[SAA + SAP] 10. Serverless Architecture

SAA

Case 1

• User can get Authed by using Cognito
• User need to access his own S3 folder, we can use Cognito to generate temp credentials by using STS, then clients are able to use temp credientials to store/retrieve file in S3

Caching

• We can cache on Database layer first, by using DAX

• We can then cache on API Layer, by using API Gateway caching

Summary

• Using Cognito to generate temp credentials with STS to access S3 bucket with restricted policy. App users can directly access AWS resources this way. Pattern can be applied to DynamoDB , Lambda...
• Caching the reads on DynamoDB using DAX
• Caching the REST requests at the API Gateway level
• Security for authentication and authorization with Cognito, STS

Case 2

• For users need to access static content globally, we can use S3 + CloudFront global distribution Edge location, so users in each region can access content in low letency
• Using Global DyanmoDB Table to serve data globally
• We can add caching for DynamoDB by using DAX

Welcome Email

• Once user registered, data was saved to DynamoDB, we can using DynamoDB Stream to invoke a Lambda function which has IAM role to send Email by using SES service.

Thumbnail Generation

• Client can upload image by using Pre-signed URL
• We can optionally use ClondFront Transfer acceleration to speedup file upload process
• Once file was uploaded, S3 notification trigger Lambda function to generate thumbnail and save into S3 bucket
• Optionally, S3 can further trigger SQS or SNS 

Summary

• Static content being distributed using CloudFront with S3
• Global DyanmoDB table to serve the data globally
• (We could have used Aurora Global Tables)
• We enabled DynamoDB Stream to trigger Lambda
• Lambda function has IAM role to use SES
• S3 can trigger SQS / SNS / Lambda to notify of events

Case 3

• Route 53 can create many records redriect to different IP addresses.
• Can freely compose Serverless services to do the job

Case 4

• One Api Gateway resource can be used for user authoriztion, who can get access to the paid content
• One Api Gateway can be used for CRUD content
• Choose CloudFront Pre-Signed URL instead of S3 Pre-Sigend URL for better global acceleration

Summary

• Cognitor for authentication
• DynamoDB for stroing users that are premium
• 2 serverless apps: 1. permium user registration 2. CloudFront Signed URL generator
• Content is stored in S3
• Integrated with CloudFront with OAI for security
• CloudFront can only be used using Signed URLs to prevent unauthorized users
• What about S3 Signed URL? They are not efficient for global access

Case 4

Summary

• No change to architecture
• Will cache software update files at the edge
• Software update files are not dynamic, they are static
• Our Ec2 instaces are not serverless
• But CloudFront is and will scale for us
• Our ASG will scale not as much, and we'll save tremendously in EC2
• We'll also save in availability, network bandwidh, cost etc
• Easy way to make an existing application more scalable and cheaper!

Case 5

• IoT Core allows you to harvest data from IoT devices
• Kinesis is great for real-time data collection
• Firehose helps with data delivery to S3 in real-time (1 minute)
• Lambda can help Firehose with data transformations
• S3 can trigger notifications to SQS
• Lambda can subscribe to SQS (optional, S3 notification can do as well)
• Athena is a serverless SQL service and results are stored in S3
• The reporting bucket contains analyzed data and can be used by reporting tool such as AWS QuickSight, Redshift...

---