
1
Operational
model
2
Software
delivery
3
Management &
governance
4
Data
management
5
![Page 3: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/3.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Small pieces loosely joined
Modern application architectures are small pieces, loosely joined
![Page 4: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/4.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Lambda enhancements
Provisioned
Concurrency
Compute
Savings Plan
VPC
Networking
![Page 5: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/5.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
APIs are the front door
of microservices
![Page 6: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/6.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Realtor.com uses APIs between services
Lambda function
AWS
Amazon CloudWatch
monitoring
Amazon
CloudFront
Mobile apps
API
Gateway cache
Websites
Image Processing
Internet
Image Repository
“
..”
—Kuntal Shah
SVP Engineering, Realtor.com
![Page 7: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/7.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Cost and Performance
![Page 8: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/8.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Event-driven architectures
Client
Mobile
IoT
Amazon
Kinesis
Amazon
DynamoDB
EventsAWS Step Functions
Amazon
SQS
Amazon
SNSMessaging
AWS Step Functions
AWS Step Functions
AWS Lambda AWS Lambda
![Page 9: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/9.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Amazon EventBridge – SaaS Event Sources
EventBridge Event Bus
AWS Lambda
Amazon Kinesis Data Firehose
Amazon SNS
Additional Targets
SaaS Event Sources
AWS Service Event Sources
Custom Event Bus
SaaS Event Bus
Default Event Bus
Topics
Event Targets
![Page 10: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/10.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Connecting AWS event sourcesMessaging
Queues
Amazon Simple
Queue Service
Pub/Sub
Amazon Simple
Notification Service
Events
Amazon
EventBridge
![Page 11: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/11.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Data streams
Amazon
DynamoDB
Data StoreMicroservices
Performance at scale
Fast and flexible
IngestData streams
Data processing
Real-time
Amazon Kinesis
Data Streams
![Page 12: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/12.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Coordinate function execution
Track status of
data and execution
Remove
redundant code
![Page 13: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/13.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
Serverless security
![Page 14: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/14.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Common causes of security breaches
Unapplied patches
and updates
Malicious code &
runtime security
Network
segmentation
Overly permissive
access
![Page 15: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/15.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Comparison of operational responsibility
AWS LambdaServerless functions
AWS FargateServerless containers
Amazon ECS/
Amazon EKSContainer management as a service
Amazon EC2Infrastructure as a service
More opinionated
Less opinionated
AWS manages Customer manages
• Data source integrations• Physical hardware, software, networking,
and facilities
• Provisioning
• Application code
• Container orchestration, provisioning• Cluster scaling
• Physical hardware, host OS/kernel, networking, and facilities
• Application code• Data source integrations
• Security config and updates, network config, management tasks
• Container orchestration control plane• Physical hardware software, networking,
and facilities
• Application code• Data source integrations
• Work clusters• Security config and updates, network config,
firewall, management tasks
• Physical hardware software, networking, and facilities
• Application code• Data source integrations
• Scaling• Security config and updates,
network config, management tasks• Provisioning, managing scaling
and patching of servers
![Page 16: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/16.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Lambda-ready partners
![Page 17: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/17.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS serverless service delivery partners
![Page 18: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/18.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Function isolation
VirtualizationStrong isolation boundary for functions
![Page 19: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/19.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Function isolation
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
Lambda Function
Application Code
Layers
Network
Interface
Data
Volume Credentials
Lambda Data Plane
Kernel
MicroVM
![Page 20: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/20.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Shared responsibility model
AWS
Security OF
the Cloud
AWS is responsible for
protecting the infrastructure
that runs all of the services
offered in the AWS Cloud
Security IN
the Cloud
Customer responsibility will be
determined by the AWS Cloud
services that a customer selects
Customer
![Page 21: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/21.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Serverless Shared Responsibility Model
AW
S
AW
S Identity
and A
ccess M
anagem
ent
Platform
management
Network traffic
Firewall configCode encryption
Operating system and network configuration
Compute
Edge locations
NetworkingDatabaseStorage
Regions
Availability zones
Custo
mer Customer data, application identity and access management
Data encryption
Data integrity
Authentication
Application
Management
Internet access
Monitoring
Logging
AWS Global
Infrastructure
Responsible
for security
“in” the cloud
Responsible
for security
“of” the cloud
![Page 22: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/22.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Finer-grained control gives you better security
In plain language, the potential security risk of
a serverless application is lower, but still present!
![Page 23: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/23.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Identity & access management
![Page 24: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/24.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
Modern operations
![Page 25: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/25.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
What’s different about modern operations?
Central control
Periodic software release
Physical hardware
Manual tasks
Traditional Modern
Decoupled teams
Continuous delivery
Virtual or ephemeral
Automation via code
![Page 26: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/26.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are the approaches to operations?
Central control
Low risk but very
slow to release
Dependencies
& time lags
Guardrails
Fast time & low risk
to the business
Win win
Free for all
Fast dev time, but high risk
to legal & app reliability
Chaos
![Page 27: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/27.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are
guardrails?
Guardrails are mechanisms, such as
processes or practices, that reduce
both the occurrence and blast radius
of undesirable application behavior
![Page 28: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/28.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are some real-world guardrails?
MonitoringProvisioningDeployment
Cost
management
Security
& compliance
![Page 29: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/29.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Centrally deployed guardrails enable
the standardization of routine processes,
like certificate management, without
creating bottlenecks
A A
![Page 30: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/30.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Where your teams can go from here
A AA A
A A
![Page 31: Operations & event-driven architectures€¦ · Serverless functions AWS Fargate Serverless containers Amazon ECS/ Amazon EKS Container management as a service Amazon EC2 Infrastructure](https://reader035.fdocuments.us/reader035/viewer/2022063019/5fde4b9b7597da0c442110be/html5/thumbnails/31.jpg)
© 2020, Amazon Web Services, Inc. or its Affiliates.
Thank you!