riga devdays 2017 - efficient aws lambda
TRANSCRIPT
EFFICIENT AWS LAMBDA ANTONS KRANGA
@acankr
@acankr
‣ Full stack developer ~ 15years
‣ Cloud Architect
‣ DevOps evangelist
‣ Speaker
‣ Marathon runner
ANTONS KRANGA
@acankr
ECONOMICS OF APPLICATION VIRTULIZATION ON AWS
▸ 64% or cloud costs refers to EC2 Instances
▸ 53% workloads Small Instances
▸ 29% workloads Medium size
https://goo.gl/1pmqKD
@acankr
ECONOMICS OF APPLICATION VIRTULIZATION ON AWS
▸ 64% or cloud costs refers to EC2 Instances
▸ 53% workloads Small Instances
▸ 29% workloads Medium size
▸ 16.7% Small instance utilization
▸ 11.9% Medium instance utilization
https://goo.gl/1pmqKD
@acankr
COSTS SAVING STRATEGIES
▸ Use only what you need
▸ Choose right size for instances
▸ Use Reserved instances
@acankr
CHALLENGES OF RESERVED INSTANCES
▸ Use only what you need
▸ Choose right size for instances
▸ Use Reserved instances
▸ Expect project run for short time
▸ Undecided about project size
▸ Fear of commitment
@acankr
AGENDA
▸ Introduction to FaaS
▸ Good and Bad code
▸ Serverless Patterns
@acankr
WHAT IS SERVERLESS
Lambda
@acankr
WHAT IS SERVERLESS
Lambda
CodeCommit
SmartHome
AlexaSkill IoT
API Gateway
S3 Storage
CloudWatchEvent
Logs
Cognito
SNS
Kinesis
Messages
DynamoDB
Internet of Things
Streaming
Development and Ops
Security
Trigger
@acankr
WHAT IS SERVERLESS
Lambda
CodeCommit
SmartHome
AlexaSkill IoT
API Gateway
S3 Storage
CloudWatchEvent
Logs
SNS
Kinesis
Messages
DynamoDB
Internet of Things
Streaming
Development and Ops
Security
Trigger
Container
Application CodeCognito
@acankr
WHAT IS SERVERLESS
Lambda
CodeCommit
SmartHome
AlexaSkill IoT
API Gateway
S3 Storage
CloudWatchEvent
Logs
SNS
Kinesis
Messages
DynamoDB
Internet of Things
Streaming
Development and Ops
Security
Trigger Event AWS Service
Container
Application CodeCognito
@acankr
▸ Price: $0.208 - $2.501 per 1M executions
▸ RAM: 128MB - 1536MB
▸ vCPU Cores: 2
▸ Ephemeral Disk: 512MB
▸ Write Partition: /tmp/*
▸ Timeout: 300sec
▸ Body Payload: 6MB
]▸ Price: $0.023 per Hour (t2-small)
▸ RAM: 2GB
▸ vCPU Cores: 1
▸ Ephemeral Disk or EBS
▸ Timeout: no
Lambda EC2 (VM)
VS
@acankr
▸ NodeJS 4.6
▸ NodeJS 6.10
▸ Python 2.7
▸ Python 3.6
▸ Java 8
▸ C#
▸ EdgeJS 4.6
]
Language RuntimesCONFIGURATION MANAGEMENT
SECRET MANAGEMENT
SERVICE DISCOVERY
EXPOSURE AND AUTH
PRIVATE CLOUD ACCESS
APPLICATION DEVELOPMENT SERVICES
@acankr
▸ NodeJS 4.6
▸ NodeJS 6.10
▸ Python 2.7
▸ Python 3.6
▸ Java 8
▸ C#
▸ EdgeJS 4.6
Language Runtimes
MINIMALISTIC LAMBDA EXECUTION
First Execution Next Execution RAM Used
3.06ms 0.34ms 23MB
3.07-9.06ms 0.25 - 4.67ms 22MB
12.07 - 30.56ms 0.37 - 0.64ms 50MB
31.07ms 18MB0.29 - 9.96ms
0.17ms 0.18 - 0.38ms 20MB
@acankr
LAMBDA HANDLERS
BUILD.GRADLEapply plugin: 'java'version = '1.0.0'mainClassName='Main'
repositories { mavenCentral()}
dependencies { compile ( 'com.amazonaws:aws-lambda-java-core:1.1.0', 'com.amazonaws:aws-lambda-java-events:1.1.0' )}
MAIN.JAVApublic class Main implements RequestHandler<String, String> {
public String handleRequest(String input, Context context) {context.getLogger().log("My input is: " + input);return "Hello: " + input
}
}
INDEX.PYimport logginglog = logging.getLogger()log.setLevel(logging.INFO)
def handler(event, context): log.debug(event) return {'message': 'Hello from Lambda'}
INDEX.JS
exports.handler = (event, context, callback) => { console.log(event) callback(null, {'message': 'Hello from Lambda'});};
DEPLOY CODE
@acankr
LAMBDA
SERVICE
@acankr
CODE VERSIONS
LAMBDA
V1
SERVICE
@acankr
CODE VERSIONS
LAMBDA
V1
SERVICE ALIAS
LATEST
@acankr
CODE VERSIONS
LAMBDA
V1
V2
SERVICE ALIAS
LATEST
@acankr
CODE VERSIONS
LAMBDA
V1
V2
V3
SERVICE ALIAS
LATEST
@acankr
CODE VERSIONS
LAMBDA
V1
V2
V3
SERVICE ALIAS
LATEST
V4
@acankr
CODE VERSIONS
LAMBDA
V1
V2
V3
SERVICE ALIAS
STABLE
V4
LATEST
@acankr
CODE VERSIONS
LAMBDA
V1
V2
V3
SERVICE ALIAS
STABLE
V4
ENV
DEV
TEST
PROD
LATEST
@acankr
▸ CloudFormation and/or Terraform for initial deployment
▸ Setup Cloud Resources
▸ Inject dependencies via ENV VARS
▸ Encrypt Secrets with KMS
▸ CLI “update-function-code” for incremental deployment
EXPOSE LAMBDA
@acankr
API Gateway
Lambda
+
- API Management Tool
- Authorization + Custom Authorizer
- Defines: Environment Variables for Lambda
- Can be defined with Swagger and imported
- Code Supports Versioning
- Integrated with CloudWatch
- Lambda Containers are Cached for 5 minutes
- Can be deployed with “apex.run” tool
- User can write files in /tmp
@acankr
GETPOSTPUTDELETE
dataAPI Gateway Lambda
ajax event
USER
@acankr
GETPOSTPUTDELETE
dataAPI Gateway Lambda
ajax event
USER
AuthorizerLambda
IdentityService Provider
CHALLENGES
@acankr
▸ Challenge of first execution
▸ Lack of Remote Debug
▸ Heavily Rely on Unit Tests
▸ Expect Unpredictable Event Payload
@acankr
▸ You never know who is calling you
▸ Function events are coming in different format
▸ Use ‘jsonschema’ to validate
@acankr
API GATEWAY CHALLENGES▸ Use LAMBA_PROXY integration
▸ Always check incoming payload
▸ Body transferred as String
STATEFUL LAMBDA
@acankr
GETPOSTPUTDELETE
dataAPI Gateway
ajax event
USER
DB_URL
DB_PORT
DB_USER
Environment Variables
Lambda
VPC
KMS encrypted DB_PASSWORD
@acankr
GETPOSTPUTDELETE
dataAPI Gateway
ajax event
USER
DynamoDB Table
Environment Variables
Lambda DynamoDB
STEP FUNCTIONS
@acankr
▸ Model flows of Lambda Functions
▸ Conditional flows
▸ Design error handling
▸ Design conditional execution
▸ Output of previous function will be input of next
WEBSITE EXAMPLE
@acankr
GET
Static HTML
CSS/Media
Rich JavaScript Apps
S3 StorageCloudFront
GETPOSTPUTDELETE
Dynamic DataData from DatabaseData from External Service
dataAPI Gateway Lambda
ajax
http
eventUSER
DynamoDB
R53 Domain
example.com
HIPSTER PORTAL
HIPSTER PORTAL
"...USE GIT AS THE BASIS FOR A LIGHTWEIGHT CMS, WITH TEXT-BASED EDITING FORMATS. GIT
HAS POWERFUL FEATURES FOR TRACKING CHANGES AND EXPLORING ALTERNATIVES, WITH A
DISTRIBUTED STORAGE MODEL THAT IS FAST IN USE AND TOLERANT OF NETWORKING ISSUES."
ThoughtWorks Technology Radar https://www.thoughtworks.com/radar/techniques/git-based-cms-git-for-non-code
assess since May 2015
@acankr
Lambda
+ - Lambda doesn’t have GIT client.
- You can “statically link” git libraries with git2go library (libgit2)
- To read SSH key file with Lambda it must be stored in “/tmp” directory
- SSH private key must have 600 credentials
- SSH private key must be owned by user “sandbox”
Code Commit
- Git Repository Service
- Backed by S3 storage
- Price: $1 per user
- Only: us-west-1 region
@acankr@acankr
USER
GETS3 Storage
CloudFront
GETPOSTPUTDELETE
dataAPI Gateway Lambda
ajax
http
event
Lambda
push
EDITOR
event
document commit
PUT
Checkout documentRender or post-process Publish
CodeCommit
DynamoDB
STREAM
Invalidate Cache
Lambda
SERVERLESS CI
@acankr
CompilationLambda
push
DEV
event
document commit
Checkout Compile
CodeCommit
PUT
S3
GET
Checkout Compile
TestingLambda
if neededlong running tests
VMs
CREATE
DeploymentLambda
Lambda
SNS
ChatOps
TAKEAWAYS
@acankr
TAKEWAYS
▸ Optimize for what you use
▸ Split deployment code to: initial and incremental
▸ Lambdas are best for rare events (cluster events, chatbots etc)
▸ Lambdas bad for UI
@acankr
FRAMEWORKS
▸ All frameworks we checking are limiting
▸ CloudFormation and Terraform for initial deployment
▸ Serverless to support Lambda on NodeJS
▸ Chalice for Python runtime
@acankr
- AZURE FUNCTIONS
- Runtimes: - ASP .NET (1Core)- NodeJS- etc
- Deployment:- REST API- PowerShell
- GOOGLE CLOUD FUNCTIONS
- Runtimes:- NodeJS (only)
- Deployment:- gcloud
@acankr
Book: AWS Lambda in Action MEAP
Begin in 2016 February
Publication: March 2017
Author: Danilo Poccia
ISBN: 9781617293719
https://www.manning.com/books/aws-lambda-in-action
THANK YOU