SlideShare ist ein Scribd-Unternehmen logo

SRV312_Taking Serverless to the Edge

Amazon Web Services
Amazon Web Services

AWS Lambda enables you to run code without provisioning or managing servers. Today, you can write your Lambda functions once and execute them everywhere your end viewers are present with AWS Lambda@Edge. This session walks through multiple examples of web applications that use the serverless programming model for authentication, customization, and security to address the question of how to design and deploy intelligent web applications with AWS Lambda@Edge and Amazon CloudFront. The startup DataDome will also share its experience with Lambda@Edge and CloudFront, and how it simplified the onboarding process for its customers. Deployed globally on CloudFront PoP locations, their bot protection service can now be activated in one-click through the AWS console.

1 von 81
Downloaden Sie, um offline zu lesen
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Taking Serverless to the Edge B e n j a m i n F a b r e , D a t a D o m e C o - f o u n d e r & C T O G e o r g e J o h n , A W S P r o d u c t M a n a g e r W i l l S t . C l a i r , A W S S r . S o l u t i o n s A r c h i t e c t N o v e m b e r 2 0 1 7 S R V 3 1 2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is covered in this session • Why do serverless at the edge ? • How can AWS Lambda@Edge help? • How DataDome implemented real time bot protection ?
No servers to provision or manage Scales with usage Never pay for idle Built-in availability and fault tolerance Serverless means…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. … but what if you could run your Lambda functions at the Edge?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFront Global Content Delivery Network 107 PoPs (96 Edge Locations + 11 Regional Edge Caches)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFrontAWS Lambda Lambda@Edge Lambda@Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Globally distributed No servers to provision or manage Scales with usage Never pay for idle Built-in availability and fault tolerance Lambda@Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Origin AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location Compute Storage Database
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront Events CloudFront cache End users Viewer Request Viewer Response Origin Response Origin Origin Request
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Content-based routing NEWNetwork calls • Origin events NEW Response generation • Binary Support • Larger functions (upto 1536 MB) • Larger Responses (upto 1MB) • Larger packages (upto 50MB) • Longer timeouts (upto 30 secs) NEW NEW NEW NEW NEW NEW• Viewer events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Taking Serverless to the Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization Application code
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TO MICROSERVICES Amazon CloudFront Authentication and authorization Content management and processing Localization, internationalization, and personalization Lambda@Edge FunctionsUser Agents HTTP Origins
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin Response Origin RequestViewer Request
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST EVENTS Executed on every request before CloudFront’s cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached NEW
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATELESS AUTH User Agent User credentials Identity provider (IdP) JSON Web Token (JWT) Legacy application CloudFront distribution www.example.com JWT JWT public key Access decision Origin applicationJWT Amazon S3 Bucket ? ?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. { "iss": "https://idp.example.com", "client_id": "exampleclient", "sub": "081e018d-0594-411a-bbe8-cccd7c6058a2", "custom:allowed_paths": [ "/customer/249/*", "/user/1360/*", "/videos/29492/*” ] } VIEWER REQUEST: STATELESS AUTH Example JWT payload: Private claims for making an access decision
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATELESS AUTH JWT JWT public key Viewer Request Event User Agent CloudFront distribution www.example.com JWT HTTP 403, 3XX, etc. NO Access decision Legacy application S3 Bucket Origin application OK
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATEFUL AUTH Viewer Request Event User Agent CloudFront distribution www.example.com NO Paywall message, 403, redirect, etc. $ Entitlement service HTTP request Access decision HTTP Origins OK
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin Response Viewer Request Origin Request
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST EVENTS Executed on cache miss, before a request is forwarded to the origin Make one or more external network calls Dynamically select an origin based on request headers Implement pretty URLs by rewriting the origin URL Generate responses that can be cached
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: BODY GENERATION <h1>{ page.title }</h1> {{ for section in page.sections }} <h2>{ section.title }</h2> <p>{ section.body }</p> {{ endfor }} "page": { "title": "Hello", "sections": [ { "title": "Introduction", "body": "The quick..." }, { ... } ]
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: BODY GENERATION User Agent CloudFront distribution www.example.com Cache Behavior /blog Origin Request Event S3 Bucket blog-templates.s3.amazonaws.com Amazon DynamoDB table blog-posts External network calls Rendered templateCached response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. const templateBucket = 'blog-templates-123456789012'; const postTable = 'blog-posts'; var AWS = require('aws-sdk'); var Mustache = require('mustache'); var s3 = new AWS.S3({region: 'us-east-1'}); var documentClient = new AWS.DynamoDB.DocumentClient({ region: 'us-east-1'}); exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const response = { status: '200', statusDescription: 'OK', headers: { 'cache-control': [{ key: 'Cache-Control', value: 'max-age=2628000, public’ }], 'content-type': [{ key: 'Content-Type', value: 'text/html; charset=utf-8’ }]}}; ORIGIN REQUEST: BODY GENERATION CODE const ddbParams = { TableName: postTable, Key: { slug: request['uri'].slice(1) }}; documentClient.get(ddbParams, function(err, resp) { if (err) { callback(err, null); return; } const template = resp['Item']['template']; const data = resp['Item']['data']; const s3Params = { Bucket: templateBucket, Key: template }; s3.getObject(s3Params, function(err, s3resp) { if (err) { callback(err, null); return; } const body = s3resp.Body.toString('utf-8'); response.body = Mustache.render(body, data); callback(null, response); }); }); };
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FULL BODY GENERATION DEMO
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRETTY URLS FOR USER/API EXPERIENCE https://tiles.example.com/zoom/x/y.jpg S3 Bucket tiles-v1.s3.amazonaws.com Legacy Service old-tile-service.example.net Elastic Load Balancer tile-service-123456.us-east-1 .amazonaws.com
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST : PRETTY URLS https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin Request Event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: IMAGE PROCESSING User Agent CloudFront distribution www.example.com Origin Request Event PUT Amazon API Gateway Image Thumbnail Function S3 Bucket image-thumbnails.s3.amazonaws.com GET S3 Bucket image-originals.s3.amazonaws.com GET 404
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TRANSPARENT GLOBAL EXPANSION Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TRANSPARENT GLOBAL EXPANSION
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ORIGIN SELECTION id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User Agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ORIGIN SELECTION User Agent CloudFront distribution www.example.com North America origin User DB Cache Behavior /login North America app DB Europe origin Europe app DB home-region=eu ? APAC origin APAC app DB Cache Behavior /app Origin Request Event
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ROUTE ON USER AGENT User Agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin Request Event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: GENERATE REDIRECT User Agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin Request Event Cloudfront-Viewer-Country? Accept-Language?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 'use strict'; const originDomainNames = { 'origin_1': 'origin.us-east-1.example.com', 'origin_2': 'origin.eu-west-1.example.com' }; const defaultOrigin = 'origin_1'; function chooseOrigin(headers) { /* Parse cookies, inspect headers, etc. */ if (condition1) { return 'origin_1'; } else if (condition2) { return 'origin_2'; } else { return default_origin; } } ORIGIN REQUEST: CUSTOM ROUTING CODE exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const headers = request.headers; const selectedOrigin = chooseOrigin(headers); /* Modify the request's `origin` object. */ request.origin = { custom: { domainName: originDomainNames[selectedOrigin], keepAliveTimeout: 60, path: '/', port: 443, protocol: 'https', readTimeout: 5, sslProtocols: ['TLSv1', 'TLSv1.1'] } }; callback(null, request); };
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST DEMO
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN RESPONSE EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin RequestViewer Request Origin Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN RESPONSE EVENTS Executed on cache miss, after a response is received from the origin Make external network calls Modify the response headers prior to caching
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 'use strict'; exports.handler = (event, context, callback) => { const response = event.Records[0].cf.response; const headers = response.headers; const headerName = 'Strict-Transport-Security'; const headerValue = 'max-age=31536000; includeSubDomains'; headers[headerName.toLowerCase()] = [{ key: headerName, value: headerValue }]; callback(null, response); }; ORIGIN RESPONSE: INJECT HEADERS Content-Type Cache-Control HTTP Strict Transport Security (HSTS) Content-Security-Policy and more!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Origin Response Origin RequestViewer Request Viewer Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE EVENTS Executed on all requests, after a response is received from the origin or cache Modify the response headers without caching the result Make external network calls NEW
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE: SET USER COOKIES User Agent CloudFront distribution www.example.com CloudFront cache Origin fetch Cache miss Viewer response event const sid = uuidv4(); headers['set-cookie'].push({ Key: 'Set-Cookie', Value: 'sessionid=' + sid });
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real time bot protection taken to the edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benjamin Fabre, DataDome co-founder & CTO b@datadome.co benjaminfabre @bfabre datadome.co
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent Data Protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent bot mitigation Protection Analysis Re-action
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1.The challenge of real time bot protection 2 . P r o t e c t t h e O r i g i n 3 . P r o t e c t t h e E d g e What to expect from this session
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots account for 50% of global web traffic
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Advanced crawling technologies 2017
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots are massively distributed
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The challenge of advanced bot protection Detection & Re-action <2ms
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 . T h e c h a l l e n g e o f r e a l t i m e b o t p r o t e c t i o n 2.Protect the Origin 3 . P r o t e c t t h e E d g e
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Functional logic
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IaaS Integration browser end client customer webserver customer application API 1 2 3 4
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real time detection challenges Scalability Latency
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3 detection stages sync async seconds Fast Streaming engine Stream detection minutes Scalable Storage Behaviour detection mseconds Limit I/O RealTime detection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ElastiCache Redis Regional PoP Realtime detection (< 2ms) AWS Elastic Beanstalk Multi Docker Container Load Balancer Async jobs DataDome Modules API Server instances Global Behaviour detection (~ minutes) Elasticsearch cluster Behaviour algorithmsApache Flink Global Streaming detection (~ seconds) Apache Kafka Architecture
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Achievements  Run real time detection under 2ms per hit  Shared detection across multiple AWS Regions  More than 15 billion hits protected per month
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 . T h e c h a l l e n g e o f r e a l t i m e b o t p r o t e c t i o n 2 . P r o t e c t t h e O r i g i n 3.Protect the Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Lambda@Edge?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFront
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. + =
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge integration browser end client customer application API 1 3 AWS Lambda Viewer Request 4 Amazon CloudFront 2
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11 DataDome Regional API PoP api-eu-france-1.datadome.co api-eu-west-1.datadome.co api-eu-central-1.datadome.co api-us-east-1.datadome.co api-us-west-1.datadome.co api-ap-south-1.datadome.co api-ap-southeast-1.datadome.co api-ap-southeast-2.datadome.co api-ap-northeast-1.datadome.co api-ap-northeast-2.datadome.co api-sa-east-1.datadome.co Datadome API server
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A single endpoint thanks to Amazon Route 53 Amazon Route 53 api-lambda.datadome.co Resolve to the closest DataDome Regional API
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Legitimate human request browser end client HTTP Origins DataDome API Viewer Request Origin Request Origin ResponseViewer Response CloudFront cache 200
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Illegitimate bot request BOT HTTP Origins Viewer Request Origin Request Origin ResponseViewer Response CloudFront cache DataDome API 403
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Some code for Lambda@Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. /******************************/ /* Requirements and main app. */ /******************************/ const http = require('http'); const querystring = require('querystring'); const process = require('process'); const util = require('util'); exports.handler = (event, context, callback) => { /********************/ /* DataDome process */ /********************/ recordLog('debug', 'Initial request: ', event.Records[0].cf.request); const request = event.Records[0].cf.request; Hook the request event
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. // Builds request data var requestData = { "Key" : DATADOME_LICENSE_KEY, "ServerName" : context.invokedFunctionArn, "IP" : request.clientIp, "TimeRequest" : getCurrentMicroTime(), "Protocol" : getRequestProtocol(request), "Method" : request.method, "ServerHostname" : getHeader(request.headers, 'host'), "Request" : request.uri, "HeadersList" : getHeadersList(request.headers), "Host" : getHeader(request.headers, 'host'), "UserAgent" : getHeader(request.headers, 'user-agent'), "Referer" : getHeader(request.headers, 'referer'), "Accept" : getHeader(request.headers, 'accept'), "AcceptEncoding" : getHeader(request.headers, 'accept-encoding'), "AcceptLanguage" : getHeader(request.headers, 'accept-language'), Collect request information
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. /*********************/ /* DataDome const */ /*********************/ const datadomeHost = 'api-lambda.datadome.co'; const datadomePath = '/validate-request/'; ///////////////////////////////////// // Prepares request to DataDome API let req = http.request({ host : datadomeHost, path : datadomePath, method : 'POST’, agent : agent }, function (datadomeResponse) { Query DataDome API servers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. switch (datadomeResponse.statusCode) { case 200: callback(null, redirect200Response); return; case 403: var bodyData = ''; datadomeResponse.on('data', function (chunk) {bodyData += chunk;}); datadomeResponse.on('end', function() { // Builds response to send let response = { status : '403', statusDescription : 'HTTP Forbidden', body : bodyData }; callback(null, response); }); Handle the response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  Extract information from incoming request  Prepare and send the fingerprint to the closest DataDome API Servers  Depending on the response • allow • block • redirect the request Lambda function sum-up
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s next with lambda • Specific captcha based on browser detection • Different caching policy based on the Bot Status Viewer Request • Specific endpoint origin for Good Bot Origin Request • Generate fake content for scrapper Viewer Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent Data Protection all over the world
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you for your feedbacks Let’s connect b@datadome.co benjaminfabre @bfabre datadome.co
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU! O t h e r L a m b d a @ E d g e s e s s i o n s : C T D 4 0 3 - S u p e r c h a r g e Y o u r W e b s i t e s w i t h t h e P o w e r o f L a m b d a @ E d g e C T D 3 0 9 - B u i l d i n g S e r v e r l e s s W e b s i t e s w i t h L a m b d a @ E d g e

Empfohlen

IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTIOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoT
Amazon Web Services
 
CON318_Interstella 8888 Monolith to Microservices with Amazon ECS
CON318_Interstella 8888 Monolith to Microservices with Amazon ECSCON318_Interstella 8888 Monolith to Microservices with Amazon ECS
CON318_Interstella 8888 Monolith to Microservices with Amazon ECS
Amazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
Amazon Web Services
 
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in MinutesSRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
Amazon Web Services
 
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
Amazon Web Services
 
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Amazon Web Services
 
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
Amazon Web Services
 
CON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolCON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lol
Amazon Web Services
 

Empfohlen

IOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoTIOT203_Getting Started with AWS IoT
IOT203_Getting Started with AWS IoT
Amazon Web Services
 
CON318_Interstella 8888 Monolith to Microservices with Amazon ECS
CON318_Interstella 8888 Monolith to Microservices with Amazon ECSCON318_Interstella 8888 Monolith to Microservices with Amazon ECS
CON318_Interstella 8888 Monolith to Microservices with Amazon ECS
Amazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
Amazon Web Services
 
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in MinutesSRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
SRV314_Building a Serverless Pipeline to Transcode a Two-Hour Video in Minutes
Amazon Web Services
 
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
GPSWKS408-GPS Migrate Your Databases with AWS Database Migration Service and ...
Amazon Web Services
 
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Interstella 8888: Advanced Microservice Operations - CON407 - re:Invent 2017
Amazon Web Services
 
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
NEW LAUNCH! Introducing Amazon EKS - CON215 - re:Invent 2017
Amazon Web Services
 
CON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lolCON317_Advanced container management at catsndogs.lol
CON317_Advanced container management at catsndogs.lol
Amazon Web Services
 
MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
Amazon Web Services
 
CON208_Building Microservices on AWS
CON208_Building Microservices on AWSCON208_Building Microservices on AWS
CON208_Building Microservices on AWS
Amazon Web Services
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized Services
Amazon Web Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017
Amazon Web Services
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Amazon Web Services
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWS
Amazon Web Services
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with Containers
Amazon Web Services
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWS
Amazon Web Services
 
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for KubernetesIntroduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Amazon Web Services
 
CTD403_Supercharge Your Websites with the Power of Lambda@Edge
CTD403_Supercharge Your Websites with the Power of Lambda@EdgeCTD403_Supercharge Your Websites with the Power of Lambda@Edge
CTD403_Supercharge Your Websites with the Power of Lambda@Edge
Amazon Web Services
 
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Amazon Web Services
 
DEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon WayDEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon Way
Amazon Web Services
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
Amazon Web Services
 
STG203_Get Rid of Tape and Modernize Backup with AWS
STG203_Get Rid of Tape and Modernize Backup with AWSSTG203_Get Rid of Tape and Modernize Backup with AWS
STG203_Get Rid of Tape and Modernize Backup with AWS
Amazon Web Services
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
Amazon Web Services
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKS
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Amazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Amazon Web Services
 
MCL306_Making IoT Smarter with AWS Rekognition.pdf
MCL306_Making IoT Smarter with AWS Rekognition.pdfMCL306_Making IoT Smarter with AWS Rekognition.pdf
MCL306_Making IoT Smarter with AWS Rekognition.pdf
Amazon Web Services
 
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Amazon Web Services
 
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

CON208_Building Microservices on AWS
CON208_Building Microservices on AWSCON208_Building Microservices on AWS
CON208_Building Microservices on AWS
Amazon Web Services
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWS
Amazon Web Services
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with Containers
Amazon Web Services
 
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Amazon Web Services
 
DEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon WayDEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon Way
Amazon Web Services
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
Amazon Web Services
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
Amazon Web Services
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Amazon Web Services
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Amazon Web Services
 

Was ist angesagt? (20)

MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
MBL309_User Engagement, Messaging, and Analytics Using Amazon Pinpoint from A...
 
CON208_Building Microservices on AWS
CON208_Building Microservices on AWSCON208_Building Microservices on AWS
CON208_Building Microservices on AWS
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized Services
 
Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017Storage State of the Union - STG201 - re:Invent 2017
Storage State of the Union - STG201 - re:Invent 2017
 
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
Deep Dive: AWS Direct Connect and VPNs - NET403 - re:Invent 2017
 
CON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWSCON213_Hands-on Kubernetes on AWS
CON213_Hands-on Kubernetes on AWS
 
CON203_Driving Innovation with Containers
CON203_Driving Innovation with ContainersCON203_Driving Innovation with Containers
CON203_Driving Innovation with Containers
 
CON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWSCON209_Interstella 8888 Learn How to Use Docker on AWS
CON209_Interstella 8888 Learn How to Use Docker on AWS
 
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for KubernetesIntroduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
Introduction to AWS Fargate & Amazon Elastic Container Service for Kubernetes
 
CTD403_Supercharge Your Websites with the Power of Lambda@Edge
CTD403_Supercharge Your Websites with the Power of Lambda@EdgeCTD403_Supercharge Your Websites with the Power of Lambda@Edge
CTD403_Supercharge Your Websites with the Power of Lambda@Edge
 
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
Reinforcement Learning – The Ultimate AI - ARC320 - re:Invent 2017
 
DEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon WayDEV203_Launch Applications the Amazon Way
DEV203_Launch Applications the Amazon Way
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
 
STG203_Get Rid of Tape and Modernize Backup with AWS
STG203_Get Rid of Tape and Modernize Backup with AWSSTG203_Get Rid of Tape and Modernize Backup with AWS
STG203_Get Rid of Tape and Modernize Backup with AWS
 
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
NEW LAUNCH! Gain Operational Insights and Take Action on AWS Resources with A...
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKS
 
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
NEW LAUNCH! Amazon EC2 Bare Metal Instances - CMP330 - re:Invent 2017
 
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...Podcasting on AWS – A Discussion on Everything from Production to Distributio...
Podcasting on AWS – A Discussion on Everything from Production to Distributio...
 
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to MicroservicesDEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
 
MCL306_Making IoT Smarter with AWS Rekognition.pdf
MCL306_Making IoT Smarter with AWS Rekognition.pdfMCL306_Making IoT Smarter with AWS Rekognition.pdf
MCL306_Making IoT Smarter with AWS Rekognition.pdf
 

Ähnlich wie SRV312_Taking Serverless to the Edge

Learn how to build serverless applications using the AWS Serverless Platform-...
Learn how to build serverless applications using the AWS Serverless Platform-...Learn how to build serverless applications using the AWS Serverless Platform-...
Learn how to build serverless applications using the AWS Serverless Platform-...
Amazon Web Services
 
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Amazon Web Services
 
DVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational TransformationDVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational Transformation
Amazon Web Services
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
Amazon Web Services
 

Ähnlich wie SRV312_Taking Serverless to the Edge (20)

Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
 
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
Building Serverless Websites with Lambda@Edge - CTD309 - re:Invent 2017
 
Serverless in Action on AWS
Serverless in Action on AWSServerless in Action on AWS
Serverless in Action on AWS
 
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech TalksAWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...Case Study: The internals of Amazon.com's architecture that allows it to secu...
Case Study: The internals of Amazon.com's architecture that allows it to secu...
 
Scale Website dan Mobile Applications Anda di AWS hingga 10 juta pengguna
Scale Website dan Mobile Applications Anda di AWS hingga 10 juta penggunaScale Website dan Mobile Applications Anda di AWS hingga 10 juta pengguna
Scale Website dan Mobile Applications Anda di AWS hingga 10 juta pengguna
 
Learn how to build serverless applications using the AWS Serverless Platform-...
Learn how to build serverless applications using the AWS Serverless Platform-...Learn how to build serverless applications using the AWS Serverless Platform-...
Learn how to build serverless applications using the AWS Serverless Platform-...
 
Become a Serverless Black Belt: Optimizing Your Serverless Applications - SRV...
Become a Serverless Black Belt: Optimizing Your Serverless Applications - SRV...Become a Serverless Black Belt: Optimizing Your Serverless Applications - SRV...
Become a Serverless Black Belt: Optimizing Your Serverless Applications - SRV...
 
Getting Started with AWS for Developers
Getting Started with AWS for DevelopersGetting Started with AWS for Developers
Getting Started with AWS for Developers
 
Journey Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million UsersJourney Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million Users
 
React Native Workshop
React Native WorkshopReact Native Workshop
React Native Workshop
 
Soup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWSSoup to Nuts: Identity Federation for AWS
Soup to Nuts: Identity Federation for AWS
 
Reactive Architectures with Microservices
Reactive Architectures with MicroservicesReactive Architectures with Microservices
Reactive Architectures with Microservices
 
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
Technological Accelerants for Organizational Transformation - DVC303 - re:Inv...
 
DVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational TransformationDVC303-Technological Accelerants for Organizational Transformation
DVC303-Technological Accelerants for Organizational Transformation
 
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
I Want to Analyze and Visualize Website Access Logs, but Why Do I Need Server...
 
SID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWSSID344-Soup to Nuts Identity Federation for AWS
SID344-Soup to Nuts Identity Federation for AWS
 
Serverless Developer Experience
Serverless Developer ExperienceServerless Developer Experience
Serverless Developer Experience
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SRV312_Taking Serverless to the Edge

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Taking Serverless to the Edge B e n j a m i n F a b r e , D a t a D o m e C o - f o u n d e r & C T O G e o r g e J o h n , A W S P r o d u c t M a n a g e r W i l l S t . C l a i r , A W S S r . S o l u t i o n s A r c h i t e c t N o v e m b e r 2 0 1 7 S R V 3 1 2
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is covered in this session • Why do serverless at the edge ? • How can AWS Lambda@Edge help? • How DataDome implemented real time bot protection ?
  • 3. No servers to provision or manage Scales with usage Never pay for idle Built-in availability and fault tolerance Serverless means…
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. … but what if you could run your Lambda functions at the Edge?
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFront Global Content Delivery Network 107 PoPs (96 Edge Locations + 11 Regional Edge Caches)
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFrontAWS Lambda Lambda@Edge Lambda@Edge
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Globally distributed No servers to provision or manage Scales with usage Never pay for idle Built-in availability and fault tolerance Lambda@Edge
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Write once, run Lambda functions globally N Virginia AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Origin AWS Location AWS Location AWS Location AWS Location AWS Location AWS Location Compute Storage Database
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudFront Events CloudFront cache End users Viewer Request Viewer Response Origin Response Origin Origin Request
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge Content-based routing NEWNetwork calls • Origin events NEW Response generation • Binary Support • Larger functions (upto 1536 MB) • Larger Responses (upto 1MB) • Larger packages (upto 50MB) • Longer timeouts (upto 30 secs) NEW NEW NEW NEW NEW NEW• Viewer events
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Taking Serverless to the Edge
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization Application code
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FROM MONOLITH Authentication and authorization Content management and processing Localization, internationalization, and personalization
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TO MICROSERVICES Amazon CloudFront Authentication and authorization Content management and processing Localization, internationalization, and personalization Lambda@Edge FunctionsUser Agents HTTP Origins
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin Response Origin RequestViewer Request
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST EVENTS Executed on every request before CloudFront’s cache is checked Modify cache key (URL, cookies, headers, query string) Perform authentication and authorization checks Make external network calls Generate responses that will not be cached NEW
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATELESS AUTH User Agent User credentials Identity provider (IdP) JSON Web Token (JWT) Legacy application CloudFront distribution www.example.com JWT JWT public key Access decision Origin applicationJWT Amazon S3 Bucket ? ?
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. { "iss": "https://idp.example.com", "client_id": "exampleclient", "sub": "081e018d-0594-411a-bbe8-cccd7c6058a2", "custom:allowed_paths": [ "/customer/249/*", "/user/1360/*", "/videos/29492/*” ] } VIEWER REQUEST: STATELESS AUTH Example JWT payload: Private claims for making an access decision
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATELESS AUTH JWT JWT public key Viewer Request Event User Agent CloudFront distribution www.example.com JWT HTTP 403, 3XX, etc. NO Access decision Legacy application S3 Bucket Origin application OK
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER REQUEST: STATEFUL AUTH Viewer Request Event User Agent CloudFront distribution www.example.com NO Paywall message, 403, redirect, etc. $ Entitlement service HTTP request Access decision HTTP Origins OK
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin Response Viewer Request Origin Request
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST EVENTS Executed on cache miss, before a request is forwarded to the origin Make one or more external network calls Dynamically select an origin based on request headers Implement pretty URLs by rewriting the origin URL Generate responses that can be cached
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: BODY GENERATION <h1>{ page.title }</h1> {{ for section in page.sections }} <h2>{ section.title }</h2> <p>{ section.body }</p> {{ endfor }} "page": { "title": "Hello", "sections": [ { "title": "Introduction", "body": "The quick..." }, { ... } ]
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: BODY GENERATION User Agent CloudFront distribution www.example.com Cache Behavior /blog Origin Request Event S3 Bucket blog-templates.s3.amazonaws.com Amazon DynamoDB table blog-posts External network calls Rendered templateCached response
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. const templateBucket = 'blog-templates-123456789012'; const postTable = 'blog-posts'; var AWS = require('aws-sdk'); var Mustache = require('mustache'); var s3 = new AWS.S3({region: 'us-east-1'}); var documentClient = new AWS.DynamoDB.DocumentClient({ region: 'us-east-1'}); exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const response = { status: '200', statusDescription: 'OK', headers: { 'cache-control': [{ key: 'Cache-Control', value: 'max-age=2628000, public’ }], 'content-type': [{ key: 'Content-Type', value: 'text/html; charset=utf-8’ }]}}; ORIGIN REQUEST: BODY GENERATION CODE const ddbParams = { TableName: postTable, Key: { slug: request['uri'].slice(1) }}; documentClient.get(ddbParams, function(err, resp) { if (err) { callback(err, null); return; } const template = resp['Item']['template']; const data = resp['Item']['data']; const s3Params = { Bucket: templateBucket, Key: template }; s3.getObject(s3Params, function(err, s3resp) { if (err) { callback(err, null); return; } const body = s3resp.Body.toString('utf-8'); response.body = Mustache.render(body, data); callback(null, response); }); }); };
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FULL BODY GENERATION DEMO
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRETTY URLS FOR USER/API EXPERIENCE https://tiles.example.com/zoom/x/y.jpg S3 Bucket tiles-v1.s3.amazonaws.com Legacy Service old-tile-service.example.net Elastic Load Balancer tile-service-123456.us-east-1 .amazonaws.com
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST : PRETTY URLS https://tiles.example.com/zoom/x/y.jpg https://tiles-origin.s3.amazonaws.com/f5fdc6f658a49284b.jpg Origin Request Event originPath = sha256(requestPath) CloudFront cache Cache key: tiles.example.com/zoom/x/y.jpg Cached response
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: IMAGE PROCESSING User Agent CloudFront distribution www.example.com Origin Request Event PUT Amazon API Gateway Image Thumbnail Function S3 Bucket image-thumbnails.s3.amazonaws.com GET S3 Bucket image-originals.s3.amazonaws.com GET 404
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TRANSPARENT GLOBAL EXPANSION Region A customers Region A deployment Region B customers Region B deployment https://saas.example.com
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TRANSPARENT GLOBAL EXPANSION
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ORIGIN SELECTION id user 1 alex 2 bob 3 joe 4 jane User database 200 OK Application User Agent POST /login user=jane&pass=*** home-region na eu ap eu Set-Cookie: home-region=eu
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ORIGIN SELECTION User Agent CloudFront distribution www.example.com North America origin User DB Cache Behavior /login North America app DB Europe origin Europe app DB home-region=eu ? APAC origin APAC app DB Cache Behavior /app Origin Request Event
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: ROUTE ON USER AGENT User Agents Desktop Mobile Bots and crawlers CloudFront distribution www.example.com Origin Request Event Mobile optimized app Client-rendered app Server-rendered app Cloudfront-Is-Mobile-Viewer? Cloudfront-Is-Desktop-Viewer? Cloudfront-Is-Tablet-Viewer? User-Agent?
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST: GENERATE REDIRECT User Agent CloudFront distribution www.example.com HTTP redirect www.example.com/de Origin Request Event Cloudfront-Viewer-Country? Accept-Language?
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 'use strict'; const originDomainNames = { 'origin_1': 'origin.us-east-1.example.com', 'origin_2': 'origin.eu-west-1.example.com' }; const defaultOrigin = 'origin_1'; function chooseOrigin(headers) { /* Parse cookies, inspect headers, etc. */ if (condition1) { return 'origin_1'; } else if (condition2) { return 'origin_2'; } else { return default_origin; } } ORIGIN REQUEST: CUSTOM ROUTING CODE exports.handler = (event, context, callback) => { const request = event.Records[0].cf.request; const headers = request.headers; const selectedOrigin = chooseOrigin(headers); /* Modify the request's `origin` object. */ request.origin = { custom: { domainName: originDomainNames[selectedOrigin], keepAliveTimeout: 60, path: '/', port: 443, protocol: 'https', readTimeout: 5, sslProtocols: ['TLSv1', 'TLSv1.1'] } }; callback(null, request); };
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN REQUEST DEMO
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN RESPONSE EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Viewer Response Origin RequestViewer Request Origin Response
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORIGIN RESPONSE EVENTS Executed on cache miss, after a response is received from the origin Make external network calls Modify the response headers prior to caching
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 'use strict'; exports.handler = (event, context, callback) => { const response = event.Records[0].cf.response; const headers = response.headers; const headerName = 'Strict-Transport-Security'; const headerValue = 'max-age=31536000; includeSubDomains'; headers[headerName.toLowerCase()] = [{ key: headerName, value: headerValue }]; callback(null, response); }; ORIGIN RESPONSE: INJECT HEADERS Content-Type Cache-Control HTTP Strict Transport Security (HSTS) Content-Security-Policy and more!
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE EVENTS CloudFront cache User Agents Viewer Request HTTP Origins Viewer Response Origin Response Origin Request Origin Response Origin RequestViewer Request Viewer Response
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE EVENTS Executed on all requests, after a response is received from the origin or cache Modify the response headers without caching the result Make external network calls NEW
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VIEWER RESPONSE: SET USER COOKIES User Agent CloudFront distribution www.example.com CloudFront cache Origin fetch Cache miss Viewer response event const sid = uuidv4(); headers['set-cookie'].push({ Key: 'Set-Cookie', Value: 'sessionid=' + sid });
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real time bot protection taken to the edge
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benjamin Fabre, DataDome co-founder & CTO b@datadome.co benjaminfabre @bfabre datadome.co
  • 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent Data Protection
  • 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent bot mitigation Protection Analysis Re-action
  • 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1.The challenge of real time bot protection 2 . P r o t e c t t h e O r i g i n 3 . P r o t e c t t h e E d g e What to expect from this session
  • 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots?
  • 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots account for 50% of global web traffic
  • 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Advanced crawling technologies 2017
  • 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bots are massively distributed
  • 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The challenge of advanced bot protection Detection & Re-action <2ms
  • 56. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 . T h e c h a l l e n g e o f r e a l t i m e b o t p r o t e c t i o n 2.Protect the Origin 3 . P r o t e c t t h e E d g e
  • 57. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Functional logic
  • 58. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IaaS Integration browser end client customer webserver customer application API 1 2 3 4
  • 59. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real time detection challenges Scalability Latency
  • 60. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3 detection stages sync async seconds Fast Streaming engine Stream detection minutes Scalable Storage Behaviour detection mseconds Limit I/O RealTime detection
  • 61. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon ElastiCache Redis Regional PoP Realtime detection (< 2ms) AWS Elastic Beanstalk Multi Docker Container Load Balancer Async jobs DataDome Modules API Server instances Global Behaviour detection (~ minutes) Elasticsearch cluster Behaviour algorithmsApache Flink Global Streaming detection (~ seconds) Apache Kafka Architecture
  • 62. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Achievements  Run real time detection under 2ms per hit  Shared detection across multiple AWS Regions  More than 15 billion hits protected per month
  • 63. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1 . T h e c h a l l e n g e o f r e a l t i m e b o t p r o t e c t i o n 2 . P r o t e c t t h e O r i g i n 3.Protect the Edge
  • 64. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Lambda@Edge?
  • 65. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFront
  • 66. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. + =
  • 67. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda@Edge integration browser end client customer application API 1 3 AWS Lambda Viewer Request 4 Amazon CloudFront 2
  • 68. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11 DataDome Regional API PoP api-eu-france-1.datadome.co api-eu-west-1.datadome.co api-eu-central-1.datadome.co api-us-east-1.datadome.co api-us-west-1.datadome.co api-ap-south-1.datadome.co api-ap-southeast-1.datadome.co api-ap-southeast-2.datadome.co api-ap-northeast-1.datadome.co api-ap-northeast-2.datadome.co api-sa-east-1.datadome.co Datadome API server
  • 69. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A single endpoint thanks to Amazon Route 53 Amazon Route 53 api-lambda.datadome.co Resolve to the closest DataDome Regional API
  • 70. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Legitimate human request browser end client HTTP Origins DataDome API Viewer Request Origin Request Origin ResponseViewer Response CloudFront cache 200
  • 71. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Illegitimate bot request BOT HTTP Origins Viewer Request Origin Request Origin ResponseViewer Response CloudFront cache DataDome API 403
  • 72. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Some code for Lambda@Edge
  • 73. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. /******************************/ /* Requirements and main app. */ /******************************/ const http = require('http'); const querystring = require('querystring'); const process = require('process'); const util = require('util'); exports.handler = (event, context, callback) => { /********************/ /* DataDome process */ /********************/ recordLog('debug', 'Initial request: ', event.Records[0].cf.request); const request = event.Records[0].cf.request; Hook the request event
  • 74. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. // Builds request data var requestData = { "Key" : DATADOME_LICENSE_KEY, "ServerName" : context.invokedFunctionArn, "IP" : request.clientIp, "TimeRequest" : getCurrentMicroTime(), "Protocol" : getRequestProtocol(request), "Method" : request.method, "ServerHostname" : getHeader(request.headers, 'host'), "Request" : request.uri, "HeadersList" : getHeadersList(request.headers), "Host" : getHeader(request.headers, 'host'), "UserAgent" : getHeader(request.headers, 'user-agent'), "Referer" : getHeader(request.headers, 'referer'), "Accept" : getHeader(request.headers, 'accept'), "AcceptEncoding" : getHeader(request.headers, 'accept-encoding'), "AcceptLanguage" : getHeader(request.headers, 'accept-language'), Collect request information
  • 75. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. /*********************/ /* DataDome const */ /*********************/ const datadomeHost = 'api-lambda.datadome.co'; const datadomePath = '/validate-request/'; ///////////////////////////////////// // Prepares request to DataDome API let req = http.request({ host : datadomeHost, path : datadomePath, method : 'POST’, agent : agent }, function (datadomeResponse) { Query DataDome API servers
  • 76. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. switch (datadomeResponse.statusCode) { case 200: callback(null, redirect200Response); return; case 403: var bodyData = ''; datadomeResponse.on('data', function (chunk) {bodyData += chunk;}); datadomeResponse.on('end', function() { // Builds response to send let response = { status : '403', statusDescription : 'HTTP Forbidden', body : bodyData }; callback(null, response); }); Handle the response
  • 77. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.  Extract information from incoming request  Prepare and send the fingerprint to the closest DataDome API Servers  Depending on the response • allow • block • redirect the request Lambda function sum-up
  • 78. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s next with lambda • Specific captcha based on browser detection • Different caching policy based on the Bot Status Viewer Request • Specific endpoint origin for Good Bot Origin Request • Generate fake content for scrapper Viewer Response
  • 79. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intelligent Data Protection all over the world
  • 80. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you for your feedbacks Let’s connect b@datadome.co benjaminfabre @bfabre datadome.co
  • 81. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU! O t h e r L a m b d a @ E d g e s e s s i o n s : C T D 4 0 3 - S u p e r c h a r g e Y o u r W e b s i t e s w i t h t h e P o w e r o f L a m b d a @ E d g e C T D 3 0 9 - B u i l d i n g S e r v e r l e s s W e b s i t e s w i t h L a m b d a @ E d g e