Organizations and developers have a number of choices when it comes to deciding on compute layer and how the infrastructure is developed and deployed. These choices not only unlock the flexibility in pricing but also let developers design their applications to scale with the growth without refactoring their applications. Gone are the days when developers have to purchase hardware, load Operating systems, configure services, and middleware before launching their application. Cloud platforms provide a breadth of services that allow you to design robust, scalable, and cost-efficient architecture for your applications.
In this article, we will keep the focus on serverless architecture. There are many definitions of “serverless” available on the Internet but for us the serverless means:
- No servers to provision or manage
- Scales with the usage
- Never pay for the idle
- Built-in availability and fault tolerance
Following are the areas that you should consider when building a serverless workload. We have outlined service choices available to you in AWS for each of these areas.
The compute layer for serverless architecture runs the algorithm/code without provisioning any hardware resources or virtual machines. The platform should provide the necessary runtime environment to execute the code. The code that runs in a serverless environment is fired by an event (HTTP request received by API gateway, file uploaded to cloud storage, data update in the database, etc.) and is meant to be short-lived and stateless. AWS provides a number of services for serverless computing.
- AWS Lambda lets you run code without provisioning or managing any servers or runtime using a pay-per-use pricing model. You are charged based on the number of requests for your functions and the duration, the time (rounded up to the nearest 1ms) it takes for your code to execute. AWS Lambda supports most of the populated programming languages and runtime environments but also provides flexibility and control to bring your own runtime environment. AWS Lambda has integration with more than 200 AWS services and there is a number of events that can launch Lambda.
- Amazon API Gateway lets you can run a fully managed REST API that integrates with Lambda to execute your business logic and includes traffic management, authorization, and access control, monitoring, and API versioning.
- AWS Step Functions lets you to coordinate a series of AWS Lambda functions in a specific order. You can invoke multiple Lambda functions sequentially, passing the output of one to the other, and/or in parallel, and Step Functions will maintain state during executions. This enables you to define a serverless workflow and enable long-running executions not supported within Lambda execution limits.
The data layer provides a secure and scalable persistent storage for your applications. The data layer can be either structured or unstructured that includes databases, files/object storage, key-value storage. Ideal service for serverless architecture should provide a mechanism to trigger in response to data change.
- Amazon S3 can be used for persistent storage for static assets (package Single Page Applications (SPA) ) and serve them to end-users. You can use Amazon CloudFront with S3 to provide global low latency, high speeds access.
- Amazon DynamoDB is is a fast and flexible non-relational persistent database service for any scale. It’s a completely managed service so users don’t have to worry about hardware provisioning, setup, and configuration, throughput capacity planning, replication, software patching, or cluster scaling. DynamoDB provides a feature called Streams which is like a changelog for DynamoDB table. Every time an item is created, updated, or deleted, a record is written to the DynamoDB stream. This opens up a number of interesting use cases including triggering a Lambda function when an event is created in the DynamoDB stream.
- Amazon Elasticsearch Service (Amazon ES) is a secure and scalable managed Elasticsearch service that provides a search and analytics engine. You can use this service for use cases such as log analytics, real-time application monitoring, and clickstream analytics.
- AWS AppSync is a managed GraphQL service with real-time and offline capabilities, as well as enterprise-grade security controls that make developing applications simple. AWS AppSync provides a data-driven API and consistent programming language for applications and devices to connect to services such as DynamoDB, Amazon ES, and Amazon S3.
The messaging layer is critical in cloud-native systems that implement a microservice-based architecture with many small, isolated services running either inside the containers or as Lamba functions. There are a number of ways these microservices can communicate with each other and is one of the key decision while developing cloud-native applications. AWS also provides a number of streaming services that can ingest messages in real-time for analytics and consumption by the computing layer.
- Amazon SNS is a pub-sub service that is highly scalable, flexible, and cost-effective capability to publish messages from an application and immediately deliver them to subscribers or other applications. It can deliver the notifications to clients (consumers) using a “push” mechanism that eliminates the need to periodically check or “poll” for new information and updates.
- Amazon Kinesis lets you collect, process, and analyze real-time, streaming data at scale. With Amazon Kinesis Data Analytics, you can run standard SQL or build entire streaming applications using SQL. Amazon Kinesis Data Firehose can capture, transform, and deliver streaming data to Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, generic HTTP endpoints, and 3rd party services.
Authentication and Authorization Layer
Authentication and authorization in cloud-native applications can take a number of forms. The users can sign-up with the application back-end, use enterprise director such as Active Directory, use third-party identity providers such as Facebook, Google, or Amazon. There is an extensive effort developers need to go through to create optimal authentication workflow and authorization layer that follows the best practices.
Amazon Cognito provides a complete out-of-the-box solution for user authentication and authorization that works seamlessly with AWS services. You can easily add user sign-up, sign-in, and data synchronization to serverless applications. You can also enable other identity providers such as Google, Facebook, Oauth, SAML with Cognitor user identity pools.
The monitoring layer provides important insight into applications’ health and performance. It enables developers to gain visibility into their application as to what happens during each execution and event, help debug the code, and see how the request/response flow from one microservice to another.
- Amazon CloudWatch lets you access system metrics on all the AWS services used by application/workload, consolidate system and application-level logs, and create business key performance indicators (KPIs) as custom metrics for your specific needs. It provides dashboards and alerts that can trigger automated actions on the platform.
- AWS X-Ray lets you analyze and debug serverless applications by providing distributed tracing and service maps to easily identify performance bottlenecks by visualizing a request end-to-end.