Containers or Serverless?

Mike GillespieSolutions Architect , AWS Solutions Architecture

Webapp

Greeting Name

Client

A Typical Application with Microservices

GreetingGreeting NameName

WebappWebapp

Microservice Deployment Strategies on AWS

More Management

Amazon EC2

ECS Lambda

Less Management

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Containers

Microservices and Containers• Do one thing, really well• Any app, any language• Test and deploy same artifact• Self-contained services• Isolated execution environment• Faster startup• Scaling and upgrading

Trends we are seeing

• Kubernetes – The new ”norm” in container orchestration

• Cloud Native – Freeing customers from old models

• Migrating Legacy Application – Customers are seeking the agility

and flexibility of containers

• Developer Focused – DevTools helping to push adoption

• Operations Automation – Using control loops and Immutable

Infra to reduce time and inefficiencies

EC2 Instance EC2 InstanceEC2 InstanceEC2 InstanceEC2 Instance

Running Containers

Scheduling and Orchestration

Cluster Manager Placement Engine

Running Containers at Scale

Availability Zone #1 Availability Zone #2 Availability Zone #3

Operating Containers at Scale

Operating container clusters such as Kubernetes is not a trivial task

AWS Provides a managed service that handles the operational challenges orchestrating container clusters.

Autoscaling will add capacity

AWS Fargate will provision the servers on your behalf managing the scaling, patching

Running Containers on AWSUsing Managed Services

AWS CodePipeline – CI/CD with Kubernetes

AWS CodePipeline

AWS CodeCommit AWS CodeBuild AWS Lambda

Amazon ECR

1 2 4

3 5

61 Developers continuously integrate

changes into a main branch hosted within a repo

2 Triggers an execution of the pipeline when a new version is found, builds a new image with build ID

3 Pushes the newly built image tagged with build ID to ECR repo

4 Invokes a Lambda function to trigger application deployment

5 Leverages Kubernetes Python SDK to update a deployment

6 Fetches new container image and performs a rolling update of deployment

Developer

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Serverless

Server less means…

• No servers to provision or manage• Scales with usage• Never pay for idle• Built-in High-Availability and Disaster Recovery

Lambda cons iderat ions and best pract ices

Can your Lambda functions survive the cold?

• Instantiate AWS clients and database clients outside the scope of the handler to take advantage of container re-use.

• Schedule with CloudWatch Events for warmth

• ENIs for VPC support are attached during cold start

import sys import logging import rds_config import pymysql

rds_host = "rds-instance" db_name = rds_config.db_name try:

conn = pymysql.connect( except:

logger.error("ERROR:def handler(event, context):

with conn.cursor() as cur:Executes with

each invocation

Executes during cold start

Lambda Best Pract ices

• Minimize package size to necessities• Separate the Lambda handler from core logic• Use Environment Variables to modify operational

behavior• Self-contain dependencies in your function package• Leverage “Max Memory Used” to right-size your

functions• Delete large unused functions (75GB limit)

Web appl icat ion

Data stored in Amazon

DynamoDB

Dynamic content in AWS Lambda

Amazon API Gateway

Browser

Amazon CloudFront

Amazon S3

Amazon Cognito

Amazon API Gateway AWS

LambdaAmazon

DynamoDB

AmazonS3

Amazon CloudFront

• Bucket Policies• ACLs

• OAI• Geo-Restriction• Signed Cookies• Signed URLs• DDOS Protection

IAM

AuthZ

IAM

Server less web app secur i ty

• Throttling• Caching• Usage Plans• ACM

Static Content

Browser

Amazon Cognito

AWS Serverless Appl icat ion Model (SAM)

• CloudFormation extension optimized for serverless

• New serverless resource types: functions, APIs, and tables

• Supports anything CloudFormation supports

• Open specification (Apache 2.0)

https://github.com/awslabs/serverless-application-model

Useful Frameworks for Server less Web Apps

• AWS ChalicePython Serverless Frameworkhttps://github.com/aws/chalice

Familiar decorator-based API similar to Flask/BottleSimilar to third-party frameworks, Zappa or Claudia.js

• AWS Serverless ExpressRun Node.js Express apps https://github.com/awslabs/aws-serverless-express

• Java - HttpServlet, Spring, Spark and Jerseyhttps://github.com/awslabs/aws-serverless-java-container

AWS Server less Data Lake

S3 Bucket(s)

Key Management

Service

Amazon Athena

AWSCloudTrail

AmazonCognito

AWS IAM

Amazon Kinesis

Streams

Amazon Kinesis

Firehose

Amazon ES

Amazon QuickSight

AWS GlueAmazon

DynamoDB

Amazon Macie

Amazon API Gateway

AWS IAM

Amazon Redshift

Spectrum

AWS Direct

Connect

Ingest

Catalog & Search

Security & Auditing

API/UI

Analytics & Processing

AWS GlueAWSLambda

Image recognit ion and process ing

Web App

Amazon DynamoDB:Image meta-data & tags

Amazon Cognito:User authentication

Amazon S3:Image uploads

AWS Step Functions:Workflow orchestration

Start state machine execution

1

Extract image meta-data2

Amazon Rekognition:Object detection

Invoke Amazon Rekognition

Generate image thumbnail

3

3Store meta-data and tags

4

https://github.com/awslabs/lambda-refarch-imagerecognition

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

How to Decide?

Developers Love … Because

Serverless:No Servers to manage!HA & Scaling are built-inNo Paying for IdleMultiple Programming LanguagesFewer Options – Less Noise

Containers:Rich EcosystemPlatform SupportVendor FreedomConsistent Environment Laptop to ProductionPersistenceLong Running

When Serverless is Better

Greenfield Application – Little technical inertia in the form of existing coding frameworks and logging and monitoring tools.REST APIsLarge data volumes, NoSQL databases, & parallel processingHighly variable resource requirements with lots of idle time.Short execution time and stateless executionAlready have an operational footprint in the cloud.

When Containers are Better

Complex Dependencies / Custom Environments / Existing Containers Custom Security Solutions and Full Stack Operational OwnershipLong Running Execution (> 5 min), GPUs & HPCPersistence in containersConsistent UtilizationPlatform / Datacenter Independence

Serverless Myths

Serverless is just a synonym for AWS LambdaServerless is less secureThere are no serversServerless is just for resizing images or other events.Serverless is a silver bulletYou don’t need to test for scalability

Containerization Myths

You have full platform independence: Network connectivity, security, performance all require engineeringRunning containers requires an investment in deploying and operating compute Containers are just virtualization

Well done, Way to play both sides

Serverless Applications and Containerization Complement one another!

Data Lake on S3 is cost-effective and very versatile

Running ML Training against S3 Data using containers

CICD Pipelines for serverless apps can be done using containerized builds

Process request with Lambda / API Gateway and publish to SQS Queue, process work in container.

Recommendations

Embrace your platform. Don’t reinvent the wheel. Development teams can be passionate about reusing code but spend countess hours writing platform code.

Build expertise is both containers and serverless

Know strengths / weaknesses of each architecture

Start serverless and identify why serverless won’t work

Test early, test often, test automated.

Containers or and Serverless!

Mike GillespieSolutions Architect , AWS Solutions Architecture

Thank You!