5. Container Drawbacks
Overkill for many types of applications
Hard to ‘automatically’ scale
Complex programming models
Significant skills investment:
Security
Configuration
Technology stack
6. Traditional App Drawbacks
Servers
Data Centers
Software
Monitoring tools
Test environments
IT support
Service contracts
Data Replication & Policies
Approvals
7. Container Challenge
QUICKLY develop a web and mobile application:
Registration and authentication (OAuth)
HTTPS
SMS notifications
RESTful endpoints
Automatic scalability across the globe
Native code for both iOS and Android
Versioning
Real-time monitoring
Time to go: Containerless and Serverless
11. What is Lambda?
Lambda is a stateless function
Executes in response to an event
Executes in an isolated environment
Can be implemented using:
JavaScript
Java
Python
C#
Dependencies (executables/libraries) can be packaged
with a library.
12. Example Function: 1
exports.handler = function(event,context) {
context.succeed('Hello ConFoo!');
};
Handler
Function
Data passed to function
(converted from JSON)
Lambda runtime
13. Example Function: 2
exports.handler = function(event,context) { context.succeed('Hello
' + event.firstName + ' ' + event.lastName + ' you are at ConFoo!');
};
Parsed Parameters
{
"firstName": "Ryan",
"lastName": "Cuprak”
}
15. Lambda Pricing
Requests
First 1 million requests are FREE
$0.20 per each million requests thereafter
Duration:
Charged $0.00001667 for every gigabyte second used
Free Tier
Memory (MB) Free sec/month Price / 100 ms ($)
128 3,200,000 0.000000208
192 2,133,333 0.000000313
256 1,600,000 0.000000417
…. … …
16. Cost Scenarios
Executions Memory Execution Time Cost
50,000 128 1 second $0.11
100,000 128 1 second $0.23
500,000 128 1 second $1.14
1,000,000 128 1 second $2.28
50,000 256 1 second $0.21
100,000 256 1 second $0.42
500,000 256 1 second $2.08
1,000,000 256 1 second $4.17
50,000 128 2 second $0.21
100,000 128 2 second $0.42
500,000 128 2 second $2.08
1,000,000 128 2 second $4.17
Not Including Free Tier – add other services
17. Lambda Basics
Security provided by IAM – Identity & Access
Management.
Lambda functions can start threads, access the disk,
access other AWS services.
Default safety threshold of 100 concurrent executions per
region.
Can be increased per request.
AWS will attempt to invoke a Lambda function 3 times.
External libraries should be bundled with Lambda function
(zip/jar)
18. Execution Environment
Runtime versions:
Node.js v4.3.2
Old, current Node.js release: 6.10.0
Java – Java 8 (OpenJDK)
Python 2.7
.NET Core (1.0.1 C#)
Libraries available in execution environment:
AWS SDK for JavaScript (2.16.0)
AWS SDK for Python
AWS build of OpenJDK 8
19. Execution Environment…
Lambda environment based on:
amzn-ami-hvm-2016.03.3.x86_64-gp2
Linux kernel: 4.4.35-33.55.amzn1.x86_64
Only 64 bit binaries are supported.
21. Versioning
New lambda function = $LATEST version
ARN = Amazon Resource Number – uniquely
identifies an Amazon resource
Two ARNs associated with a lambda function:
Qualified ARN
arn:aws:lambda:aws-region:acct-id:function:helloworld:$LATEST
Unqualified ARN
arn:aws:lambda:aws-region:acct-id:function:helloworld
New versions must be explicitly published
22. Logging
Node.js
Console.log/error/warn/info()
Java
log4j 1.2 (LambdaLogger.log())
System.out/err – each line separate event
C#
Console.Write/WriteLine
Lambda.Log()
Via context object: context.Logger.log()
Python
Print statements
Logger functions in logger module: logging.Logger.info
24. Failures & Errors
Lambda function can fail for the following reasons:
Function doesn’t complete before time limit
Input data fails to parse
Runs out of memory
Failure handling depends upon how it was invoked:
Non-stream based
Synchronous – Error 429 is returned, client responsible to
retries.
Asynchronous – Retry twice with a time delay, DLQ.
Stream-based:
Will attempt to re-process until it succeeds to data expires.
No new records will be processed
25. Availability Regions
Northern Virginia
Ohio
Oregon
Northern California
Montreal
São Paulo
GovCloud
Iceland
Frankfurt
London
Signapore
Tokyo
Sydney
Seoul
Mumbai
Beijin
26. Resource Limits
Resource Default Limit
Ephemeral disk capacity ("/tmp" space) 512 MB
Number of file descriptors 1024
Number of processes and threads (combined total) 1024
Maximum execution duration per request 300 seconds
Invoke request body payload size (RequestResponse) 6 MB
Invoke request body payload size (Event) 128 K
Invoke response body payload size (RequestResponse) 6 MB
27. Deployment Limits
Item Default Limit
Lambda function deployment package
size (.zip/.jar file)
50 MB
Total size of all the deployment
packages that can be uploaded per
region
75 GB
Size of code/dependencies that you can
zip into a deployment package
(uncompressed zip/jar size)
250 MB
Total size of environment variables set 4 KB
40. API-Gateway
Published an API – now
what?
APIs can be sold!
Two concepts:
Usage Plan
API Key
Steps:
Create usage plan
Associate a key
Associate a key on the
service
42. Amazon Cognito
Three ways to secure an API-Gateway:
1. API-Keys
Appropriate for service-to-service communication
Risky to place secret key on client for long periods of time
2. Identity & Access Management
Inter-application communication
Within an organization – IAM integrated
3. Amazon Cognito
Appropriate for third-party integration
43. Amazon Cognito
User/identity authentication service.
Support storage of user data in the cloud (mobile app
preferences and state).
Authenticate users against federated identity providers
(Facebook/Google).
Manage custom identity/user pool.
Sync functionality to synchronize user profile data across
devices.
45. User Pools
Federated Managing “own” user directory/sign-ups etc.
Support multi-factor authentication (MFA)
Users can start anonymous and then register
Password recovery (SNS/email/etc.)
Collect maintain user meta-information
61. Java vs. JavaScript
Hello World Java:
167.63 ms (Billed 200 ms)
43 MB
Hello World JavaScript:
2.05 ms
31 MB
62. Java EE vs AWS
Java EE is a standard with several implementations.
AWS is a set of ready-to-use services:
SQS + SNS ~ JMS (roughly!)
Kinesis ~ Apache Kafka
Elastic Search ~ Lucene
Lambda ~ Stateless Session Beans
Transactions?
Injection?
S3 Buckets – No equivalent
DynamoDB ~ MongoDB/Couchbase
AWS cloud spans regions/data centers
Data automatically mirrored
63. Technical
Distributed transactions
Long running tasks
Report Generation
Compute intensive tasks
Rules engines
Third party dependencies
applications
Integration with legacy
systems
Websockets (bi-directional
communication)
Legal
Estimating and controlling
costs
Third party licenses
Regulatory requirements
Snapshots for security
instances
Reason to use Java EE
64. Example Architecture
EC2
Java EE Container
RDS
SQL
Database
Amazon API Gateway
EC2
Java EE
Container
Amazon Lambda
Java JS Python
Amazon SQS Elastic Search
DynamoDB S3
Amazon SNS
67. Best Practices
Small archives containing code
Don’t include the entire application!
Minimize startup costs
Periodically invoke lambdas to keep “warm”
Monitor logs for failures
68. Resources
AWS Compute Blog
https://aws.amazon.com/blogs/compute/
AWS Forums
https://forums.aws.amazon.com/forum.jspa?forumID=
186
AWS Pet Store
https://github.com/awslabs/api-gateway-secure-pet-
store
http://tinyurl.com/z3qyefg
Authentication/Cognito
https://goo.gl/auEWLl
FAQ
https://aws.amazon.com/lambda/faqs/