Weitere ähnliche Inhalte
Ähnlich wie Microservices with AWS Lambda and the Serverless Framework (20)
Kürzlich hochgeladen (20)
Microservices with AWS Lambda and the Serverless Framework
- 2. About Me
Rowell Belen / Software Engineer @ Stedi
» LinkedIn: https://linkedin.com/in/rowellbelen
» Blog: https://www.rowellbelen.com
» GitHub: https://github.com/bytekast
» Twitter: @bytekast
» Email: rowell.belen@bytekast.com
© Rowell Belen 2
- 3. What is Serverless Computing?
Serverless Computing is a cloud computing model that allows
you to build and run applications and services without thinking
about servers. The platform takes care of everything required to
run and scale your code with high availability.
© Rowell Belen 3
- 6. What is the key
difference between
PaaS and Serverless?
© Rowell Belen 6
- 8. Unit of Scale
» Data Center: Hardware (Physical Hosting Env Abstraction)
» IaaS: Virtual Machines (Hardware Abstraction)
» Paas: Application (VM Abstraction)
» Serverless: Function (Runtime Abstraction)
© Rowell Belen 8
- 10. What are the key
differences between
Containers and Serverless?
© Rowell Belen 10
- 13. What is AWS Lambda?
Amazon's Serverless compute platform for stateless code
execution in response to events
© Rowell Belen 13
- 14. Other Serverless Platform Providers
» Microsoft Azure Functions
» Iron.io
» Google Cloud Functions
» IBM Open Whisk
» WebTask.io
» PubNub BLOCKS
© Rowell Belen 14
- 15. How Is AWS Lambda Used?
» Stream Data Processing
» REST Backend Services
» One-off Processes
» Background Workers
» Event Responders
© Rowell Belen 15
- 16. How are Lambda Functions Triggered?
» Event-driven (SNS, S3, API-Gateway, Amazon Echo Skills, IoT,
etc.)
» Direct Invocation (CLI, SDK, etc.)
» Scheduled Interval
© Rowell Belen 16
- 18. Pricing
Memory (MB) Free tier seconds per month Price per 100ms ($)
128 3,200,000 0.000000208
256 1,600,000 0.000000417
512 800,000 0.000000834
1024 400,000 0.000001667
1536 266,667 0.000002501
© Rowell Belen 18
- 19. Top Tier Pricing (1536 MB Memory)
1 Million Executions @ 1 sec/exec ≈ $18.34
© Rowell Belen 19
- 20. Benefits
» Cost and Utilization
» Fully Managed Infrastructure
» Rapid Development
» Streamlined AWS Integrations
» Pay Per Use
» Auto Scale
» Built-in Versioning
© Rowell Belen 20
- 21. Drawbacks
» Limited Language Support
» Not Suitable for Long-running Tasks
» Local Development and Debugging Challenges
» Limited Infrastructure Transparency / Less Control
» Potential Vendor Lock-in
» Cutting-edge quirks
» Concurrent Execution Limit is Shared across entire AWS
© Rowell Belen 21
- 25. Send Events/Metrics to Datadog
class DatadogHandler {
final rest = new RESTClient('https://app.datadoghq.com/')
void handleRequest(Map input, Context context) {
def jsonObj = snsJsonBody(input) // Extract Payload
def type = jsonObj?.'alert_type' ? 'events' : 'series'
def query = ['api_key': System.getenv('DATADOG_API_KEY')]
rest.post(
path: "api/v1/${type}",
body: jsonObj,
query: query
)
}
}
© Rowell Belen 25
- 26. Custom JWT Token Authorizer
class AuthorizerHandler {
Map handleRequest(Map input, Context context) {
// extract token and resource from input
def token = input.authorizationToken?.minus('Bearer')?.trim()
def resource = input.methodArn
// authenticate
def claims = verifyToken(token)
// return policy
createPolicy(claims, resource)
}
}
© Rowell Belen 26
- 27. Verify Token (cont.)
Map verifyToken(final String token) {
def algorithm = Algorithm.HMAC256(System.getenv('AUTH0_CLIENT_SECRET'))
def verifier = JWT.require(algorithm).build()
def decodedJwt = verifier.verify(token)
decodedJwt.getClaims()
}
© Rowell Belen 27
- 28. Create Security Policy with Claims (cont.)
Map createPolicy(final Map claims, final String resource) {
[
principalId : claims?.user_id,
policyDocument: [
Version : '2012-10-17',
Statement: [
Action : 'execute-api:Invoke',
Effect : claims ? 'Allow' : 'Deny',
Resource: resource
]
],
context : claims
]
}
© Rowell Belen 28
- 29. How do I invoke a Lambda function
programatically?
© Rowell Belen 29
- 30. Direct Lambda Invocation - Define Interfaces
interface DocumentAuditService {
@LambdaFunction(invocationType = InvocationType.Event, functionName = 'document-audit')
void audit(DocumentAudit documentAudit)
}
class DocumentAudit {
String documentId
String status
}
© Rowell Belen 30
- 31. Direct Lambda Invocation (cont...) - Use a Proxy
void handle(Document document, Context context) {
// Do something with the document...
// Create proxy to DocumentAuditService
def docService = LambdaInvokerFactory.builder()
.lambdaClient(AWSLambdaClientBuilder.defaultClient())
.build(DocumentAuditService.class) // pass the interface
// Call audit lambda function
docService.audit(
new DocumentAudit(documentId: UUID.randomUUID().toString(), status: 'TRANSMITTED'))
}
© Rowell Belen 31
- 32. What is the Serverless Framework?
Development toolkit for building, managing and deploying
Serverless applications and resources
© Rowell Belen 32
- 33. Serverless Framework CLI
npm install serverless -g
mkdir my-api && cd my-api
serverless create --template aws-groovy-gradle
serverless deploy --stage dev
serverless invoke --function my-function --log
© Rowell Belen 33
- 35. serverless.yml - Basic Function
service: serverless-demo
provider:
runtime: java8
timeout: 300
memorySize: 1536
package:
artifact: /build/dist/serverless-demo.zip
functions:
my-function:
handler: com.bytekast.serverless.MyLambdaFunction::handler
© Rowell Belen 35
- 36. serverless.yml - API Gateway
functions:
createUser:
handler: com.bytekast.serverless.UserService::createUser
events:
- http:
path: users/create
method: post
deleteUser:
handler: com.bytekast.serverless.UserService::deleteUser
events:
- http:
path: users/delete
method: delete
© Rowell Belen 36
- 37. serverless.yml - API Gateway (Custom Authorization)
...
events:
- http:
path: users/create
method: post
cors: true
authorizer:
arn: arn:aws:lambda:us-east-1:1234567890123:function:authorizer
identitySource: method.request.header.Authorization
identityValidationExpression: Bearer .*
© Rowell Belen 37
- 38. serverless.yml - SNS Topic Subscription
functions:
audit:
handler: com.bytekast.serverless.AuditService::audit
events:
- sns: dev-audit-topic
© Rowell Belen 38
- 39. serverless.yml - Scheduled Trigger
functions:
crawl:
handler: com.bytekast.serverless.SearchService::crawl
events:
- schedule: rate(2 hours)
- schedule: cron(0 12 * * ? *)
© Rowell Belen 39
- 40. serverless.yml - IAM Role Permissions
provider:
...
iamRoleStatements:
- Effect: "Allow"
Action:
- "sqs:*"
Resource: arn:aws:sqs:us-east-1:1234567890123:dev-serverless-demo
© Rowell Belen 40
- 41. serverless.yml - Create AWS Resources
resources:
Resources:
InboundQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: ${self:provider.stage}-serverless-demo
MessageRetentionPeriod: 1209600
VisibilityTimeout: 60
© Rowell Belen 41
- 42. DEMO
Build Slack Command API using
Serverless Framework + API Gateway + AWS Lambda
https://github.com/bytekast/serverless-demo
© Rowell Belen 42
- 47. Solution: Lambda Built-In Features
» Containers are ephemeral entities that are easily created and
destroyed
» Preserved history and ability to roll back a bad deployment
( revert to previous version )
» Auto-managed horizontal scaling (Scale out / Scale In)
» Automatic Load Balancing
» Zero/Minimal Downtime during deployment
© Rowell Belen 47
- 49. Solutions:
» AWS Lambda supports running functions in different VPCs
(dev, stage, prod)
» Use separate AWS accounts per Environment
© Rowell Belen 49
- 54. Other Things to Consider
» AWS functions are recycled about every 8 hours
» Container instances idle for about 5 minutes are destroyed
» Cold starts can cause delay in response times
» 50 MB max deployment package size
» 5 minute running time limit
» 1000 default concurrent function executions across entire
AWS account
© Rowell Belen 54