Thirty serverless architectures in 30 minutes - MAD202 - Chicago AWS Summit

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Thirty serverless architectures in
30 minutes
Chris Munns
Principal Developer Advocate, Serverless
Amazon Web Services
M A D 2 0 2

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is serverless?
No infrastructure provisioning,
no management
Automatic scaling
Pay for value Highly available and secure

Serverless applications

Function
Node.js
Python
Java
C#
Go
Ruby
Runtime API

Event source
Changes in
data state
Requests to
endpoints
Changes in
resource state
Function
Node.js
Python
Java
C#
Go
Ruby
Runtime API

Event source Services
Changes in
data state
Requests to
endpoints
Changes in
resource state
Function
Node.js
Python
Java
C#
Go
Ruby
Runtime API

ServicesEvent source
Changes in
data state
Requests to
endpoints
Changes in
resource state
Function
Node.js
Python
Java
C#
Go
Ruby
Runtime API
Today, we’re
focusing here

Common AWS Lambda use cases
Web apps Backends Data
processing
Chatbots Amazon Alexa IT automation
• Static
websites
• Complex
web apps
• Packages
for Flask
and
Express
• Apps &
services
• Mobile
• IoT
• Real time
• Amazon EMR
• AWS Batch
• Powering
chatbot logic
• Powering
voice-
enabled apps
• Alexa Skills
Kit
• Policy engines
• Extending AWS
services
• Infrastructure
management

Lambda execution model
Synchronous (push) Asynchronous
(event)
Stream
(poll-based)
Amazon
DynamoDB
Amazon
SNS
/order
Amazon
S3
reqs
Amazon
Kinesis
changes
AWS Lambda
service
Function
Amazon API
Gateway
Lambda
function
Lambda
function

Lambda API
1. Lambda directly invoked
via invoke API
SDK clients
API provided by the Lambda service
Used by all other services that invoke
Lambda across all models
Supports sync and async
Can pass any event payload structure
you want
Client included in every SDK
Lambda
function

Lambda permissions model
Fine-grained security controls for both execution
and invocation:
Execution policies:
• Define what AWS resources/API calls this function can
access via IAM
• Used in streaming invocations
• E.g., “Lambda function A can read from
Amazon DynamoDB table users”
Function policies:
• Used for sync and async invocations
• E.g., “Actions on bucket X can invoke Lambda function
Z"
• Resource policies allow for cross-account access

Amazon S3 + Lambda
Storage for the internet
Objects stored in a bucket (namespace)
Messages can be filtered and only sent to
certain paths, prefixes, or suffixes
Asynchronous
1. File put into bucket
2. Lambda invoked
Lambda
function
Amazon S3
Object

Amazon SNS + Lambda
Simple, flexible, fully managed publish/subscribe
messaging and mobile push notification service for
high throughput, highly reliable message delivery
Messages are published to a topic
Topics can have multiple subscribers (fanout)
Messages can be filtered and only sent to certain
subscribers
Asynchronous
2. Lambda function(s) invoked
SNS topic
1. Data published to a topic
Data
Lambda
function
Lambda
function

2. Lambda invoked via rule
Email failure
notification
1. Error message gets sent back
to Amazon SES on delivery
attempt
2. Lambda invoked per
matching trigger
1. User performs action
with trigger set
Users
2. Lambda function
invoked
1. GraphQL call made
against AWS AppSync
GraphQL API
clients
Lambda
function
Lambda
function Lambda
function
Amazon SES
Amazon Cognito AWS AppSync

1. Message
inserted into to
a queue
Message
Amazon
SQS3. Amazon SQS
removes message
from queue on
successful
response from
function
2. Lambda function
invoked
Amazon SQS + Lambda
Simple, flexible, fully managed message
queuing service for reliably and
continuously exchanging any volume of
messages from anywhere
Processed in batches
At least once delivery
Visibility timeout allows for handling of
failures during processing
Asynchronous
Lambda
function

2. Lambda
polls stream
1. Data published to a
stream
3. Kinesis returns
stream data
Data
Amazon Kinesis Streams + Lambda
Fully managed, highly scalable service for
collecting and processing real-time data
streams for analytics and machine learning
Stream consists of shards with a fixed amount
of capacity and throughput
Lambda receives batches and potentially
batches of batches
Can have different applications consuming
the same stream
Stream
Lambda
function
Amazon
Kinesis
Stream

Data
SQLquery
1. Data published to a
stream
2. Stream passes to
Amazon Kinesis Data
Analytics
3. Lambda invoked to
pre-process data
4. SQL query run on
processed data
5. Analytics output sent
back to Amazon Kinesis
Data Stream or Kinesis
Data Firehose
6. Lambda invoked per
poll model to the left
Lambda
function
Lambda
function
Amazon Kinesis
Data Firehose
Kinesis Data
Firehose
Amazon
Kinesis Data
Analytics

1. Items Inserted/
Updated/ Deleted
3. Lambda polls
stream
4. Kinesis
returns stream
data
2. Event published to
Kinesis Stream
3. Lambda invoked
1. Query executed
SQLQuery
2. Stored
procedure called
3. Lambda invoked
1. Amazon Redshift
Event occurs
2. Event sent to SNS topic
Lambda
function
Lambda
function
Lambda
function
Amazon
Kinesis Data
Streams
Amazon Redshift
Amazon Aurora
- MySQL
SNS topic
Items
DynamoDB
Table

2. AWS CodePipeline executed
Application
code
1. Code committed
3. Lambda function invoked
via stage action
Lambda
function
AWS CodeDeploy
1. Deployment event is
sent to SNS topic
2. Lambda invoked via
Amazon SNS
configuration
Lambda
function
SNS topic
3. Lambda invoked
Application
Code
1. Code repository event
2. Event trigger tripped
Lambda
function
AWS CodeCommit

2. Amazon S3 publishes
event to Lambda
1. AWS API calls logged to an
object in Amazon S3
3. Lambda invoked,
processes object in
Amazon S3
Lambda
function
2. Change sent to SNS topic
1. AWS resource changed
3. Lambda invoked
Lambda
function
SNS topic
Changeevent
1. AWS resource changed or
periodic execution
AWS
Config rule
Lambda
function
S3 bucket
AWS CloudTrail AWS Config

"AMIGetter": {
"Type": "Custom::AMIGetter",
"Properties": {
"ServiceToken": { "Fn::Join": [ "", [
"arn:aws:lambda:", { "Ref": "AWS::Region" },
":", { "Ref": "AWS::AccountId" }, ":function:",
"AMIGetter" ] ] },
….
2. Lambda invoked
1. Custom resource
executed
Lambda function
AWS CloudFormation
2. Lambda invoked
SecretRotation
Event
1. Secret rotation happens
Lambda
function
AWS Secrets Manager
AWS Systems Manager
1. AWS Systems Manager
event or status
notification sent
2. Lambda invoked via
Amazon SNS
configuration
Lambda
function
SNS topic

1. Scheduled time
occurs
CloudWatch Events
(time-based)
2. Lambda invoked
Lambda
function
Serviceevent
1. Service Event or CWE
Bus API call
Amazon
CloudWatch Events
(event-based)
Lambda
function

3. Lambda invoked
Metricdata
1. Metric data collected by
CloudWatch
Amazon
CloudWatch
2. Alarm threshold
breached
3. Lambda invoked
Logs
1. Logs collected by
CloudWatch Logs
2. Logs passed on
Lambda
function
Lambda
function
Amazon CloudWatch

2. Lambda invoked
1. Chatbot conversation
needs “fulfillment”
Chatbot
2. Lambda invoked
1. Alexa, what’s today’s
weather?
Alexa skill
Alexa compatible
device
Lambda
function
Lambda
function
Amazon Lex
2. Lambda invoked
1. IoT device sends data
Lambda
function
AWS IoT
services
IoT device

API architecture
Websites
Services
Amazon API Gateway
API Gateway
cache
Public
endpoints on
Amazon EC2
Amazon
CloudWatch
monitoring
All publicly accessible
endpoints
Lambda
functions
Endpoints
in VPC
Applications
& services
in VPC
Any other AWS
service
Fully managed
CloudFront
distribution
Edge-optimizedRegionalPrivate
Applications
& Services
in the same
AWS Region AWS Direct
Connect
On premises
HTTPS
Mobile client
Customer managed
CloudFront distribution

Types of APIs available
Amazon API Gateway
API Gateway
cache
Amazon
CloudWatch
monitoring
Fully managed
CloudFront
distribution
Edge-optimizedRegionalPrivate
Edge-optimized
• Utilizes CloudFront to reduce
TLS connection overhead
(reduces roundtrip time)
• Designed for a globally
distributed set of clients
Regional
• Recommended API type
for general use cases
• Designed for building APIs
for clients in the same
Region
Private
• Only accessible from within VPC
(and networks connected to
VPC)
• Designed for building APIs used
internally or by private
microservices

The coming wave of serverless web applications
API Gateway handles all your
application routing, including
authentication and authorization,
throttling, DDoS protection, and
more
Lambda runs all the logic behind your
website and interfaces with databases,
other backend services, or anything
else your site needs
Amazon S3 stores all of your static
content: CSS, JS, images, and more.
You would typically front this with a
CDN, such as CloudFront
Amazon S3
Amazon API Gateway AWS LambdaAmazon CloudFront

2. Lambda function
invoked
1. API call made against
API Gateway
API clients
2. API call made directly
against backing AWS service
API clients
etc.
1. API call made against
API Gateway
1. API call made against API
Gateway where API is configured
for a Lambda Authorizer
API clients
3. Lambda responds with results
and if successful API Gateway
proceeds with API backend call
Lambda
function
2. Lambda authorizer
function invoked
Lambda
function
Lambda
function
Lambda
function
Amazon API Gateway Amazon API Gateway Amazon API Gateway
Amazon S3 KinesisData
Streams
Amazon
DynamoDB

2+. Lambda function(s)
invoked
1. Step Functions workflow is
executed
Event
Lambda
function
Lambda
function
Lambda
function
2. AWS Step Functions
workflow is executed
1. API call made against API
Gateway
API clients
Amazon API Gateway
Step Functions
AWS Step Functions

Track status of data
and execution
Remove redundant
code
Build workflows to orchestrate everything

Simpler integration, less code
With serverless polling With new service integrationStart
End
AWS
Lambda
functions
Start
End
No
Lambda
functions

Step Functions: Integrations
Simplify building workloads such as order processing,
report generation, and data analysis
Write and maintain less code; add services in minutes
More service integrations:
AWS Step
Functions
Amazon SNS Amazon SQS Amazon
SageMaker
AWS Glue AWS Batch Amazon ECS AWS Fargate

2. Lambda@Edge function
invoked in nearest Region
1. HTTP/S request made to
Amazon CloudFront-based
domain
HTTPrequest
Lambda
function
Amazon CloudFront
2. Lambda function invoked
to serve HTTP response
1. HTTP/S request made
to Application Load
Balancer
HTTPrequest
Lambda
function
Application Load Balancer

AWS Serverless Application Model (AWS SAM)
AWS CloudFormation extension optimized for serverless
Special serverless resource types: functions, APIs, tables,
Layers, and Applications
Supports anything AWS CloudFormation supports
Open specification (Apache 2.0)
https://aws.amazon.com/serverless/sam

AWS SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs8.10
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

AWS SAM template
Tells AWS CloudFormation this is an AWS
SAM template it needs to “transform”
Creates a Lambda function with the
referenced managed AWS IAM policy,
runtime, code at the referenced zip
location, and handler as defined
Also creates an Amazon API Gateway and
takes care of all mapping/permissions
necessary
Creates an Amazon DynamoDB table with
five read & write units
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs8.10
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
This
becomes this →
AWS SAM template

AWS SAM policy templates
MyQueueFunction:
Properties:
...
Policies:
# Gives permissions to poll an SQS Queue
- SQSPollerPolicy:
queueName: !Ref MyQueue
...
MyQueue:
Type: AWS::SQS::Queue

SAM Policy Templates
50+ predefined policies
All found here:
https://bit.ly/2xWycnj

Globals:
Function:
Runtime: nodejs6.10
CodeUri: s3://code-artifacts/pet_app1234.zip
MemorySize: 1024
Timeout: 30
AutoPublishAlias: !Ref ENVIRONMENT
getDogsFunction:
Properties:
Handler: getdogs.handler
Events:
GetDogs:
Type: Api
Properties:
Path: /Dogs
Method: ANY
getCatsFunction:
Properties:
Handler: getCats.handler
Events:
GetCats:
Type: Api
Properties:
Path: /Cats
Method: ANY
getBirdsFunction:
Properties:
Handler: getBirds.handler
Timeout: 15
Events:
GetBirds:
Type: Api
Properties:
Path: /Birds
Method: ANY
AWS SAM globals

AWS SAM CLI
CLI tool for local development, debugging, testing, deploying, and
monitoring of serverless applications
Supports API Gateway “proxy-style” and Lambda service API
testing
Response object and function logs available on your local machine
Uses open-source Docker-Lambda images to mimic Lambda’s
execution environment such as timeout, memory limits, runtimes
Can tail production logs from Amazon CloudWatch Logs
Can help you build in native dependencies
https://aws.amazon.com/serverless/sam

With the AWS Serverless Application Repository
Developers can …
• Discover and deploy ready-made apps and code
examples
• Combine applications in the app repository with their
own via nested applications
• Customize open-source apps to get started quickly
• Share apps privately or publish apps
for public use

Launched via AWS
Serverless Application
Repository
Parent relationship
”Nested” serverless
application stack
”Root” serverless
application stack
application stack
application stack

Metrics and logging are a universal right
CloudWatch metrics:
• Seven built-in metrics for Lambda
• Invocation count, invocation duration, invocation
errors, throttled invocation, iterator age, DLQ
errors, concurrency
• Can call “put-metric-data” from your function code
for custom metrics
• Seven built-in metrics for Amazon API Gateway
• API calls count, latency, 4XXs, 5XXs, integration latency, cache hit
count, cache miss count
• Error and cache metrics support averages and percentiles

Metrics and logging are a universal right
CloudWatch Logs:
• API Gateway Logging
• 2 Levels of logging, ERROR and INFO
• Optionally log method request/body content
• Set globally in stage, or override per method
• Lambda logging
• Logging directly from your code with your language’s
equivalent of console.log()
• Basic request information included
• Log pivots
• Build metrics based on log filters
• Jump to logs that generated metrics
• Export logs to Amazon ElastiCache or Amazon S3
• Explore with Kibana, Amazon Athena, or Amazon QuickSight

Metrics and logging are a universal right!
CloudWatch Logs:
• API Gateway Logging
• 2 Levels of logging, ERROR and INFO
• Optionally log method request/body content
• Set globally in stage, or override per method
• Lambda Logging
• Logging directly from your code with your language’s
equivalent of console.log()
• Basic request information included
• Log Pivots
• Build metrics based on log filters
• Jump to logs that generated metrics
• Export logs to Amazon ElastiCache or Amazon S3
• Explore with Kibana, Amazon Athena, or Amazon QuickSight

AWS X-Ray
Profile and troubleshoot serverless
applications:
• Lambda instruments incoming
requests for all supported languages
and can capture calls made in code
• API Gateway inserts a tracing header
into HTTP calls and reports data back
to X-Ray itself
var AWSXRay = require(‘aws-xray-sdk-core‘);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();

X-Ray trace example

How do I determine what’s wrong?
These tools are here, so use them
1. Turn on X-Ray now
1. look at wrapping your own calls with it via the X-Ray SDKs
2. Don’t underestimate the power of logging in Lambda
1. Simple “debug: in functionX” statements work great and are easy
to find in Amazon CloudWatch Logs
3. The most valuable metrics are the ones closest to your
customer/use-case
1. How many gizmos did this function call, create, process, etc.

FIN, ACK
From full fledged application backends to “glue” functions attached to
operational tasks
Removes the need to run hosts for small scripts such as, cron jobs and small web
services, with many benefits:
• Reduced cost
• Reduced maintenance overhead
• No capacity planning needed for potential spikes in usage
• Security model that allows for finely scoped access and permissions
Use AWS SAM (serverless application models) to deploy!
You may not even need to write a function!
There are many different use cases for serverless

Thirty serverless architectures in 30 minutes - MAD202 - Chicago AWS Summit

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Thirty serverless architectures in 30 minutes - MAD202 - Chicago AWS Summit

Similar to Thirty serverless architectures in 30 minutes - MAD202 - Chicago AWS Summit (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Thirty serverless architectures in 30 minutes - MAD202 - Chicago AWS Summit