5. Benefits of Serverless?
Provisioning
and Utilization
Operations
and Management
Scaling Availability and
Fault Tolerance
Which leads to….
Low Cost Simple Low Latency Scalable Reliable
6. Platform of Serverless Products
Storage DatabaseCompute
Messaging and QueuesGateways
User Management
Internet of Things
Machine LearningStreaming Analytics
20. API Gateway – Stage Variables
§ Key/Value pairs used for configuration
§ Used for different stages of API
§ Specify a Lambda function name
§ Pass to backend
21. Lambda
§ Serverless, event-driven compute
§ Code is: NodeJS, Python, JVM based
§ Specify memory allocated
§ Determine what invokes the functions
§ API Gateway, S3, DynamoDB, Kinesis, SNS, SES, Cognito,
Cloudwatch Logs, Cloudwatch Events, CloudFormation,
Config, Scheduled Events
22. Lambda – Versioning and Aliases
Versioning
§ ARN for each one (immutable)
§ Versions of functions for Dev, Staging, Prod
Aliases
§ Point to a version
§ Have an ARN also
§ Event sources point to Alias ARNs
23. Lambda – Dynamic Configuration
One option:
§ Pull Configs from DDB
§ Write values to global vars
§ Code uses global vars
Lambda
Function
Amazon
DynamoDB
24. DynamoDB - refresher
§ NoSQL database
§ Keys: Hash Key and (optional) Range Key
§ Tips:
§ Plan your keys
§ Think about your queries
32. Authentication Options with Cognito
Federated Identity Providers
• Amazon
• Facebook
• Google
Custom Developed Authentication System
Cognito Identity User Pools (Preview)
33. Unauthenticated vs Authenticated roles
§ Ability to define both in Cognito
§ Start out unauthenticated switch to authenticated!
§ browsing a blogging site then log in to post or comment
34. Example IAM Policy for API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments/*",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/users",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/login"
]
}
]
}
40. Authentication Options
Cognito:
• Federated Identity Providers (Amazon, Facebook, Google)
• Cognito Identity User Pools
Federated Web Identities
• Interact directly with STS and 3rd party identity providers
41. Authorization Options with API Gateway
API Gateway
Lambda Auth
function
Client
Request w/ a
bearer token
Policy is cached
Policy is
evaluated
AWS Lambda
functions
Endpoints on
Amazon EC2
Context + Token
Principal + Policy
403 Denied
Allowed
Any other publicly
accessible endpoint
42. Some Tidbits
§ Authorization failures to API Gateway get returned as a
CORS error
§ Lambda Functions as stage variable values = manual
permissions configuration
43. Architect to be Serverless
Fully Managed
§ No provisioning
§ Zero administration
§ High availability
Developer Productivity
§ Focus on the code that
matters
§ Innovate rapidly
§ Reduce time to market
Continuous Scaling
§ Automatically
§ Scale up and scale down