Severless - Lambda, DynamoDB, API Gateway, Cognito Flashcards
10 Serverless products in AWS?
- AWS Lambda
- DynamoDB
- AWS Cognito
- AWS API Gateway
- Amazon S3
- AWS SNS & SQS
- AWS Kinesis Data Firehose
- Aurora Serverless
- Step Functions
- Fargate
- Virtual functions – no servers to manage!
- Limited by time - short executions
- Run on-demand
- Scaling is automated!
Amazon Lambda
With Lambda, Increasing ___________ will also improve ________ and network!
RAM
CPU
With Lambda, is it Easy to get more resources per functions?
YES (up to 10GB of RAM)
- The container image must implement the Lambda Runtime API
- ECS / Fargate is preferred for running arbitrary Docker images
Lambda Container Image
AWS Lambda Limits are _______?
per region
AWS Lambda Execution - Memory allocation
128 MB – 10GB (1 MB increments)
AWS Lambda Execution - Maximum execution time
900 seconds (15 minutes)
AWS Lambda Execution - Environment variables
(4 KB)
AWS Lambda Execution - Disk capacity in the “function container” (in /tmp)
512 MB to 10GB
AWS Lambda Execution - Concurrency executions
1000 (can be increased)
AWS Lambda Deployment - Lambda function deployment size (compressed .zip)
50 MB
AWS Lambda Deployment - Size of uncompressed deployment (code + dependencies)
250 MB
AWS Lambda Deployment - Can use the ___________ directory to load other files at startup
/tmp
AWS Lambda Deployment - Size of environment variables
4 KB
What are the 2 types of Edge Functions that CloudFront provides for Lambda??
CloudFront Functions
Lambda@Edge
Lambda Customization At The Edge … do you need to manage any servers?
NO, They are deployed globally
What are 10 use cases for CloudFront Functions & Lambda@Edge
- Website Security and Privacy
- Dynamic Web Application at the Edge
- Search Engine Optimization (SEO)
- Intelligently Route Across Origins and Data Centers
- Bot Mitigation at the Edge
- Real-time Image Transformation
- A/BTesting
- User Authentication and Authorization
- User Prioritization
- User Tracking and Analytics
- Lightweight functions written in JavaScript
- For high-scale, latency-sensitive CDN customizations
- Sub-ms startup times, millions of requests/second
- Used to change Viewer requests and responses:
- Viewer Request: after CloudFront receives a request from a
viewer - Viewer Response: before CloudFront forwards the response to
the viewer
- Viewer Request: after CloudFront receives a request from a
- Native feature of CloudFront (manage code entirely within CloudFront)
CloudFront Functions
- Lambda functions written in NodeJS or Python
- Scales to 1000s of requests/second
- Used to change CloudFront requests and responses:
- Viewer Request – after CloudFront receives a request from a
viewer - Origin Request – before CloudFront forwards the request to the
origin - Origin Response – after CloudFront receives the response from
the origin - Viewer Response – before CloudFront forwards the response to
the viewer
- Viewer Request – after CloudFront receives a request from a
- Author your functions in one AWS Region (us-east-1), then CloudFront replicates to its locations
Lambda@Edge
Look at Slide 458
Use Cases:
* Cache key normalization
* Transform request attributes (headers, cookies, query strings,
URL) to create an optimal Cache Key
* Header manipulation
* Insert/modify/delete HTTP headers in the
request or response
* URL rewrites or redirects
* Request authentication & authorization
* Create and validate user-generated tokens (e.g., JWT) to
allow/deny requests
CloudFront Functions
Use Cases:
* Longer execution time (several ms)
* Adjustable CPU or memor y
* Your code depends on a 3rd libraries (e.g., AWS SDK to access other AWS services)
* Network access to use external ser vices for processing
* File system access or access to the body of HTTP requests
Lambda@Edge
By default .. where is your Lambda Function launched?
outside your own VPC
Lambda in VPC
- You must define the VPC ID, the Subnets and the Security Groups
- Lambda will create an ENI (Elastic Network Interface) in your subnets
Lambda by default
- By default, your Lambda function is launched outside your own VPC (in an AWS-owned VPC)
- Therefore, it cannot access resources in your VPC (RDS, ElastiCache, internal ELB…)
What must you do to connect a Lambda function to RDS Proxy?
The Lambda function must be deployed in your VPC, because RDS Proxy is never publicly accessible
- Improve scalability by pooling and sharing DB
connections - Improve availability by reducing by 66% the failover time and preserving connections
- Improve security by enforcing IAM authentication and storing credentials in Secrets Manager
RDS Proxy
Which RDS support Invoking Lambda?
RDS for PostgreSQL and Aurora MySQL
- Must allow outbound traffic to your Lambda function from within your DB instance (Public, NAT GW,VPC Endpoints)
- DB instance must have the required permissions to invoke the Lambda function (Lambda Resource-based Policy & IAM Policy)
Invoking Lambda from RDS & Aurora
- Notifications that tells information about the DB instance itself (created, stopped, start, …)
- You don’t have any information about the data itself
- Subscribe to the following event categories: DB instance, DB snapshot, DB Parameter Group, DB Security Group, RDS Proxy, Custom Engine Version
- Near real-time events (up to 5 minutes)
- Send notifications to SNS or subscribe to events
using EventBridge
RDS Event Notifications
DynamoDB - Fully managed, highly available with replication __________?
across multiple AZs
- Scales to massive workloads, distributed database
- Millions of requests per seconds, trillions of row, 100s of TB of storage
- Fast and consistent in performance
- Integrated with IAM for security, authorization and administration
DynamoDB
How fast and consistent in performance is DynamoDB?
(single-digit millisecond)
Does Dynamo DB have auto-scaling capabilities?
YES
Is DynamoDB always available?
YES
What are the 2 types of Table Classes in DynamoDB
Standard
Infrequent Access (IA)
DynamoDB is made of _______?
Tables
Each DyanmoDB table has a __________ (must be decided at creation time)
Primary Key
Each DyanmoDB table can have __________ number of items
an infinite
Each DynamoDB item has ____________
attributes
Can item attributes be added over time?
Can item attributes be null?
Yes
Yes
What is the maximum size of a DynamoDB item?
400KB
Which data types are supported in DynamoDB?
- Scalar Types – String, Number, Binary, Boolean, Null
- Document Types – List, Map
- Set Types – String Set, Number Set, Binary Set
Therefore, in DynamoDB you can _______?
rapidly evolve schemas
DynamoDB – Read/Write Capacity Modes (2)
Provisioned Mode (default)
- You specify the number of reads/writes per second
- You need to plan capacity beforehand
- Pay for provisioned Read Capacity Units (RCU) & Write Capacity Units (WCU)
- Possibility to add auto-scaling mode for RCU & WCU
Provisioned Mode (default)
- Read/writes automatically scale up/down with your workloads
- No capacity planning needed
- Pay for what you use, more expensive ($$$)
- Great for unpredictable workloads, steep sudden spikes
On-Demand Mode
- Fully-managed, highly available, seamless in- memory cache for DynamoDB
- Help solve read congestion by caching
- Doesn’t require application logic modification (compatible with existing DynamoDB APIs)
DynamoDB Accelerator (DAX)
What is DynamoDB Accelerator (DAX) latency for cached data?
Microseconds
What is DynamoDB Accelerator (DAX) TTL for cache (default)
5 minutes
Ordered stream of item-level modifications (create/update/delete) in a table
DynamoDB – Stream Processing
What are 5 uses cases for DynamoDB – Stream Processing
- React to changes in real-time (welcome email to users)
- Real-time usage analytics
- Insert into derivative tables
- Implement cross-region replication
- Invoke AWS Lambda on changes to your DynamoDB table
What are 2 types of DynamoDB – Stream Processing
DynamoDB Streams
Kinesis Data Streams (newer)
- 24 hours retention
- Limited # of consumers
- Process using AWS Lambda Triggers, or DynamoDB Stream Kinesis adapter
DynamoDB Streams
- 1 year retention
- High # of consumers
- Process using AWS Lambda, Kinesis Data Analytics, Kineis Data Firehose, AWS Glue Streaming ETL…
Kinesis Data Streams (newer)
- Make a DynamoDB table accessible with low latency in multiple-regions
- Active-Active replication
- Applications can READ and WRITE to the table in any region
- Must enable DynamoDB Streams as a pre-requisite
DynamoDB Global Tables
- Automatically delete items after an expiry timestamp
DynamoDB –TimeTo Live (TTL)
DynamoDB –TimeTo Live (TTL) use cases
- reduce stored data by keeping only current items
- adhere to regulatory obligations
- web session handling
What are 2 types of DynamoDB – Backups for disaster recovery
Continuous backups using point-in-time recovery (PITR)
On-demand backups
DynamoDB – Backups for disaster recovery
* Full backups for long-term retention, until explicitely deleted
* Doesn’t affect performance or latency
* Can be configured and managed in AWS Backup (enables cross-region copy)
* The recovery process creates a new table
On-demand backups
DynamoDB – Backups for disaster recovery
* Optionally enabled for the last 35 days
* Point-in-time recovery to any time within the backup window
* The recovery process creates a new table
Continuous backups using point-in-time recovery (PITR)
- Works for any point of time int he last 35 days
- Doesn’t affect the read capacity of your table
- Perform data analysis on top of DynamoDB
- Retain snapshots for auditing
- ETL on top of S3 data before importing back into DynamoDB
- Export in DynamoDB JSON or ION format
Export to S3 (must enable PITR)
- Import CSV, DynamoDB JSON or ION format
- Doesn’t consume any write capacity
- Creates a new table
- Import errors are logged in CloudWatch Logs
Import from S3