[SAA + SAP] 10. Serverless Architecture - Part1

SAA

Case 1

  • User can get Authed by using Cognito
  • User need to access his own S3 folder, we can use Cognito to generate temp credentials by using STS, then clients are able to use temp credientials to store/retrieve file in S3

Caching

  • We can cache on Database layer first, by using DAX

  • We can then cache on API Layer, by using API Gateway caching

Summary

  • Using Cognito to generate temp credentials with STS to access S3 bucket with restricted policy. App users can directly access AWS resources this way. Pattern can be applied to DynamoDB , Lambda...
  • Caching the reads on DynamoDB using DAX
  • Caching the REST requests at the API Gateway level
  • Security for authentication and authorization with Cognito, STS

 

Case 2

  • For users need to access static content globally, we can use S3 + CloudFront global distribution Edge location, so users in each region can access content in low letency
  • Using Global DyanmoDB Table to serve data globally
  • We can add caching for DynamoDB by using DAX

Welcome Email

  • Once user registered, data was saved to DynamoDB, we can using DynamoDB Stream to invoke a Lambda function which has IAM role to send Email by using SES service.

Thumbnail Generation

  • Client can upload image by using Pre-signed URL
  • We can optionally use ClondFront Transfer acceleration to speedup file upload process
  • Once file was uploaded, S3 notification trigger Lambda function to generate thumbnail and save into S3 bucket
  • Optionally, S3 can further trigger SQS or SNS 

Summary

  • Static content being distributed using CloudFront with S3
  • Global DyanmoDB table to serve the data globally
  • (We could have used Aurora Global Tables)
  • We enabled DynamoDB Stream to trigger Lambda
  • Lambda function has IAM role to use SES
  • S3 can trigger SQS / SNS / Lambda to notify of events

 

Case 3

  • Route 53 can create many records redriect to different IP addresses.
  • Can freely compose Serverless services to do the job

Case 4

  • One Api Gateway resource can be used for user authoriztion, who can get access to the paid content
  • One Api Gateway can be used for CRUD content
  • Choose CloudFront Pre-Signed URL instead of S3 Pre-Sigend URL for better global acceleration

Summary

  • Cognitor for authentication
  • DynamoDB for stroing users that are premium
  • 2 serverless apps: 1. permium user registration 2. CloudFront Signed URL generator
  • Content is stored in S3
  • Integrated with CloudFront with OAI for security
  • CloudFront can only be used using Signed URLs to prevent unauthorized users
  • What about S3 Signed URL? They are not efficient for global access

 

Case 4

Summary

  • No change to architecture
  • Will cache software update files at the edge
  • Software update files are not dynamic, they are static
  • Our Ec2 instaces are not serverless
  • But CloudFront is and will scale for us
  • Our ASG will scale not as much, and we'll save tremendously in EC2
  • We'll also save in availability, network bandwidh, cost etc
  • Easy way to make an existing application more scalable and cheaper!

Case 5

  • IoT Core allows you to harvest data from IoT devices
  • Kinesis is great for real-time data collection
  • Firehose helps with data delivery to S3 in real-time (1 minute)
  • Lambda can help Firehose with data transformations
  • S3 can trigger notifications to SQS
  • Lambda can subscribe to SQS (optional, S3 notification can do as well)
  • Athena is a serverless SQL service and results are stored in S3
  • The reporting bucket contains analyzed data and can be used by reporting tool such as AWS QuickSight, Redshift...

 


 

posted @ 2021-07-26 03:17  Zhentiw  阅读(116)  评论(0编辑  收藏  举报