© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Boaz Ziniman, Technical Evangelist, AWS

@ziniman

AWS Lambda Use & Architecture Patterns

January 2018

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

What does Serverless mean?

No servers to provision or manage

Scale with your usage

Built in availability and fault-tolerance

Never pay for idle/unused capacity

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Serverless functions

• Functions are the unit of deployment and scale• This scales per request!• Skip the boring parts, skip the hard parts

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

How it works?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Using AWS Lambda

Bring your own code• Node.js, Java, Python, C#,

Go• Bring your own libraries

(even native ones)

Simple resource model• Select power rating from

128 MB to 3 GB• CPU and network

allocated proportionately

Flexible use• Synchronous or

asynchronous• Integrated with other

AWS services

Flexible authorization• Securely grant access to

resources and VPCs• Fine-grained control for

invoking your functions

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Using AWS Lambda

Authoring functions• WYSIWYG editor or

upload packaged .zip• Third-party plugins

(Eclipse, Visual Studio)

Monitoring and logging• Metrics for requests,

errors, and throttles• Built-in logs to Amazon

CloudWatch Logs

Programming model• Use processes, threads,

/tmp, sockets normally• AWS SDK built in (Python

and Node.js)

Stateless• Persist data using

external storage• No affinity or access to

underlying infrastructure

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Serverless applications

FUNCTION SERVICES (ANYTHING)

Changes in data state

Requests to endpoints

Changes in resource state

NodePythonJavaC#Go

EVENT SOURCE

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Example event sources

Data stores Endpoints

Configuration repositories Event/message sources

Amazon S3 Amazon DynamoDB

Amazon Kinesis

Amazon Cognito

Amazon IoT AWS Step Functions

Amazon Alexa

AWS CloudTrail

AWS CodeCommit

Amazon CloudWatch

Amazon SES Amazon SNS Cron events

Amazon API Gateway

AWS Cloudformation

…and more!

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Lambda Use Cases

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

#1: 3-Tier Web Application

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

3-Tier web application

Data stored in Amazon

DynamoDB

Dynamic content in AWS Lambda

Amazon API Gateway

Browser

Amazon CloudFront

Amazon S3

Browser

Amazon CloudFront

Amazon S3

Amazon API Gateway

Dynamic content in AWS Lambda

Data store in Amazon DynamoDB

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Amazon API Gateway AWS

LambdaAmazon

DynamoDB

AmazonS3

Amazon CloudFront

• Bucket Policies• ACLs

• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS

AuthZ

IAM

Serverless web app security

• Throttling• Caching• Usage Plans

Browser

IAM

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Amazon API Gateway AWS

LambdaAmazon

DynamoDB

AmazonS3

Amazon CloudFront

• Bucket Policies• ACLs

• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS

AuthZ

Serverless web app security

• Throttling• Caching• Usage Plans

Browser

Amazon CloudFront

• HTTPS• Disable Host

Header Forwarding

AWS WAF

IAMIAM

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Amazon API Gateway

AWSLambda

AmazonDynamoDB

AmazonS3

Amazon CloudFront

• Access Logs in S3 Bucket• Access Logs in S3 Bucket

• CloudWatch Metrics-https://aws.amazon.com/cloudfront/reporting/

Serverless web app monitoring

AWS WAF• WebACL Testing• Total Requests• Allowed/Blocked

Requests by ACL

logslogs

• Invocations• Invocation Errors• Duration• Throttled

Invocations

• Latency• Throughput• Throttled Reqs

• Latency• Count• Cache Hit/Miss• 4XX/5XX Errors

Streams

AWSCloudTrail

BrowserCustom CloudWatch

Metrics & Alarms

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Serverless web app lifecycle management

• AWS SAM (Serverless Application Model) - blogAWS

Lambda

Amazon API Gateway

AWS CloudFormation

AmazonS3

AmazonDynamoDB

Package & Deploy

Code/Packages/Swagger

Serverless Template

Serverless Template

w/ CodeUri

package deploy

CI/CD Tools

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

http://bit.ly/ServerlessShop

https://github.com/patrick-michelberger/serverless-shop

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

#2: automation

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Automation characteristics

• Respond to alarms or events

• Periodic jobs

• Auditing and Notification

• Extend AWS functionality

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS Lambda: Resize Images

Users upload photos

S3:Source Bucket

S3:Destination Bucket

Triggered on PUTs

Automation: image thumbnail creation from S3

https://github.com/awslabs/serverless-image-resizing

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

#3: IoT

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

IoT – Click to Website

MQTT

AWSIoT

Static S3Site

Read

SMS

AmazonCloudFront

Read/Write

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

MQTT

AWSIoT

Static S3Site

Read

SMS

AmazonCloudFront

Read/Write

IoT – Click to Website

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

IoT – Click to Website

MQTT

AWSIoT

Static S3Site

Read

SMS

AmazonCloudFront

Read/Write

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

http://bit.ly/OneClickIoT

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

A few Lambda specific best practices

Lambda is stateless à architect accordingly!• Assume no affinity with underlying compute infrastructure• Local filesystem and child processes may not extend beyond

the lifetime of the Lambda request

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Lambda considerations and best practices

• Can your Lambda functions survive the cold?

• Instantiate AWS clients and database clients outside the scope of the handler to take advantage of connection re-use.

• Schedule with CloudWatch Events for warmth

• ENIs for VPC support are attached during cold start

import sys import logging import rds_configimport pymysql

rds_host = "rds-instance" db_name = rds_config.db_nametry:

conn = pymysql.connect( except:

logger.error("ERROR:def handler(event, context):

with conn.cursor() as cur:

Executes during cold start

Executes with each invocation

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Lambda considerations and best practices

How about a file system?• Don’t forget about /tmp

(512 MB of scratch space)

exports.ffmpeg = function(event,context) { new ffmpeg('./thumb.MP4', function (err, video) { if (!err) { video.fnExtractFrameToJPG('/tmp’)function (error, files) { … }…if (!error) console.log(files); context.done(); ...

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Other resources

• AWS documentation: http://docs.aws.amazon.com/lambda/latest/dg/welcome.html

• Tons of compute blog posts: https://aws.amazon.com/blogs/compute/category/aws-lambda/

• Lambda reference architecture: https://github.com/awslabs/lambda-refarch-webapp

• Hello Retail:https://github.com/Nordstrom/hello-retail

• Serverless beyond Functions – Serverless using IoT:https://medium.com/cloud-academy-inc/serverless-beyond-functions-cd81ee4c6b8d

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Thanks!Boaz Ziniman, Technical Evangelist, AWS

@ziniman

boazz@amazon.com