Serverless and App Services Flashcards
Event Driven Architecture
Producers generate event when something happens
Events are delivered to consumers
Actions are taken & the system returns to waiting
they only consume resources while handling events
AWS Lambda
Function-as-a-service(Faas) - short running & focussed
Lambda functions are loaded and run in a runtime environment
you are billed for the duration that a function runs
How long can AWS Lambda function run ?
900s(15min) function time out
Lambda user cases
serveles Application (s3, API gateway, lambda)
File processing (s3, s3 events, lambda)
Database Triggers(DynamoDb, streams, Lambda)
serverless CRON(EventBridge/CW Events + Lambda)
Realtime stream Data processing(Kinesis + lambda)
Public Lambda
by default lambda functions are given public networking. They can access public AWS services and the public internet.
But Lambda functions have no access to VPC based services public IPS unless public IPs are provided & security controls allow external access
Private Lambda
a single connection between the Lambda service VPC and your VPC is created for every unique combination of security group and subnets used by you Lambda function
an ENI gets created in the VPC
Lambda Logging CloudWatch logs
Logs from Lambda execution
CloudWatch Logs requires permissions via execution role
What metrics can Cloud Watch logging capture with Lambda ?
metrics :
invocation success/failure
Retries
Latency
How does security work with Lambda ?
Lambda resources policy controls WHAT services and accounts can INVOKE lambda functions
Lambda execution roles are IAM roles attached to lambda Functions which control the PERMISSIONS the lambda function RECEIVES
How many ways can Lambda functions be Invoked ?
Synchronous invocation
Asynchronous invocation
Event source Mapping
Lambda Synchronous Invocation
Lambda Asynchronous Invocation
Lambda Event sources Mapping
When running Asynchronous operations what key features does an Lambda function have to have ?
The Lambda function needs to be idempotent reprocessing a result should have the same end state
X-Ray and Lambda
Lambda can be integrated with X-Ray for distributed tracing
X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.
Lambda Function Versions
A version is the code + the configuration of the Lambda Function
it’s immutable - It never changes once published & has it’s own amazon Resources Name
Lambda version Pointer
$Latest points at the latest version
AWS Lambda Aliases
Aliases (DEV, STAGE, PROD) point at a version - can be changed
Explain the Invocation of a Lambda Function ? Is there always an immediate start for Lambda Functions?
Event Bridge
if x happens , or at y times(s) … do z
Event Bridge is CloudWatch Event V2(*)
Limitation of CloudWatch Events ?
only one bus for the account (implicit )
Explain how Event Bridge works ?
Event Bridge can have additional event buses
rules match incoming events (or schedules )
Routes the events to 1+ Targets .. e.g. Lambda
Explain Serverless Architecture
you manage few if any servers -low overhead
Application are a collection of small & specialized functions
stateless and Ephemeral environments - duration billing
event-driven consumption only when being used
Faas is used where possible for computer functionality
Simple Notification Services(SNS)
Public Aws a pub/sub messaging service networking connectivity with Public endpoints
coordinates the sending and delivery of messages
How does SNS Work ?
SNS Topics are the bases entity of SNS permissions and configuration
a publisher sends messages to a Topic
Topics have subscribers which receive messages
SNS resiliency ?
HA and scalable region resilient
SNS security
Server sided Encryption (SSE)
SNS Delivery options
delivery status including HTTP, lambda and SQS
Delivery Retried - reliable delivery
How you you enable cross account access to SNS?
Topic policy
Step functions
allows you to create state machines
serverless workflow start → states → end
states are things which occurred
Maximum Duration 1 year
What are the two options for workflow in AWS step functions
standard workflow - default 1 year limit
express Workflow - high Volume Workflow 5 min Limit
How are state machines started ?
started via API Gateway, IOT Rules Event Bridge Lambda
How are State machines written ?
Written in Amazon states Languages(ASL) - Json Template
How do State machines gets their permissions ?
IAM Role is used for permissions
API Gateway
create and manage APIs
Endpoint /entry- point for applications
sits between applications & intergradations (services)
What are some of the things API Gateway can do ?
authorization
throttling
caching
cors transformation
opAPI spec direct integration and much more.
API GateWay cache
can be used to reduce the number of calls made to the backend integration and improve client performance
API Gateway Endpoints
Edge-optimized : any incoming requests are routed Routed to the nearest CloudFront point of presence
Regional : clients in the same region
private: Endpoint accessible only within a VPC via interface endpoint
API Gateway Stages
APIs are deployed to stages, each stage has one deployment
API Gateway states + Canary deployments
stages can be enabled for canary deployments. if Done deployments are made to the canary not the stage.
Stages enabled for canary deployments can be configured so a certain percentage of traffic is sent to the canary.This can be adjusted over time - or canary can be promoted to make it the new base ‘stage’
API Gateway 4xx Errors
invalid request on client side
API Gateway 5xx Errors
valid request backend issue
Simple Queue Service (SQS)
public , fully managed , highly-available Queues
standard = at-least-once or FIFO = exactly-once
messages up to 256 KB ins size - link to large data
How are messages handled in SQS
Received messages are hidden (visibility timeout)
…. then either reappear(retry) or are explicitly deleted
Dead-Letter queues can be used for problem messages
Visibility Timeout
amount of time an message is hidden when it’s received if not explicitly deleted then that message will reappear in the queue
SQS FIFO(performance)
3,000 messages per second with batching , or up to 300 messages per second without
How is SQS billed
Billed based on ‘requests’
1 request = 1-10 messages up to 256kb total
SQS Polling
short point = immediate if not messages on queue it will still check the queue and consume a request
Long polling = wait time seconds if no message on queue how you should use SQS because it uses few requests
SNS and SQS Fanout
the messages is added onto a SNS topic
the SNS topic would have a number of subscribers for a project requirement
so each subscribers has it’s own queue and it’s own auto-scaling group which scales based of the length of the individual queue
Kinesis
a scalable streaming service
producers send data into kinesis stream
stream store 24-hr moving window of data
multiple consumer access data from that moving window
States In a State Machine
succeed & Fail
wait
choice
parallel
Map
Task
Kinesis Data Firehouse
Fully managed service to load data for data lakes , data stores and analytics services
Automatic scaling fully server less resilient
Near real Time delivery (-60 seconds)
supports transformation of data on the fly(lambda)
billing Volume through firehouse
Where can Kinesis Data Firehouse deliver data ?
HTTP endpoints
splunk
redshift
ElastiSearch
Destination Bucket
Kinesis Data Analytics
Real time processing of data
using structured Query Language (SQL)
fits between two streams of data an input stream and output stream and allows
you in real time to use SQL queries to adjust the data from the input to the output
When would you get real time delivery Using Kinesis Data Analytics ?
When you use AWS Lambda or Kinesis Data streams as a destination
Some valid destinations for Kinesis Analytics ?
Firehose (S3, Redshift, ElasticSearch & Splunk )
Aws Lambda
Kinesis Data streams
Where can Kinesis Data Analytics ingest Data from ?
Kinesis Data Streams or Firehouse
and can also ingest reference data from an s3 bucket
What are some use cases for Kinesis Data Analytics
streaming data needing real-time SQL processing
Time-series analytics … elections/e-sports
Real-time dashboards- leaderboards for games
Real-time metrics -Security & response teams
Amazon Cognito
Authentication = login verify credentials
Authorization = mange access to services
User-management = to allow the creation and management of a server as user database
Authentication, Authorization, and User-management for `Web/mobile apps
How many ways can you uses Amazon Cognito ?
user pools - sign-in and get a Json Web Token(JWT)
user directory management and profiles, sign-up & sign-in (customizable webUI), MFA and other security features
identity Pools - Allow you to offer access to Temporary AWS credentials
What are some forms of Identity Acces
unauthenticated identities -Guest users
Federated identities -SWAP google, Facebook, twitter SAML 2.0 & user Pool for short term AWS credentials to access AWS resources
