10 things Architects should know about

Serverless Architecture

Duvier Zuluaga
Partner Solutions Architect

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What to expect …

• General level.

• Is my knowledge up to date ??!!

• A blog by Justin Pirtle

https://aws.amazon.com/blogs/architecture/ten-things-serverless-architects-should-know/

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 1- It is not 10 things anymore L
more likely you need to know 100s things these days!

Once Upon a Server Time

< 1970 The person who knows a lot

1970 The Engineer

1990 Computer Engineer

2000 Software Engineer / Hardware Engineer

2010 Software / Hardware / Security / Networking / Web / Front end / QA

Back end / Data Store / DBA / Data Scientist / White Hacker / BA / DBA
DevOp / DevSecOp / SysAdmin / Scrum Master / Product Owner /
Accessibility / Cryptographer / …

2020 ??? If you are a historian, none of these dates are accurate J
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 AWS Your VPC

AWS Lambda
API functions Endpoints
Gateway in your VPC
cache
Mobile apps

AWS
Endpoints on Lambda
Amazon EC2 functions

Websites

Internet Amazon
CloudFront
All publicly
accessible
endpoints

Services
Regional API Endpoints

Amazon CloudWatch Any other

monitoring AWS service

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Task 1 is Learning
Serverless landscape is evolving so fast. Keep continue your learning.

Start with:

aws.amazon.com/serverless/

Serverless Application Repository AWS Serverless developer tools

https://serverlessrepo.aws.amazon.com/applications https://aws.amazon.com/serverless/developer-tools/

AWS Tech Talks This is My Architecture

https://aws.amazon.com/events/online-tech-talks/ https://aws.amazon.com/this-is-my-architecture/

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
2- Monolithic /Microservice / Serverless

We often say APIs are the front door of microservices. But …

What is the differences between microservices and SOA?

AWS Microservices Whitepaper

d1.awsstatic.com/whitepapers/microservices-on-aws.pdf

Best Practices for Building Enterprise Grade APIs with Amazon API Gateway
www.youtube.com/watch?v=9ElpSPXk-g8

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 3- Microservices API Driven Architecture is not
REST-API only any more.

REST APIs
GraphQL
Event WebSockets (via AppSync or API Gateway) You might want to ask these questions
from your customer:
IoT Core
• Mobile Development? Web? Or both?
• Subscription & Realtime notification?
• Performance ?
• WAF ?
• Private APIs
• Custom Authentication
• Security

• Probably a lot more questions you

need to ask J

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 4- Benefits of Serverless Architecture

Operational and Development cost

1M free requests per month and 400,000 GB-seconds of compute time per month.

Green Computing
Elasticity
Innovation and Time to market

New way of development thinking

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 5- Security

5=0
• Regulatory compliance requirements.

• IAM roles and policies. Who? When? What?

• Data at Rest / Data at Transit / Data Encryption

• DDoS and Penetration attacks

• Validation

• Authentication, and Authorization

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Overview of AWS Lambda
https://d1.awsstatic.com/whitepapers/Overview-AWS-Lambda-Security.pdf

Firecracker based Lambda

https://aws.amazon.com/blogs/opensource/firecracker-open-source-update-may-2019/

Lambda Under the Hood

https://www.youtube.com/watch?v=QdzV04T_kec

AWS Services in Scope by Compliance Program

https://aws.amazon.com/compliance/services-in-scope/

AWS Security Workshop

https://github.com/aws-samples/aws-serverless-security-workshop

OWASP Foundation
https://www.owasp.org/images/5/5c/OWASP-Top-10-Serverless-Interpretation-en.pdf

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Secrets Manager

Lifecycle management for secrets such as database

credentials and API keys.

Rotate Secrets
Manage access Secure and
Safely Pay as you go
with fine-grained audit secrets
policies centrally

Secure database credentials to Lambda functions by using AWS Secrets Manager

https://aws.amazon.com/blogs/security/how-to-securely-provide-database-
credentials-to-lambda-functions-by-using-aws-secrets-manager/
 6- Workflow Engines

Think of these customer scenarios:

§ Synchronise S3 Buckets
§ EBS Snapshot Management
§ Video on-demand
§ Image or Document Processing
§ Media Analytics
§ Long Lived Transaction

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Workflow configuration
• Built-in service primitives
• AWS service integrations Some latest AWS Step Function features
• Coordination of distributed released in 2019:
components
• Component reuse
Aug - Nested workflows.
• Workflow abstraction
Sep - Dynamic Parallelism in workflows.
• State management
Oct - Amazon SageMaker integration.
• Built-in error handling re:Invent - AWS Step Functions Express Workflows
• History of each execution
• Visual monitoring
• High availability
• Automatic scaling
• Security and compliance
• Pay per use
• High volume orchestration
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 7- Event Driven Architecture

Choreography pattern Amazon

AWS AppSync
EventBridge

- Message bus
- Message queuing
- Message buffering Amazon
Simple
Amazon
Simple Queue
Amazon MQ

- Event queuing Notification

Service
Service

- Event stream
- Data stream
- …
Amazon Kinesis Amazon Kinesis AWS Data Amazon
Data Streams Data Firehose Pipeline Managed
Streaming for
Kafka

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 8- CI/CD

You need to design or integrate to a CI/CD that works for your enterprise customer.

AWS Cloud9 AWS AWS AWS

CodeBuild CodeCommit CodeDeploy

AWS Serverless Application Model AWS Cloud Development Kit AWS Amplify
SAM CDK

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 9- Monitoring

Define how the serverless monitoring can be architected or integrated for the app.

Amazon AWS AWS

CloudWatch CloudTrail Config AWS X-Ray

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
 10- Performance Optimization

Caching is still VERY relevant in serverless architecture!

Automated autoscaling doesn’t mean caching.

There are soft and hard limits for serverless services.

When it comes to caching sometimes is about gaining performance & cost-efficiency

but sometimes is performance vs cost. You need to know your traffic and data.

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
11- Serverless Well Architected

AWS Well Architected Tool

AWS Well Architected Framework
https://d1.awsstatic.com/whitepapers/architecture/
AWS_Well-Architected_Framework.pdf

Serverless Applications Lens

https://d1.awsstatic.com/whitepapers/architecture/
AWS-Serverless-Applications-Lens.pdf

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.