O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Serverless Architecture and Best Practices

51.132 visualizações

Publicada em

by Brent Rabowsky, Solutions Architect & Itzik Paz, Solutions Architect, AWS

As serverless architectures become more popular, customers need a framework of patterns to help them identify how they can leverage AWS to deploy their workloads without managing servers or operating systems. This session describes re-usable serverless patterns while considering costs. For each pattern, we provide operational and security best practices and discuss potential pitfalls and nuances. We also discuss the considerations for moving an existing server-based workload to a serverless architecture. The patterns use services like AWS Lambda, Amazon API Gateway, Amazon Kinesis Streams, Amazon Kinesis Analytics, Amazon DynamoDB, Amazon S3, AWS Step Functions, AWS Config, AWS X-Ray, and Amazon Athena. This session can help you recognize candidates for serverless architectures in your own organizations and understand areas of potential savings and increased agility. What’s new in 2017: using X-Ray in Lambda for tracing and operational insight; a pattern on high performance computing (HPC) using Lambda at scale; how a query can be achieved using Athena; Step Functions as a way to handle orchestration for both the Automation and Batch patterns; a pattern for Security Automation using AWS Config rules to detect and automatically remediate violations of security standards; how to validate API parameters in API Gateway to protect your API back-ends; and a solid focus on CI/CD development pipelines for serverless –that includes testing, deploying, and versioning (SAM tools).

  • Seja o primeiro a comentar

Serverless Architecture and Best Practices

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. I t z i k P a z , A W S S t a r t u p S o l u t i o n A r c h i t e c t Serverless Architectural Patterns and Best Practices N o v e m b e r 3 0 , 2 0 1 7 A R C 4 0 1 AWS re:INVENT
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Serverless Foundations • Web application • Data Lake • Stream processing • Operations automation
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Spectrum of AWS offerings AWS Lambda Amazon Kinesis Amazon S3 Amazon API Gateway Amazon SQS Amazon DynamoDB AWS IoT Amazon EMR Amazon ElastiCache Amazon RDS Amazon Redshift Amazon ES Managed Serverless Amazon EC2 Microsoft SQL Server “On EC2” Amazon Cognito Amazon CloudWatch
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless means… • No servers to provision or manage • Scales with usage • Never pay for idle • Built-in High-Availability and Disaster Recovery
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda considerations and best practices Can your Lambda functions survive the cold? • Instantiate AWS clients and database clients outside the scope of the handler to take advantage of container re-use. • Schedule with CloudWatch Events for warmth • ENIs for VPC support are attached during cold start import sys import logging import rds_config import pymysql rds_host = "rds-instance" db_name = rds_config.db_name try: conn = pymysql.connect( except: logger.error("ERROR: def handler(event, context): with conn.cursor() as cur: Executes with each invocation Executes during cold start
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lambda Best Practices • Minimize package size to necessities • Separate the Lambda handler from core logic • Use Environment Variables to modify operational behavior • Self-contain dependencies in your function package • Leverage “Max Memory Used” to right-size your functions • Delete large unused functions (75GB limit)
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS X-Ray Integration with Serverless • Lambda instruments incoming requests for all supported languages • Lambda runs the X-Ray daemon on all languages with an SDK Var AWSXRay = require(‘aws-xray-sdk-core‘); AWSXRay.middleware.setSamplingRules(‘sampling-rules.json’); Var AWS = AWSXRay.captureAWS(require(‘aws-sdk’)); S3Client = AWS.S3();
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. X-Ray Trace Example
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Application Model (SAM) • CloudFormation extension optimized for serverless • New serverless resource types: functions, APIs, and tables • Supports anything CloudFormation supports • Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SAM Local • Develop and test Lambda locally • Invoke functions with mock serverless events • Local template validation • Local API Gateway with hot reloading https://github.com/awslabs/aws-sam-local
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Delivery via CodePipeline Pipeline flow: 1. Commit your code to a source code repository 2. Package/test in CodeBuild 3. Use CloudFormation actions in CodePipeline to create or update stacks via SAM templates Optional: Make use of ChangeSets 4. Make use of specific stage/environment parameter files to pass in Lambda variables 5. Test our application between stages/environments Optional: Make use of manual approvals
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CodeDeploy and Lambda Canary Deployments • Direct a portion of traffic to a new version • Monitor stability with CloudWatch • Initiate rollback if needed • Incorporate into your SAM templates
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pattern 1: Web App/Microservice/API
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web application Data stored in Amazon DynamoDB Dynamic content in AWS Lambda Amazon API Gateway Browser Amazon CloudFront Amazon S3 Amazon Cognito
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bustle Achieves 84% Cost Savings with AWS Lambda Bustle is a news, entertainment, lifestyle, and fashion website targeted towards women. With AWS Lambda, we eliminate the need to worry about operations Tyler Love CTO, Bustle ” “ • Bustle had trouble scaling and maintaining high availability for its website without heavy management • Moved to serverless architecture using AWS Lambda and Amazon API Gateway • Experienced approximately 84% in cost savings • Engineers are now focused on innovation
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon API Gateway AWS Lambda Amazon DynamoDB Amazon S3 Amazon CloudFront • Bucket Policies • ACLs • OAI • Geo-Restriction • Signed Cookies • Signed URLs • DDOS Protection IAM AuthZ IAM Serverless web app security • Throttling • Caching • Usage Plans • ACM Browser Amazon Cognito
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom Authorizer Lambda function Client Lambda function Amazon API Gateway Amazon DynamoDB AWS Identity & Access Management Custom Authorizers SAML Two types: • TOKEN - authorization token passed in a header • REQUEST – all headers, query strings, paths, stage variables or context variables.
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Authorization with Amazon Cognito Cognito User Pool (CUP) Amazon API Gateway Web Identity Provider User A User B User C Cognito Identity Pool (CIP) /web /cip /cup AWS Lambda Amazon DynamoDB Token AWS Credentials User B Data IAM Authorization API Resources C C A A A B BB
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-Region with API Gateway us-west-2 us-east-1 Client Amazon Route 53 Regional API Endpoint Regional API Endpoint Custom Domain Name Custom Domain Name API Gateway API Gateway Lambda Lambda
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Useful Frameworks for Serverless Web Apps • AWS Chalice Python Serverless Framework https://github.com/aws/chalice Familiar decorator-based api similar to Flask/Bottle Similar to 3rd Party frameworks, Zappa or Claudia.js • AWS Serverless Express Run Node.js Express apps https://github.com/awslabs/aws-serverless-express • Java - HttpServlet, Spring, Spark and Jersey https://github.com/awslabs/aws-serverless-java-container
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pattern 2: Data Lake
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless Data Lake Characteristics • Collect/Store/Process/Consume and Analyze all organizational data • Structured/Semi-Structured/Unstructured data • AI/ML and BI/Analytical use cases • Fast automated ingestion • Schema on Read • Complementary to EDW • Decoupled Compute and Storage
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Serverless Data Lake S3 Bucket(s) Key Management Service Amazon Athena AWS CloudTrail Amazon Cognito AWS IAM Amazon Kinesis Streams Amazon Kinesis Firehose Amazon ES Amazon QuickSight AWS Glue Amazon DynamoDB Amazon Macie Amazon API Gateway AWS IAM Amazon Redshift Spectrum AWS Direct Connect Ingest Catalog & Search Security & Auditing API/UI Analytics & Processing AWS Glue AWS Lambda
  24. 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Foundation…S3 • No need to run compute clusters for storage • Virtually unlimited number of objects and volume • Very high bandwidth – no aggregate throughput limit • Multiple storage classes • Versioning • Encryption • Cloudtrail Data Events • S3 Analytics and Inventory • AWS Config automated checks • S3 Object Tagging • AWS Public Data Sets
  25. 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Search and Data Catalog • DynamoDB as Metadata repository • Amazon Elasticsearch Catalog & Search AWS Lambda AWS Lambda Metadata Index (DynamoDB) Search Index (Amazon ES) ObjectCreated ObjectDeleted PutItem Update Stream Update Index Extract Search Fields S3 Bucket https://aws.amazon.com/answers/big-data/data-lake-solution/
  26. 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instantly query your data lake on Amazon S3 AWS Glue Crawlers AWS Glue Data Catalog Amazon QuickSight Amazon Redshift Spectrum Amazon Athena S3 Bucket(s) Catalog & Search
  27. 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Analytics • Quicksight • Athena • Predictions (AWS AI/ML Services) • Usage Statistics • Glue (ETL) Analytics & Processing
  28. 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Athena – Server-less Interactive Query Service 44.66 seconds...Data scanned: 169.53GB Cost: $5/TB or $0.005/GB = $0.85 SELECT gram, year, sum(count) FROM ngram WHERE gram = 'just say no' GROUP BY gram,year ORDER BY year ASC; Analytics & Processing
  29. 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Athena – Best Practices • Partition data s3://bucket/flight/parquet/year=1991/month=1/day=2/ • Columnar formats – Apache Parquet, AVRO, ORC • Compress files with splittable compression (bzip2) • Optimize file sizes https://aws.amazon.com/blogs/big-data/top-10-performance-tuning-tips- for-amazon-athena/ Analytics & Processing
  30. 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless batch processing AWS Lambda: Splitter Amazon S3 Object Amazon DynamoDB: Mapper Results AWS Lambda: Mappers …. …. AWS Lambda: Reducer Amazon S3 Results Analytics & Processing
  31. 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fannie Mae Serverless Financial Modeling Financial Modeling is a Monte-Carlo simulation process to project future cash flows , which is used for managing the mortgage risk on daily basis: • Underwriting and valuation • Risk management • Financial reporting • Loss mitigation and loan removal • ~10 Quadrillion (10𝑥10$% ) of cash flow projections each month in hundreds of economic scenarios. • One simulation run of ~ 20 million mortgages takes 1.4 hours, >4 times faster than the existing process.
  32. 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pywren • PyWren python library provides 10TFLOPS of peak compute power with new default - 1000 concurrent functions https://github.com/pywren/pywren • HPC on EC2 - Two c4.xlarge (4 vCPUs each) ~200GFLOP Analytics & Processing
  33. 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pattern 3: Stream Processing
  34. 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stream processing characteristics • High ingest rate • Near real-time processing (low latency from ingest to process) • Spiky traffic (lots of devices with intermittent network connections) • Message durability • Message ordering
  35. 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Streaming data ingestion Amazon CloudWatch: Delivery metrics Amazon S3: Buffered files Kinesis Agent Record Producers Amazon Redshift: Table loads Amazon ElasticSearch Service: Domain loads Amazon S3: Source record backup AWS Lambda: Transformations & enrichment Amazon DynamoDB: Lookup tables Raw records Lookup Transformed records Transformed recordsRaw records Amazon Kinesis Firehose: Delivery stream
  36. 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Tune Firehose buffer size and buffer interval • Larger objects = fewer Lambda invocations, fewer S3 PUTs • Enable compression to reduce storage costs • Enable Source Record Backup for transformations • Recover from transformation errors • Follow Amazon Redshift Best Practices for Loading Data
  37. 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sensor data collection IoT rules IoT actions MQTT Amazon S3: Raw records Amazon Kinesis Firehose: Delivery stream Amazon S3: Batched records Amazon Kinesis Streams: Real-time stream AWS IoT: Data collection IoT Sensors Real-time analytics applications
  38. 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time analytics Amazon Kinesis Streams: Ingest stream Amazon Kinesis Analytics: Time window aggregation Amazon Kinesis Streams: Aggregates stream Amazon Kinesis Firehose: Error stream Amazon S3: Error records Record Producers AWS Lambda: Alert function Amazon DynamoDB: Device thresholds AWS SNS: Notifications
  39. 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CREATE OR REPLACE PUMP "STREAM_PUMP" AS INSERT INTO "DESTINATION_SQL_STREAM" SELECT STREAM "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE) as "window_ts", SUM("measurement") as "sample_sum", COUNT(*) AS "sample_count" FROM "SOURCE_SQL_STREAM_001" GROUP BY "device_id", STEP("SOURCE_SQL_STREAM_001".ROWTIME BY INTERVAL '10' MINUTE); Amazon Kinesis Analytics Aggregation 10 minute tumbling window Amazon Kinesis Analytics: Time window aggregation Source stream Destination stream
  40. 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Real-time analytics Amazon Kinesis Streams: Ingest stream Amazon Kinesis Analytics: Time window aggregation Amazon Kinesis Streams: Aggregates stream Amazon Kinesis Firehose: Error stream Amazon S3: Error records Record Producers AWS Lambda: Alert function Amazon DynamoDB: Device thresholds AWS SNS: Notifications
  41. 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Streams and AWS Lambda Amazon Kinesis: Stream AWS Lambda: Processor function Streaming source Other AWS services • Number of Amazon Kinesis Streams shards corresponds to concurrent invocations of Lambda function • Batch size sets maximum number of records per Lambda function invocation
  42. 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fan-out pattern Fan-out pattern trades strict message ordering vs higher throughput & lower latency Amazon Kinesis: Stream Lambda: Dispatcher function Lambda: Processor function Increase throughput, reduce processing latency Streaming source
  43. 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thomson Reuters – Product Insight Solution for usage analysis tracking: Capture, analyze, and visualize analytics data generated by offerings, providing insights to help product teams continuously improve the user experience Throughput: Tested 4,000 requests / second Growing to 10,000 requests / second or 25 Billion requests / month Latency: new events to user dashboards in less than 10 seconds Durable: no data loss since inception
  44. 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Tune batch size when Lambda is triggered by Amazon Kinesis Streams • Higher batch size = fewer Lambda invocations • Tune memory setting for your Lambda function • Higher memory = shorter execution time • Use Kinesis Producer Library (KPL) to batch messages and saturate Amazon Kinesis Stream capacity
  45. 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Kinesis Streams Amazon SQS Amazon SNS Maximum record size 1 MB 256 KB 256 KB or 140 Bytes (SMS) Message durability Up to retention period Up to retention period Retry delivery (depends on destination type) Maximum retention period 7 days 14 days Up to retry delivery limit Message ordering Strict within Shard Standard – Best effort FIFO – Strict within Message Group None Delivery semantics At-least-once Standard – At-least-once FIFO – Exactly-once At-least-once Parallel consumption Multiple Consumers per Shard with independent iterators Multiple Readers per Queue (but one message is only handled by one Reader at a time) Multiple Subscribers per Topic Scaling By throughput using Shards Automatic Automatic Iterate over messages Shard iterators No No Delivery destination types Kinesis Consumers SQS Readers HTTP/S, Mobile Push, SMS, Email, SQS, Lambda Compare related services
  46. 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pattern 4: Operations Automation
  47. 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation characteristics • Periodic jobs • Event triggered workflows • Enforce security policies • Audit and notification • Respond to alarms • Extend AWS functionality … All while being Highly Available, Scalable and Auditable
  48. 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Ops Automator Amazon CloudWatch: Time-based events AWS Lambda: Event handler AWS Lambda: Task executors AWS SNS: Error and warning notifications Resources in multiple AWS Regions and Accounts Amazon EC2 Instances Tags OpsAutomatorTaskList CreateSnapshotAmazon DynamoDB: Task configuration & tracking Amazon CloudWatch: Logs Amazon Redshift Clusters https://aws.amazon.com/answers/infrastructure-management/ops-automator/
  49. 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Image recognition and processing Web App Amazon DynamoDB: Image meta-data & tags Amazon Cognito: User authentication Amazon S3: Image uploads AWS Step Functions: Workflow orchestration Start state machine execution 1 Extract image meta-data 2 Amazon Rekognition: Object detection Invoke Rekognition Generate image thumbnail 3 3Store meta-data and tags 4 https://github.com/awslabs/lambda-refarch-imagerecognition
  50. 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step Functions state machine
  51. 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce security policies RDP from 0.0.0.0/0 RDP from 0.0.0.0/0 CloudWatch Event Bus in another AWS Account New Security Group ingress rule Amazon CloudWatch Events: Rule AWS Lambda: Remediate and alert AWS SNS: Email alert Ingress rule deleted
  52. 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Autodesk - Tailor Serverless AWS Account Provisioning and Management Service: • Automates AWS Account creation, • Configures IAM, CloudTrail, Config, Direct Connect and VPC • Enforces corporate standards • Audit for compliance Provisions new Accounts in 10 minutes vs 10 hours in earlier manual process Open source and extensible: https://github.com/alanwill/aws-tailor
  53. 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Best practices • Gracefully handle API throttling by retrying with an exponential back- off algorithm (AWS SDKs do this for you) • Publish custom metrics from your Lambda function that are meaningful for operations (e.g. number of EBS volumes snapshotted) • Enable X-Ray tracing for your Lambda functions • Document how to disable event triggers for your automation when troubleshooting
  54. 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary Use DevOps tools to automate your serverless deployments Apply serverless patterns for common use-cases: • Web application • Data Lake Foundation • Stream processing • Operations automation What will you build with Serverless?
  55. 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Related Sessions SRV212 - Build a Scalable Serverless Web Application on AWS That Can Span Millions of Concurrent Users SRV213 - Thirty Serverless Architectures in 30 Minutes SRV317 - Unlocking High Performance Computing for Financial Services with Serverless Compute SRV319 - How Nextdoor Built a Scalable, Serverless Data Pipeline for Billions of Events per Day SRV322 - Migration to Serverless: Design Patterns and Best Practices SRV403 - Serverless Authentication and Authorization: Identity Management for Serverless Applications ARC316 - Getting from Here to There: A Journey from On-premises to Serverless Architecture ABD202 - Best Practices for Building Serverless Big Data Applications SID205 - Building the Largest Repo for Serverless Compliance-as-Code SID307 - Serverless for Security Officers: Paradigm Walkthrough and Comprehensive Security Best Practices
  56. 56. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Further Reading Optimizing Enterprise Economics with Serverless Architectures https://d0.awsstatic.com/whitepapers/optimizing-enterprise-economics-serverless-architectures.pdf Serverless Architectures with AWS Lambda https://d1.awsstatic.com/whitepapers/serverless-architectures-with-aws-lambda.pdf Serverless Applications Lens - AWS Well-Architected Framework https://d1.awsstatic.com/whitepapers/architecture/AWS-Serverless-Applications-Lens.pdf Streaming Data Solutions on AWS with Amazon Kinesis https://d1.awsstatic.com/whitepapers/whitepaper-streaming-data-solutions-on-aws-with-amazon- kinesis.pdf AWS Serverless Multi-Tier Architectures https://d1.awsstatic.com/whitepapers/AWS_Serverless_Multi-Tier_Archiectures.pdf
  57. 57. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

×