Serverless Architectural Patterns and Best Practices

Adrian Hornsby, Technical Evangelist@adhorn

adhorn@amazon.com

2

Agenda

• Serverless characteristics and practices• 3-Tier Web application• Batch processing• Stream processing• Operations automation• Augmentation• IoT actions• Wrap-up/Q&A

3

Spectrum of AWS offerings

AWSLambda

Amazon Kinesis

AmazonS3

Amazon API Gateway

AmazonSQS

AmazonDynamoDB

AWS IoT

Amazon EMR

Amazon ElastiCache

AmazonRDS

Amazon Redshift

Amazon Elasticsearch

Service

Managed Serverless

Amazon EC2

“On EC2”

Amazon Cognito

Amazon CloudWatch

4

Serverless patterns built with functions

Functions are the unit of deployment and scaleScales per request—users cannot over or under-provisionNever pay for idleSkip the boring parts; skip the hard parts

5

Lambda considerations and best practices

AWS Lambda is stateless—architect accordingly• Assume no affinity with underlying compute infrastructure• Local filesystem access and child process may not extend

beyond the lifetime of the Lambda request

6

Lambda considerations and best practicesCan your Lambda functions survive the cold?

• Instantiate AWS clients and database clients outside the scope of the handler to take advantage of connection re-use.

• Schedule with CloudWatch Events for warmth

• ENIs for VPC support are attached during cold start

import sys import logging import rds_configimport pymysql

rds_host = "rds-instance" db_name = rds_config.db_nametry: conn = pymysql.connect( except: logger.error("ERROR:def handler(event, context):

with conn.cursor() as cur:Executes with each

invocation

Executes during cold start

7

Lambda considerations and best practices

How about a file system?• Don’t forget about /tmp (512 MB scratch

space) exports.ffmpeg = function(event,context) { new ffmpeg('./thumb.MP4', function (err, video) { if (!err) { video.fnExtractFrameToJPG('/tmp’)function (error, files) { … }…if (!error) console.log(files); context.done(); ...

8

Pattern 1: 3-Tier Web Application

9

Web application

Data stored in Amazon

DynamoDB

Dynamic content in AWS Lambda

Amazon API Gateway

Browser

Amazon CloudFront

Amazon S3

10

Amazon API Gateway AWS

LambdaAmazon

DynamoDB

AmazonS3

Amazon CloudFront

• Bucket Policies• ACLs

• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS

IAM

AuthZ

IAM

Serverless web app security

• Throttling• Caching• Usage Plans

Browser

11

Amazon API Gateway AWS

LambdaAmazon

DynamoDB

AmazonS3

Amazon CloudFront

• Bucket Policies• ACLs

• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS

IAMAuthZ IAM

Serverless web app security

• Throttling• Caching• Usage Plans

Browser

Amazon CloudFront• HTTPS• Disable Host

Header Forwarding

AWS WAF

12

Amazon API Gateway

AWSLambda

AmazonDynamoDB

AmazonS3

Amazon CloudFront

• Access Logs in S3 Bucket• Access Logs in S3 Bucket

• CloudWatch Metrics-https://aws.amazon.com/cloudfront/reporting/

Serverless web app monitoring

AWS WAF• WebACL Testing• Total Requests• Allowed/Blocked

Requests by ACL

logslogs

• Invocations• Invocation Errors• Duration• Throttled

Invocations

• Latency• Throughput• Throttled Reqs• Returned Bytes• Documentation

• Latency• Count• Cache Hit/Miss• 4XX/5XX Errors

Streams

AWSCloudTrail

BrowserCustom CloudWatch

Metrics & Alarms

13

AWS SAM (Serverless Application Model)AWS

Lambda

Amazon API Gateway

AWS CloudFormation

AmazonS3

AmazonDynamoDB

Package & Deploy

Code/Packages/Swagger

Serverless Template

Serverless Template

w/ CodeUri

package deployCI/CD Tools

Serverless web app lifecycle management

14

Roo

t /

/{proxy+} ANY Your Node.jsExpress app

Greedy variable, ANY method, proxy integration

Simple yet very powerful:

• Automatically scale to meet demand

• Only pay for the requests you receive

15

Amazon API Gateway best practices

• Use mock integrations• Signed URL from API Gateway for large or binary file uploads to

S3• Asynchronous calls for Lambda > 30s

16

Pattern 2: Batch Processing

17

Characteristics

• Large data sets• Periodic or scheduled tasks• Extract Transform Load (ETL) jobs• Usually non-interactive and long running• Many problems fit MapReduce programming model

18

Source data

Source data

Source data

Source data Data Staging Layer/data/source-raw

Data Staging Layer/data/source-validated

Input Validation and Conversion layer

Input Tracking layer

State Management Store

Event-Driven Batch controlled with AWS Lambda

19

Serverless batch processing

AWS Lambda: Splitter

Amazon S3Object

Amazon DynamoDB: Mapper Results

AWS Lambda: Mappers

….

…. AWS Lambda: Reducer

Amazon S3Results

20

Considerations and best practices

• Cascade mapper functions• Lambda languages vs. SQL• Speed is directly proportional to the concurrent Lambda function limit• Use DynamoDB/ElastiCache/S3 for intermediate state of mapper

functions• Lambda MapReduce Reference Architecture

21

Pattern 3: Stream Processing

22

Stream processing characteristics

• High ingest rate• Near real-time processing (low latency from ingest to process)• Spiky traffic (lots of devices with intermittent network connections)• Message durability• Message ordering

23

Serverless stream processing architecture

Sensors

Amazon Kinesis:Stream

Lambda: Stream Processor

S3:Final Aggregated Output

Lambda:Periodic Dump to S3

CloudWatch Events:Trigger every 5 minutes

S3:Intermediate Aggregated

Data

Lambda:Scheduled Dispatcher

KPL:Producer

24

Amazon Kinesis Analytics

Sensors

Amazon Kinesis:Stream

Amazon Kinesis Analytics: Window Aggregation

Amazon Kinesis StreamsProducer S3:

Aggregated Output

CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "DESTINATION_SQL_STREAM"

SELECT STREAM "device_id",

FLOOR("SOURCE_SQL_STREAM_001".ROWTIME TO MINUTE) as "round_ts",

SUM("measurement") as "sample_sum",

COUNT(*) AS "sample_count"

FROM "SOURCE_SQL_STREAM_001"

GROUP BY "device_id", FLOOR("SOURCE_SQL_STREAM_001".ROWTIME TO MINUTE);

Aggregation Time Window

25

Web ClientsUsers

API Gateway

Kinesis StreamInputJSON payload

Kinesis StreamOutputCSV payload

AWS Lambda

Amazon SNS

Kinesis Analytics

Real-time Clickstream Processing with Amazon Kinesis

26

Best practices

• Tune batch size when Lambda is triggered by Amazon Kinesis Streams –reduce number of Lambda invocations

• Tune memory setting for your Lambda function – shorten execution time• Use KPL to batch messages and saturate Amazon Kinesis Stream

capacity

27

Monitoring

Amazon Kinesis Stream metric GetRecords.IteratorAgeMilliseconds maximum

28

Pattern 4: Automation

29

Automation characteristics

• Respond to alarms or events• Periodic jobs • Auditing and Notification• Extend AWS functionality

30

Security and Conformity

• “Trust but verify” with high confidence via events.

• Deployments verified with every change.• Lambda guarantees that each instance is in

compliance with defined security rules. • Triggers shutdown of violations and

notifications. • Compliance and readiness rules can be validated

with every resource change.

31

Auto tagging resources as they start

AWS Lambda: Update Tag

Amazon CloudWatch Events:Rule Triggered

Amazon EC2 InstanceState Changes

Amazon DynamoDB: EC2 Instance Properties

Tag: N/A

Amazon EC2 InstanceState Changes

Tag:Owner=userNamePrincipalID=aws:userid

• AMI• Instances• Snapshot• Volume

32

Auto Start/Shutdown of Instances

AWS Lambda: Policy & Compliance Rules

Amazon CloudWatch Events:Rules Triggered

Amazon SNS: Alert Notifications

33

CapitalOne Cloud Custodian

AWS Lambda: Policy & Compliance Rules

Amazon CloudWatch Events:Rules Triggered

AWS CloudTrail:Events

Amazon SNS: Alert Notifications

Amazon CloudWatch Logs:Logs

Read more here: http://www.capitalone.io/cloud-custodian/docs/index.html

34

Cluster backup using AWS Lambda

AWS Lambda: Backup Rules

Amazon CloudWatch Events:Scheduled Trigger Amazon Redshift Cluster XYZ Snapshot

35

Dynamic DNS for EC2 instances

AWS Lambda: Update Route53

Amazon CloudWatch Events:Rule Triggered

Amazon EC2 InstanceState Changes

Amazon DynamoDB: EC2 Instance Properties

Amazon Route53: Private Hosted Zone

Tag:CNAME = ‘xyz.example.com’

xyz.example.com A 10.2.0.134

36

Pattern 5: Augmentation

37

Augmentation characteristics

• Event-based triggers• Extend AWS functionality• Stitch between services

38

Apply custom logic to content uploaded to S3

AWS Lambda: Custom Logic

Users upload Content

S3:Source Bucket

S3:Destination Bucket

Triggered on PUTs

• Watermarking/thumbnailing• Transcoding• Indexinganddeduplication• Aggregationandfiltering• Preprocessing• Contentvalidation• WAFupdates

39

S3 Bucket DynamoDB

ObjectCreateEvent

Put IndexEntry

Source data

Source data

Source data

Source data

Amazon S3 Metadata Index

40

DynamoDB DynamoDB StreamsPush changes

AWS Lambda

Amazon ElasticsearchService

Index Record

Search Query

Indexing DynamoDB content using ElasticSearch

41

Pattern 6: IoT Actions

42

IoT actions characteristics

• Respond to change in state• Alarm, triggers• Predictive maintenance

43

AWS Lambda

Notifications: Amazon SNS

DynamoDB

AWS IoTSensors Control System

Anomaly Detection Using AWS Lambda

Thanks!@adhornadhorn@amazon.com

.