Crash Course: Cloud• Much has changed since ’11 NIST definition
• Ecosystem with vendors and open source projects
• /\w+aaS/ IaaS, PaaS, SaaS, DBaaS, FaaS, BaaS, …
• Micro-services glued with managed services
• Housekeeping services for monitoring, logging, and stack management
Serverless Architectures• FaaS / BaaS / Container
• Message-, UI-, or event-driven
• Stateless
• Cold-start latency
• Cost and Scalability
• Minimal but not no operation
http://martinfowler.com/articles/serverless.html
AWS Lambda• Managed Function as a Service
• Ram (CPU), Timeout, Role & VPC
• Node.js, Python, Java, …
• Integration with IAM / CloudWatch / Logs
• Unlimited potential*
*standard rates apply
AWS Lambda
• Pull and push model
• Concurrency cap (soft limit)
• No shared memory (shm)
• Potentially shared /tmp
• Burstable / Throttled CPU
Lambda Frameworks
• Apex http://apex.run/
• Claudiahttps://github.com/claudiajs/claudia
• Serverless Framework (formerly JAWS) http://serverless.com/
Serverless Framework
• CLI tool for API Gateway / Lambda
• Written in Node.js
• Supports Node.js, Python & Java
• Deploy to regions and stages
• Fast-moving open-sourced project
Serverless v0.5
• Leverage API Gateway templates and mappings
• Run lambda program remotely or locally
• Manage IAM Role with CFN, API Gateway and Lambda via API
• Plugins available
Migrating [email protected]
• Manage IAM Role, API Gateway, Lambda with CFN
• Abstract away API Gateway templates
• Move metadata to S3
• Functions can share the same folder
• Plugin API changed…
Serverless Will …
• Support `environments` in Function body
• Share API Gateway / Lambda between stages
• Encrypt metadata with KMS
• Enhance tooling and docs for Plugin dev
• Resurrect vendor support
Introducing Guanyu
• Sophos-AV (free) as a Service
• Express / Node.js
• ~300MB Memory per scanning process
• Binary size ~1GB
• 6-10s per object scan
https://github.com/clifflu/guanyu-docker
AWS Elastic Container Service• Yet another Docker scheduler
• Native monitoring, logging, and authorisation
• Flexible privilege control with host and task roles
• Supports AWS Application Load Balancing
Application Load Balancing
• GA August ’16, extends ELB
• Content-based routing
• HTTP/2 and WebSocket support
• Dynamic ports
AWS Elastic Container Service
• Prepare EC2 for ECS
• Okay-ish data persistence with EBS / EFS
• Lacks transparent inter-container traffic encryption
• Promotes [LB -> Container] in every tier
Guanyu Features
• Token-based authentication
• Result caching with memory, Redis & DynamoDB
• Highly-Customisable
• MIT License
https://github.com/clifflu/guanyu-docker
Guanyu in AWS
• ECS on top of AutoScaling Group
• Supports external cache with Redis & DynamoDB
• Dynamic port behind ALB
• Track logs in CloudWatch Logs
• Periodic health check with ALB
Projects
• Guanyuhttps://github.com/clifflu/guanyu-docker
• Serverless ModernWeb ’16 https://github.com/clifflu/serverless-modernweb-16
• Tools (tools.clifflu.net)https://github.com/clifflu/tools.clifflu.net