Guanyu Serverless

Cliff Chao-kuan LuModern Web ’16, Taipei

• CC-BY 4.0

• Slideshare

•

• Guanyu

`whoami`• Cliff Chao-kuan Lu

• 104

• AWS Community Hero Certified Pro SA

•

Crash Course: Cloud• Much has changed since ’11 NIST definition

• Ecosystem with vendors and open source projects

• /\w+aaS/ IaaS, PaaS, SaaS, DBaaS, FaaS, BaaS, …

• Micro-services glued with managed services

• Housekeeping services for monitoring, logging, and stack management

Serverless Architectures• FaaS / BaaS / Container

• Message-, UI-, or event-driven

• Stateless

• Cold-start latency

• Cost and Scalability

• Minimal but not no operation

http://martinfowler.com/articles/serverless.html

AWS Lambda• Managed Function as a Service

• Ram (CPU), Timeout, Role & VPC

• Node.js, Python, Java, …

• Integration with IAM / CloudWatch / Logs

• Unlimited potential*

*standard rates apply

AWS Lambda

• Pull and push model

• Concurrency cap (soft limit)

• No shared memory (shm)

• Potentially shared /tmp

• Burstable / Throttled CPU

Lambda Frameworks

• Apex http://apex.run/

• Claudiahttps://github.com/claudiajs/claudia

• Serverless Framework (formerly JAWS) http://serverless.com/

Serverless Framework

• CLI tool for API Gateway / Lambda

• Written in Node.js

• Supports Node.js, Python & Java

• Deploy to regions and stages

• Fast-moving open-sourced project

Serverless v0.5

• Leverage API Gateway templates and mappings

• Run lambda program remotely or locally

• Manage IAM Role with CFN, API Gateway and Lambda via API

• Plugins available

Migrating to@1.0.0-beta

• Manage IAM Role, API Gateway, Lambda with CFN

• Abstract away API Gateway templates

• Move metadata to S3

• Functions can share the same folder

• Plugin API changed…

Serverless Will …

• Support `environments` in Function body

• Share API Gateway / Lambda between stages

• Encrypt metadata with KMS

• Enhance tooling and docs for Plugin dev

• Resurrect vendor support

But, I Need More …

• Control

• Flexibility

• Power

Introducing Guanyu

• Sophos-AV (free) as a Service

• Express / Node.js

• ~300MB Memory per scanning process

• Binary size ~1GB

• 6-10s per object scan

https://github.com/clifflu/guanyu-docker

AWS Elastic Container Service• Yet another Docker scheduler

• Native monitoring, logging, and authorisation

• Flexible privilege control with host and task roles

• Supports AWS Application Load Balancing

Application Load Balancing

• GA August ’16, extends ELB

• Content-based routing

• HTTP/2 and WebSocket support

• Dynamic ports

AWS Elastic Container Service

• Prepare EC2 for ECS

• Okay-ish data persistence with EBS / EFS

• Lacks transparent inter-container traffic encryption

• Promotes [LB -> Container] in every tier

Guanyu Features

• Token-based authentication

• Result caching with memory, Redis & DynamoDB

• Highly-Customisable

• MIT License

https://github.com/clifflu/guanyu-docker

Guanyu in AWS

• ECS on top of AutoScaling Group

• Supports external cache with Redis & DynamoDB

• Dynamic port behind ALB

• Track logs in CloudWatch Logs

• Periodic health check with ALB

Guanyu

• Lacks one-click deploy

• Immature cache mechanism

• TTL

• Edge cases

• PR Welcome !

Projects

• Guanyuhttps://github.com/clifflu/guanyu-docker

• Serverless ModernWeb ’16 https://github.com/clifflu/serverless-modernweb-16

• Tools (tools.clifflu.net)https://github.com/clifflu/tools.clifflu.net

Questions ?

Thank You !