Building microservices with AWS Lambda

Common Microservices Design Patterns

  • Synchronous communication
  • HTTPS clients
  • Relying on API Gateway or Load Balancer
  • Flexible client interface
  • Securing against client
  • Asynchronous communication
  • Simple clients
  • Queues, topics, buses, streams
  • Opinionated event/message production/consumption
  • Back off and retry consumption from an event source
  • Serverless Compute Services
  • Code deploy as a function
  • Unique characteristics →3GB RAM max, 15 minutes max duration, max 250MB artifact size, max 512MB temp
  • Security and monitoring built-in and scoped at the functional level
  • Ephemeral worker environments →Support automatic scaling, no stickiness, store data in the database
  • Pay per invocation and per execution duration
  • No socket or port connection required to access the lambda. Access lambda using API
  • Lamba invoke supports synch and async invocations

Three options are available for exposing an API.

  • API Gateway
  • Application Load Balancer
  • AppSync

API Gateway supports

  • REST, WebSocket, and HTTP API
  • Flexible Auth Options
  • Throttling
  • Caching
  • Client SDK generation
  • Edge, regional, private endpoint types
  • OpenAPI/Swagger support
  • Pay per request & data tranferred

Application load balancer supports

  • HTTP/S
  • Path-bases routing
  • URL redirect
  • Custom HTTP responses
  • Container support
  • Pay per hr and LCU consumed
  • GraphQL Support →Can combine data from several resources in a single response
  • Polyglot to backend data sources
  • Deep integration with Amplify framework
  • Subscriptions and offline sync
  • Pay per query and data transfer
  • Complex API with multiple data sources or very unique queries against data →AppSync
  • WebSockets →API Gateway
  • Need transforms, throttling, usage tiers, and flexible auth → API Gateway
  • Normal API, potentially high requests per month, no needed for added transform capabilities → Application Load Balancer
  • Normal API with < tens of millions of requests per month → API Gateway
  • API Gateway HTTP API offers cost-effective benefit similar to the Application Load balancer
  • Open → No Authorization required
  • IAM permissions → Use IAM to grant access
  • Cognito → Managed user directory for authentication
  • Lambda Authorizers → Lambda validate bearer token or request parameter and grant access
  • Security constructs applied to the whole
  • Performance settings applied to the whole
  • Limited amount of application size
  • Limited duration
  • Complexity might grow and stuck in the remodeling of whole routing logic
  • SNS
  • SQS
  • EventBridge
  • Kinesis

Selection of service depends on scale/concurrency controls, durability, persistency, consumption mode, retries, and pricing.

  • Massive throughput/ordering/multiple consumers/replay →Kenisis
  • One to one or minimal Fanout, direct to lambda/HTTP target → SNS
  • Buffer requests until consumed →SQS
  • One too many fanouts, lot of different consumer targets, schema matching, granular target rules → EventBridge
  • Key-value pair dynamically pass to the function
  • Available via standard environment APIs
  • Optionally encrypted via KMS
  • Useful for creating environments per stage
  • Centralized store to manage the configuration
  • Useful for centralized environment variables, secrets control, feature flags
  • Easily share code across multiple functions
  • Promotes separation of responsibilities
  • Built-in support for secure sharing
  • Troubleshoot and debug errors

Lambda Permission Model:

  • Function Policies
  • Actions on Bucket can invoke the lambda
  • Cross account access
  • Sync and Async actions
  • Execution Role
  • Read data from DynamoDB
  • API access permission via IAM
  • Streaming Invocations
  • Characteristics of lambda make how microservices build
  • Lambda service limits impact architectural decisions
  • 3 ways to do API. API Gateway, ALB, AWS App Sync
  • 4 stream/Async methods: SNS, SQS, EventBridge, Kinesis Streams
  • Ecosystem tools to simplify configurations: X-Ray, CloudWatch, SAM, Secrets Manager

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ram Vadranam

Ram Vadranam

Engineering | Architecture | DevOps | FinOps | SecOps | Chaos Engineering