An article series by: Sunil Kumar
Cloud Solutions Director – UK | Thought Leader
You can reach Sunil on LinkedIn here.
In our previous article in this series on Serverless technologies, we discussed three of the seven layers that makeup the Serverless framework – the Compute layer, the Data layer and the Streaming layer, respectively. In this blog post we will look into the next four pieces that will complete the puzzle and give us a complete picture of the framework.
1. Amazon API Gateway
This layer mainly consists of AWS services that enable communication between components.
Amazon API Gateway
APIs are the “front door” for applications to access data, business logic, or functionality from your backend services. AWS API gateway is a fully managed service that makes it easy to create, publish, maintain, monitor, and secure APIs at any scale.
Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications.
API Gateway handles tasks involved in accepting and processing concurrent API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.
You can run a fully managed REST API that integrates with Lambda to execute your business logic.
AWS Step Functions
What happens if your logic executions last for longer than 15 minutes? For example, if a logic function exceeds the time limit or constraints placed by AWS Lambda? Or if you have a microservices architecture that needs to perform as a single cohesive unit? In such cases you need the AWS Step function.
AWS Step function orchestrates serverless workflows. It enables coordination, state, and function chaining as well as combining long-running executions.
According to AWS, Step Function is a low-code, visual workflow service that developers use to build distributed applications, automate IT and business processes, and build data and machine learning pipelines using AWS services.
A well-defined workflow helps you to manage failures, retries, parallelization, service integrations, and observability.
Amazon Simple Notification Service (Amazon SNS) provides a fully managed messaging service for publisher-subscriber patterns using asynchronous event notifications. This is different to the older architecture patterns with synchronous messaging between different modules of an application or software, which would consequently increase the capacity overhead.
Mobile push notifications for microservices, distributed systems, and serverless applications all make use of AWS SNS.
These are the plumbing lines between different parts of software that keep the events and data flowing and the overall business logic running.
AWS AppSync is a fully managed service that makes it easy to develop GraphQL APIs to securely connect to data sources like AWS Lambda, Amazon S3, DynamoDB or other private or public cloud services that use GraphQL for data query or manipulation.
AppSync is a managed GraphQL service that offers real-time and offline capabilities. It comes with enterprise grade security controls that make developing applications simple, and provides a data-driven API and consistent programming language for applications and devices to connect to.
GraphQL enables businesses to develop applications faster, by giving front-end developers the ability to query multiple databases, microservices, and APIs with a single GraphQL endpoint.
2. User Management and Identity Layer
This layer is the security wrapper that provides identity, authentication, and authorization for external and internal users and customers that access the compute and data layers. Here are its components:
Think of AWS Cognito as a gatekeeper service that enables users to sign-in, sign-up and gain access to the right data and resources.
Cognito supports sign-in with identity providers, such as Facebook, Google, Apple, etc. that make it easy for web facing customers to authenticate, authorise and gain access to the applications. Think of any SaaS application that you may be using – if the service is being hosted on AWS, then it is very likely Cognito is part of the solution.
Cognito is not just for web facing customers but also for enterprise users and employees. When it comes to internal or organisational consumers of business applications, Cognito integrates with identity providers via SAML 2.0 and OpenID Connect. This allows for the federation of identity management between organisations.
IAM is the link that connects ‘who’ can access ‘which’ services and resources under ‘what’ conditions. With IAM policies, you manage permissions for your workforce and systems to ensure least-privilege permissions. It allows for fine-grain controls to grant employees, applications, and devices the access they need to AWS services and resources within an easily deployed governance framework.
This service gives the ability to unify the administration experience and define, customize, and assign granular access to the workloads. User identities can be created directly in AWS SSO or can be brought in from Microsoft Active Directory or Azure AD, or a standards-based identity provider, such as Okta Universal Directory. AWS SSO supports commonly used Cloud applications, such as Salesforce, Box, and Office 365 and allows for a quick and efficient connection with the serverless solution.
3. Edge Layer
This layer manages the presentation and connectivity for external customers. It provides an efficient delivery method to service consumers that may be spread across multiple geographical locations.
It includes Amazon CloudFront, a content delivery network (CDN) service built for high performance, security, and developer convenience. It provides secure delivery of web application content and data with low latency and high transfer speeds. Content delivery networks provide a globally distributed network of proxy servers that cache content, such as web videos or other bulky media, more locally to consumers, thus improving access speed for downloading the content.
4. Monitoring and Deployment Layer
The system monitoring layer creates contextual awareness into the behaviour and operations of deployed solutions and underlying workloads, through system level metrics. The deployment layer defines how workload changes are promoted through a release management process. This may utilise:
AWS X-Ray – one of the many tools that lets you identify and troubleshoot the root causes of performance issues and errors in the distributed applications, such as those built using a microservices architecture.
It provides distributed tracing and service maps to easily identify performance bottlenecks by visualizing a request end-to-end. X-Ray helps to analyse both in-development and in-production applications, from simple three-tier applications to complex microservices applications consisting of thousands of services.
AWS Serverless Application Model
AWS SAM is an open-source framework for building serverless applications. It is an extension of AWS CloudFormation that is used to package, test, and deploy serverless applications.
The AWS SAM CLI can also enable faster debugging cycles when developing Lambda functions locally, by providing shorthand syntax to express functions, APIs, databases, and event source mappings.
You can also use the SAM CLI to deploy your applications to AWS or to create secure continuous integration and deployment (CI/CD) pipelines that follow best practices and integrate with AWS’ native and third party CI/CD systems.
In this series of four blog posts we have touched on just a few sample AWS services that can give you a sense of Serverless technology’s power and possibilities. In upcoming articles we shall delve into concrete Serverless use cases, going into detail so you can get a better idea of how to use Serverless for your organization.
You can read the previous 3 articles of this series below:
The benefits and drawbacks of Serverless technologies
Are Serverless technologies a good fit for your organization?
Nuts and bolts of Serverless technologies – part I
If you’re interested in finding out more about Serverless, you can also watch our recorded webinar on modernizing business applications with AWS Serverless technologies >>