Contenu connexe Similaire à GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move (20) Plus de Amazon Web Services (20) GPSTEC314-GPS From Monolithic to Serverless - Why and How to Move1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS re:INVENT
G P S : F r o m M o n o l i t h i c t o S e r v e r l e s s — W h y a n d
H o w t o M o v e
I a n S c o f i e l d | P a r t n e r S o l u t i o n s A r c h i t e c t
P a r a s B h u v a | P a r t n e r S o l u t i o n s A r c h i t e c t
G P S T E C 3 1 4
N o v e m b e r 2 8 , 2 0 1 7
2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is serverless?
• No provisioning
• Zero administration
• High availability
Fully managed
• Focus on the code that matters
• Innovate rapidly
• Reduce time to market
Developer productivity
• Automatically
• Scale up and scale down
Continuous scaling
3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monolithic application
4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Can’t fit a monolith inside Lambda
Webserver
Data Access Service
App service
Visualization
Service
Lambda
function
5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monolithic versus microservices
vs
6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Original monolithic application
Load
Balancer
Browser
Database
Webserver
Data Access Service
• On premises
• Tightly coupled application components
• Load balancer
• Relational database
App Service
Visualization
Service
7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hard to scale Can’t handle
component failures
Slow deployment
process
Limited options
Limitations
8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How do we get there?
9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transformation steps
Discover Design Develop Deploy Refine
10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
1. Identify
components
Visualization
Service
Webserver
Data Access Service
App Service
Database
2. Outline
requirements
Amazon
S3
Amazon
DynamoDB
AWS Lambda
Amazon API
Gateway
3. Map to
AWS resources
• State?
• Compute?
• API?
• Storage?
• Security?
• Managed?
• Estimated scale?
• Others
Where do we start? Discover
11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rough architecture—design
Data stored in
Amazon
DynamoDB
Dynamic content
in AWS Lambda
Amazon API
Gateway
Browser
Amazon
CloudFront
Amazon
S3
12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How do I secure it?
Amazon API
Gateway
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Browser
Amazon
DynamoDB
13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Define our initial security posture
Amazon API
Gateway
AWS
Lambda
Amazon
DynamoDB
Amazon
S3
Amazon
CloudFront
• Bucket Policies
• ACLs
• OAI
• Geo-Restriction
• Signed Cookies
• Signed URLs
• DDOS
IAM
AuthZ
IAM
• Throttling
• Caching
• Usage Plans
Browser
14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring your resources
Amazon API
Gateway
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Browser
Amazon
DynamoDB
15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitoring your resources
Amazon API
Gateway
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Browser
Amazon
DynamoDB
• Access Logs in
S3 Bucket
• CloudWatch
Metrics
• Access Logs in
S3 Bucket
AWS
CloudTrail
Amazon
CloudWatch
• Custom
CloudWatch
Metrics & Alarms
• Audit Log of All
AWS API Calls
• Latency
• Count
• Cache Hit/Miss
• 4XX/5XX Errors
• Invocations
• Invocation Errors
• Duration
• Throttled Invocations
• Throttled Reqs
• Returned Bytes
• Latency
16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Frameworks—develop/deploy
1. AWS Serverless Application Model (SAM)
2. Serverless
3. Zappa
4. Chalice
5. Others
17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Serverless Application Model (SAM)
AWS CloudFormation brings:
• Infrastructure as code
• Easy to provision and manage a collection of related AWS resources
• Input .yaml file and output provisioned AWS resources
• Optimized for infrastructure
AWS SAM:
• CloudFormation extension optimized for serverless
• New serverless resources: functions, APIs, and tables
• Supports anything CloudFormation supports
• Open specification (Apache 2.0)
18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS SAM: Less complexity, more power
AWSTemplateFormatVersion: '2010 -09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute -api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish -demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service -role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012 -10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute -api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015 -03-
31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
CF template example—API triggering Lambda
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://flourish-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
AWS SAM example—API triggering Lambda
19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Serverless app lifecycle management
AWS Serverless Application Model (SAM)
AWS
Lambda
Amazon API
Gateway
AWS
CloudFormation
Amazon
S3
Amazon
DynamoDB
Package &
Deploy
Code/Packages/
Swagger
Serverless
Template
Serverless
Template
w/CodeUri
package deploy
CI/CD Tools
20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo + deep dive
21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Please go here to vote—democlub.xyz
22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Voting application—high level architecture
Data stored in
Amazon
DynamoDB
Dynamic content
in AWS Lambda
Amazon API
Gateway
Browser
Amazon
S3
23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Browser
AuthZ
Amazon
DynamoDB
Amazon API
Gateway
• Throttling
• Caching
• Usage Plans
AWS
Lambda
IAM IAM
Amazon S3Amazon CloudFront
• Bucket Policies
• ACLs
• OAI
• Geo-Restriction
• Signed Cookies
• Signed URLs
• DDOS
Amazon Cognito
Amazon
Route 53
Detailed architecture
AWS
Lambda
Amazon
DynamoDB
Streams
IAM IAM
Aggregation
24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Resources
Learning path (step by step guide)—https://aws.amazon.com/getting-
started/serverless-web-app/
Serverless page—https://aws.amazon.com/serverless/
Serverless architecture best practices (on YouTube)—https://youtu.be/b7UMoc1iUYw
Serverless Application Model (SAM) deep dive—https://youtu.be/e3lreqpWN0A
AWS Lambda deep dive—https://youtu.be/dB4zJk_fqrU
Developer Tooling—https://aws.amazon.com/serverless/developer-tools/
25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!