como construir suas aplicações escaláveis sem servidores
TRANSCRIPT
![Page 1: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Angelo Carvalho, Solutions Architect, AWS
22 de Setembro de 2016
Como construir suas aplicacões escaláveis sem servidores
![Page 2: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/2.jpg)
Agenda
§ Overview of Serverless Architecture§ Anatomy of a Web Application§ Securing the Web Application§ Demo§ Other Options
![Page 3: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/3.jpg)
Overview of ServerlessArchitecturesServerless? What’s that mean?
![Page 4: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/4.jpg)
What is Serverless?
Provisioningand Utilization
Operations and Management
Scaling Availability and Fault Tolerance
Removes the need for….
![Page 5: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/5.jpg)
Benefits of Serverless?
Provisioningand Utilization
Operations and Management
Scaling Availability and Fault Tolerance
Which leads to….
Low Cost Simple Low Latency Scalable Reliable
![Page 6: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/6.jpg)
Platform of Serverless Products
Storage DatabaseCompute
Messaging and QueuesGateways
User Management
Internet of Things
Machine LearningStreaming Analytics
![Page 7: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/7.jpg)
Real-time Processing
Streams
Files
![Page 8: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/8.jpg)
ETL
![Page 9: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/9.jpg)
IoT Backends
![Page 10: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/10.jpg)
Web Application Serverless Architecture
![Page 11: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/11.jpg)
Anatomy of a Web Application
![Page 12: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/12.jpg)
What makes up a web application?Let’s break it down…
![Page 13: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/13.jpg)
What makes up a web application?
![Page 14: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/14.jpg)
What makes up a web application?
![Page 15: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/15.jpg)
What makes up a web application?
![Page 16: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/16.jpg)
Serverless Web Application
![Page 17: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/17.jpg)
Where did all the servers go?
![Page 18: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/18.jpg)
Static Website Hosting on S3 - refresher
§ Specify an index document (i.e. index.html) § Specify an error document§ Objects publicly readable§ Supports redirects
§ All Requests§ Conditional
bucket with objects
![Page 19: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/19.jpg)
API Gateway - refresher
Create Configure Publish
Maintain Monitor Secure
![Page 20: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/20.jpg)
API Gateway – Stage Variables
§ Key/Value pairs used for configuration§ Used for different stages of API§ Specify a Lambda function name§ Pass to backend
![Page 21: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/21.jpg)
Lambda
§ Serverless, event-driven compute§ Code is: NodeJS, Python, JVM based§ Specify memory allocated§ Determine what invokes the functions
§ API Gateway, S3, DynamoDB, Kinesis, SNS, SES, Cognito, Cloudwatch Logs, Cloudwatch Events, CloudFormation, Config, Scheduled Events
![Page 22: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/22.jpg)
Lambda – Versioning and Aliases
Versioning§ ARN for each one (immutable) § Versions of functions for Dev, Staging, Prod
Aliases§ Point to a version§ Have an ARN also§ Event sources point to Alias ARNs
![Page 23: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/23.jpg)
Lambda – Dynamic Configuration
One option:
§ Pull Configs from DDB § Write values to global vars§ Code uses global vars
Lambda Function
Amazon DynamoDB
![Page 24: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/24.jpg)
DynamoDB - refresher
§ NoSQL database§ Keys: Hash Key and (optional) Range Key§ Tips:
§ Plan your keys§ Think about your queries
![Page 25: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/25.jpg)
Serverless Web Application
![Page 26: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/26.jpg)
…..but what’s missing from this architecture?
![Page 27: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/27.jpg)
Authentication/Authorization
![Page 28: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/28.jpg)
Securing your ServerlessWeb Application
![Page 29: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/29.jpg)
AWS IAM and AWS STS
temporary security
credential
AWS STS
AWS cloud
client
1
2
permissionsrole
AWS IAM
OR
Amazon API Gateway
Action: [‘s3:*’,’sts:Get*’]Effect: AllowResource: *
![Page 30: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/30.jpg)
Securing API Gateway
![Page 31: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/31.jpg)
Cognito and STS
![Page 32: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/32.jpg)
Authentication Options with Cognito
Federated Identity Providers• Amazon• Facebook• Google
Custom Developed Authentication System
Cognito Identity User Pools (Preview)
![Page 33: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/33.jpg)
Unauthenticated vs Authenticated roles
§ Ability to define both in Cognito
§ Start out unauthenticated switch to authenticated!§ browsing a blogging site then log in to post or comment
![Page 34: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/34.jpg)
Example IAM Policy for API Gateway{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/GET/posts/*/comments/*",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/users",
"arn:aws:execute-api:us-east-1:acctId:apigatewayID/*/POST/login"
]
}
]
}
![Page 35: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/35.jpg)
Cognito – Authentication Flow
Amazon API Gateway
AWSLambda
![Page 36: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/36.jpg)
Other Security Features
§ IAM Roles for Lambda Functions§ Client-side Encryption library using KMS for DynamoDB
![Page 37: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/37.jpg)
Demo
![Page 38: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/38.jpg)
Demo App Architecture
AWS Lambda Functions
web browser
Amazon S3
Call UnauthenticatedAPIs methods
Stat
ic C
onte
nt
Amazon DynamoDB
AmazonCognito
ObtainUser Credentials
Amazon API Gateway
encrypted user data
AWS Lambda Functions
Amazon DynamoDB
Amazon API Gateway
Authentication APIs
Obtain AuthenticatedUser Credentials
AWS STS
AWS Lambda Functions –
Logic for POST Functions
Amazon DynamoDB
Amazon API Gateway –
POST Functions
Call AuthenticatedAPIs methods
3
2
4
5
6
1
AWS KMS
![Page 39: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/39.jpg)
Other Options
![Page 40: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/40.jpg)
Authentication Options
Cognito:• Federated Identity Providers (Amazon, Facebook, Google)• Cognito Identity User Pools
Federated Web Identities• Interact directly with STS and 3rd party identity providers
![Page 41: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/41.jpg)
Authorization Options with API Gateway
API Gateway
Lambda Authfunction
Client
Request w/ a bearer token
Policy is cached
Policy is evaluated
AWS Lambda functions
Endpoints on Amazon EC2
Context + TokenPrincipal + Policy
403 Denied
Allowed
Any other publicly accessible endpoint
![Page 42: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/42.jpg)
Some Tidbits
§ Authorization failures to API Gateway get returned as a CORS error
§ Lambda Functions as stage variable values = manual permissions configuration
![Page 43: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/43.jpg)
Architect to be Serverless
Fully Managed§ No provisioning§ Zero administration§ High availability
Developer Productivity§ Focus on the code that
matters§ Innovate rapidly§ Reduce time to market
Continuous Scaling§ Automatically§ Scale up and scale down
![Page 44: Como construir suas aplicações escaláveis sem servidores](https://reader034.vdocuments.mx/reader034/viewer/2022052117/58896e371a28ab44758b5ecd/html5/thumbnails/44.jpg)
Q&A