Upload
amazon-web-services
View
430
Download
2
Embed Size (px)
Citation preview
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
George John, Product Manager Lambda@Edge
November 16, 2017
Building Serverless Websites
with Lambda@Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is covered in this webinar?
• Overview of AWS Lambda & Amazon CloudFront
• Deep dive into Lambda@Edge
• Lambda@Edge for serverless websites
• Q&A
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is serverless computing?
• VMs
• Machine as the unit of scale
• Abstracts the hardware
• Containers
• Application as the unit of scale
• Abstracts the OS
• Serverless
• Functions as the unit of scale
• Abstracts the language runtime
Amazon ECS
Amazon EC2
AWS Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How do I choose?
• VMs
• “I want to configure machines,
storage, networking, and my OS”
• Containers
• “I want to run servers, configure
applications, and control scaling”
• Serverless
• “Run my code when it’s needed”
ECS
EC2
Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Lambda: Serverless computing• Run code without servers. Pay only for the compute time you consume. Be happy.
• Triggered by events or called from APIs:
• PUT to an Amazon S3 bucket
• Updates to Amazon DynamoDB table
• Call to an Amazon API Gateway endpoint
• Mobile app back-end call
• Complex workflows with AWS Step Functions
• CloudFront requests
• And many more…
• Makes it easy to:
• Perform real-time data processing
• Build scalable back-end services
• Glue and choreograph systems
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Benefits of AWS Lambda
Continuous
scaling
No servers to
manage
Never pay for idle
– no cold servers
(only happy
accountants)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
… but all within a single AWS region
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Edge: AWS global network of Points of
Presence (PoPs) on the backbone of the
Internet – Amazon CloudFront
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudFront - Global Content Delivery Network101 PoPs ( 90 Edge Locations + 11 Regional Edge Caches )
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudFront: Global Content Delivery Network
Accelerate static and dynamic content
Highly Secure
Massively Scalable
Self Service
Priced to Minimize Cost
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Putting it together
EdgeServerless
Amazon
CloudFront
AWS
Lambda
Lambda@Edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge: Serverless Edge Computing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge
• Lambda@Edge is an extension of AWS Lambda that allows you to run
Node.js code at global AWS locations
• Bring your own code to the Edge and customize your content very close to
your users, improving end-user experience
Continuous
scaling No servers
to manageNever pay for idle
– no cold servers
Globally
distributed
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Write once, run everywhere
AWS
Location
AWS
Location
AWS
Location
AWS
LocationOrigin server
AWS
Location
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudFront cache
End user Origin Server
Viewer request Origin request
Origin responseViewer response
CloudFront triggers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge events• All Lambda@Edge invocations are synchronous
• Request events• URI and header modifications can change the object being requested
• Viewer request can change the object being requested from the CloudFront cache and the origin
• Origin request can change the object or path pattern being requested from the origin
• Response events• Origin response can modify what is cached and generate cacheable responses
to be returned to the viewer
• Viewer response can change what is returned to the viewer
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge functionality
• Read and write access to headers, URIs, cookies,
query string across all triggers
• Ability to generate HTTP responses right at the
edge
• Access to make network calls to external
resources on origin-facing events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Poll: Are you using any of these services? (Select all that
apply)A) Amazon CloudFront
B) AWS Lambda
C) Lambda@Edge
D) None of the above
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Poll: What CMS platform are you using for your website?
A) WordPress
B) Joomla
C) Drupal
D) Blogger
E) Other (please specify)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge for severless websites
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Response generation at the Edge
Generate an HTTP response to end user requests arriving
at AWS locations:
• Generate full static websites directly from Edge
locations
• Combine content drawn from multiple external
resources to dynamically build websites at the Edge
• Generate customized error pages
• Redirect unauthenticated users to a login page that is
created on-demand
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Response generation – how?
• Viewer or origin request event
• Inputs
• Request properties
• URI, Headers, QueryString
• Outputs
• Dynamic response based on URI, headers and query string
• Call AWS Services (S3, DynamoDB, etc.) or any other remote
API
• Fetch a static template and customize it by fetching data from
multiple resources
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Authorization at the Edge
• Inspect cookies or custom headers to
authenticate clients right at the edge
• Enforce paywalls at the Edge to gate
access to premium content to only
authenticated viewers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Authorization at the Edge – how?
• Trigger: Viewer request
• Prerequisites
• The customer must have previously authenticated against your
authoritative service, resulting in some sort of authorization
credential. Typically this is a cookie.
• Inputs
• URL
• Authorization credential (cookie)
• Outputs
• Allow the request to succeed if the request is authorized. If not,
either return a 403 response or redirect to an authentication page
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Limited access to content
• Enforce timed access to content at the
edge
• Make a call to an external authentication
server to confirm if a user’s session is still
valid
• Forward valid requests to the origin, and
serve redirects to new users to login
pages
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Limited content access – How?
• Trigger: Origin request
• Inputs
• URL/cookies
• Access to external user-tracking database
• Outputs
• If a customer requests content for specific URLs or with
specific cookies, make a request to the external server to
confirm session validity.
• Based on response from external server, serve content, or
redirect to a login page.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A/B Testing
• Test different versions of your website with
real end users without the need for
redirects or changing your website URL.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
A/B Testing – How?
• Trigger: Origin request
• Inputs
• A/B cookie
• Outputs
• Check if A/B cookie is present. If not present, set the cookie
and serve A or B version of the website. If present, generate
the response corresponding (A or B) corresponding to cookie
value.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Highly personalized websites
• Serve the most optimal experience
based on their location, language
preferences, and device type
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Highly personalized websites – how?
• Trigger: Viewer request
• Inputs
• Requested URL
• Device type (i.e., User-Agent, CloudFront-Is-Mobile-User)
• Viewer location (CloudFront-Viewer-Country)
• Output
• Generate a response directly from Lambda@Edge,
specifically a redirect to the most relevant experience (e.g. ,
cropped images and mobile sites for mobile users)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rewrite URI
• Rewrite the URL end user's request to
serve content without exposing your
team’s internal directory structure and
organization
• Provide customized experiences
without compromising consistency in
what your viewers see
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rewrite URI– how?
• Trigger: Origin request
• Inputs
• URI requested
• Outputs
• Rewrite the requested URI, which will be passed to the origin
• The response will be cached based on what the customer
requested to serve subsequent requests (i.e., the pretty URL)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Headers
• Add security response headers:
• Strict-Transport-Security
• Content-Security-Policy
• X-Content-Type-Options
• X-Frame-Options
• X-XSS-Protection
• …
• Remove informational response headers:
• Server
• Powered-By
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Headers – how?
• Trigger: Origin response
• Outputs
• Set the security headers you want to serve back in the
response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Lambda@Edge – let’s get started
• Sign up: https://aws.amazon.com/lambda/edge
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Recap – using Lambda@Edge
Bring your own code
• Self-service through the
Lambda console
Familiar programming
model
• Standard Node.js-6.10
Write once, run everywhere
• Automatically deployed to the AWS network
of locations
• Requests are routed to the locations closest
to your end users across the world
Functionality- Response generation at the edge
- Network calls at the edge
Benefits
- Read/Write access to URI, headers,
cookies and Query String
- Custom error pages
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!