PowerPoint Presentation
Serverless Architecture at iRobotBen Kehoe, Cloud Robotics
Research Scientist@ben11kehoe2016-10-27
1
We make physical things that you buyi.e., you pay us onceThe
better our mechanical and electrical engineers do their jobs, the
more the cloud costs usWe are therefore cost-consciousA big chunk
of our cost is AWS IoT
2
How and why did wechoose serverless?Choosing serverless
https://commons.wikimedia.org/wiki/File:Grasshopper_in_green_field.jpghttps://commons.wikimedia.org/wiki/File:Connochaetes_taurinus_-Wildebeest_crossing_river_-East_Africa.jpg
@ben11kehoe
Why did we choose serverless?
First, what enabled us to choose it?Migrating from previous IoT
cloud providerCommunications layer from IoT cloud provider to AWS
IoTBackend from combination of IoT cloud providers hosted
scripting, Azure, on-prem to AWSGreenfield development
Second, why?3
Monolithic/layeredMicroservices
@ben11kehoe
How to architect our system?MicroservicesWhy?Separate code into
small independent unitsCode is easier to understand, update, and
testDeployment occurs in smaller unitsOrganizational
benefitsEspecially if teams are build+run
4
Microservices
@ben11kehoe
Implementing microservices on AWSTraditional: RPC, often over
HTTPMany alternatives, e.g., gRPCServerless: HTTP via API
Gateway
Implications of API GW
5
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
LatencyCostDeploymentDiscoverySecurity
6
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Latency & Cost
@ben11kehoe
Latency &
Costhttps://www.prerender.cloud/lambda-latency@ben11kehoe
Latency & Cost
@ben11kehoe
Alternative: directly access resources in other
microservices10
Separation of concerns??Microservice SDKsWell-separated
codeDownside: instead of HTTP API hiding, say, DB schema, its now
hidden in the SDKon the client sideIf I change the DB schema, I
need to update the callers as wellHighly-coupled deploymentsBear
with me
Latency & Cost@ben11kehoe
So: deployments of highly-coupled microservicesthis is a
monolithThats ok!Code is still well-separatedWhat does deployment
look like?Latency & Cost
@ben11kehoe
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Deployment
@ben11kehoe
Red-black entire systemOk, since you never pay for idleScalable
in number of services, but not cadenceTwo entire systems: how do
you switch clients over?
14
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Discovery
Client
12@ben11kehoe
DNSCloudFront custom domains
16
Discovery
Client
12@ben11kehoe
Separate service discovery service for clients to discover
endpointsWorks well for multiple related endpoints (e.g., API
Gateway, IoT)Also multiregionHow to deploy service discovery
service?Service discovery all the way down
17
Discovery
Client
@ben11kehoe
API Gateway + CloudFrontAPI Gateway uses CloudFrontPutting
CloudFront in front of CloudFrontwatTwo key benefits we get from
this insane-sounding patternRed-black switchoverWAF
18
Discovery
Client
@ben11kehoe
API Gateway + CloudFrontAPI Gateway uses CloudFrontPutting
CloudFront in front of CloudFrontwatTwo key benefits we get from
this insane-sounding patternRed-black switchoverWAF
19
Discovery
@ben11kehoe
Update origin red/black switchCan update multiple origins
together20
LatencyCostDeploymentDiscoverySecurity
@ben11kehoe
Security
x-api-key: hzYAVO9...
@ben11kehoe
WAFNote! This breaks SigV4 authThis is because of the way CF
manipulates the Host headerHow do you make sure traffic is coming
from CloudFront?API key in custom headerUsage plans mean multiple
APIs can share keysScheduled Lambda to rotate key once/day (keep
current + previous)22
Security
Allow: dynamodb:GetItem@ben11kehoe
Directly hitting the resources means you can use IAM policies to
limit this access. But with direct access to the resource, the
payloads are not controlled.
23
Security
record.pop('SensitiveKey')
Allow: execute-api:Invoke@ben11kehoe
Going through an API, access can be more tightly
controlled.Possible to go direct to Lambda24
Microservices directly accessing each others resourcesRed/black
deploymentsCloudFront (+WAF) in front of API Gateway
@ben11kehoeLatencyCostDeploymentDiscoverySecurity
Soapbox
Serverless as an identityTestingWhats missing from providers
Soapbox@ben11kehoe
0 1Soapbox
How much effort is it to provision and scale?@ben11kehoe
Serverless: not binaryCloud RoboticsFaaS vs. SaaS vs. managed
instances
28
No need for complicated abstraction layerUse SDK mockingplacebo,
aws-mock, etc.Microservice SDKs that just use the AWS SDK to talk
to resources are now mocked for freeUnit Testing
@ben11kehoe
Integration Testing
@ben11kehoe
Integration testingCant do it locallyCant intercept
service-to-service integrationse.g., S3 bucket notification ->
SNSStub/inject in SDK calls
30
Lambda env vars Service discovery (aaS?)VPC endpointsAutomatic
hash-based/ETag versioning of LambdaHash based purely on inputs so
its predictableDeploymentWhats still missing?
@ben11kehoe
Proxy
Stages/red/v1/path/to/resourcered/v1/path/to/resourceblack/v1/path/to/resource/black/v1/path/to/resource@ben11kehoe
When a client calls the prod stage, a Lambda gets invoked (like
custom auth. after?). Returns stage to proxy and TTLBuilt-in
versions choosers
32
Proxy
Stagesprod/prod/v1/path/to/resourcered/v1/path/to/resourceblack/v1/path/to/resource
@ben11kehoe
When a client calls the prod stage, a Lambda gets invoked (like
custom auth. after?). Returns stage to proxy and TTLBuilt-in
versions choosers
33
Architecture: skip API Gateway between microservicesLots of
implications, pro and conPrimary driver for us is costSecurity:
CloudFront WAF is possible for API GatewayA little bit of a Rube
GoldbergSeverless is a spectrumIntegration testing only on deployed
systemsProviders should support better deployment
modelsConclusion
@ben11kehoe
Questions?
