3. Open Class Tickets - Platform
Tickets -
Studio App
Management
Console
Business Logic
e-Tickets
Building Blocks
4. Open Class Tickets - Facts
Pure Serverless
Software as a Service (SaaS)
Multi Tenant
Frameworks and Technologies
Back-end Business Logic: AWS Lambda
Tickets – Studio App: Ionic3 (Angular, HTML5, Cordova)
Attendee e-Tickets: Apple Wallet (Passbook)
Management Console: Bootstrap, Angular
Dev-Tools: Serverless Framework
6. 1. Create Ticket Assemble
pass.json file
Collect artwork
as PNG files
Create manifest.json file
Create digital signature
file for manifest
Zip it all up and change
extension to *.pkpass
icon.pgn,
logo.png,
strip.png
WWDR
intermediate cert,
Pass-signing cert +
private key
Apple Wallet
7. 1. Create Ticket
AWS Lambda
Heart of AWS Serverless Computing
Never pay for idle: pay as you go
Event driven, multiple event sources
Available in (almost) all regions
8. 1. Create Ticket (2)
System Architecture
Mobile Client
Web Browser
AWS SDK
AWS
AWS Lambda
Internet
9. 2. API to access business logic
API Gateway
Important part of the AWS Serverless Infrastructure
Provides (consistent) RESTful APIs
But API-ID changes per redeploy
API protection and monitoring
Supports
Proxy integration
Binary support
10. 2. API to access business logic
System Architecture
Internet
https://90varu7pzb.execute-api.eu-central-1.amazonaws.com/prod/tickets
ionic
11. 3. Persist ticket data
Amazon DynamoDB
NoSQL database, fully managed
Replicated continuously to 3 AZs
Read / Write Provisioning
Different multi tenant database approaches
Tenant field per table
Separate tables per tenant
AWS account per tenant
Alternative: RDS (Managed Service)
13. 4. Authenticate and Authorize
Cognito User Pool, Cognito Identity Pool
API Gateway: Provides 3 types of authorization
User Pools Authorizers
AWS IAM authorization
Custom Authorizers
JSON Web Tokens (JWT)
Custom fields :: tenantId
No data export function (IaC -> don’t remove)
14. User Pool
1. Authenticate
2. JWT tokens
Cognito User Pool
4. Authenticate Users (2)
3. Call API Gateway
…
AWS SDK
15. User Pool
Identity Pool
6. Request AWS creds
7. Temporary AWS creds
AWS Security
Token Service
(STS)
Cognito User Pool + Cognito Identity Pool
4. Authenticate Users (3)
AWS SDK
9. Call API Gateway
…
16. 5. Event Handling
Simple Notification Service (SNS)
Publish/Subscribe Messaging
One SNS topic per event type
Mobile Notifications
Push notifications
SMS
Alternatives:
DDB Streams
Amazon Kinesis Streams
17. 5. Event Handling (2)
API Gateway
SNS AWS Lambda DynamoDB
(Projection)
DynamoDB
System
Architecture
Internet
Mobile Client
ionic
18. 6. Send Ticket to attendee
Simple Email Service (SES)
Sending and receiving emails
Available in only 3 Region
(us-east-1, us-west-2, eu-west-1)
Starts in Sandbox mode
200 emails per day to verified addresses
Handling Bounces and Complaints
Define rules for receiving emails
19. 6. Send Ticket to attendee (3)
API Gateway
SNS AWS Lambda SES
DynamoDB
Internet
Mobile Client
ionic
System
Architecture
23. 9. Use Custom Domains and HTTPS
AWS Certificate Manager (ACM)
Custom Domains must be verified to be used
API Gateway
Base path mapping
Now integrated with AWS Certificate Manager
Amazon CloudFront
24. 10. Hide Secrets
AWS Key Management Service (KMS)
Create and control the encryption keys
Each customer master key costs $1/month
KMS_ENCRYPT_CMD=”aws kms encrypt --key-id $AWS_KMS_ARN
--output text --query CiphertextBlob”
export SECRET_ENCRYPTED=$( echo $( $KMS_ENCRYPT_CMD --plaintext ”secret" ) )
26. Infrastructure as Code (IaC)
AWS CloudFormation
Create templates of your infrastructure
CloudFormation provisions AWS resources based on
dependency needs
Nested CloudFormation stacks vs cross-stack references
Alternatives: Terraform, CLI
27. Infrastructure as Code (2)
AWS CloudFormation
Lambda-backed Custom Resource
Insert DB records
(Create Cognito instances)
Delete Your Stacks But Keep Your Data
Beware of renaming immutable attributes
Best practice: resource-only CloudFormation stack
"myS3Bucket" : {
"Type" : "AWS::S3::Bucket",
"DeletionPolicy" : "Retain"
}
28. Summary
Pros
No servers to manage
Don’t pay for idle servers
Continuous Scaling
Fits well with microservices
Cons
Vendor lock-in
Depending on single AWS region
Cold server latency
Doesn't support legacy apps
Local development & testing