building serverless websites with lambda@edge - aws online tech talks

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

George John, Product Manager Lambda@Edge

November 16, 2017

Building Serverless Websites

with Lambda@Edge


What is covered in this webinar?

• Overview of AWS Lambda & Amazon CloudFront

• Deep dive into Lambda@Edge

• Lambda@Edge for serverless websites

• Q&A


What is serverless computing?

• VMs

• Machine as the unit of scale

• Abstracts the hardware

• Containers

• Application as the unit of scale

• Abstracts the OS

• Serverless

• Functions as the unit of scale

• Abstracts the language runtime

Amazon ECS

Amazon EC2

AWS Lambda


How do I choose?

• VMs

• “I want to configure machines,

storage, networking, and my OS”

• Containers

• “I want to run servers, configure

applications, and control scaling”

• Serverless

• “Run my code when it’s needed”

ECS

EC2

Lambda


AWS Lambda: Serverless computing• Run code without servers. Pay only for the compute time you consume. Be happy.

• Triggered by events or called from APIs:

• PUT to an Amazon S3 bucket

• Updates to Amazon DynamoDB table

• Call to an Amazon API Gateway endpoint

• Mobile app back-end call

• Complex workflows with AWS Step Functions

• CloudFront requests

• And many more…

• Makes it easy to:

• Perform real-time data processing

• Build scalable back-end services

• Glue and choreograph systems


Benefits of AWS Lambda

Continuous

scaling

No servers to

manage

Never pay for idle

– no cold servers

(only happy

accountants)


… but all within a single AWS region


Edge: AWS global network of Points of

Presence (PoPs) on the backbone of the

Internet – Amazon CloudFront


Amazon CloudFront - Global Content Delivery Network101 PoPs ( 90 Edge Locations + 11 Regional Edge Caches )


CloudFront: Global Content Delivery Network

Accelerate static and dynamic content

Highly Secure

Massively Scalable

Self Service

Priced to Minimize Cost


Putting it together

EdgeServerless

Amazon

CloudFront

AWS

Lambda

Lambda@Edge


Lambda@Edge: Serverless Edge Computing


Lambda@Edge

• Lambda@Edge is an extension of AWS Lambda that allows you to run

Node.js code at global AWS locations

• Bring your own code to the Edge and customize your content very close to

your users, improving end-user experience

Continuous

scaling No servers

to manageNever pay for idle

– no cold servers

Globally

distributed


Write once, run everywhere

AWS

Location

AWS

Location

AWS

Location

AWS

LocationOrigin server

AWS

Location


CloudFront cache

End user Origin Server

Viewer request Origin request

Origin responseViewer response

CloudFront triggers


Lambda@Edge events• All Lambda@Edge invocations are synchronous

• Request events• URI and header modifications can change the object being requested

• Viewer request can change the object being requested from the CloudFront cache and the origin

• Origin request can change the object or path pattern being requested from the origin

• Response events• Origin response can modify what is cached and generate cacheable responses

to be returned to the viewer

• Viewer response can change what is returned to the viewer


Lambda@Edge functionality

• Read and write access to headers, URIs, cookies,

query string across all triggers

• Ability to generate HTTP responses right at the

edge

• Access to make network calls to external

resources on origin-facing events


Poll: Are you using any of these services? (Select all that

apply)A) Amazon CloudFront

B) AWS Lambda

C) Lambda@Edge

D) None of the above


Poll: What CMS platform are you using for your website?

A) WordPress

B) Joomla

C) Drupal

D) Blogger

E) Other (please specify)


Lambda@Edge for severless websites


Response generation at the Edge

Generate an HTTP response to end user requests arriving

at AWS locations:

• Generate full static websites directly from Edge

locations

• Combine content drawn from multiple external

resources to dynamically build websites at the Edge

• Generate customized error pages

• Redirect unauthenticated users to a login page that is

created on-demand


Response generation – how?

• Viewer or origin request event

• Inputs

• Request properties

• URI, Headers, QueryString

• Outputs

• Dynamic response based on URI, headers and query string

• Call AWS Services (S3, DynamoDB, etc.) or any other remote

API

• Fetch a static template and customize it by fetching data from

multiple resources


Authorization at the Edge

• Inspect cookies or custom headers to

authenticate clients right at the edge

• Enforce paywalls at the Edge to gate

access to premium content to only

authenticated viewers


Authorization at the Edge – how?

• Trigger: Viewer request

• Prerequisites

• The customer must have previously authenticated against your

authoritative service, resulting in some sort of authorization

credential. Typically this is a cookie.

• Inputs

• URL

• Authorization credential (cookie)

• Outputs

• Allow the request to succeed if the request is authorized. If not,

either return a 403 response or redirect to an authentication page


Limited access to content

• Enforce timed access to content at the

edge

• Make a call to an external authentication

server to confirm if a user’s session is still

valid

• Forward valid requests to the origin, and

serve redirects to new users to login

pages


Limited content access – How?

• Trigger: Origin request

• Inputs

• URL/cookies

• Access to external user-tracking database

• Outputs

• If a customer requests content for specific URLs or with

specific cookies, make a request to the external server to

confirm session validity.

• Based on response from external server, serve content, or

redirect to a login page.


A/B Testing

• Test different versions of your website with

real end users without the need for

redirects or changing your website URL.


A/B Testing – How?


• Inputs

• A/B cookie

• Outputs

• Check if A/B cookie is present. If not present, set the cookie

and serve A or B version of the website. If present, generate

the response corresponding (A or B) corresponding to cookie

value.


Highly personalized websites

• Serve the most optimal experience

based on their location, language

preferences, and device type


Highly personalized websites – how?

• Trigger: Viewer request

• Inputs

• Requested URL

• Device type (i.e., User-Agent, CloudFront-Is-Mobile-User)

• Viewer location (CloudFront-Viewer-Country)

• Output

• Generate a response directly from Lambda@Edge,

specifically a redirect to the most relevant experience (e.g. ,

cropped images and mobile sites for mobile users)


Rewrite URI

• Rewrite the URL end user's request to

serve content without exposing your

team’s internal directory structure and

organization

• Provide customized experiences

without compromising consistency in

what your viewers see


Rewrite URI– how?


• Inputs

• URI requested

• Outputs

• Rewrite the requested URI, which will be passed to the origin

• The response will be cached based on what the customer

requested to serve subsequent requests (i.e., the pretty URL)


Security Headers

• Add security response headers:

• Strict-Transport-Security

• Content-Security-Policy

• X-Content-Type-Options

• X-Frame-Options

• X-XSS-Protection

• …

• Remove informational response headers:

• Server

• Powered-By


Security Headers – how?

• Trigger: Origin response

• Outputs

• Set the security headers you want to serve back in the

response


Lambda@Edge – let’s get started

• Sign up: https://aws.amazon.com/lambda/edge

https://aws.amazon.com/lambda/edge


Recap – using Lambda@Edge

Bring your own code

• Self-service through the

Lambda console

Familiar programming

model

• Standard Node.js-6.10

Write once, run everywhere

• Automatically deployed to the AWS network

of locations

• Requests are routed to the locations closest

to your end users across the world

Functionality- Response generation at the edge

- Network calls at the edge

Benefits

- Read/Write access to URI, headers,

cookies and Query String

- Custom error pages


Thank you!

building serverless websites with lambda@edge - aws online tech talks

Documents