Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series
-
Upload
amazon-web-services -
Category
Technology
-
view
2.587 -
download
0
Transcript of Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series
![Page 1: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Brittany Doncaster, Solutions Architect, AWS
May 24, 2016
Deep Dive on Serverless Web Applications
![Page 2: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/2.jpg)
Agenda
Overview of Serverless Architecture Anatomy of a Web Application Securing the Web Application Demo Other Options
![Page 3: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/3.jpg)
Overview of Serverless ArchitecturesServerless? What’s that mean?
![Page 4: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/4.jpg)
What is Serverless?
Provisioningand Utilization
Operations and Management
Scaling Availability and Fault Tolerance
Removes the need for….
![Page 5: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/5.jpg)
Benefits of Serverless?
Provisioningand Utilization
Operations and Management
Scaling Availability and Fault Tolerance
Which leads to….
Low Cost Simple Low Latency Scalable Reliable
![Page 6: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/6.jpg)
Platform of Serverless Products
Storage DatabaseCompute
Messaging and QueuesGateways
User Management
Internet of Things
Machine LearningStreaming Analytics
![Page 7: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/7.jpg)
Real-time Processing
Streams
Files
![Page 8: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/8.jpg)
ETL
![Page 9: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/9.jpg)
IoT Backends
![Page 10: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/10.jpg)
Web Application Serverless Architecture
![Page 11: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/11.jpg)
Anatomy of a Web Application
![Page 12: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/12.jpg)
What makes up a web application?Let’s break it down…
![Page 13: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/13.jpg)
What makes up a web application?
![Page 14: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/14.jpg)
What makes up a web application?
![Page 15: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/15.jpg)
What makes up a web application?
![Page 16: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/16.jpg)
Serverless Web Application
![Page 17: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/17.jpg)
Where did all the servers go?
![Page 18: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/18.jpg)
Static Website Hosting on S3 - refresher
Specify an index document (i.e. index.html) Specify an error document Objects publicly readable Supports redirects
All Requests Conditional
bucket with objects
![Page 19: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/19.jpg)
API Gateway - refresher
Create Configure Publish
Maintain Monitor Secure
![Page 20: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/20.jpg)
API Gateway – Stage Variables
Key/Value pairs used for configuration Used for different stages of API Specify a Lambda function name Pass to backend
![Page 21: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/21.jpg)
Lambda
Serverless, event-driven compute Code is: NodeJS, Python, JVM based Specify memory allocated Determine what invokes the functions
API Gateway, S3, DynamoDB, Kinesis, SNS, SES, Cognito, Cloudwatch Logs, Cloudwatch Events, CloudFormation, Config, Scheduled Events
![Page 22: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/22.jpg)
Lambda – Versioning and Aliases
Versioning ARN for each one (immutable) Versions of functions for Dev, Staging, Prod
Aliases Point to a version Have an ARN also Event sources point to Alias ARNs
![Page 23: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/23.jpg)
Lambda – Dynamic Configuration
One option:
Pull Configs from DDB Write values to global vars Code uses global vars
Lambda Function
Amazon DynamoDB
![Page 24: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/24.jpg)
DynamoDB - refresher
NoSQL database Keys: Hash Key and (optional) Range Key Tips:
Plan your keys Think about your queries
![Page 25: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/25.jpg)
Serverless Web Application
![Page 26: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/26.jpg)
…..but what’s missing from this architecture?
![Page 27: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/27.jpg)
Authentication/Authorization
![Page 28: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/28.jpg)
Securing your Serverless Web Application
![Page 29: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/29.jpg)
AWS IAM and AWS STS
temporary security
credential
AWS STS
AWS cloud
client
1
2
permissionsrole
AWS IAM
OR
Amazon API Gateway
Action: [‘s3:*’,’sts:Get*’]Effect: AllowResource: *
![Page 30: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/30.jpg)
Securing API Gateway
![Page 31: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/31.jpg)
Cognito and STS
![Page 32: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/32.jpg)
Authentication Options with Cognito
Federated Identity Providers• Amazon• Facebook• Google
Custom Developed Authentication System
Cognito Identity User Pools (Preview)
![Page 33: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/33.jpg)
Unauthenticated vs Authenticated roles
Ability to define both in Cognito Start out unauthenticated switch to authenticated!
browsing a blogging site then log in to post or comment
![Page 34: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/34.jpg)
Example IAM Policy for API Gateway{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke" ], "Resource": [ "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments/*", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/users", "arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/login" ] } ]}
![Page 35: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/35.jpg)
Cognito – Authentication Flow
Amazon API Gateway
AWSLambda
![Page 36: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/36.jpg)
Other Security Features
IAM Roles for Lambda Functions Client-side Encryption library using KMS for DynamoDB
![Page 37: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/37.jpg)
Demo
![Page 38: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/38.jpg)
Demo App Architecture
AWS Lambda
Functions
web browser
Amazon S3
Call UnauthenticatedAPIs methods
Sta
tic C
onte
nt
Amazon DynamoDB
AmazonCognito
ObtainUser Credentials
Amazon API Gateway
encrypted user data
AWS Lambda
Functions
Amazon DynamoDB
Amazon API Gateway
Authentication APIs
Obtain AuthenticatedUser Credentials
AWS STS
AWS Lambda Functions –
Logic for POST Functions
Amazon DynamoDB
Amazon API Gateway –
POST Functions
Call AuthenticatedAPIs methods
3
2
4
5
6
1
AWS KMS
![Page 39: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/39.jpg)
Other Options
![Page 40: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/40.jpg)
Authentication Options
Cognito:• Federated Identity Providers (Amazon, Facebook, Google)• Cognito Identity User Pools
Federated Web Identities• Interact directly with STS and 3rd party identity providers
![Page 41: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/41.jpg)
Authorization Options with API Gateway
API Gateway
Lambda Auth function
Client
Request w/ a bearer token
Policy is cached
Policy is evaluated
AWS Lambda functions
Endpoints on Amazon EC2
Context + TokenPrincipal + Policy
403 Denied
Allowed
Any other publicly accessible endpoint
![Page 42: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/42.jpg)
Some Tidbits
Authorization failures to API Gateway get returned as a CORS error
Lambda Functions as stage variable values = manual permissions configuration
![Page 43: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/43.jpg)
Architect to be Serverless
Fully Managed No provisioning Zero administration High availability
Developer Productivity Focus on the code that
matters Innovate rapidly Reduce time to market
Continuous Scaling Automatically Scale up and scale down
![Page 44: Deep Dive on Serverless Web Applications - AWS May 2016 Webinar Series](https://reader033.fdocuments.in/reader033/viewer/2022061306/587f93291a28ab28518b6e77/html5/thumbnails/44.jpg)
Q&A