Upload
amazon-web-services
View
290
Download
5
Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jeremy Edberg, Founder and CEO, MinOps
December 2016
CMP211
Getting Started
with Serverless Architectures
Test and prod are different
Prod is in need of constant
updates
Slow iteration and deployment
Polyglot unfriendly
Deploy in weeks, live for years
Physical Servers
Prod is immutable
Rapid iteration and deployment
Multi-tenancy
Polyglot friendly
Deploy in minutes, live for weeks
Virtual Machines
Test and prod are the same
Prod is immutable
Rapid(er) iteration and deployment
High multi-tenancy
Polyglot friendly
Deploy in seconds, live for hours
Containers
Smallest unit of compute
Super scalable
Rapid iteration
Extreme multi-tenancy
Very polyglot friendly
Easier to collaborate
Deploy independently, live for
seconds
Serverless
A whole lot of choices
Amazon ecosystemHodgepodge of services
A whole lot of choices
AWS Serverless
Ecosystem
Lambda
SNS
DynamoDB
SQS
S3
Amazon Kinesis
Continuous
scaling
No servers to
manage
Never pay for
idle – No cold
servers (only
happy
accountants)
Benefits of AWS Lambda
Lambda is a core
component of modern
software
What is serverless
anyway?
• There are still servers, you just
don’t manage them anymore
• It also means you don’t access
them anymore
• So you don’t need to (or get to)
optimize them.
What is Serverless
Computing?
• VMs
• Machine as the unit of scale
• Abstracts the hardware
• Containers
• Application as the unit of scale
• Abstracts the OS
• Serverless
• Functions as the unit of scale
• Abstracts the language runtime
EC2
ECS
Lambda
How do I choose?
• VMs
• “I want to configure machines,
storage, networking, and my OS”
• Containers
• “I want to run servers, configure
applications, and control scaling”
• Serverless
• “Run my code when it’s needed”
EC2
ECS
Lambda
What if I buy my own
software?
Lambda is so flexible you can add it in or around existing software
Serverless computing is
all about speeding up
development by allowing
rapid iteration and
removing management
overhead
A brief journey through history
80’s Mainframe Cycle
• Cost $1MM to $100MM
• 1 to 5 years to execute
• Usually had to bet the whole
company
• Cost of failure -- Bankruptcy
90‘s Client/Server Cycle
• Cost $100K to $10MM
• 3 to 6 months to execute
• Usually had to bet a product or
division
• Cost of failure -- Revenue hit, CXX
job
00‘s Agile Cycle
• Cost $10K to $1MM
• 3 to 6 weeks to execute
• Bet a product feature
• Cost of failure -- product manager
reputation
Product Manager
Developer
QA
Ops
BI / Analytics
Cost and size
of risk
decreased
Rate of
change
increased
ReleaseTestBuild
Developer Deployment Pain: High
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
Developer Deployment Pain: Medium
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
ReleaseTestBuild
Developer Deployment Pain: Low
Multiple services
Internal Microservices Platform
Monolithic
Success follows a standard
pattern
Why Microservices?
Distributed Computing and a
Distributed Workforce
• The two go hand in hand
when you have a good
distributed systems
culture
• Microservices and micro
teams
Cloud Native
10s of thousands of instances,
thousands created and removed
daily
Thousands of storage nodes,
petabytes of data, nodes can
be removed without harm
(Some folks call this microservices)
Movie Ratings
Personalization Engine User Info
Movie Metadata
Similar Movies
ReviewsA/B Test Engine
Discovery
API
Streaming
API
Movie Ratings
Personalization Engine User Info
Movie Metadata
Similar Movies
Reviews
A/B Test Engine
Discovery
API
Streaming
API
Content
EncodingCDN
Management
QOS
LoggingDRM
OpenConnect
Edge
Locations
Browse
Play
Watch
• Services are built by different
teams who work together to
figure out what each service
will provide.
• The service owner publishes
an API that anyone can use
and returns proper response
codes
Highly aligned,
loosely coupled
Developers own their product
from beginning to end
If the customer isn’t happy,
the developer shouldn’t be happy
Freedom and
Responsibility
Proper
Microservices
Architecture
Service
and
Resource
Discovery
Network
and
Traffic
Config
Automated
Testing
Continuous
DeploymentSecurity
Monitoring
and
Alerting
Mature
companies
spend 25% of
their engineering
resources on
their internal
platform
And they’re all building the
same thing…
Wasting time and effort they could
be spending on product innovation
Proper
Microservices
Architecture
Service
and
Resource
Discovery
Network
and
Traffic
Config
Automated
Testing
Continuous
DeploymentSecurity
Monitoring
and
Alerting
And when you’re done, it is
only “good enough”
Building an internal
microservices platform is hard
So why go Serverless?
Proper
Microservices
Architecture
Service
and
Resource
Discovery
Network
and
Traffic
Config
Automated
Testing
Continuous
DeploymentSecurity
Monitoring
and
Alerting
Proper
Microservices
Architecture
Automated
Testing
Continuous
DeploymentSecurity
Security
• Shorter TTL ==
less chance for
an attack to take
hold
The Microservices Architecture
Microservices Management
Tools
Web servers
Code Libraries
Frameworks
Config Management
API Management
Deployment, CI/CDContainers
etc.
etc.
etc.
What do all the parts of
microservices have in common?
Servers
Capacity planning
Right-sizing
Automatic scaling
Load and performance
Patches
Tuning
Configuration
Utilization
Access control
Packages and AMIs
Serverless
Right-sizing
Automatic scaling
Load and performance
Patches
Tuning
Configuration
Utilization
Access control
Packages and AMIs
Fully managed
Continuous Scaling
Function is the deployment unit
Capacity planning
Serverless ==
Microservices -
ManagementProvisioning Scaling
Microservice problems we still have
Queue length
Persistent storage
Fallbacks and graceful
degradation
Monitoring and alerting
Integration and deployment
Testing
What does Lambda do for you?
• Scales server capacity
automatically
• API to trigger execution
• Ensures function is executed in
parallel and at scale
• Logging, monitoring, etc.
• Easy pricing
Monitoring• Everything is in CloudWatch or CloudWatch logs
Pricing
• Choose your RAM
from 128 MB to
1500 MB
• CPU and network
scaled based on
RAM
Cost Comparison
Cost Comparison
There’s about 2.5M seconds in a month, so 3M requests is about 1.2 per second
The T2.Small is $18.98 a month, more than Lambda already
Pay per Request
• Buy compute in 100ms
increments
• Low request charge
• No minimums
• No per-device fees
Never pay for idle time!
Free Tier
1,000,000 requests and 400,000
GB every month, every
customer
How does one use ?
Author your code
• AWS SDK built-in
• Access to /tmp,
processes,
threads, etc.
• Node.js, Python
• Java and any JVM
language
• Use any library you
want
Choose an event source
• S3
• Amazon
Kinesis
• SNS
• DynamoDB
• CloudWatch
• Config Rules
• Amazon Echo
• API Gateway
• Lambda
functions
• SES
• Cognito
• CloudFormation
• CodeCommit
• Echo
• Scheduled
events
Choose your resources
• Select from 128 MB to 1.5 GB
• CPU and network are chosen
automatically
• Pay only for what you actually
use
Choose your
authorization model
• Securely grant access to
resources and VPC
• Fine-grained control over
who calls your functions
with IAM
Choose a Network
• Default
• All functions have
internet access
• No access to your
other VPCs
• Still in a VPC
• Customer VPC
• Private communication
within your VPC
• Same configuration as
your other VPCs (ENI,
route table, security
groups, NAT)
Deploy your code
• Use the GUI or
• Upload to S3
or Lambda
directly
• Use a third
party tool
Write the function
Create the IAM role
Add extra permissions for a push model
Zip the function and dependencies
Test the function with mock data
Add an event source to the function
View the output of the live function
Write the function
Create the IAM role
Add extra permissions for a push model
Zip the function and dependencies
Test the function with mock data
Add an event source to the function
View the output of the live function minops.com/oss
Use a tool
PolishDeep
Integration
Language
Support
API Gateway
SupportNotes
Kappa Meh Best Meh No
Best for
Python, same
author as boto
Apex Great Ok Best NoTies into
Terraform
Serverless
(Jaws)Great Good Good Yes
Uses Cloudformation
Chalice Great Ok Only Python YesGreat for
REST APIs
Serverless Ex
pressGreat
Only w/ API
GatewayOnly NodeJS Yes Built by AWS
Create a unified API
frontend for multiple
microservices
DDoS protection and
throttling for backend
systems
Authenticate and
authorize requests
Benefits of Amazon API
Gateway
Lambda Use Cases
• Application Backend
• Data Processing
• Command and Control
• Any functional or event
based system
Data Processing
Upload
to S3
S3 Bucket Lambda
S3 Notification
Compressed
Image
Compress Image
Upload back to S3
Serverless Website
Static
Content
Dynamic
Content
API Gateway Lambda DynamoDB
Internet
Mobile Apps
Websites
Services
AWS Lambda
functions
API Gateway
Cache
Endpoints on
Amazon EC2
Any other publicly
accessible endpointAmazon
CloudWatch
Amazon
CloudFront
Amazon
API Gateway
Serverless API w/ API
Gateway
API Gateway Lambda SNS
Mobile Backend
Kinesis Lambda DynamoDB
Real-Time Analytics Engine
Live video stream processing
CloudFront S3
Ingest
Lambda functions
HQ Copy
480p
Transcode
360p
Transcode
Audio Only
Transcode
S3
Playback
CloudFront
streaming
Thumbnails
Word Generator
• Generate some number of English
looking words using an ngram
database
• Allow a prefix to be specified
https://github.com/jedberg/wordgen
Alexa and Lambda Demo
From conception to prod
in 5 minutes
Codebase
Structure
Lambda lets you manage
your code and infrastructure
in the same place
Tips and Tricks
Immutable Data
• If you can, write your
software such that
everything in the cache is
immutable.
Moving data is
the single biggest cost
your distributed system
will incur
But you need
to move data for
reliability,
so it’s a tradeoff
Use queues
as often as possible
0
10
20
30
40
50
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Cumulative Flow Diagram
Items
Seconds
Arrivals
Departures
Avoiding Infinite Loops
• With a distributed
team, this is an easy
mistake to make
• To avoid it, pass a call
stack and check for
self in the stack
Store your data properly
• No local instance
access
• Store everything in
S3, DynamoDB, or
ElastiCache
DynamoDB S3
Function Schedules• Schedule a function to keep it warm
if traffic is low
• Schedule a function to poll your
SQS queues or use a DynamoDB
table as a queue and trigger on put
• Schedule a function with a more
granular timer if one minute isn’t
granular enough
• Have one function call another to
get more timers
Function Versions
• Use the environment variable
service for mutable
configuration
• To rollback, switch to an old
alias or an old API Gateway
collection
• Use a traffic shaping function
for Blue / Green deployments
• Point directly at an ARN to
lock to a particular version
Lambda VPC Basics• VPC is always on, but with
sane defaults
• Lambda functions can
access your private
resources if added to your
VPC
• But they will lose internet
access unless you have a
managed NAT, regardless
of your internet gateway or
permissive security group
rules
Lambda VPC Basics
• Make sure you have
enough ENIs for max
concurrency
• And enough IPs in your
pool
• And enough per AZ
Amazon API Gateway
Best Practices• Use request/response
mapping templates
everywhere within reason,
not passthrough.
• Take ownership of HTTP
response codes
• Use Swagger
import/export for cross-
account sharing
• Use Mock integrations
• Combine with Cognito for
managed end user-based
access control.
• Use stage variables (inject API
config values into Lambda
functions for logging, behavior)
Additional Best
Practices• Use strategic, consumable
naming conventions (Lambda
function names, IAM roles, API
names, API stage names, etc.)
• Use naming conventions and
versioning to create
automation.
• Externalize authorization to
IAM roles whenever possible
• Least privilege and separate IAM roles
• Externalize configuration –DynamoDB is great for this.
• Contact AWS Support before known large scaling events
• Be aware of service throttling, engage AWS Support if so.
Thank you!
Remember to complete
your evaluations!
Questions?
Email: [email protected]
Twitter: @jedberg
Web: www.jedberg.net
Facebook: facebook.com/jedberg
Linkedin:
www.linkedin.com/in/jedberg
Company: minops.com