2. What to Expect from the Session
• DevOps and Software Delivery
• Rise Of Microservices
• ECS and Containers
• Serverless Architecture
• API Gateway + Lambda
6. Microservices
Sam Newman : “Building
Microservices” O’Reilly Publishing
Adrian Cockcroft : numerous talks,
presentations, blog posts
• “Loosely coupled service
oriented architecture with
bounded contexts”
Martin Fowler : numerous blog posts
2 sessions at AWS Re:Invent 2014
8 sessions at AWS Re:Invent 2015
8. Availability vs Velocity of Change
AWS re:Invent 2015 | (SPOT302) Availability: The New Kind of Innovator’s Dilemma
9. Availability and Velocity of Change Thoughts
• "Everything fails, all the time"
Werner Vogels, CTO
Amazon.com
• How long does it take to push
a single line of code to
production?
• Do you have the feedback
loop?
10. Multiple Compute Options
• VMs
• Machine as the unit of scale
• Abstracts the hardware
• Containers
• Application as the unit of scale
• Abstracts the OS
• Serverless
• Functions as the unit of scale
• Abstracts the language runtime
ECS
EC2
Lambda
11. Which Option is Right?
• VMs
• “I want to configure machines,
storage, networking, and my OS”
• Containers
• “I want to run servers, configure
applications, and control scaling”
• Serverless
• “Run my code when it’s needed”
ECS
EC2
Lambda
17. Monitoring with Amazon CloudWatch
Metric data sent to CloudWatch in
1-minute periods and recorded for
a period of two weeks
Available metrics:
CPUReservation,
MemoryReservation,
CPUUtilization,
MemoryUtilization
Available dimensions:
ClusterName, ServiceName
18. Monitoring with Amazon CloudWatch
Use the Amazon CloudWatch Monitoring Scripts to monitor
additional metrics, e.g. disk space
# Edit crontab
> crontab -e
# Add command to report disk space utilization to CloudWatch every five minutes
*/5 * * * * <path_to>/mon-put-instance-data.pl --disk-space-util --disk-space-used
--disk-space-avail --disk-path=/ --from-cron
19. Logging with Amazon CloudWatch Logs
Logging container with
syslogd and CloudWatch
Logs Agent
Attach /var/log Volume
to Logging container
Link other containers
syslogd
CloudWatch Logs
Agent
CloudWatch
Logs
Container instance
ECS Cluster
ECS Agent
Logs
Docker
Logs
syslogd
CloudWatch Logs
Agent
21. The Serverless Compute Manifesto
• Functions are the unit of deployment and scaling.
• No machines, VMs, or containers visible in the programming model.
• Permanent storage lives elsewhere.
• Scales per request. Users cannot over- or under-provision capacity.
• Never pay for idle (no cold servers/containers or their costs).
• Implicitly fault-tolerant because functions can run anywhere.
• BYOC – Bring your own code.
• Metrics and logging are a universal right.
22. Benefits of Amazon API Gateway
Create a unified
API frontend for
multiple micro-
services
DDoS protection
and throttling for
your backend
Authenticate
and authorize
requests to a
backend
23. Code is all you need Event driven scaling
Never pay for idle Availability and fault tolerance built in
Benefits of AWS Lambda
24. Standard API Architecture
VPC subnet
Availability Zone A Availability Zone B
VPC subnet
Auto Scaling group
WEB WEB
Oregon
Tokyo
VPC subnet
Cleanup
loop
EC2 API
start/stop
instances
JOBS
25. Serverless API Architecture
Internet
Mobile apps
Websites
Services
AWS Lambda
functions
AWS
API Gateway
cache
Endpoints on
Amazon EC2
Any other publicly
accessible endpointAmazon
CloudWatch
Amazon
CloudFront
Amazon
API Gateway
28. Auth Option 1 – Pervasive throughout AWS
Mobile Apps AWS Lambda lambdaHandler
API Gateway
Sigv4
Invoke with
caller credentials
Service calls are
authorized using
the IAM Role
DynamoDB
29. Auth Option 1 – Fine Grained Access
Internet
Client AWS Lambda
functions
Amazon
CloudFront
DynamoDB
CognitoId2
…
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": [”${cognito-
identity.amazonaws.com:sub}"],
"dynamodb:Attributes": [
"UserId","GameTitle","Wins","Losses",
"TopScore","TopScoreDateTime”
]
},
"StringEqualsIfExists": {
"dynamodb:Select": "SPECIFIC_ATTRIBUTES”
}
}
…
Executes with
this role
UserID Wins Losses
cognitoId1 3 2
cognitoId2 5 8
cognitoId3 2 3
The credentials and context (Cognito ID) are passed along
Both AWS Lambda & DynamoDB will follow the access policy
API Gateway
30. Auth Option 2 – Custom Auth With Lambda
Client
Lambda Auth
function
API Gateway
OAuth token
OAuth
provider
Policy is
evaluated
Policy is
cached
Endpoints on
Amazon EC2
Any other publicly
accessible endpoint
AWS Lambda
functions
403
31. Managing Multiple Versions and Stages of APIs
Works like a source repository – clone your API to create a new
version
API 1
(v1) Stage (dev)
Stage (prod)
API 2
(v2)
Stage (dev)
32. Custom Domain Names
Use custom domain names to put 2 different APIs (V1 and V2) under
the same domain
• Custom domain names can point to an API or a Stage
• A custom domain name can include a base path
• Use v1 as your base path in the custom domain name
• Pointing to an API you have access to all Stages
• Beta (e.g. yourapi.com/v1/beta)
• Prod (e.g. yourapi.com/v1/prod)
• Pointing directly to your “prod” Stage
• Prod (e.g. yourapi.com/v1)
33. Stage Variables and Lambda Aliases
Using Stage Variables in API Gateway together with Lambda
function Aliases helps you manage a single API configuration
and Lambda function for multiple stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev
34. Serverless Framework
Serverless is an application framework for building serverless
web, mobile and IoT applications. Serverless comes in the form
of a command line interface that provides structure, automation
and optimization to help you build and maintain your serverless
apps.
http://www.serverless.com
https://github.com/serverless/serverless
38. Function schedules: The how-to guide
• How can I keep a function warm (no cold starts)?
Schedule it!
• How can I poll a queue (like SQS)?
Schedule a function to read the queue.
• How can I get more timers?
Have one scheduled function async invoke other functions.
• How can I get granularity finer than 1 minute?
Run a background timer in your scheduled function.
39. Function versioning: The how-to guide
• How can I get mutable configuration info?
Read it (e.g. from DynamoDB) during function initialization.
Wrap your config in a function and call it from your published code.
• How do I “roll back” in AWS Lambda?
Using aliases, just switch what the alias points to.
• How do I do blue/green deployments?
AWS Lambda handles fleet deployments, but if you want to shape traffic,
put a second “traffic cop” function in front.
• How can I lock a client/device onto an old version?
Point them directly to that version’s ARN.
CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch Logs can be used to collect and monitor your logs for specific phrases, values, or patterns. For example, you could set an alarm on the number of errors that occur in your system logs or view graphs of web request latencies from your application logs. The additional advantages here are that you can look at a single pane of glass for all of your monitoring needs because such metrics as CPU, disk I/O, and network for your container instances are already available on CloudWatch. Our approach involves setting up a container whose sole purpose is logging. It runs rsyslog and the CloudWatch Logs agent, and we use Docker Links to communicate to other containers.
7 the Serverless computing approach that Lambda brings about isn’t just about “not having to manage servers”. Serverless means having a simple but usable primitive – your code as a Lambda function - with nothing that looks like a container or server. The programming model and APIs are all oriented around dealing with functions. Serverless means you only pay for work done, not for provisioning capacity. You don’t have to worry about utilization, because you never pay for idle. You only pay for compute time, that is, the time your function takes to run, in units of 100 ms. This is something most customers get excited about thinking about what paying 21 microcents for 100 ms of compute can do for their costs . For example, Nordstrom tells us switching to Lambda reduced the cost of their analytics pipeline by two orders of magnitude. A publishing company from Singapore tells us they saves over 30,000 per month by switching from a proprietary image processing solution to one built on Lambda for processing millions of images a day. Which brings me to the third aspect, that is Serverless means scaling is built in - you can never overprovision or under provision. Since your code is run in response to events, Lambda will automatically spin up as many instances of your function as required to handle any incoming event rate. Let me repeat this, any event rate. We have customers running backends handling in excess of 100, 000 TPS at peak, and others like Adroll who are processing over 55 B ad impressions a day through Lambda. And last but not the least - Serverless means that functions come with high availability and, depending on the workload, fault tolerance come built in. The combination of offloading these responsibilities can have significant impact on the way you own and operate applications running in the cloud. For example, Vidroll tells us what used to take them 10 engineers now takes them two, while handling twice the scale.
11 Event sources come in a few flavors. First , data repositories. If it stores data that you want to track changes for, it’s a potential event source. Remember, you can always bring your own event source – Lambda exposes an invoke API that accepts arbitrary JSON payloads as events, so if you have a system that emits events, you can wire it up to Lambda.
So what can you build with an event driven compute service? We see two broad patterns – using Lambda to process data as it comes in and write to other data stores downstream; or, using Lambda to build interactive backends, adding backend logic in front of databases or other services. Customers like Thomson Reuters use Lambda to process files loaded into Amazon S3 as soon as the data is available, from image transformation, to file format conversion, to developing indexes of uploaded content. Customers like Adroll and localytrics using Kinesis and Lambda to process large amounts of streaming data in realtime for their click stream analysis. You can also build NoSQL Database triggers for DynamoDB, such as validating every row written or adding calculated columns.
In the interactive backend class, Customers like EasyTen are building serverless mobile backends, where their Lambda function containing cross platform app logic is invoked synchronously using the AWS Mobile SDK, or build standalone REST microservices using Lambda with Amazon API Gateway. You can also use Lambda to create new voice driven “skills” for Alexa on Amazon Echo, allowing you create voice powered commands to do a variety of operations like order a pizza or post a slack update.
There are a whole collection of AWS services with Lambda integration like CloudFormation, or Simple Notification Service of Simple Worfklow service – the idea being, if you need to run arbitrary code and don’t want to worry about servers, Lambda is a great starting point.
We’ll go through a use case that leverage AWS Lambda and Amazon Cognito to retrieve temporary credentials for a particular end user and authorize access to the APIs
As discussed before the API Gateway helps customers leverage AWS Sigv4 – only one open API is required and then we can verify signatures on all other calls.
We’ll go through a use case that leverage AWS Lambda and Amazon Cognito to retrieve temporary credentials for a particular end user and authorize access to the APIs
As discussed before the API Gateway helps customers leverage AWS Sigv4 – only one open API is required and then we can verify signatures on all other calls.
15 Combined with API Gateway, Lambda gives you an easy way to build a scalable, reliable service to serve user requests, such as a web backend or a mobile backend or a Slack bot backend. This example looks at using AWS Lambda and Amazon API Gateway to build a dynamic voting application, which receives votes via SMS, aggregates the totals into DynamoDB, and then updates a static HTML page in S3 to display the results in real time. An API Gateway front end interacts with a Lambda function that writes to a DynamoDB table; the DynamoDB table in turn acts as an even source for an auditing Lambda function. As you can see , API Gateway , Lambda and DynamoDB form an interactive part of the stack, and DynamoDB and Lambda come together for a more asynchronous component. Now you may ask – but what about state for the web app? Lambda functions don’t have a built in concept of state, so you must use an external store, like DynamoDB to persist the information.
Hopefully this gives you a sense of both of what a simple event source + lambda + downstream service setup looks like, as well how simple it is to chain these together. To talk more about what such systems look like in production, here’s Sam.
13 One of the popular uses for Lambda is for backend data processing workflows, such as those for an e-commerce backend, or for an ingestion pipeline for media content. Here’s a sample architecture for a real time file processing application, similar to those built by Thomson Reuters, Seattle Times, Fireeye, Periscope and others. When the file gets upload to S3, it sends the event to Lambda, using Amazon SNS for fanning out the requests among multiple Lambda functions. One function handles format conversion and writes to another S3 bucket, the second indexes the data into DynamoDB, and the third records the file size to track total data processed. Now, due to how Lambda retries asynchronous invocations, as is the case with SNS and S3, your code should be designed to handle duplicates.
The functions in these architectures invariable do some heavy duty processing, like video transcoding, so its important to remember that memory is your performance dial. When running within Lambda, you control how much CPU and memory is available to your function by configuring its memory. Lambda gives you 23 “power levels” so to speak, with settings from 128MB to 1.5GB, with the highest setting getting you 12 times the CPU and memory as the lowest one. If your function is CPU bound, higher settings equals faster runtimes!
This is an example of event source to Lambda being one to many – S3 and SNS as the event source, which fanout to multiple Lambda functions to do different operations, which each then write back to the same set of stores, in this case, S3 and DynamoDB.
14 When combined with Kinesis, Lambda also fits nicely into real time processing workflows for machine data, operational logs, and similar data. Major League Baseball, Zillow, and Localytics have all published architectures highlighting this approach. The same architecture here shows parallel processing on an incoming stream of data using multiple lambda functions, each piping to a different destination. In this example, the incoming stream of operational data is ingested through Kinesis, and then processed in parallel by two Lambda functions. The first one does aggregation and metrics calculation, the second chunks the stream into flat files and backs it up into S3, potentially for further batch processing by EMR or Redshift. In this architecture, the two Lambda functions share the Kinesis’s Streams read throughput, but get individual copies and checkpoints on the data being read. Lambda automatically checkpoints each batch as it successfully processes, but this also means it will retry the entire batch if the invoke hits a code error. You can customize the retry policy by piping the failed records to another queue or Lambda function to process out of order from the others, and have the code return a success code so that the function moves on.
This is what “pattern 2” looks like - one event source fans out to multiple Lambda functions, each of which writes to its own downstream store.