Serverless solution architecture in AWS

@runcyoommen
https://runcy.me
Solution Architecture In

|In brief|
1. #Serverless – Introduction, Evolution & Advantages
2. AWS Serverless – Example Solution Architecture
 DynamoDB – Setup tables/attributes/items
 IAM - Required roles
 Lambda - Make functions
 API Gateway - Appropriate triggers
 S3 - Host the static web files
 ACM - Generate appropriate certificate
 CloudFront - Create a global distribution
 Route 53 - DNS redirection
3. AWS Full-Stack Serverless
 AWS Amplify – Introduction and Capabilities

Career
 Principal SDE, SONICWALL, 17+ yrs. industry experience
primarily in systems, cloud (private/public), security, networking
 10x multi-cloud certified (GCP, AWS, Azure, CNCF)
 Patent (India) in cloud security around distributed data storage
 Interested in serverless, containers and cloud native offerings.
Firm believer of a multi-hybrid cloud future
Community
 Organizer of GDG Cloud, AWS user Group and Cloud Native
meetup groups in Bangalore
 Regular speaker at domestic and international cloud, tech &
security conferences
 Multiple hackathon wins in cloud/security topics.
 Recognized by Google as a community influencer
[~]$ whoami
runcyoommen
https://runcy.me

What does “Serverless” mean?
Reference:
https://en.wikipedia.org/wiki/Serverless_computing
“Serverless computing is a cloud
computing execution model in which the
cloud provider runs the server, and
dynamically manages the allocation of
machine resources.”

Pre-requisites to begin
• AWS free-tier account
• Get the source code
https://github.com/roommen/runcystees
• Basic knowledge of Python, HTML, JS, CSS
• A good IDE like Visual Studio Code
• Assumption: You have a registered domain

1. Setting up the DB
• Select ‘DynamoDB’ from the services list
(under Database section)
• Click ‘Create table’ to get started

• Provide table name, primary key
• Leave the rest as default settings

• Start adding the items by clicking
on ‘Create item’
• Really simple DB schema consisting of
id (Primary key) and desc of the tees

2. Relevant IAM roles
• Select ‘IAM’ from the services list
(under Security, Identity & Compliance)
• Create a new role
• Select Lambda as the service that will use this role
• Click Next to attach the permissions

• Attach the below given pre-defined policies
• Add appropriate tags (optional but good practice)

Provide an appropriate name and create the role

3. Let’s make some ‘FaaS’
• Select ‘Lambda’ from the services list
(under Compute)
• Provide name, runtime and choose the role

In this web app example, we have:
 Show Tee Description – handled by ShowTeeDesc.py
For Python with Lambda, zip all source code and
dependencies (if any)

• Boto3 is the only dependency; it need not be
packaged as it’s part of Python runtime in Lambda
• You should now have
showTeeDesc.zip created
• Verify contents of the zip file - Ensure it looks
identical to screenshot

• Now in the Lambda screen, upload the zip file created earlier and
change the Handler info to showTeeDesc.lambda_handler
• The format of Handler should be <python_filename>.lambda_handler

• Provide appropriate description
and keep the memory and
timeout as is
• Click on ‘Save’ to create the Lambda function
• Created function will be displayed as below

4. Integration with API Gateway
• Select ‘API Gateway’ from the services
list (under Networking & Content Delivery)
• Click ‘Create API’
• Choose the protocol, name and other details

• Choose ‘Create Resource’ from the Actions menu.
• Make sure to ‘Enable API Gateway CORS’

Resource created - showteedesc
• Select the resource
and now click ‘Create
Method’
• Choose ‘POST’ method

Configure POST method - showteedesc
• Select appropriate region and the function that
we had created earlier for integration

• Select a method and click
“Enable CORS”
• On the next screen, leave everything as is and click
“Enable CORS and replace existing headers”

• Select “Deploy API” from ‘Actions’
Choose [New Stage] and provide
appropriate values

• After deployment, the APIs would be available under stage
• Click on POST method created for /showteedesc and see
the API endpoint

• Enable the APIs – Edit the JS function
• Integrate the APIs with the relevant functions
defined in runcystees.js to have it invoked

Bringing it all together…
index.html runcystees.js
showTeeDesc.py
SERVERLESS
TRINITY

5. Host web files on S3
• Select ‘S3’ from the services list
(under Storage)
• Click ‘Create bucket’
• Provide appropriate ‘Bucket
name’ and ‘Region’
• Click ‘Create’

• Select the bucket that you created earlier
• From the “Properties” tab, select ‘Static
website hosting’

• Provide appropriate
‘Index doc’ and hit
Save
• You will now see an
‘Endpoint’ available
which will serve you
the website content

• Click on the
‘Permissions’ tab
• Select ‘Bucket Policy’
• Entering the policy makes it world readable
Policy: https://docs.aws.amazon.com/AmazonS3/latest/user-guide/static-website-hosting.html#add-bucket-policy-public-access

6. Generate certificate
• Select ‘Certificate Manager’ from the
services (under Security, Identity & Compliance)
• Click ‘Request a certificate’
• Select ‘Request a public certificate’
• Choose region as N. Virginia

Enter domain name
for generating the
certificate
Select ‘DNS
validation’

• Choose ‘Create record in Route 53’ to make
the appropriate DNS entry for certificates
• An entry would be created under Route 53
• Certificate status would be shown as Issued (~15 mins)

7. Make CloudFront distribution
• Select ‘CloudFront’ from the services
(under Networking & Content Delivery)
• Click ‘Create Distribution’
• Select ‘Web’ as the delivery
method for content

• Provide ‘Origin Domain Name’ as the S3 bucket
• Set protocol policy as
‘Redirect HTTP to
HTTPS’

• Provide
appropriate
CNAME entries
• Select the
certificate created
earlier from the
custom list

• Click on ‘Create Distribution’
• Wait for the distribution to be created (~30 mins)
• Set the default root object as the first html page

• Select ‘Route 53’ from the services list
(under Networking & Content Delivery)
8. DNS redirection
• Select the Hosted Zone displayed for
your domain
• Click on the ‘Create Record Set’ button

• Create a CNAME record set
• Provide CloudFront domain name as the value

• The website is ** NOW LIVE **
https://tees.runcy.me

What is AWS Amplify?
Easy to use JavaScript
library and toolchain for
building cloud-powered
mobile and web apps
• Creates and deploys sophisticated
serverless backends – FAST!

• CLI provides support for
authentication, analytics,
functions, RESTGraphQL
APIs…
• Toolchain uses AWS
CloudFormation and
enables you to add, modify
and share configurations

Hosting for static assets and websites
• Distributes content to end users with low
latency and high data transfer speeds
• Perform local testing of AWS
Lambda functions and deploy
• Provides a secure, durable and
scalable object storage infra

Easily create APIs and generate client code
• Define APIs using the
GraphQL Schema
Definition Language (SDL)
• Toolchain expands and transforms a full
CloudFormation template that implements
your data model

• Connects your front-end apps to AWS services
JavaScript Library
SPA Frameworks Supported
• Vue
• React
• React Native
• Angular
• Ionic

What sort of services are supported?
• Authentication (Amazon Cognito)
• Storage (Amazon S3 & DynamoDB)
• Function (AWS Lambda)
• API (AWS AppSync & API Gateway)
• Hosting (Amazon S3 & CloudFront)
• Analytics (Amazon Pinpoint)
• Interactions (Amazon Lex)

Serverless solution architecture in AWS

More Related Content

Serverless solution architecture in AWS