Lesson 19: Serverless

Question 1

Serverless Introduction

Answer 1

Serverless computing means developers do not manage servers directly, though servers still exist.
Initially, serverless referred to Function as a Service (FaaS), pioneered by AWS Lambda.
Serverless now includes managed services like databases, messaging, and storage without provisioning servers.
AWS serverless architecture commonly involves Lambda, DynamoDB, API Gateway, Cognito, S3, SNS, SQS, Kinesis Data Firehose, Aurora Serverless, Step Functions, and Fargate.

Question 2

Lambda Overview

Answer 2

AWS Lambda provides serverless functions that run on demand without managing servers.
Lambda functions have a maximum execution time of 15 minutes and scale automatically.
Pricing is based on the number of requests and compute time, with a generous free tier.
Lambda integrates with many AWS services such as API Gateway, S3, DynamoDB, CloudWatch, Event Bridge, SNS, SQS.

Question 3

Lambda Limits

Answer 3

AWS Lambda memory allocation ranges from 128 megabytes to 10 gigabytes in 64 megabyte increments.
The maximum execution time for a Lambda function is 900 seconds (15 minutes).
Environment variables are limited to 4 kilobytes, while the /tmp directory provides up to 10 gigabytes of temporary storage.
Deployment package size limits are 50 megabytes compressed and 250 megabytes uncompressed; larger files should use the /tmp directory.

Question 4

Lambda Concurrency

Answer 4

Lambda functions can scale to thousands of concurrent executions, but concurrency limits are essential to manage resource usage and avoid throttling.
Reserved concurrency limits can be set per function to cap the number of concurrent executions and prevent one function from consuming all concurrency.
Throttling behaviour differs between synchronous (returns error 429) and asynchronous invocations (automatic retries and DLQ handling).
Provisioned concurrency pre-allocates Lambda instances to reduce cold start latency, improving performance for latency-sensitive applications.

Question 5

Lambda@Edge & CloudFront Functions

Answer 5

Edge Functions allow execution of logic close to users to minimize latency.
CloudFront Functions are lightweight JavaScript functions for viewer request and response with sub-millisecond execution.
Lambda@Edge supports NodeJS and Python, can modify all request and response events, and allows longer execution times.
Use cases include security, SEO, routing, bot mitigation, image transformation, A/B testing, and user authentication at the edge.

Question 6

Lambda in VPC

Answer 6

By default, AWS Lambda functions run outside your own VPC, limiting access to private resources.
To access private resources like RDS databases, Lambda functions must be launched within your VPC with specified subnets and security groups.
Using an RDS proxy between Lambda functions and RDS databases improves scalability, availability, and allows IAM authentication enforcement.
Lambda functions must reside in the VPC to connect to the RDS proxy, as the proxy is never publicly accessible.

Question 7

RDS - Invoking Lambda & Event Notifications

Answer 7

RDS for PostgreSQL and Aurora MySQL support invoking Lambda functions directly from database instances to process data events.
Setting up Lambda invocation from RDS requires configuration within the database, not the AWS console.
Proper network connectivity and IAM permissions are essential for RDS instances to invoke Lambda functions.
RDS event notifications provide information about database instance events but do not include data-level events within the database.

Question 8

Amazon DynamoDB

Answer 8

Amazon DynamoDB is a fully managed, highly available, cloud-native NoSQL database with multi-AZ replication.
It supports massive scalability with single-digit millisecond performance and integrates with IAM for security.
DynamoDB tables have flexible schemas allowing attributes to be added over time, with a maximum item size of 400 kilobytes.
Capacity modes include Provisioned Mode with autoscaling for predictable workloads and On-Demand Mode for unpredictable or spiky workloads.

Question 9

Amazon DynamoDB - Advanced Features

Answer 9

DynamoDB Accelerator (DAX) is a fully-managed, highly available, in-memory cache for DynamoDB that provides microsecond latency for cached data without requiring application logic changes.
DynamoDB Streams enable real-time processing of table modifications with integration options including Lambda triggers and Kinesis Data Streams for extended retention and processing capabilities.
Global tables provide active-active replication across multiple AWS regions, allowing low-latency reads and writes globally, relying on DynamoDB Streams for replication.
Time To Live (TTL) automatically deletes expired items based on a timestamp attribute, useful for session management and regulatory compliance.
DynamoDB supports continuous backups with point-in-time recovery and on-demand backups, which do not impact table performance.
Integration with Amazon S3 allows exporting and importing DynamoDB tables for analytics, auditing, and ETL processes without affecting table capacity.

Question 10

API Gateway Overview

Answer 10

API Gateway provides a serverless way to create public REST APIs that proxy requests to Lambda functions.
It offers advanced features like authentication, usage plans, API versioning, request throttling, and caching.
API Gateway can integrate with Lambda functions, HTTP endpoints, and AWS services to build full serverless applications.
There are three endpoint types: Edge-Optimized for global clients, Regional for same-region clients, and Private for VPC-only access.
Security options include IAM roles, Amazon Cognito, custom Lambda authorizers, and HTTPS with custom domain names via AWS Certificate Manager

Question 11

Step Functions

Answer 11

AWS Step Functions enable building serverless visual workflows for orchestration.
They support sequencing, parallel execution, conditions, timeouts, and error handling.
Step Functions integrate with many AWS services beyond Lambda, including EC2, ECS, API Gateway, and SQS.
Human approval steps can be incorporated within workflows for decision-making.

Question 12

Amazon Cognito Overview

Answer 12

Amazon Cognito provides identity management for users outside of AWS accounts, primarily for web and mobile applications.
Cognito consists of two main components: User Pools for user sign-in and Identity Pools for granting temporary AWS credentials.
Cognito User Pools integrate with API Gateway and Application Load Balancer to authenticate users and pass verified identities to backend services.
Cognito Identity Pools enable direct AWS resource access with fine-grained permissions, supporting use cases like row-level security in DynamoDB.

Question 13

Serverless Mobile Application: MyTodoList

Expose a REST API with HTTPS endpoints.
Implement a serverless architecture.
Allow users to directly interact with their own folders in Amazon S3 to manage their data.
Enable user authentication through a managed serverless service.
Support writing and reading to-dos, with a focus on high read throughput.
Use a scalable database layer optimized for high read throughput.

Answer 13

Implemented a serverless architecture for a mobile application called MyTodoList using AWS services.
Utilized Amazon API Gateway, Lambda, DynamoDB, and Cognito for REST API, compute, database, and authentication respectively.
Enabled users to access their own folders in Amazon S3 securely via temporary credentials generated by Cognito.
Improved read throughput and reduced costs by introducing DynamoDB Accelerator (DAX) caching and optional API Gateway response caching

Question 14

Serverless Website: MyBlog.com

MyBlog.com. Our website should scale globally. We rarely write blogs but often read them. The blog is viewed by hundreds of thousands of people online. We typically add blogs maybe once a day or once a week. Most of the time, these blogs are being read.

Therefore, most of the website consists of purely static files, with a small portion being a dynamic REST API. We want to implement caching wherever possible to save costs and reduce latency, ensuring a great user experience.

Additionally, any new user subscribing to the blog should receive a warm welcome email. This entire setup should be serverless. Also, any photo uploaded to the blog should have a thumbnail generated serverlessly, as we prefer serverless solutions.

Answer 14

Serverless architecture enables scalable, globally distributed websites with minimal infrastructure management.
Amazon CloudFront combined with S3 provides secure, cached, and global static content delivery.
Serverless REST APIs can be implemented using API Gateway, Lambda, and DynamoDB with optional caching via DAX.
Event-driven workflows, such as user welcome emails and image thumbnail generation, can be efficiently handled using DynamoDB streams, Lambda, and Amazon SES or S3 triggers.

Question 15

Microservices Architecture

Answer 15

Microservices architecture enables independent scaling and development lifecycles for each service.
Services interact primarily through REST APIs, allowing diverse architectures per service.
Communication patterns include synchronous calls via API Gateway or Load Balancer, and asynchronous messaging using SQS, Kinesis, SNS, Lambda triggers, or S3.
Challenges include overhead in creating services, server utilization optimization, managing multiple versions, and client-side integration complexity, some of which can be mitigated by serverless patterns.

Question 16

Software Updates Distribution Optimization

Answer 16

Software updates distribution can cause high network and compute costs when served directly from EC2 instances.
Using Amazon CloudFront as a caching layer for static software update files significantly reduces CPU utilization and network costs.
CloudFront scales automatically at the edge, reducing the load on Auto Scaling Groups and EC2 instances.
Integrating CloudFront requires no changes to the existing application architecture, making it a simple and effective optimization.