© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

T O K Y O2

01

9.1

0.0

3-

04

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

T O K Y O

20

19

.10

.03

-0

4Deep Dive on AWS ChaliceA Serverless Microframework for Python

James Saryerwinnie | @jsaryerSenior Software Development EngineerAmazon Web Services

D - 1

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Agenda

Overview of Chalice

Deployment

Python Packaging

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Chalice is a microframework for writing serverless apps in python

Framework for creating serverless applications

CLI for deployment and packaging

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Overview

from chalice import Chalice

app = Chalice(app_name='helloworld')

@app.route('/')def index():

return {'hello': 'world'}

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Overview

from chalice import Chalice

app = Chalice(app_name='helloworld')

@app.route('/')def index():

return {'hello': 'world'}

$ chalice deploy

https://dfut7pnl47/dev/

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Overview

from chalice import Chalice

app = Chalice(app_name='helloworld')

@app.route('/')def index():

return {'hello': 'world'}

$ chalice deploy

https://dfut7pnl47/dev/

Framework CLI

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

More Chalice Decorators@app.on_s3_event('mybucket')def resize_image(event):

pass

@app.schedule('rate(5 minutes)')def rate_handler(event):

pass

@app.on_sns_message(topic='mytopic')def handler(event):

pass

@app.on_sqs_message(queue='myqueue')def handler(event):

pass

@app.lambda_function()def handler(event, context):

pass

@app.route('/resource/{value}',methods=['PUT'])

def resource(value):pass

@app.authorizer(ttl_seconds=30)def jwt_auth(auth_request):

pass

@app.on_ws_message()def websocket_msg(event):

pass

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Chalice deploy

AWS Lambda

Amazon API Gateway

Role

AWS Cloud

Permissions

Swagger Doc

Deployment ZIP

from chalice import Chalice

app = Chalice(app_name='helloworld')

@app.route('/')

def index():

return {'hello': 'world'}

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Chalice deploy

AWS Cloud

AWS Lambda

Amazon API Gateway

Permissions

App Code

Deployment ZIP

Swagger Doc

Role

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Warning about Internals

Disclaimer: these are implementation details

The goal is to better understand how Chalice can help you

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Websocket App

import boto3

from chalice import Chalice

app = Chalice(app_name='websocket')

app.experimental_feature_flags.update([

'WEBSOCKETS'

])

app.websocket_api.session =boto3.Session()

@app.on_ws_connect()

def connect(event):

print('New connection: %s’ %

event.connection_id)

@app.on_ws_message()

def message(event):

print('%s: %s' % (event.connection_id,

event.body))

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Websocket App

import boto3

from chalice import Chalice

app = Chalice(app_name='websocket')

app.experimental_feature_flags.update([

'WEBSOCKETS'

])

app.websocket_api.session =boto3.Session()

@app.on_ws_connect()

def connect(event):

print('New connection: %s’ %

event.connection_id)

@app.on_ws_message()

def message(event):

print('%s: %s' % (event.connection_id,

event.body))

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Websocket App

import boto3

from chalice import Chalice

app = Chalice(app_name='websocket')

app.experimental_feature_flags.update([

'WEBSOCKETS'

])

app.websocket_api.session =boto3.Session()

@app.on_ws_connect()

def connect(event):

print('New connection: %s’ %

event.connection_id)

@app.on_ws_message()

def message(event):

print('%s: %s' % (event.connection_id,

event.body))

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Application Graph Builder

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

from chalice import Chalice

app = Chalice(app_name='one')

@app.lambda_function()

def handler(event, context):

return {}

Application Graph Builder

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Application Graph Builder

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Dependency Order

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Local Build

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Local Build

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Local Build

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Planner

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Planner

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Additional Plan Instructions

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Executor

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Executor

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Benefits of this Architecture

DECOUPLED

Each stage is independent which makes it easy to test and optimize each stage without affecting other stages.

ALTERNATIVES

You can swap out components with alternate implementations, supporting other deployment backends.

CONTROL IO

IO only happens a specific stages in the pipeline. We can implement features such as dry run and fast feedback loops.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

.├── app.py└── requirements.txt

boto3==1.9.188botocore==1.12.204jmespath==0.9.3cryptography==2.7

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

.├── app.py└── requirements.txt

boto3==1.9.188botocore==1.12.204jmespath==0.9.3cryptography==2.7

pip install -r requirements.txt

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

$ aws lambda create-function ¥--function-name Hello ¥--role-name MyApp ¥--runtime python3.6 ¥--handler app.handler ¥--zip-file fileb://app.zip

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

deploy.zip

$ aws lambda create-function ¥--function-name Hello ¥--role-name MyApp ¥--runtime python3.6 ¥--handler app.handler ¥--zip-file fileb://app.zip

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

deploy.zip

Chalice Runtime

Your Application Code

Third Party Package Dependencies

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

deploy.zip

Chalice Runtime

Your Application Code

Third Party Package Dependencies

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

deploy.zip

Chalice Runtime

Your Application Code

Third Party Package Dependencies

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

$ file cryptography/hazmat/bindings/_openssl.so

hazmat/bindings/_openssl.so: Mach-O universal binary with 2 architectures:

[i386:Mach-O bundle i386] [x86_64:Mach-O 64-bit bundle x86_64]

bindings/_openssl.so (for i386): Mach-O bundle i386

bindings/_openssl.so (for x86_64): Mach-O 64-bit bundle x86_64

pip install cryptography

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

$ file cryptography/hazmat/bindings/_openssl.so

hazmat/bindings/_openssl.so: Mach-O universal binary with 2 architectures:

[i386:Mach-O bundle i386] [x86_64:Mach-O 64-bit bundle x86_64]

bindings/_openssl.so (for i386): Mach-O bundle i386

bindings/_openssl.so (for x86_64): Mach-O 64-bit bundle x86_64

pip install cryptography

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Python Packaging

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

deploy.zip

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

Amazon CloudWatch Logs

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

Amazon VPC

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

AWS Lambda

Amazon API Gateway

Permissions

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

Amazon DynamoDB

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

import boto3from chalice import Chalice

app = Chalice(app_name='test-policy')client = boto3.client('dynamodb')

@app.route('/')def list_tables():

return client.list_tables()

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

client = boto3.client('dynamodb')

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

client.list_tables()

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Run the Auto Policy Generator

$ chalice gen-policy

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": ["dynamodb:ListTables"],

"Resource": ["*"],

"Sid": "30b6e077c9314011a8406dc262185caf"

}

]

}

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Caveat

• Experimental

• Use as a starting point

• Can specify your own IAM policy file to use

• Also specify a specific IAM Role ARN to use

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Wrapping Up

Overview of Chalice

Deployment

Python Packaging

IAM Policy Generation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Next Steps

Try out AWS Chalice! https://chalice.readthedocs.io/en/latest/

Create feature requests: https://github.com/aws/chalice

AWS Chalice Workshop Next

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thank you!

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

James Saryerwinnie

@jsaryer