View
466
Download
3
Category
Preview:
Citation preview
PowerPoint Presentation
Serverless Architecture at iRobotBen Kehoe, Cloud Robotics Research Scientist@ben11kehoe2016-10-27
1
We make physical things that you buyi.e., you pay us onceThe better our mechanical and electrical engineers do their jobs, the more the cloud costs usWe are therefore cost-consciousA big chunk of our cost is AWS IoT
2
How and why did wechoose serverless?Choosing serverless
https://commons.wikimedia.org/wiki/File:Grasshopper_in_green_field.jpghttps://commons.wikimedia.org/wiki/File:Connochaetes_taurinus_-Wildebeest_crossing_river_-East_Africa.jpg
@ben11kehoe
Why did we choose serverless?
First, what enabled us to choose it?Migrating from previous IoT cloud providerCommunications layer from IoT cloud provider to AWS IoTBackend from combination of IoT cloud providers hosted scripting, Azure, on-prem to AWSGreenfield development
Second, why?3
Monolithic/layeredMicroservices
@ben11kehoe
How to architect our system?MicroservicesWhy?Separate code into small independent unitsCode is easier to understand, update, and testDeployment occurs in smaller unitsOrganizational benefitsEspecially if teams are build+run
4
Microservices
@ben11kehoe
Implementing microservices on AWSTraditional: RPC, often over HTTPMany alternatives, e.g., gRPCServerless: HTTP via API Gateway
Implications of API GW
5
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
LatencyCostDeploymentDiscoverySecurity
6
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Latency & Cost
@ben11kehoe
Latency & Costhttps://www.prerender.cloud/lambda-latency@ben11kehoe
Latency & Cost
@ben11kehoe
Alternative: directly access resources in other microservices10
Separation of concerns??Microservice SDKsWell-separated codeDownside: instead of HTTP API hiding, say, DB schema, its now hidden in the SDKon the client sideIf I change the DB schema, I need to update the callers as wellHighly-coupled deploymentsBear with me
Latency & Cost@ben11kehoe
So: deployments of highly-coupled microservicesthis is a monolithThats ok!Code is still well-separatedWhat does deployment look like?Latency & Cost
@ben11kehoe
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Deployment
@ben11kehoe
Red-black entire systemOk, since you never pay for idleScalable in number of services, but not cadenceTwo entire systems: how do you switch clients over?
14
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Discovery
Client
12@ben11kehoe
DNSCloudFront custom domains
16
Discovery
Client
12@ben11kehoe
Separate service discovery service for clients to discover endpointsWorks well for multiple related endpoints (e.g., API Gateway, IoT)Also multiregionHow to deploy service discovery service?Service discovery all the way down
17
Discovery
Client
@ben11kehoe
API Gateway + CloudFrontAPI Gateway uses CloudFrontPutting CloudFront in front of CloudFrontwatTwo key benefits we get from this insane-sounding patternRed-black switchoverWAF
18
Discovery
Client
@ben11kehoe
API Gateway + CloudFrontAPI Gateway uses CloudFrontPutting CloudFront in front of CloudFrontwatTwo key benefits we get from this insane-sounding patternRed-black switchoverWAF
19
Discovery
@ben11kehoe
Update origin red/black switchCan update multiple origins together20
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Security
x-api-key: hzYAVO9...
@ben11kehoe
WAFNote! This breaks SigV4 authThis is because of the way CF manipulates the Host headerHow do you make sure traffic is coming from CloudFront?API key in custom headerUsage plans mean multiple APIs can share keysScheduled Lambda to rotate key once/day (keep current + previous)22
Security
Allow: dynamodb:GetItem@ben11kehoe
Directly hitting the resources means you can use IAM policies to limit this access. But with direct access to the resource, the payloads are not controlled.
23
Security
record.pop('SensitiveKey')
Allow: execute-api:Invoke@ben11kehoe
Going through an API, access can be more tightly controlled.Possible to go direct to Lambda24
Microservices directly accessing each others resourcesRed/black deploymentsCloudFront (+WAF) in front of API Gateway
@ben11kehoeLatencyCostDeploymentDiscoverySecurity
Soapbox
Serverless as an identityTestingWhats missing from providers
Soapbox@ben11kehoe
0 1Soapbox
How much effort is it to provision and scale?@ben11kehoe
Serverless: not binaryCloud RoboticsFaaS vs. SaaS vs. managed instances
28
No need for complicated abstraction layerUse SDK mockingplacebo, aws-mock, etc.Microservice SDKs that just use the AWS SDK to talk to resources are now mocked for freeUnit Testing
@ben11kehoe
Integration Testing
@ben11kehoe
Integration testingCant do it locallyCant intercept service-to-service integrationse.g., S3 bucket notification -> SNSStub/inject in SDK calls
30
Lambda env vars Service discovery (aaS?)VPC endpointsAutomatic hash-based/ETag versioning of LambdaHash based purely on inputs so its predictableDeploymentWhats still missing?
@ben11kehoe
Proxy Stages/red/v1/path/to/resourcered/v1/path/to/resourceblack/v1/path/to/resource/black/v1/path/to/resource@ben11kehoe
When a client calls the prod stage, a Lambda gets invoked (like custom auth. after?). Returns stage to proxy and TTLBuilt-in versions choosers
32
Proxy Stagesprod/prod/v1/path/to/resourcered/v1/path/to/resourceblack/v1/path/to/resource
@ben11kehoe
When a client calls the prod stage, a Lambda gets invoked (like custom auth. after?). Returns stage to proxy and TTLBuilt-in versions choosers
33
Architecture: skip API Gateway between microservicesLots of implications, pro and conPrimary driver for us is costSecurity: CloudFront WAF is possible for API GatewayA little bit of a Rube GoldbergSeverless is a spectrumIntegration testing only on deployed systemsProviders should support better deployment modelsConclusion
@ben11kehoe
Questions?
Recommended