Microservices on AWS
This 2016 AWS Summit presentation provides a comprehensive overview including the broader context of how it fits within this DevOps framework. Their white paper provides a detailed review and this presentation dives more into the technical details and offers a number of implementation patterns:
Anyone can implement a microservices architecture on AWS with a simple Elastic Load Balancer, a few EC2 instances and a datastore like Amazon RDS or DynamoDB. The EC2 instances can be used for deploying microservices. However, depending on the size of the service, this can be an expensive choice. Here some other Amazon tools that can help with microservices:
- AWS Elastic Beanstalk – This orchestration service makes microservices deployment easier.
- Amazon Elastic Container Service (ECS) – Containers have become part of the microservices culture. Amazon’s ECS helps makes scheduling of containers more flexible.
- Amazon API Gateway and AWS Lambda – Serverless computing is gaining popularity. By combining Amazon API Gateway and AWS Lambda, it’s possible to create a microservices application that wouldn’t require any form of infrastructure management from the development team.
Building microservices with AWS Lambda
The main focus of the discourse was on how to build microservices with AWS lambda. Lecturer discussing lambda base services and their different patterns by giving the simple example of one public interface and one nonpublic interface pattern. The AWS lambda has new capability which is provision currency which resolves cold start issue with lambda. Furthermore, lecturer talked about MyService Architecture and its essential parts frontend, backend and shared capabilities.
Amazon providing microservices since the 2000s, and S3 providing 8 microservices back in 2006.
Fig. 1 Single service.
After reinvent in 2018, S3 providing 235+ different microservices and with time they are keep expanding and interestingly these all are lambda base. There are different repeatable patterns and concept of microservices iceberg. In which we usually have single face public interface which is above the waterline and other services are below the water line. As shown in Fig. 1
Comparison between API in the front and Async in the back. There is synchronous communication, HTTPS clients, relying on API gateways, flexible client interface and securing against client in front API. However, in synchronous services which is use for simple purposes. In this services, we have basically one to one mapping to each other for larger application.
AWS lambda is providing serverless compute services, highly available and build-in security. Lastly, in lambda you only have to pay when you are using it. Code inside a lambda is deployed in a unit called function which is typically consider as very much online and unique characteristics. Lecturer also demonstrated about limits in the function which is ranging from 120megabytes to 3 megabytes. In addition, it requires 15minutes duration for a single execution the application of a maximum 250MB and also providing 512 megabytes storage.
Something unique is lambda is that there is no concept of socket or port. In lambda we can’t talk directly talk on network, we only have access or invoke lambda function via its API because it is API’s driven model.
There are three basic component which make up serverless application which are Event source, Function and Service.
Fig. 2 Serverless application components.
There are more than 100 different services in AWS that are directly or via SNS then other services invoke Lambda which represents everything from end point. This could be Dev tools, security tools and managements tools also other which are directly invoke Lambda. Lambda supporting six different languages which are Java, Python, .net, Ruby and Node JS. There is also a runtime API which allows to think of Lambda. There is also a good improvement in Lambda to make it work with rational database which is called RDS proxy. In RDS proxy, its connection pooling in management for database in which we can connect our Lambda function with RDS proxy which helps to reduce the amount of connection management.
Accessing the API
There are three different ways for exposing an API. Amazon API gateway, application load balancer and last one is AWS AppSync.
- Amazon API gateway
Lecturer discussed that they have two APIs before today which are REST and WebSocket support API which was added last year. Today, they are introducing new version of API which is called HTTP API. They key features of HTTP API are; it is simple, faster, 70% cheaper than other API gateways and 50% less overhead than other APIs.
- Application load balancer
Application load balancer is a part of the overall load balancer family. It only supports HTTP and there is no need of interface with REST and WebSocket, it is only for HTTP Lambda function. It is perfect if we need mix model applications and it allows things to redirects and custom HTTP response. Another things is that in this model customer have to pay per hour for a time period.
- AWS AppSync
It has lot of flexible services and number of capabilities, AppSync is built to host GraphQL support APIs. It allows to take single API and be able to have it back to many data sources. Appsync have number of capabilities like number of different back ends including Lmabda, rational database and query DynamoDB. It also supports subscription and offline sync which is very useful for mobile applications. It has a different payment model which is payment per query and data transfer.
How to choose a right API
Here is table which will provide us a overview about choosing an API as per our requirement.
|AWS AppSync||Amazon API Gateway||Application Load Balancer|
There are different type of authorization which could be use as per requirement and customer specifications
- OPEN; No authentication no authorization
- AWS Identity and Access Management (IAM) permission
Use IAM policies and AWS credentials to grant access
- Amazon Cognito Authorization
It is a managed user directory
- Lambda Authorization
It use to validate a bearer token or request parameters and grant access.
Synchronous and Asynchronous APIs architecture understanding
Synchronous APIs architecture
If we have a single service and we make request generally we get a response. However, if there is something wrong then we simply retry this is traditional HTTP practice.
Pic of 28.10minute
But in distributed system or microservice architecture, there is bit more complexity. As we place an order to order service then there is invoice service which demands invoice. So, in secretive manner the invoice service reply back to order service and order service reply back to client. So there are number of points which could cause failure.
Pic at 28.59
Asynchronous APIs architecture
In asynchronous architecture, there is also order service and invoice service but order service is not dependent on invoice service reply. Invoice service can directly reply to client after receiving msg from order service.
Connectivity between front end services and back end services
There are four kind of primary services which are used for connectivity purpose. Which are Amazon Simple Notification Service, Amazon Simple Queue Service, Amazon EventBridge and Amazon Kinesis Data Streams.
There are six key factors on which we can compare them. Firstly, scale/ concurrency control, durability of messages, persistence, consumption models, retries and pricing.
How to choose right Async service
|Amazon Simple Notification Service||Amazon Simple Queue Service||Amazon EventBridge||Amazon Kinesis Data Streams|
Shared capabilities of frontend and backend
There are various services that are allow us to make a successful architecture
- Secrets/configuration management
- Simplifying code management
- Performance control
AWS Systems Manager – Parameter Store
There is centralized store to manage configuration data. In which there are supports hierarchies, encrypted with AWS KMS, send notification of changes to Amazon SNS, could be secure with IAM and available via API/SDK.
- Functions can easily share codes, upload layer once and reference within any function
- Layer can be anything; dependencies, training data, configuration files
- Promote separation of responsibilities
- Built-in support for secure sharing by ecosystem
With Lambda layer we can reduce the duplication of code
Lambda permission model
This basically told us that who has the ability to invoke this function.
Define what AWS resources/API calls this function can access via IAM.
AWS Serverless Application Model (AWS SAM)
- AWS CloudFormation extension optimized for serverless
- Special serverless resources types, functions, APIs, tables, layers and applications.
- Support anything AWS CloudFormation support
AWS SAM Command Line Interface ( AWS SAM CLI)
- CLI tools for local development, debugging, testing, deploying and monitoring of serverless applications
- Supports API gateway and Lambda service testing.
- Response object and functions logs available on your local machine
- Can help you build in native dependencies.
In nutshell, this lecture discussed briefly the MyService Architecture and its essential parts frontend, backend and shared capabilities which shown in the following Fig 3. Furthermore, Synchronous and
Fig.3 MyService Architecture.
Asynchronous APIs architecture, Shared capabilities of frontend and backend and their services. He also demonstrated shared services and its parts AWS system manager, Lambda layers and AWS SAM Command Line Interface ( AWS SAM CLI) in details for better understanding of microservices with AWS Lambda.