© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

How Websites go Serverless

Boaz ZinimanTechnical EvangelistAmazon Web Service

@Ziniman ziniman

What isServerless?Build and run applicationswithout thinking about servers

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Evolving to Serverless

SERVERLESS

Virtual serversin the cloud

Physical serversin datacenters

Virtual serversin datacenters

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

No server is easier to manage than any server

All of these responsibilitiesgo away

Provisioning and utilizationAvailability and fault toleranceScalingOperations and management

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

What is serverless?

No infrastructure provisioning, no management

Automatic scaling

Pay for value Highly available and secure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless applications

FUNCTION SERVICES (ANYTHING)

Changes in data state

Requests to endpoints

Changes in resource state

NodePythonJavaC#.Net Core 2.0GoRuby

EVENT SOURCE

SUMM I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Three-tier web application architecture

https://d0.awsstatic.com/whitepapers/AWS_Serverless_Multi-Tier_Architectures.pdf

Presentation Tier Logic Tier Data Tier

Website Web Server Database

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Here is what that translates to in real life

http://media.amazonwebservices.com/architecturecenter/AWS_ac_ra_web_01.pdf

SUMM I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Web application

Data stored in Amazon DynamoDB

Dynamic content in AWS Lambda

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless web app security

Permissions

• Bucket Policies• ACLs

RoleRole

• Throttling• Caching• Usage Plans• ACM

• Origin Access Identity (OAI)• Geo-Restriction• Signed Cookies• Signed URLs• DDOS Protection

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Custom Authorizers

Lambda Function

Lambda Function

CustomAuthorizerCognitoUser Pool

SAML

Custom Authorizer Lambdafunction

Two types:• TOKEN -

authorization token passed in a header

• REQUEST – all headers, query strings, paths, stage variables or context variables.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Multi-Region with API GatewayAWS Cloud

RegionalAPI

Endpoint

us-east-1

RegionalAPI

Endpoint

eu-west-1

api.mycorp.com

CNAME

CNAME

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

WebSockets support in Amazon API Gateway

Real-time two-way communications

Managed persistence

Event-based triggers

Mobile apps

Chat

Dashboards

IoT devices

Amazon API Gateway WebSockets API

Stateful connection

Stateless connection

Lambda Functions

Public Endpoints on Amazon EC2

Amazon Kinesis

Any other AWS service

All publicly accessible endpoints

http://bit.ly/ServerlessShophttps://github.com/patrick-michelberger/serverless-shop

SUMM I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

https://github.com/ziniman/aws-serverless-website-photo-tagging

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless Website – reko.ziniman.com

AmazonCognito Identity

Pool

JavaScriptSDK

https://reko.ziniman.com

• Write images into Images Bucket• Read list of images• Read data from DynamoDB

Static Site Bucket

Images Bucket

Lambda Function

Role

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless Website – reko.ziniman.com

AmazonCognito Identity

Pool

JavaScriptSDK

Static Site Bucket

Images Bucket

Lambda Function

Role

• Read image from Images Bucket• Execute Rekognition detect_moderation_labels()• Execute Rekognition detect_labels()• Write data to DynamoDB

Role

• Write images into Images Bucket• Read list of images• Read data from DynamoDB

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless Website – reko.ziniman.com

JavaScriptSDK

Static Site Bucket

Images Bucket

Lambda Function

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMM I T

Serverless Website – reko.ziniman.com

JavaScriptSDK

Static Site Bucket

Images Bucket

Lambda Function

[{"photo_id": "IMG_2018920-213126787.jpg”},{"photo_id": "IMG_2018920-213320377.jpg"}

]

SUMM I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thank you!

SUMM I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Boaz ZinimanTechnical Evangelist, Amazon Web Service

@ziniman