Containerless in the Cloud with AWS LambdaRYAN CUPRAK
Containers
Containers provide execution environment.
Containers + Cloud
EC2
Tomcat / Java EE Container
EC2
Tomcat / Java EE Container
EC2
JMS Server
RDS
SQL Database
Containers = Platform Lock-in
Language
Tool Chain
Ecosystem
Container Drawbacks Overkill for many types of applications Hard to ‘automatically’ scale Complex programming models Significant skills investment:
Security Configuration Technology stack
Traditional App Drawbacks Servers Data Centers Software Monitoring tools Test environments IT support Service contracts Data Replication & Policies Approvals
Container ChallengeQUICKLY develop a web and mobile application: Registration and authentication (OAuth) HTTPS SMS notifications RESTful endpoints Automatic scalability across the globe Native code for both iOS and Android Versioning Real-time monitoring
Time to go: Containerless and Serverless
What is Amazon Lambda?
What is Lambda?
IaaS• Infrastructure as a
Service
PaaS • Platform as a Service
SaaS • Software as a Service
FaaS • Function as a Service
What is Lambda?
Code Deploy Run
What is Lambda? Lambda is a stateless function Executes in response to an event Executes in an isolated environment Can be implemented using:
JavaScript Java Python C#
Dependencies (executables/libraries) can be packaged with a library.
Example Function: 1exports.handler = function(event,context) { context.succeed('Hello ConFoo!'); };
Handler Function
Data passed to function(converted from JSON)
Lambda runtime
Example Function: 2exports.handler = function(event,context) { context.succeed('Hello ' + event.firstName + ' ' + event.lastName + ' you are at ConFoo!'); };
Parsed Parameters{ "firstName": "Ryan",
"lastName": "Cuprak”}
Demo
Lambda Pricing Requests
First 1 million requests are FREE $0.20 per each million requests thereafter
Duration: Charged $0.00001667 for every gigabyte second
used Free Tier
Memory (MB) Free sec/month Price / 100 ms ($)128 3,200,000 0.000000208192 2,133,333 0.000000313256 1,600,000 0.000000417…. … …
Cost ScenariosExecutions Memory Execution
TimeCost
50,000 128 1 second $0.11100,000 128 1 second $0.23500,000 128 1 second $1.141,000,000 128 1 second $2.2850,000 256 1 second $0.21100,000 256 1 second $0.42500,000 256 1 second $2.081,000,000 256 1 second $4.1750,000 128 2 second $0.21100,000 128 2 second $0.42500,000 128 2 second $2.081,000,000 128 2 second $4.17
Not Including Free Tier – add other services
Lambda Basics Security provided by IAM – Identity & Access
Management. Lambda functions can start threads, access the
disk, access other AWS services. Default safety threshold of 100 concurrent
executions per region. Can be increased per request.
AWS will attempt to invoke a Lambda function 3 times.
External libraries should be bundled with Lambda function (zip/jar)
Execution EnvironmentRuntime versions: Node.js v4.3.2
Old, current Node.js release: 6.10.0 Java – Java 8 (OpenJDK) Python 2.7 .NET Core (1.0.1 C#)Libraries available in execution environment: AWS SDK for JavaScript (2.16.0) AWS SDK for Python AWS build of OpenJDK 8
Execution Environment… Lambda environment based on:
amzn-ami-hvm-2016.03.3.x86_64-gp2 Linux kernel: 4.4.35-33.55.amzn1.x86_64 Only 64 bit binaries are supported.
Environment VariablesVariable Variable
LAMBDA_TASK_ROOT AWS_LAMBDA_FUNCTION_VERSION
AWS_EXECUTION_ENV PATHLAMBDA_RUNTIME_DIR LANGAWS_REGION LD_LIBRARY_PATHAWS_DEFAULT_REGION NODE_PATHAWS_LAMBDA_LOG_GROUP_NAME PYTHON_PATHAWS_LAMBDA_LOG_STREAM_NAME
• AWS_ACCESS_KEY• AWS_ACCESS_KEY_ID• AWS_SECRET_KEY• AWS_SECRET_ACCESS_KEY• AWS_SESSION_TOKEN• AWS_SECURITY_TOKEN
AWS_LAMBDA_FUNCTION_NAMEAWS_LAMBDA_FUNCTION_MEMORY_SIZE
Versioning New lambda function = $LATEST version ARN = Amazon Resource Number –
uniquely identifies an Amazon resource Two ARNs associated with a lambda
function: Qualified ARN
arn:aws:lambda:aws-region:acct-id:function:helloworld:$LATEST
Unqualified ARN arn:aws:lambda:aws-region:acct-id:function:helloworld
New versions must be explicitly published
Logging Node.js
Console.log/error/warn/info() Java
log4j 1.2 (LambdaLogger.log()) System.out/err – each line separate event
C# Console.Write/WriteLine Lambda.Log() Via context object: context.Logger.log()
Python Print statements Logger functions in logger module: logging.Logger.info
Logging
View in CloudWatch:
Failures & Errors Lambda function can fail for the following reasons:
Function doesn’t complete before time limit Input data fails to parse Runs out of memory
Failure handling depends upon how it was invoked: Non-stream based
Synchronous – Error 429 is returned, client responsible to retries.
Asynchronous – Retry twice with a time delay, DLQ. Stream-based:
Will attempt to re-process until it succeeds to data expires.
No new records will be processed
Availability Regions Northern Virginia Ohio Oregon Northern California Montreal São Paulo GovCloud Iceland Frankfurt London Signapore
Tokyo Sydney Seoul Mumbai Beijin
Resource LimitsResource Default Limit
Ephemeral disk capacity ("/tmp" space) 512 MBNumber of file descriptors 1024Number of processes and threads (combined total)
1024
Maximum execution duration per request 300 secondsInvoke request body payload size (RequestResponse)
6 MB
Invoke request body payload size (Event) 128 KInvoke response body payload size (RequestResponse)
6 MB
Deployment LimitsItem Default LimitLambda function deployment package size (.zip/.jar file)
50 MB
Total size of all the deployment packages that can be uploaded per region
75 GB
Size of code/dependencies that you can zip into a deployment package (uncompressed zip/jar size)
250 MB
Total size of environment variables set
4 KB
Power of Lambda
Event Sources Invocations: Asynchronous or Synchronous Events sources from AWS services:
Amazon S3 Kinesis DynamoDB CloudTrail SNS Code Commit
HTTPS – via Amazon API Gateway Custom app sources (ex. Android) Scheduled events
Use Cases S3 + Lambda – image processing, filter,
document analysis, indexing. Kinesis + Lambda – transaction order
processing, auditing. SNS + Lambda – alarm response, auditing, event
processing. DynamoDB + Lambda – data validation, data
processing, filter, notification. Alexa + Lambda – automated voice responses
(Amazon Echo).
Blueprints
Exposing/Securing Lambda
Cognito
LambdaAPI-Gateway
Amazon API-Gateway
API-Gateway Build, deploy, manage RESTful APIs Supports throttling and protection against DDoS Supporting versioning and staging Auto-generates client implementations:
Java, JavaScript, Android, Object-C, Swift Flexible authorization model – ties in with Amazon
Cognito.
HTTPS Restful Invokes
API-Gateway
http://swagger.io/
API-Gateway
Demo
API-Gateway
API-Gateway
API-GatewayInvoking service (webpage/app):
API-Gateway Published an API –
now what? APIs can be sold! Two concepts:
Usage Plan API Key
Steps: Create usage plan Associate a key Associate a key on
the service
Amazon Cognito
Amazon CognitoThree ways to secure an API-Gateway:1. API-Keys
Appropriate for service-to-service communication Risky to place secret key on client for long periods of
time2. Identity & Access Management
Inter-application communication Within an organization – IAM integrated
3. Amazon Cognito Appropriate for third-party integration
Amazon Cognito User/identity authentication service. Support storage of user data in the cloud (mobile
app preferences and state). Authenticate users against federated identity
providers (Facebook/Google). Manage custom identity/user pool. Sync functionality to synchronize user profile data
across devices.
Amazon Cognito
User Pools Federated Managing “own” user directory/sign-ups
etc. Support multi-factor authentication (MFA) Users can start anonymous and then register Password recovery (SNS/email/etc.) Collect maintain user meta-information
User Pools
User Pools
Federated Identities Create unique identities for your users and
federate them with identity providers. Supported providers:
Amazon, Facebook, Google, Twitter/Digits Amazon Cognito User Pools Open ID Connect Providers SAML Identity Provider Developer Authenticated Identities
Federated Identities
Federated Identities
Cognito + API GatewayAmazon Cognito API-Gateway
Identity ProviderClient
Login
Get Id
Validation
Invoke Web Service
Cognito + API GatewayJavaScript client: Invoking secured API - config
Cognito + API GatewayJavaScript client: Invoking secured API - config
Java & Lambda
Lambda using Java1. Loading a method directly without implementing an
interface.outputType handler-name(inputType, Context ) {
...}
inputType – event data or custom object context – Java object containing executing environment
information outputType – result for synchronous calls
2. Implementing a standard interface provided by aws-lambda-java-core:
RequestHandler – custom input/output objects: getters/setters/no arg constructor Serialized to JSON automatically
RequestStreamHandler – input/output stream responses
Java Example
JSON converted to Java Objects using Jackson
Java Example
Dependencies
Uber JAR
Java Demo
Demo
Java vs. JavaScript Hello World Java:
167.63 ms (Billed 200 ms) 43 MB
Hello World JavaScript: 2.05 ms 31 MB
Java EE vs AWS Java EE is a standard with several implementations. AWS is a set of ready-to-use services:
SQS + SNS ~ JMS (roughly!) Kinesis ~ Apache Kafka Elastic Search ~ Lucene Lambda ~ Stateless Session Beans
Transactions? Injection?
S3 Buckets – No equivalent DynamoDB ~ MongoDB/Couchbase
AWS cloud spans regions/data centers Data automatically mirrored
Technical Distributed transactions Long running tasks
Report Generation Compute intensive tasks Rules engines
Third party dependencies / applications
Integration with legacy systems
Websockets (bi-directional communication)
Legal Estimating and
controlling costs Third party licenses Regulatory
requirements Snapshots for security
instances
Reason to use Java EE
Example Architecture
EC2
Java EE Container
RDS
SQL Database
Amazon API Gateway
EC2
Java EE Container
Amazon Lambda
Java JS Python
Amazon SQS Elastic Search
DynamoDB S3
Amazon SNS
Conclusion
Challenges• Documentation!• Testing• Debugging• Tooling support• Error handling• AWS Code Commit integration• Node.js version lagging
Best Practices Small archives containing code
Don’t include the entire application! Minimize startup costs Periodically invoke lambdas to keep
“warm” Monitor logs for failures
Resources AWS Compute Blog
https://aws.amazon.com/blogs/compute/ AWS Forums
https://forums.aws.amazon.com/forum.jspa?forumID=186
AWS Pet Store https://github.com/awslabs/api-gateway-secu
re-pet-store http://tinyurl.com/z3qyefg
Authentication/Cognito https://goo.gl/auEWLl
FAQ https://aws.amazon.com/lambda/faqs/
Q&A Twitter: @ctjava Email: [email protected] Blog: cuprak.info
Top Related