operations & event-driven architectures€¦ · serverless functions aws fargate serverless...
TRANSCRIPT
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
David Richardson
VP of Serverless, AWS
Operations &
event-driven architectures
© 2020, Amazon Web Services, Inc. or its Affiliates.
Elements of a modern application
Modular
services
As managed
as possible
Automated
& standardized
Everyone’s
responsibility
Purpose
built
Architectural
patterns
1
Operational
model
2
Software
delivery
3
Management &
governance
4
Data
management
5
© 2020, Amazon Web Services, Inc. or its Affiliates.
Small pieces loosely joined
Modern application architectures are small pieces, loosely joined
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Lambda enhancements
Provisioned
Concurrency
Compute
Savings Plan
VPC
Networking
© 2020, Amazon Web Services, Inc. or its Affiliates.
APIs are the front door
of microservices
© 2020, Amazon Web Services, Inc. or its Affiliates.
Realtor.com uses APIs between services
Lambda function
AWS
Amazon CloudWatch
monitoring
Amazon
CloudFront
Mobile apps
API
Gateway cache
Websites
Image Processing
Internet
Image Repository
“
..”
—Kuntal Shah
SVP Engineering, Realtor.com
© 2020, Amazon Web Services, Inc. or its Affiliates.
Cost and Performance
© 2020, Amazon Web Services, Inc. or its Affiliates.
Event-driven architectures
Client
Mobile
IoT
Amazon
Kinesis
Amazon
DynamoDB
EventsAWS Step Functions
Amazon
SQS
Amazon
SNSMessaging
AWS Step Functions
AWS Step Functions
AWS Lambda AWS Lambda
© 2020, Amazon Web Services, Inc. or its Affiliates.
Amazon EventBridge – SaaS Event Sources
EventBridge Event Bus
AWS Lambda
Amazon Kinesis Data Firehose
Amazon SNS
Additional Targets
SaaS Event Sources
AWS Service Event Sources
Custom Event Bus
SaaS Event Bus
Default Event Bus
Topics
Event Targets
© 2020, Amazon Web Services, Inc. or its Affiliates.
Connecting AWS event sourcesMessaging
Queues
Amazon Simple
Queue Service
Pub/Sub
Amazon Simple
Notification Service
Events
Amazon
EventBridge
© 2020, Amazon Web Services, Inc. or its Affiliates.
Data streams
Amazon
DynamoDB
Data StoreMicroservices
Performance at scale
Fast and flexible
IngestData streams
Data processing
Real-time
Amazon Kinesis
Data Streams
© 2020, Amazon Web Services, Inc. or its Affiliates.
Coordinate function execution
Track status of
data and execution
Remove
redundant code
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
Serverless security
© 2020, Amazon Web Services, Inc. or its Affiliates.
Common causes of security breaches
Unapplied patches
and updates
Malicious code &
runtime security
Network
segmentation
Overly permissive
access
© 2020, Amazon Web Services, Inc. or its Affiliates.
Comparison of operational responsibility
AWS LambdaServerless functions
AWS FargateServerless containers
Amazon ECS/
Amazon EKSContainer management as a service
Amazon EC2Infrastructure as a service
More opinionated
Less opinionated
AWS manages Customer manages
• Data source integrations• Physical hardware, software, networking,
and facilities
• Provisioning
• Application code
• Container orchestration, provisioning• Cluster scaling
• Physical hardware, host OS/kernel, networking, and facilities
• Application code• Data source integrations
• Security config and updates, network config, management tasks
• Container orchestration control plane• Physical hardware software, networking,
and facilities
• Application code• Data source integrations
• Work clusters• Security config and updates, network config,
firewall, management tasks
• Physical hardware software, networking, and facilities
• Application code• Data source integrations
• Scaling• Security config and updates,
network config, management tasks• Provisioning, managing scaling
and patching of servers
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Lambda-ready partners
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS serverless service delivery partners
© 2020, Amazon Web Services, Inc. or its Affiliates.
Function isolation
VirtualizationStrong isolation boundary for functions
© 2020, Amazon Web Services, Inc. or its Affiliates.
Function isolation
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
Fargate
task
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
MicroVM
LambdaExecution
Lambda Function
Application Code
Layers
Network
Interface
Data
Volume Credentials
Lambda Data Plane
Kernel
MicroVM
© 2020, Amazon Web Services, Inc. or its Affiliates.
Shared responsibility model
AWS
Security OF
the Cloud
AWS is responsible for
protecting the infrastructure
that runs all of the services
offered in the AWS Cloud
Security IN
the Cloud
Customer responsibility will be
determined by the AWS Cloud
services that a customer selects
Customer
© 2020, Amazon Web Services, Inc. or its Affiliates.
AWS Serverless Shared Responsibility Model
AW
S
AW
S Identity
and A
ccess M
anagem
ent
Platform
management
Network traffic
Firewall configCode encryption
Operating system and network configuration
Compute
Edge locations
NetworkingDatabaseStorage
Regions
Availability zones
Custo
mer Customer data, application identity and access management
Data encryption
Data integrity
Authentication
Application
Management
Internet access
Monitoring
Logging
AWS Global
Infrastructure
Responsible
for security
“in” the cloud
Responsible
for security
“of” the cloud
© 2020, Amazon Web Services, Inc. or its Affiliates.
Finer-grained control gives you better security
In plain language, the potential security risk of
a serverless application is lower, but still present!
© 2020, Amazon Web Services, Inc. or its Affiliates.
Identity & access management
© 2020, Amazon Web Services, Inc. or its Affiliates. © 2020, Amazon Web Services, Inc. or its Affiliates.
Modern operations
© 2020, Amazon Web Services, Inc. or its Affiliates.
What’s different about modern operations?
Central control
Periodic software release
Physical hardware
Manual tasks
Traditional Modern
Decoupled teams
Continuous delivery
Virtual or ephemeral
Automation via code
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are the approaches to operations?
Central control
Low risk but very
slow to release
Dependencies
& time lags
Guardrails
Fast time & low risk
to the business
Win win
Free for all
Fast dev time, but high risk
to legal & app reliability
Chaos
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are
guardrails?
Guardrails are mechanisms, such as
processes or practices, that reduce
both the occurrence and blast radius
of undesirable application behavior
© 2020, Amazon Web Services, Inc. or its Affiliates.
What are some real-world guardrails?
MonitoringProvisioningDeployment
Cost
management
Security
& compliance
© 2020, Amazon Web Services, Inc. or its Affiliates.
Centrally deployed guardrails enable
the standardization of routine processes,
like certificate management, without
creating bottlenecks
A A
© 2020, Amazon Web Services, Inc. or its Affiliates.
Where your teams can go from here
A AA A
A A
© 2020, Amazon Web Services, Inc. or its Affiliates.
Thank you!