goto stockholm aws lambda · pdf fileaws lambda vpc feature: best practices vpc is optional...
TRANSCRIPT
Workshops and Conference: May 9-11, 2016
2016
Stockholm
IAN MASSINGHAM
CHIEF EVANGELIST (EMEA)
AMAZON WEB SERVICES
AWS LAMBDA
@IANMMMMAWS LAMBDA
BUILDING BLOCKS FORINTERNET-SCALE APPS
AMAZON S3
STORAGE
AWS LAMBDA
FUNCTIONS
AMAZON DYNAMODB
DATA STORE
SIMPLICITY SCALABILITY LOW COST RELIABILITY LOW LATENCY
ALL SHARE THE SAME COMMON CHARACTERISTICS
AWS LAMBDA: INTERNET-SCALE COMPUTE PLATFORM
DEPLOY YOUR CODE IN SECONDS
SUB-SECOND METERING
NO SERVERS TO PROCURE, PROVISION OR MANAGE
MOBILE CHAT APP
AD DATA ANALYTICS AND ROUTING
MOBILE APP ANALYTICS
IMAGE CONTENT FILTERING
REAL-TIME VIDEO AD BIDDING
NEWS CONTENT PROCESSING
GENE SEQUENCE SEARCH
CLOUD TELEPHONY
DATA PROCESSING
WEB APPLICATIONS
WEB APPLICATIONSTHREAT INTELLIGENCE AND ANALYTICS
NEWS CONTENT PROCESSING
GAME METRICS ANALYTICS
SERVERLESS WEB APPLICATIONS
HTML IN S3
JAVASCRIPT
COGNITO
API GATEWAY DYNAMODB
SEARCH
RECOMMEND
CREATE/UPDATE
1. SERVERLESS WEB APPLICATIONS
@parallax
1. User visits
HTTPSGET /
S3 with CloudFront
2. CSS & JS
HTTPSGET*.js*.css
S3 with CloudFront
index.html
3. Lang detect
API Gateway w/Lambda
HTTPSGET/users/country
HTTPSPOST/users/update
4. User fills details
API Gateway w/Lambda
Inserted into DynamoDB
PAGE LIFECYCLE
5.
6.
7. 8.
5. FB Login
Hits Facebook Hosted Endpointvia Facebook Javascript SDK
6. YouTube
YouTube iframe
7. Start recording
API Gateway w/Lambda
Responds with S3 upload token
Uploads directly to S3 bucket over HTTPS using token
8. Upload recording
PAGE LIFECYCLE
HTTPSGET api.facebook.com
HTTPSGETyoutube.com
{“email”: “xyz”,“profile_id”: 123}
HTTPSGET/recordings/token
HTTPSPOSTbucket.s3.amazon/UID/recording-X.mp3
10. 11.
12. 13.
9. Submit details
API Gateway w/Lambda
10. Artwork gen
HTTPSPOST/users/generate_artwork
API Gateway w/Lambda.Create image, put on S3, return S3 image URL
11. Artwork display
CloudFront w/ S3
HTTPSGET/domain.com/UID.png
AddThis.js is populated with the share texts, and includes the S3 URL
HTTPGETaddthis.com/file.js
HTTPSPOST/users/update
{ url: “domain.com/UID.png” }
12. Social share 13. Social share
HTTPSGEThttps://twitter.com/intent/tweet?text=XYZ
Directly hits the social media service
PAGE LIFECYCLE
N-TIER MODEL
SERVERLESS MODEL
NODE.JS WEB APP
SERVER-SENT EVENT STREAMING RESPONSE
QUERY
S3
LAMBDA CASCADE FUNCTION N
LAMBDA CASCADE FUNCTION 0 LAMBDA
COUNTING FUNCTION 0
USER
LAMBDA COUNTING
FUNCTION 0
LAMBDA COUNTING
FUNCTION 0
LAMBDA COUNTING
FUNCTION 0
2. SERVERLESS DATA PROCESSING
WEB UI CASCADE PROCESS
3. INTERNET OF THINGS
AWS IoT
DEVICE SDK Set of client libraries to
connect, authenticate and exchange messages
DEVICE GATEWAY Communicate with devices via
MQTT and HTTP
AUTHENTICATION AUTHORIZATION
Secure with mutual authentication and encryption
RULES ENGINE Transform messages
based on rules and route to AWS Services
AWS Services - - - - -
3rd Party Services
DEVICE SHADOW Persistent thing state during
intermittent connections
APPLICATIONS
AWS IoT API
DEVICE REGISTRY Identity and Management of
your things
IOT BUTTON & LAMBDA DEMO
CLOUDWATCHEVENTS
LIFECYCLE HOOKS
CONFIG RULES
SCHEDULEDJOBS
ECOSYSTEM
4. CONNECTIVE TISSUE FOR AWS ENVIRONMENTS
AMAZON S3
STORAGE
AWS LAMBDA
FUNCTIONS
AMAZON DYNAMODB
DATA STORE
APIS EMAIL MESSAGING
NOTIFICATION MONITORING ENCRYPTION
SERVICES NOT SERVERS
THANK YOU@IANMMMM
Workshops and Conference: May 9-11, 2016
2016
Stockholm
Please remember torate this session
...Thank You!
Workshops and Conference: May 9-11, 2016
2016
Stockholm
Let us know
what you think!
Click “Engage”to rate a session.If you rate 12 sessionsyou get a cool GOTO prize!
re:Invent 2015• Python • Scheduled functions • Longer running times (5 min.) • Versioning
AWS Lambda: Recent Launches
2016• Higher code storage limits (from
5 GB to 75 GB) • VPC • New region: Frankfurt • Node.js 4.3.2 • Swagger API import • 1-minute schedules New!
Function Schedules: The how-to guide
✓ How can I keep a function warm (no cold starts)? Schedule it!
✓ How can I poll a queue (like SQS)? Schedule a function to read the queue.
✓ How can I get more timers? Have one scheduled function async invoke other functions.
✓ How can I get granularity finer than 1 minute? Run a background timer in your scheduled function.
Function Versioning: The how-to guide
✓ How can I get mutable configuration info? Read it (e.g. from DynamoDB) during function initialization. Wrap your config in a function and call it from your published code.
✓ How do I “roll back” in AWS Lambda? Using aliases, just switch what the alias points to. (As a collection, add API Gateway stages or CloudFormation.)
✓ How do I do blue/green deployments? AWS Lambda handles fleet deployments, but if you want to shape traffic, put a second “traffic cop” function in front.
✓ How can I lock a client/device onto an old version? Point them directly to that version’s ARN.
AWS Lambda VPC basics
• All Lambda functions run in a VPC, all the time • You never need to “turn on” security – it’s always on
• You can also grant Lambda functions access to resources in your own VPC • How: Add VPC subnet IDs and security group IDs to the function config • Typical uses: RDB, ElastiCache, private EC2 endpoints • Allows access to peered VPCs, VPN endpoints, and private S3 endpoints
• Functions configured for VPC access lose internet access… • unless you have managed NAT or a NAT instance in the VPC • …Even if you have “Auto-assign Public IP” enabled • …Even if you have an internet gateway set up in your VPC • …Even if your security group allows all outbound traffic
AWS Lambda VPC feature: Best practices
✓ VPC is optional – don’t turn in on unless you need it. ✓ The ENIs used by Lambda’s VPC feature count against
your quota. Ensure you have enough to match your peak concurrency levels (we’ll consolidate where we can). DO NOT delete or rename these ENIs! ☺
✓ Ensure your subnets have enough IPs for those ENIs. ✓ Specify at least one subnet in each Availability Zone
Otherwise, Lambda will obey, but can’t be as fault-tolerant.
Serverless web app architecture
1. Amazon S3 for serving static content 2. AWS Lambda for dynamic content 3. Amazon API Gateway for https access 4. Amazon DynamoDB for NoSQL data storage
Dynamic content in AWS Lambda
Data stored in Amazon
DynamoDB
API GatewayStatic content in Amazon S3
The serverless compute manifesto
Functions are the unit of deployment and scaling. No machines, VMs, or containers visible in the programming model. Permanent storage lives elsewhere. Scales per request. Users cannot over- or under-provision capacity. Never pay for idle (no cold servers/containers or their costs). Implicitly fault-tolerant because functions can run anywhere. BYOC – Bring your own code. Metrics and logging are a universal right.