Serverless
- 개발자가 서버를 관리할 필요 없이 어플리케이션을 빌드하고 실행할 수 있도록 하는 것
- 서버가 없다는 것 X
- Severless was pioneered by AWS Lambda, but now also includes anything that's managed
Serverless in AWS
- AWS Lambda
- Virtual functions - no servers to manage
- Limited by time - short executions
- Run on-demand
- Scaling is automated
- Benefits of AWS Lambda
- Easy Pricing
- Pay per request and compute time ($0.20 per 1 million requests thereafter)
- Free tier of 1,000,000 AWS Lambda requests and 400,000 GBs of compute time
- very cheap to run
- Integrated with the whole AWS suite of services
- Integrated with many programming languages
- Easy monitoring through AWS CloudWatch
- Easy to get more resources per functions
- Increasing RAM will also improve CPU and network
- Lambda SnapStart
- Improves Lambda functions performace up to 10x at no extra cost for Java 11 and above
- When enabled, function is invoked from a pre-initialized state
- When you publish a new version:
- Lambda initializes your function
- Takes a snapshot of memory and disk state of the initialized function
- Snapshot is cached for low-latency access
- Customization At The Edge
- Many modern applications execute some form of the logic at the edge
- Edge Function
- A code that you write and attach to CloudFront distributions
- Runs close to your users to minimized latency
- CloudFront provides two types :
- CloudFront Functions
- Cache Key normalization
- Header manipulation
- URL rewrites or redirects
- Request authentication & authorization
- Lambda@Edge
- Longer execution time
- Adjustable CPU or memory
- Code depends on a 3rd libraries
- Network access to use external services for processing
- File System access or access to the body of HTTP requests
- Use Case :
- Website Security and Privacy
- Dynamic Web Application at the Edge
- Search Engine Optimization
- Intelligently Route Across Origins and Data Centers
- Bot Migration at the Edge
- Real-time Image Transformation
- A/B Testing
- User Authentication and Authorization
- User Prioritization
- User Tracking and Analytics
- CloudFront Functions
- You don't have to manage any servers, deployed globally
- Use case
- customize the CDN content
- Pay only for what you use
- Fully severless
- Lambda by default
- launched outside your own VPC
- cannot access resources in your VPC
- Lambda in VPC
- must define the VPC ID, the Subnets and the Security Groups
- will create an ENI in your subnets
- Lambda with RDS Proxy
- If Lambda functions directly access your database, they may open too many connections under high load
- RDS Proxy
- Improve scalability by pooling and sharing DB connections
- Improve availability by reducing by 66% the failover time and preserving connections
- Improve security by enforcing IAM authentication and storing credentials in Secrets Manager
- The Lambda function must be deployed in yourVPC, because RDS Proxy is never publicly accessible
- Invoking Lambda from RDS & Aurora
- Invoke Lambda functions from within your DB instance
- Allow you to process data events from within a database
- Supported for RDS for PostgreSQL and Aurora MySQL
- Must allow outbound traffic to your Lambda function from within your DB instances
- DB instance must have the required permissions to invoke the Lambda function
- RDS Event Notifications
- Notifications that tells information about the DB instance itself
- You don't have any information about the data itself
- Subscribe to the following event categories
- DB instance
- DB snapshot
- DB Parameter Group
- DB security Group
- RDS Proxy
- Custom Engine Version
- Near real-time events
- Send notifications to SNS or subscribe to events using EventBridge
- Easy Pricing
- Dynamo DB
- Fully managed, highly available with replication across multiple AZs
- NoSQL db with transaction support
- Scales to massive workloads, distributed db
- Millions of requests per seconds, thrillions of row, 100s of TB of storage
- Fast and consistent in performance
- Integrated with IAM for security, authorization and administration
- Low cost and auto-scaling capabilites
- No maintenance or patching, always available
- Standard & Infrequent Access Table Class
- Basics
- DyanamoDB is made of table
- Each table has a Primary Key (must be decided at creation time)
- Each table can have an infinite number of items
- Each item has attributes (can be added over time - can be null)
- Maximum size of an item is 400KB
- Data types supported are :
- Scalar Types
- Document Types
- Set Types
- DynamoDB can rapidly evolve schemas
- Read/Write Capacity Modes
- Provisioned Mode (default)
- You specify the number of reads/writes per second
- You need to plan capacity beforehand
- Pay for provisioned Read Capacity Units & Write Capactiy Units
- Possibility to add auto-scaling mode for RCU & WCU
- On-Demand Mode
- Read/writes automatically scale up/down with your workloads
- No capacity planning needed
- Pay for what you use, more expensive
- Greate for unpredictable, workloads, steep sudden spikes
- Provisioned Mode (default)
- DynamoDB Accelerator
- Fully-managed, highly available, seamless in-memory cache for DynamoDB
- Help solve read congestion by caching
- Microseconds latency for cached data
- Doesn't require application logic modification (compatible with existing DynamoDB APIs)
- 5 minutes TTL for cache
- Stream Processing
- Ordered stream of item-level modifications in a table
- 24 hours retention
- Limited # of consumers
- Process using AWS Lambda Triggers, or DynamoDB Stream Kinesis adapter
- Use Case :
- React to changes in real-time
- Real-time usage analytics
- Insert into derivative tables
- Implement cross-region replication
- Invoke AWS Lambda on changes to your Dynamo DB table
- DynamoDB Global Tables
- Make a DynamoDB table accessible with low latency in multiple-regions
- Active-Active replication
- Applications can READ and WRITE to the table in any region
- Must enable DynamoDB Streams as a pre-requisite
- Time to Live
- Automatically delete items after an expiry timestamp
- Use cases :
- reduace stored data by keeping only current items
- adhere to regulatory obligations
- web session handling
- Backups for disaster recovery
- Continuous backups using point-in-time recovery
- Optionally enabled for the last 35 days
- Point-in-time recovery to any time within the backup window
- The recovery process creates a new table
- On-demand backups
- Full backups for long-term retention, until explicitely deleted
- Doesn't affect performance or latency
- Can be configured and managed in AWS Backup (enable cross-region copy)
- They recovery process creates a new table
- Continuous backups using point-in-time recovery
- Integration with Amazon S3
- Export to S3 (must enable PITR)
- Works for any point of time in the last 35 days
- Doesn't affect the read capacity of your table
- Perform data analysis on top of DynamoDB
- Retain snapshots for auditing
- ETL on top of S3 data before importing back into DynamoDB
- Export in DynamoDB JSON or ION format
- Import from S3
- import CSV, DynamoDB JSON or ION format
- Doesn't consume any write capacity
- Creates a new table
- Import errors are logged in CloudWatch Logs
- Export to S3 (must enable PITR)
- AWS Coginto
- Give users an identity to interact with our web or mobile application
- Coginto User Pools
- Create a serverless database of user for your web & mobile apps
- CUP integrates with API Gateway and Appliction Load Balancer
- Coginto Identity Pools
- Get identities for "users" so they obtain temporary AWS credentials
- Users can then access AWS services directly or through API Gateway
- The IAM policies applied to the credentials are defined in Cognito
- They can be customized based on the user_id for fine grained control
- Default IAM roles for authenticated and guest users
- AWS API Gateway
- AWS Lambda + API Gateway
- No infrastructure to manage
- Integrations High Level
- Lambda Function
- Invoke Lambda function
- Easy way to expose REST API backed by AWS Lambda
- HTTP
- Expose HTTP endpoints in the backend
- Use Case:
- Internal HTTP API on premise
- Application Load Balancer
- AWS Service
- Expose any AWS API through the API Gateway
- Use Case :
- start an AWS Step Function workflow
- post a message to SQS
- Lambda Function
- Endpoint Types
- Edge-Optimized : for global clients
- Requests are routed through the CloudFront Edge locations (improve latency)
- The API Gateway still lives in only one region
- Regional : for clients within the same reigon
- could manually combine with CloudFront
- more control over the caching strategies and the distribution
- could manually combine with CloudFront
- Private
- can only be accessed from your VPC using an interface VPC endpoint
- use a resource policy to define access
- Edge-Optimized : for global clients
- Support for the WebSocket Protocol
- Handle API versioning
- Handle different environments
- Handle security
- User Authentication through
- IAM Roles (internal applications)
- Coginto(external users)
- Custom Authorizer(own logic)
- Custom Domain Name HTTPS security through integration with AWS Certificate Manger
- If using Edge-Optimized endpoint, then the certificate must be in us-east-1
- If using Regional endpoint, the certificate must be in the API Gateway region
- Must setup CNAME or A-alias record in Route 53
- User Authentication through
- Create API keys, handle request throttling
- Swagger / Open API import to quickly define APIs
- Transform and validate requests and responses
- Generate SDK and API specifications
- Cache API responses
- AWS Lambda + API Gateway
- Amazon S3
- AWS SNS & SQS
- AWS Kinesis Data Firehose
- Aurora Serverless
- Step Functions
- Build serverless visual workflow to orchestrate your Lambda functions
- Features : sequence, parallel, conditions, timeouts, error handling ...
- Can integrate with EC2, ECS, On-premises servers, API Gateway, SQS queues ...
- Posiibility of implementing human approval feature
- Use cases :
- order fulfillment
- data processing
- web applications
- any workflow
- Fargate
'aws' 카테고리의 다른 글
| Data & Analytics (1) | 2024.04.08 |
|---|---|
| Databases in AWS (3) | 2024.04.07 |
| Containers on AWS (0) | 2024.04.05 |
| AWS Integration & Messaging (1) | 2024.04.04 |
| S3 (0) | 2024.03.29 |