Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Containerless in the Cloud with AWS Lambda

907 vues

Publié le

Slides from ConFoo (confoo.ca) 2017 presentation on Amazon Lambda. Covers AWS Lambda, AWS Cognito, and AWS API-Gateway.

Publié dans : Technologie
  • Soyez le premier à commenter

Containerless in the Cloud with AWS Lambda

  1. 1. Containerless in the Cloud with AWS Lambda RYAN CUPRAK
  2. 2. Containers Containers provide execution environment.
  3. 3. Containers + Cloud EC2 Tomcat / Java EE Container EC2 Tomcat / Java EE Container EC2 JMS Server RDS SQL Database
  4. 4. Containers = Platform Lock-in Language Tool Chain Ecosystem
  5. 5. Container Drawbacks  Overkill for many types of applications  Hard to ‘automatically’ scale  Complex programming models  Significant skills investment:  Security  Configuration  Technology stack
  6. 6. Traditional App Drawbacks  Servers  Data Centers  Software  Monitoring tools  Test environments  IT support  Service contracts  Data Replication & Policies  Approvals
  7. 7. Container Challenge QUICKLY develop a web and mobile application:  Registration and authentication (OAuth)  HTTPS  SMS notifications  RESTful endpoints  Automatic scalability across the globe  Native code for both iOS and Android  Versioning  Real-time monitoring Time to go: Containerless and Serverless
  8. 8. What is Amazon Lambda?
  9. 9. What is Lambda? IaaS • Infrastructure as a Service PaaS • Platform as a Service SaaS • Software as a Service FaaS • Function as a Service
  10. 10. What is Lambda? Code Deploy Run
  11. 11. What is Lambda?  Lambda is a stateless function  Executes in response to an event  Executes in an isolated environment  Can be implemented using:  JavaScript  Java  Python  C#  Dependencies (executables/libraries) can be packaged with a library.
  12. 12. Example Function: 1 exports.handler = function(event,context) { context.succeed('Hello ConFoo!'); }; Handler Function Data passed to function (converted from JSON) Lambda runtime
  13. 13. Example Function: 2 exports.handler = function(event,context) { context.succeed('Hello ' + event.firstName + ' ' + event.lastName + ' you are at ConFoo!'); }; Parsed Parameters { "firstName": "Ryan", "lastName": "Cuprak” }
  14. 14. Demo
  15. 15. Lambda Pricing  Requests  First 1 million requests are FREE  $0.20 per each million requests thereafter  Duration:  Charged $0.00001667 for every gigabyte second used  Free Tier Memory (MB) Free sec/month Price / 100 ms ($) 128 3,200,000 0.000000208 192 2,133,333 0.000000313 256 1,600,000 0.000000417 …. … …
  16. 16. Cost Scenarios Executions Memory Execution Time Cost 50,000 128 1 second $0.11 100,000 128 1 second $0.23 500,000 128 1 second $1.14 1,000,000 128 1 second $2.28 50,000 256 1 second $0.21 100,000 256 1 second $0.42 500,000 256 1 second $2.08 1,000,000 256 1 second $4.17 50,000 128 2 second $0.21 100,000 128 2 second $0.42 500,000 128 2 second $2.08 1,000,000 128 2 second $4.17 Not Including Free Tier – add other services
  17. 17. Lambda Basics  Security provided by IAM – Identity & Access Management.  Lambda functions can start threads, access the disk, access other AWS services.  Default safety threshold of 100 concurrent executions per region.  Can be increased per request.  AWS will attempt to invoke a Lambda function 3 times.  External libraries should be bundled with Lambda function (zip/jar)
  18. 18. Execution Environment Runtime versions:  Node.js v4.3.2  Old, current Node.js release: 6.10.0  Java – Java 8 (OpenJDK)  Python 2.7  .NET Core (1.0.1 C#) Libraries available in execution environment:  AWS SDK for JavaScript (2.16.0)  AWS SDK for Python  AWS build of OpenJDK 8
  19. 19. Execution Environment…  Lambda environment based on: amzn-ami-hvm-2016.03.3.x86_64-gp2  Linux kernel: 4.4.35-33.55.amzn1.x86_64  Only 64 bit binaries are supported.
  20. 20. Environment Variables Variable Variable LAMBDA_TASK_ROOT AWS_LAMBDA_FUNCTION_VERSION AWS_EXECUTION_ENV PATH LAMBDA_RUNTIME_DIR LANG AWS_REGION LD_LIBRARY_PATH AWS_DEFAULT_REGION NODE_PATH AWS_LAMBDA_LOG_GROUP_NAME PYTHON_PATH AWS_LAMBDA_LOG_STREAM_NAME • AWS_ACCESS_KEY • AWS_ACCESS_KEY_ID • AWS_SECRET_KEY • AWS_SECRET_ACCESS_KEY • AWS_SESSION_TOKEN • AWS_SECURITY_TOKEN AWS_LAMBDA_FUNCTION_NAME AWS_LAMBDA_FUNCTION_MEMORY_S IZE
  21. 21. Versioning  New lambda function = $LATEST version  ARN = Amazon Resource Number – uniquely identifies an Amazon resource  Two ARNs associated with a lambda function:  Qualified ARN  arn:aws:lambda:aws-region:acct-id:function:helloworld:$LATEST  Unqualified ARN  arn:aws:lambda:aws-region:acct-id:function:helloworld  New versions must be explicitly published
  22. 22. Logging  Node.js  Console.log/error/warn/info()  Java  log4j 1.2 (LambdaLogger.log())  System.out/err – each line separate event  C#  Console.Write/WriteLine  Lambda.Log()  Via context object: context.Logger.log()  Python  Print statements  Logger functions in logger module: logging.Logger.info
  23. 23. Logging View in CloudWatch:
  24. 24. Failures & Errors  Lambda function can fail for the following reasons:  Function doesn’t complete before time limit  Input data fails to parse  Runs out of memory  Failure handling depends upon how it was invoked:  Non-stream based  Synchronous – Error 429 is returned, client responsible to retries.  Asynchronous – Retry twice with a time delay, DLQ.  Stream-based:  Will attempt to re-process until it succeeds to data expires.  No new records will be processed
  25. 25. Availability Regions  Northern Virginia  Ohio  Oregon  Northern California  Montreal  São Paulo  GovCloud  Iceland  Frankfurt  London  Signapore  Tokyo  Sydney  Seoul  Mumbai  Beijin
  26. 26. Resource Limits Resource Default Limit Ephemeral disk capacity ("/tmp" space) 512 MB Number of file descriptors 1024 Number of processes and threads (combined total) 1024 Maximum execution duration per request 300 seconds Invoke request body payload size (RequestResponse) 6 MB Invoke request body payload size (Event) 128 K Invoke response body payload size (RequestResponse) 6 MB
  27. 27. Deployment Limits Item Default Limit Lambda function deployment package size (.zip/.jar file) 50 MB Total size of all the deployment packages that can be uploaded per region 75 GB Size of code/dependencies that you can zip into a deployment package (uncompressed zip/jar size) 250 MB Total size of environment variables set 4 KB
  28. 28. Power of Lambda
  29. 29. Event Sources  Invocations: Asynchronous or Synchronous  Events sources from AWS services:  Amazon S3  Kinesis  DynamoDB  CloudTrail  SNS  Code Commit  HTTPS – via Amazon API Gateway  Custom app sources (ex. Android)  Scheduled events
  30. 30. Use Cases  S3 + Lambda – image processing, filter, document analysis, indexing.  Kinesis + Lambda – transaction order processing, auditing.  SNS + Lambda – alarm response, auditing, event processing.  DynamoDB + Lambda – data validation, data processing, filter, notification.  Alexa + Lambda – automated voice responses (Amazon Echo).
  31. 31. Blueprints
  32. 32. Exposing/Securing Lambda Cognito Lambda API- Gateway
  33. 33. Amazon API-Gateway
  34. 34. API-Gateway  Build, deploy, manage RESTful APIs  Supports throttling and protection against DDoS  Supporting versioning and staging  Auto-generates client implementations:  Java, JavaScript, Android, Object-C, Swift  Flexible authorization model – ties in with Amazon Cognito. HTTPS Restful Invokes
  35. 35. API-Gateway http://swagger.io/
  36. 36. API-Gateway Demo
  37. 37. API-Gateway
  38. 38. API-Gateway
  39. 39. API-Gateway Invoking service (webpage/app):
  40. 40. API-Gateway  Published an API – now what?  APIs can be sold!  Two concepts:  Usage Plan  API Key  Steps:  Create usage plan  Associate a key  Associate a key on the service
  41. 41. Amazon Cognito
  42. 42. Amazon Cognito Three ways to secure an API-Gateway: 1. API-Keys  Appropriate for service-to-service communication  Risky to place secret key on client for long periods of time 2. Identity & Access Management  Inter-application communication  Within an organization – IAM integrated 3. Amazon Cognito  Appropriate for third-party integration
  43. 43. Amazon Cognito  User/identity authentication service.  Support storage of user data in the cloud (mobile app preferences and state).  Authenticate users against federated identity providers (Facebook/Google).  Manage custom identity/user pool.  Sync functionality to synchronize user profile data across devices.
  44. 44. Amazon Cognito
  45. 45. User Pools  Federated Managing “own” user directory/sign-ups etc.  Support multi-factor authentication (MFA)  Users can start anonymous and then register  Password recovery (SNS/email/etc.)  Collect maintain user meta-information
  46. 46. User Pools
  47. 47. User Pools
  48. 48. Federated Identities  Create unique identities for your users and federate them with identity providers.  Supported providers:  Amazon, Facebook, Google, Twitter/Digits  Amazon Cognito User Pools  Open ID Connect Providers  SAML Identity Provider  Developer Authenticated Identities
  49. 49. Federated Identities
  50. 50. Federated Identities
  51. 51. Cognito + API Gateway Amazon Cognito API-Gateway Identity Provider Client Login Get Id Validation Invoke Web Service
  52. 52. Cognito + API Gateway JavaScript client: Invoking secured API - config
  53. 53. Cognito + API Gateway JavaScript client: Invoking secured API - config
  54. 54. Java & Lambda
  55. 55. Lambda using Java 1. Loading a method directly without implementing an interface. outputType handler-name(inputType, Context ) { ... }  inputType – event data or custom object  context – Java object containing executing environment information  outputType – result for synchronous calls 2. Implementing a standard interface provided by aws- lambda-java-core:  RequestHandler – custom input/output objects:  getters/setters/no arg constructor  Serialized to JSON automatically  RequestStreamHandler – input/output stream responses
  56. 56. Java Example JSON converted to Java Objects using Jackson
  57. 57. Java Example
  58. 58. Dependencies
  59. 59. Uber JAR
  60. 60. Java Demo Demo
  61. 61. Java vs. JavaScript  Hello World Java:  167.63 ms (Billed 200 ms)  43 MB  Hello World JavaScript:  2.05 ms  31 MB
  62. 62. Java EE vs AWS  Java EE is a standard with several implementations.  AWS is a set of ready-to-use services:  SQS + SNS ~ JMS (roughly!)  Kinesis ~ Apache Kafka  Elastic Search ~ Lucene  Lambda ~ Stateless Session Beans  Transactions?  Injection?  S3 Buckets – No equivalent  DynamoDB ~ MongoDB/Couchbase  AWS cloud spans regions/data centers  Data automatically mirrored
  63. 63. Technical  Distributed transactions  Long running tasks  Report Generation  Compute intensive tasks  Rules engines  Third party dependencies applications  Integration with legacy systems  Websockets (bi-directional communication) Legal  Estimating and controlling costs  Third party licenses  Regulatory requirements  Snapshots for security instances Reason to use Java EE
  64. 64. Example Architecture EC2 Java EE Container RDS SQL Database Amazon API Gateway EC2 Java EE Container Amazon Lambda Java JS Python Amazon SQS Elastic Search DynamoDB S3 Amazon SNS
  65. 65. Conclusion
  66. 66. Challenges • Documentation! • Testing • Debugging • Tooling support • Error handling • AWS Code Commit integration • Node.js version lagging
  67. 67. Best Practices  Small archives containing code  Don’t include the entire application!  Minimize startup costs  Periodically invoke lambdas to keep “warm”  Monitor logs for failures
  68. 68. Resources  AWS Compute Blog  https://aws.amazon.com/blogs/compute/  AWS Forums  https://forums.aws.amazon.com/forum.jspa?forumID= 186  AWS Pet Store  https://github.com/awslabs/api-gateway-secure-pet- store  http://tinyurl.com/z3qyefg  Authentication/Cognito  https://goo.gl/auEWLl  FAQ  https://aws.amazon.com/lambda/faqs/
  69. 69. Q&A  Twitter: @ctjava  Email: rcuprak@gmail.com  Blog: cuprak.info

×