DynamoDB Streams

1 2

Application DynamoDB Table DynamoDB Stream

1. Application inserts / updates /deletes item

4
2. A record is written to the DynamoDB stream
3. A Lambda function is triggered AWS Lambda Amazon CloudWatch

4. The Lambda function writes to CloudWatch

Logs

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Streams
• Captures a time-ordered sequence of item-level
modifications in any DynamoDB table and stores this
information in a log for up to 24 hours
• Can configure the information that is written to the
stream:
• KEYS_ONLY — Only the key attributes of the modified
item
• NEW_IMAGE — The entire item, as it appears after it was
modified
• OLD_IMAGE — The entire item, as it appeared before it
was modified
• NEW_AND_OLD_IMAGES — Both the new and the old
images of the item

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Accelerator
(DAX)

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Accelerator (DAX)
AWS Cloud
VPC

Permissions: Permissions:
• Access DynamoDB • Access DynamoDB + DAX

IAM Role IAM Role

Security group

DAX EC2 Instance

Amazon DynamoDB
Inbound rules:
• TCP 8000 (DynamoDB) from 0.0.0.0/0
• TCP 8111 (DAX) from 0.0.0.0/0

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Accelerator (DAX)
• DAX is a fully managed, highly available, in-memory
cache for DynamoDB

• Improves performance from milliseconds to

microseconds

• DAX is used to improve READ performance (not

writes)

• You do not need to modify application logic, since

DAX is compatible with existing DynamoDB API calls

© Digital Cloud Training | https://digitalcloud.training

 DAX vs ElastiCache
• DAX is optimized for DynamoDB

• DAX does not support lazy loading (uses write-

through caching)

• With ElastiCache you have more management

overhead (e.g. invalidation)

• With ElastiCache you need to modify application

code to point to cache

• ElastiCache supports more datastores

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Global Tables

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Global Tables

Region A Region B Region C

Use logic in the

application to
failover to a
App Server App Server App Server
replica region

Read Write Read Write Read Write

Each replica table

Asynchronous Asynchronous
replication replication stores the same
set of data items

Amazon DynamoDB Amazon DynamoDB Amazon DynamoDB

Global Tables is a
Multi-region, multi-
active database

© Digital Cloud Training | https://digitalcloud.training

 DynamoDB Global Tables

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - AWS
Databases

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - AWS Databases

Requirement Solution
Relational database running on MySQL Use Amazon RDS MySQL and configure
must be migrated to AWS and must be a Multi-AZ standby node for HA
highly available

Amazon RDS DB has high query traffic Create a Read Replica and configure the
that is causing performance application to use the reader endpoint
degradation for database queries

Amazon RDS DB is approaching its Scale up the DB instance to an instance

storage capacity limits and/or is type that has more storage / CPU
suffering from high write latency

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - AWS Databases
Requirement
Amazon RDS database is unencrypted
and a cross-Region read replica must
be created with encryption
Amazon Aurora DB deployed and
requires a cross-Region replica
Amazon Aurora DB deployed and
requires a read replica in the same
Region with minimal synchronization
latency
© Digital Cloud Training | https://digitalcloud.training
Solution
Encrypt a snapshot of the main DB and
create a new encrypted DB instance
from the encrypted snapshot. Create a
encrypted cross-Region read replica
Deploy an Aurora MySQL Replica in the
second Region
Deploy an Aurora Replica in the Region
in a different Availability Zone
 Architecture Patterns - AWS Databases
Requirement
Aurora deployed and app in another
Region requires read-only access with
low latency – synchronization latency
must also be minimized
Application and DB migrated to Aurora
and requires the ability to write to the
DB across multiple nodes
Application requires a session-state
data store that provides low-latency
© Digital Cloud Training | https://digitalcloud.training
Solution
Use Aurora Global Database and
configure the app in the second Region
to use the reader endpoint
Use Aurora Multi-Master for an in-
Region multi-master database
Use either Amazon ElastiCache or
DynamoDB
 Architecture Patterns - AWS Databases

Requirement Solution
Multi-threaded in-memory datastore Use Amazon ElastiCache Memcached
required for unstructured data

In-memory datastore required that Use Amazon DynamoDB DAX (DAX)

offers microsecond performance for
unstructured data

In-memory datastore required that Use Amazon ElastiCache Redis

supports data persistence and high
availability

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - AWS Databases

Requirement Solution
Serverless database required that Use Amazon DynamoDB
supports No-SQL key-value store
workload

Serverless database required that Use Amazon Aurora Serverless

supports MySQL or PostgreSQL

Relational database required for a Use Amazon Aurora Serverless

workload with an unknown usage
pattern (usage expected to be low and
variable)

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - AWS Databases

Requirement Solution
Application requires a key-value Use DynamoDB Global Tables
database that can be written to from
multiple AWS Regions

© Digital Cloud Training | https://digitalcloud.training

 SECTION 11

Serverless Applications

© Digital Cloud Training | https://digitalcloud.training

 Event-Driven Architectures

© Digital Cloud Training | https://digitalcloud.training

 Event-Driven Architectures

eCommerce Application

Database Server Application Server Web Server User

User places an
order

© Digital Cloud Training | https://digitalcloud.training

 Event-Driven Architectures

eCommerce Application

Database Server Application Server Web Server User

User places an
order

© Digital Cloud Training | https://digitalcloud.training

 Event-Driven Architectures

eCommerce Application

Database Server Application Server Web Server User

© Digital Cloud Training | https://digitalcloud.training

 Event-Driven Architectures
A record of the
order is written to
the database

eCommerce Application

Database Server Application Server Web Server User

The event publisher notifies

an event processor

The processed data is

written to a separate
database
Event Processor Database Server
The event processor
processes the record
from the database
© Digital Cloud Training | https://digitalcloud.training
 AWS Lambda Invocations
and Concurrency

© Digital Cloud Training | https://digitalcloud.training

 AWS Lambda Invocations

Code is executed

Developer uploads
some code

Event occurs: Source

can be CLI, API,
SDK or a trigger

Lambda function Developer

© Digital Cloud Training | https://digitalcloud.training

 Lambda Function Invocations
Synchronous:
• CLI, SDK, API Gateway
• Result returned immediately
• Error handling happens client side (retries, exponential backoff etc.)

Asynchronous:
• S3, SNS, CloudWatch Events etc.
• Lambda retries up to 3 times
• Processing must be idempotent (due to retries)

Event source mapping: SQS can also trigger

• SQS, Kinesis Data Streams, DynamoDB Streams Lambda
• Lambda does the polling (polls the source)
• Records are processed in order (except for SQS standard)

© Digital Cloud Training | https://digitalcloud.training

 Lambda Function Concurrency
Additional functions are
initialized up to the
burst or account limit

Function is
Function invocation executed

Lambda

Burst concurrency quotas: If the concurrency limit is exceeded

throttling occurs with error “Rate
• 3000 – US West (Oregon), US East (N. Virginia), Europe
exceeded” and 429
(Ireland)
“TooManyRequestsException”
• 1000 – Asia Pacific (Tokyo), Europe (Frankfurt), US East
(Ohio)
• 500 – Other Regions

© Digital Cloud Training | https://digitalcloud.training

 Lambda Function Concurrency
• Throttling can result in the error: “Rate exceeded”
and 429 “TooManyRequestsException”
• If the above error occurs, verify if you see throttling
messages in Amazon CloudWatch Logs but no
corresponding data points in the Lambda Throttles
metrics
• If there are no Lambda Throttles metrics, the throttling
is happening on API calls in your Lambda function code
• For asynchronous invocations Lambda retries up to 3
times then goes to a Dead Letter Queue
• DLQ can be SNS topic or SQS queue

© Digital Cloud Training | https://digitalcloud.training

 Lambda Function Concurrency
Methods to resolve throttling include:
• Configure reserved concurrency
• Use exponential backoff in your application code

Concurrency metrics:
• ConcurrentExecutions
• UnreservedConcurrentExecutions
• ProvisionedConcurrentExecutions
• ProvisionedConcurrencyInvocations
• ProvisionedConcurrencySpilloverInvocations
• ProvisionedConcurrencyUtilization

© Digital Cloud Training | https://digitalcloud.training

 Lambda Versions and Aliases

© Digital Cloud Training | https://digitalcloud.training

 Lambda Versions

New version includes: the

function code & dependencies,
MyFunction:1 the Lambda runtime, function
settings, and a unique ARN
A ”snapshot” is saved
to a new version
Edit Code

MyFunction:$LATEST Developer
This version is where
the code is edited

Lambda function

© Digital Cloud Training | https://digitalcloud.training

 Lambda Versions
Ø You work on $LATEST which is the latest version of the code - this is mutable
(changeable)

Ø When you're ready to publish a Lambda function you create a version (these
are numbered)

Ø Numbered versions are assigned a number starting with 1 and subsequent

versions are incremented by 1

Ø Versions are immutable (code cannot be edited)

© Digital Cloud Training | https://digitalcloud.training

 Lambda Versions
Ø Each version has its own ARN

Ø Because different versions have unique ARNs this allows you to effectively
manage them for different environments like Production, Staging or
Development

Ø A qualified ARN has a version suffix

Ø An unqualified ARN does not have a version suffix

Ø You cannot create an alias from an unqualified ARN

© Digital Cloud Training | https://digitalcloud.training

 Lambda Aliases
An alias points to one
or two versions 20%
These are Lambda
MyFunction:2 versions
80%

Application MyFunction:testalias MyFunction:1

Edit Code
Application code
points to the alias
MyFunction:$LATEST
Developer

Lambda function

© Digital Cloud Training | https://digitalcloud.training

 Advanced Amazon SQS

© Digital Cloud Training | https://digitalcloud.training

 Decoupling with SQS Queues
Direct integration
Auto Scaling Group Auto Scaling Group

App tier must keep

Web tier connects
up with workload or
directly to app tier
Web Tier App Tier failure will occur

Decoupled integration
Auto Scaling Group Auto Scaling Group

SQS Queue

EC2 instance polls

Web Tier App Tier
SQS

© Digital Cloud Training | https://digitalcloud.training

 SQS Queue Types

Standard Queue
FIFO Queue

1 3 6 4
7 6 5 4 3 2 1

5 2 7 8

First-in, First-out
Delivery
Best-effort ordering

© Digital Cloud Training | https://digitalcloud.training

 SQS Queue Types
Standard Queue
Unlimited Throughput: Standard queues support a
nearly unlimited number of transactions per second
(TPS) per API action.
Best-Effort Ordering: Occasionally, messages might be First-ln-First-out Delivery: The order in which messages are
delivered in an order different from which they were
sent
At-Least-Once Delivery: A message is delivered at
least once, but occasionally more than one copy of a
message is delivered
FIFO Queue
High Throughput: FIFO queues support up to 300
messages per second (300 send, receive, or delete
operations per second). When you batch 10 messages per
operation (maximum), FIFO queues can support up to
3,000 messages per second
sent and received is strictly preserved
Exactly-Once Processing: A message is delivered once and
remains available until a consumer processes and deletes
it. Duplicates are not introduced into the queue

© Digital Cloud Training | https://digitalcloud.training

 SQS Queue Types
Ø FIFO queues require the Message Group ID and Message Deduplication ID parameters
to be added to messages

Ø Message Group ID:

Ø The tag that specifies that a message belongs to a specific message group Messages
that belong to the same message group are guaranteed to be processed in a FIFO
manner

Ø Message Deduplication ID:

Ø The token used for deduplication of messages within the deduplication interval

© Digital Cloud Training | https://digitalcloud.training

 SQS – Dead Letter Queue
Message not processed successfully
(ReceiveCount exceeds
maxReceiveCount for queue)

Auto Scaling Group

SQS Queue Auto Scaling Group

1 3 6 4

5 2 7 8

Web Tier Application Tier

Dead-Letter Queue

Dead-letter queue is a standard or 4

FIFO queue that has been specified
as a dead-letter queue
Analyze Failures

© Digital Cloud Training | https://digitalcloud.training

 SQS – Dead Letter Queue
Ø The main task of a dead-letter queue is handling message failure

Ø A dead-letter queue lets you set aside and isolate messages that can’t be
processed correctly to determine why their processing didn’t succeed

Ø It is not a queue type, it is a standard or FIFO queue that has been specified as
a dead-letter queue in the configuration of another standard or FIFO queue

Enable Redrive Policy

Specify the queue to use as a dead-letter queue

Specify the maximum receives before a message

is sent to the dead-letter queue

© Digital Cloud Training | https://digitalcloud.training

 SQS – Delay Queue
SQS Queue

1 1 Message is visible
Producer
Delay Seconds
Timeline

Message cannot be
returned Message is
received

Lambda function

Default is 30 seconds,
max is 12 hours

© Digital Cloud Training | https://digitalcloud.training

 SQS Long Polling vs Short Polling

SQS Queue

1 3

Producer 5 2

Short polling checks a

Long polling waits for the subset of servers and may
WaitTimeSeconds and not return all messages
eliminates empty
responses
Consumer

© Digital Cloud Training | https://digitalcloud.training

 SQS Long Polling vs Short Polling
Ø SQS Long polling is a way to retrieve messages from SQS queues – waits for messages to arrive

Ø SQS Short polling returns immediately (even if the message queue is empty)

Ø SQS Long polling can lower costs

Ø SQS Long polling can be enabled at the queue level or at the API level using
WaitTimeSeconds

Ø SQS Long polling is in effect when the Receive Message Wait Time is a value greater than 0
seconds and up to 20 seconds

The maximum amount of time that a long

polling receive call will wait for a message to
become available before returning an empty
response.
© Digital Cloud Training | https://digitalcloud.training
 Serverless App Architecture
for HOL

© Digital Cloud Training | https://digitalcloud.training

 Serverless App Architecture

Amazon API Gateway productVisitsSendDataToQueue SQS Queue productVisitsDataHandler

DynamoDB Table

S3 Static Website CloudTrail EventBridge SNS Topic

Rule

DynamoDB Stream

S3 Data Lake productVisitsDatalakeLoadingHandler

AWS glue
data catalog Amazon Athena

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App –
Part 1

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App - Part 1
CW Logs

Item is written to
DynamoDB table
Manually add
message to queue
with AWS CLI

SQS Queue productVisitsDataHandler DynamoDB Table

SQS triggers
Lambda

This is the message

body

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App –
Part 2

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App - Part 2

Manually add
Item is written to
message to queue
DynamoDB table
with AWS CLI
SQS Queue productVisitsDataHandler DynamoDB Table

CW Logs
Item-level
modifications
written to
DynamoDB Stream
DDB streams
S3 Data Lake productVisitsDatalakeLoadingHandler

Lambda function polls the

stream and writes data to the
S3 bucket
© Digital Cloud Training | https://digitalcloud.training
 Application Integration
Services Comparison

© Digital Cloud Training | https://digitalcloud.training

 Application Integration Services Comparison
Service What it does
Simple Queue Service Messaging queue; store and forward
patterns
Simple Notification Service Set up, operate, and send notifications
from the cloud
Step Functions Out-of-the-box coordination of AWS
service components with visual
workflow
Simple Workflow Service Need to support external processes or
specialized execution logic
Amazon MQ Message broker service for Apache
Active MQ and RabbitMQ
Amazon Kinesis Collect, process, and analyze streaming
data.
© Digital Cloud Training | https://digitalcloud.training
Example use cases
Building distributed / decoupled applications
Send email notification when CloudWatch alarm is
triggered
Order processing workflow
Human-enabled workflows like an order fulfilment
system or for procedural requests
Note: AWS recommends that for new applications
customers consider Step Functions instead of SWF
Need a message queue that supports industry
standard APIs and protocols; migrate queues to AWS
Collect data from IoT devices for later processing
 Amazon SNS Notifications
Transport Subscribers
Protocols

Lambda

Amazon Simple
Queue Service
HTTP/HTTPS
Amazon Simple Topic
Publisher Notification Service
Email/Email Web Application
-JSON

Email
SMS

Text

© Digital Cloud Training | https://digitalcloud.training

 AWS Step Functions
Do Something

Check Yes/No

Create something

Wait

Send notification

Completed?

Check result

© Digital Cloud Training | https://digitalcloud.training

 AWS Step Functions
Ø AWS Step Functions is used to build distributed applications as a series of steps in a
visual workflow.

Ø You can quickly build and run state machines to execute the steps of your application

How it works:
1. Define the steps of your workflow in the JSON-based Amazon States Language.
The visual console automatically graphs each step in the order of execution
2. Start an execution to visualize and verify the steps of your application are
operating as intended. The console highlights the real-time status of each step
and provides a detailed history of every execution
3. AWS Step Functions operates and scales the steps of your application and
underlying compute for you to help ensure your application executes reliably
under increasing demand

© Digital Cloud Training | https://digitalcloud.training

 Kinesis vs SQS vs SNS

Amazon Kinesis Amazon SQS Amazon SNS

Consumers pull data Consumers pull data Push data to many subscribers

As many consumers as you need Data is deleted after being consumed Publisher / subscriber model

Routes related records to same record Can have as many workers (consumers) as Integrates with SQS for fan-out
architecture pattern
processor you need
Multiple applications can access stream No ordering guarantee (except with FIFO Up to 10,000,000 subscribers
concurrently queues)

Ordering at the shard level Provides messaging semantics Up to 100,000 topics

Can consume records in correct order at Individual message delay Data is not persisted
later time
Must provision throughput Dynamically scales No need to provision throughput

© Digital Cloud Training | https://digitalcloud.training

 Amazon EventBridge

© Digital Cloud Training | https://digitalcloud.training

 Amazon EventBridge
EventBridge used to be
known as CloudWatch
Events

Event Sources Rules

AWS Services

Custom Apps

SaaS Apps EventBridge

event bus

Events
Targets

© Digital Cloud Training | https://digitalcloud.training

 Amazon EventBridge Example 1

Event Source Rule Send SNS

EC2 instance
notification
terminated event

EventBridge
event bus

Event Target

© Digital Cloud Training | https://digitalcloud.training

 Amazon EventBridge Example 1

© Digital Cloud Training | https://digitalcloud.training

 Amazon EventBridge Example 2

Event Source Rule Send SNS

S3:PutBucketPolicy notification
API used

EventBridge
event bus

Event Target

© Digital Cloud Training | https://digitalcloud.training

 Amazon API Gateway Core
Knowledge

© Digital Cloud Training | https://digitalcloud.training

 Amazon API Gateway Overview
Region
VPC

Private subnet

Mobile AWS Lambda

client Lambda function
REST API over
HTTPS
EC2 Instance

Service Public subnet

Amazon API Gateway

Can import Swagger / Application Load Balancer

Open API 3.0 definitions
Website
(YAML/JSON)
EC2 Instance

Any other AWS service

Any public endpoint

© Digital Cloud Training | https://digitalcloud.training
 Amazon API Gateway Deployment Types
AWS Cloud

Key benefits:
Edge-optimized • Reduced latency for requests
endpoint from around the world
Amazon CloudFront Amazon API Gateway

Region Key benefits:

• Reduced latency for requests
Regional endpoint that originate in the same
region
Services in
Amazon API Gateway • Can also configure your own
same region
CDN and protect with WAF

VPC
Key benefits:
• Securely expose your REST APIs
Private endpoint only to other services within
Services in your VPC or connect via Direct
Amazon API Gateway
same VPC Connect

© Digital Cloud Training | https://digitalcloud.training

 Amazon API Gateway – Structure of an API

arn:aws:execute-api:ap-southeast- Map the request parameters of

2:515148227241:fk49ji8iff/*/GET/ method request to the format
required by the backend

ANY
DELETE HTTP
GET HTTP_PROXY
HEAD LAMBDA
OPTIONS
PATCH LAMBDA_PROXY
Endpoint
Users Published API POST MOCK
PUT
Integration Request Lambda function, HTTP
Method Request
endpoint, EC2 instance,
AWS service etc.
HTTP STATUS
CODES CONVERT
RESPONSE PASSTHROUGH
BODIES
Map the status codes, headers,
Method Response Integration Response
and payload received from
backend into format for client

© Digital Cloud Training | https://digitalcloud.training

 API Gateway Integrations
• For a Lambda function, you can have the Lambda
proxy integration, or the Lambda custom integration

• For an HTTP endpoint, you can have the HTTP proxy

integration or the HTTP custom integration

• For an AWS service action, you have the AWS

integration of the non-proxy type only

© Digital Cloud Training | https://digitalcloud.training

 API Gateway - Caching
Ø You can add caching to API calls by provisioning an Amazon API Gateway cache
and specifying its size in gigabytes

Ø Caching allows you to cache the endpoint's response

Ø Caching can reduce number of calls to the backend and improve latency of
requests to the API If not in the cache
(cache miss), go to
2 backend
1

API Cache Endpoint

Users
MyAPI
Production Stage

Check cache first

CACHE: ENABLED
SIZE: 0.5GB
ENCRYPTION: ON
TTL: 900

© Digital Cloud Training | https://digitalcloud.training

 API Gateway - Throttling
Ø API Gateway sets a limit on a steady-state rate and a burst of request submissions
against all APIs in your account

Ø Limits:
Ø By default API Gateway limits the steady-state request rate to 10,000
requests per second
Ø The maximum concurrent requests is 5,000 requests across all APIs within an
AWS account
Ø If you go over 10,000 requests per second or 5,000 concurrent requests you
will receive a 429 Too Many Requests error response

Ø Upon catching such exceptions, the client can resubmit the failed requests in a
way that is rate limiting, while complying with the API Gateway throttling limits

© Digital Cloud Training | https://digitalcloud.training

 API Gateway – Usage Plans and API Keys

THROTTLING: ENABLED
• RATE 10000
• BURST 5000
QUOTA: ENABLED
API Key • REQUESTS/M 1,000,000

Premium Users Endpoint

Premium
Production v2 Stage
Basic

MyAPI Usage Plans

API Key

Basic Users
Users connect to specific
public endpoint with API
key that is configured in a
usage plan
THROTTLING: ENABLED
Endpoint
• RATE 5000 Production v1 Stage
• BURST 2500
QUOTA: ENABLED
• REQUESTS/M 500,000
Can also configure per-
method throttling limits

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App –
Part 3

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App - Part 3
REST API passes
requests using Lambda
proxy integration

Amazon API Gateway productVisitsSendDataToQueue SQS Queue productVisitsDataHandler

DynamoDB Table
Lambda processes data and
writes message to SQS queue

S3 Static Website
DynamoDB Stream

S3 Data Lake productVisitsDatalakeLoadingHandler

Add products orders

through static website

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App –
Part 4

© Digital Cloud Training | https://digitalcloud.training

 Build a Serverless App - Part 4

Amazon API Gateway productVisitsSendDataToQueue SQS Queue productVisitsDataHandler

DynamoDB Table

S3 Static Website CloudTrail EventBridge SNS Topic

Rule
Amazon SNS sends
EventBridge rule triggers notification via email DynamoDB Stream
on CloudTrail API calls

S3 Data Lake productVisitsDatalakeLoadingHandler

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns -
Serverless

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - Serverless

Requirement Solution
Application includes EC2 and RDS. Decouple EC2 and RDS database with
Spikes in traffic causing writes to be an SQS queue; use Lambda to process
dropped by RDS records in the queue

Migrate decoupled on-premises web Migrate to EC2 instances, SQS and EFS.
app. Users upload files and processing Use Auto Scaling and scale the
tier processes and stores in NFS file processing tier based on the SQS queue
system. Should scale dynamically length

Lambda function execution time has Optimize execution time by increasing

increased significantly as the number memory available to the function which
of records in the data to process has will proportionally increase CPU
increased

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - Serverless
Requirement
API Gateway forwards streaming data
to AWS Lambda to process and
TooManyRequestsException is
experienced
Migrating app with highly variable load
to AWS. Must be decoupled and orders
must be processed in the order they
are received
Company needs to process large
volumes of media files with Lambda
which takes +2hrs. Need to optimize
time and automate the whole process
© Digital Cloud Training | https://digitalcloud.training
Solution
Send the data to a Kinesis Data Stream
and then configure Lambda to process
in batches
Implement an Amazon SQS FIFO queue
to preserve the record order
Configure a Lambda function to write
jobs to queue. Configure queue as input
to Step Functions which will coordinate
multiple functions to process in parallel
 Architecture Patterns - Serverless

Requirement Solution
Objects uploaded to an S3 bucket must Create an event source notification to
be processed by AWS Lambda notify Lambda function to process new
objects

Company requires API events that Create a CloudTrail trail and an

involve the root user account to be EventBridge rule that looks for API
captured in a third-party ticketing events that involve root, put events on
system SQS queue; process queue with Lambda

Legacy application uses many batch Migrate scripts to AWS Lambda

scripts that process data and pass on to functions and use AWS Step Functions
next script. Complex and difficult to to coordinate components
maintain

© Digital Cloud Training | https://digitalcloud.training

 Architecture Patterns - Serverless
Requirement
Lambda processes objects created in
bucket. Large volumes of objects can
be uploaded. Must ensure function
does not affect other critical functions
EC2 instance processes images using
JavaScript code and stores in S3. Load
is highly variable. Need a more cost-
effective solution
Solutions Architect needs to update
Lambda function code using canary
strategy; traffic should be routed based
on weights
© Digital Cloud Training | https://digitalcloud.training
Solution
Configure reserved concurrency to set
the maximum limit for the function.
Monitor critical functions’ CloudWatch
alarms for the Throttles Lambda metric
Replace EC2 with AWS Lambda function
Create an Alias for the Lambda function
and configure weights to Lambda
versions
 Architecture Patterns - Serverless

Requirement Solution
App uses API Gateway regional REST Convert API to an edge-optimized API to
API. Just gone global and performance optimize for the global user base
has suffered

App uses API Gateway and Lambda. Throttle limit could be configured a
During busy periods many requests fail value that is too low. Increase the
multiple times before succeeding. No throttle limit
errors reported in Lambda

Need to ensure only authorized IAM Set authorization to AWS_IAM for API
users can access REST API on API Gateway method. Grant execute-
Gateway api:Invoke permissions in IAM policy

© Digital Cloud Training | https://digitalcloud.training

 SECTION 12

Docker Containers and PaaS

© Digital Cloud Training | https://digitalcloud.training

 Docker and Microservices
Architectures

© Digital Cloud Training | https://digitalcloud.training

 Docker Containers
Every VM needs an operating system
which uses significant resources

Website

Windows OS

Docker Engine

Hypervisor Windows OS

Server Server

© Digital Cloud Training | https://digitalcloud.training

 Docker Containers
Containers are very
resource efficient
Containers start up
very quickly

Each container is isolated

A container includes from other containers
all the code, settings,
and dependencies for
running the application Docker Engine

Windows OS

Server

© Digital Cloud Training | https://digitalcloud.training

 Monolithic Application

Storefront User Mobile

Interface Interface

Order Account
Service Management

Payment Shipping
Service Service

Database

© Digital Cloud Training | https://digitalcloud.training

 Monolithic Application

Storefront User Mobile

Updates to, or Interface Interface
failures of, any single
component can take
down the whole
application Order Account
Service Management

Payment Shipping The user interface,

Service Service business logic, and
data access layer are
combined on a single
platform
Database

© Digital Cloud Training | https://digitalcloud.training

 Monolithic Application
Monolithic Application

Linux OS

User 1

Monolithic Application

Linux OS
Load Balancer User 2

Monolithic Application User 3

Linux OS

© Digital Cloud Training | https://digitalcloud.training

 Monolithic Application

Storefront User Mobile

Interface Interface

Order Account
Service Management

Payment Shipping
Service Service

Database

© Digital Cloud Training | https://digitalcloud.training

 Microservices Architecture A microservice is an
independently
deployable unit of code

Storefront User Mobile

Interface Interface
Microservices are often Microservice Microservice
loosely coupled Microservices are
organized around
business capabilities

Order Account Payment Shipping

Microservice Microservice Microservice Microservice

Order Customer Billing Shipping

Database Database Database Database

© Digital Cloud Training | https://digitalcloud.training

 Microservices with Docker Containers
Storefront User
Interface
Microservice

Shipping
Microservice
Order
Microservice

Docker Engine

Linux OS

Server

© Digital Cloud Training | https://digitalcloud.training

 Microservices with Docker Containers

Microservices can also Many instances of each microservice

be spread across hosts can run on each host

Docker Engine Docker Engine Docker Engine

Linux OS Linux OS Linux OS

Server Server Server

© Digital Cloud Training | https://digitalcloud.training

 Microservices: Attributes and Benefits

Microservices Attribute Microservices Benefit

Use of Application Programming Interfaces (APIs) Easier integrations between application components;
assists with loose coupling

Independently deployable blocks of code Can be scaled and maintained independently

Business-oriented architecture Development organized around business capabilities;

teams may be cross-functional and services may be reused

Flexible use of technologies Each microservice can be written using different

technologies (e.g. programming languages)

Speed and agility Fast to deploy and update. Easy to include high availability
and fault tolerance for each microservice

© Digital Cloud Training | https://digitalcloud.training

 Amazon ECS Core Knowledge

© Digital Cloud Training | https://digitalcloud.training

 Amazon ECS
ECS Services are
used to maintain
Amazon Elastic Container Service
a desired count An Amazon ECS
of tasks Cluster is a logical
Availability Zone Availability Zone
An ECS Task is grouping of tasks or
created from a ECS Cluster services
Task Definition ECS Service

Task Definition
Auto Scaling group
{
"containerDefinitions": [
{ ECS Container ECS Container Amazon Elastic Container
"name": "wordpress",
"links": [ instance instance Registry
"mysql"
],
"image": "wordpress",
"essential": true, Registry
"portMappings": [
{
"containerPort": 80, Task Task Task Task
"hostPort": 80
}

An ECS Task is a
],
"memory": 500,
"cpu": 10
running Docker Image Image
Docker images can be
}

container
stored in Amazon ECR

© Digital Cloud Training | https://digitalcloud.training

 Amazon ECS

Elastic Container Service (ECS) Description

Cluster Logical grouping of EC2 instances

Container instance EC2 instance running the the ECS agent

Task Definition Blueprint that describes how a docker container

should launch
Task A running container using settings in a Task
Definition
Service Defines long running tasks – can control task
count with Auto Scaling and attach an ELB

© Digital Cloud Training | https://digitalcloud.training

 Launch Types – EC2 and Fargate
Registry: Registry:
ECR, Docker Hub, Self-hosted ECR, Docker Hub

ECS EC2 Cluster ECS Fargate Cluster

ECS Service ECS Service

ECS Container ECS Container

instance instance

Task Task Task Task Task Task Task Task

EC2 Launch Type Fargate Launch Type

• You explicitly provision EC2 instances • Fargate automatically provisions resources
• You’re responsible for managing EC2 instances • Fargate provisions and manages compute
• Charged per running EC2 instance • Charged for running tasks
• EFS and EBS integration • No EFS and EBS integration
• You handle cluster optimization • Fargate handles cluster optimization
• More granular control over infrastructure • Limited control, infrastructure is automated
© Digital Cloud Training | https://digitalcloud.training
 ECS and IAM Roles
ECS EC2 Cluster

ECS Service
AmazonEC2ContainerServiceforEC2Role
ECS Container instance The container instance
IAM role provides
permissions to the host
IAM Instance Role

Task

IAM Task Role

The ECS task IAM role

provides permissions
to the container

NOTE: container instances have access to all of the

permissions that are supplied to the container
instance role through instance metadata

© Digital Cloud Training | https://digitalcloud.training

 ECS and IAM Roles

ECS Fargate Cluster

ECS Service

With the Fargate launch

type only IAM task roles
can be applied

Task

IAM Task Role

© Digital Cloud Training | https://digitalcloud.training

 ECS Networking modes
• awsvpc — The task is allocated its own elastic network
interface (ENI) and a primary private IPv4 address. This gives
the task the same networking properties as Amazon EC2
instances

• bridge — The task utilizes Docker's built-in virtual network

which runs inside each Amazon EC2 instance hosting the
task

• host — The task bypasses Docker's built-in virtual network

and maps container ports directly to the ENI of the Amazon
EC2 instance hosting the task
• none — The task has no external network connectivity

© Digital Cloud Training | https://digitalcloud.training

 ECS Spot Instance & Draining
• Can run ECS instances using Spot

• ECS Spot Instance draining can be enabled on the instance.

ECS receives a Spot Instance interruption notice and places
the instance in DRAINING status

• When a container instance is set to DRAINING, Amazon ECS

prevents new tasks from being scheduled for placement on
the container instance

© Digital Cloud Training | https://digitalcloud.training

 Scaling Amazon ECS

© Digital Cloud Training | https://digitalcloud.training

 Auto Scaling for ECS
• Two types of scaling: service auto scaling and cluster
auto scaling

• Service auto scaling automatically adjusts the desired

task count up or down using the Application Auto
Scaling service

• Service auto scaling supports target tracking, step,

and scheduled scaling policies

• Cluster auto scaling uses a Capacity Provider to scale

the number of EC2 cluster instances using EC2 Auto
Scaling

© Digital Cloud Training | https://digitalcloud.training