A well-designed application is a guarantee of providing services at the highest level. Having many years of experience in working with the AWS cloud and as AWS Well-Architected Consulting Partner, we have cut our teeth on providing the highest quality services based on the Well-Architected Framework. We have already written about the framework on our blog, and you can find the entry at this link. In this post, we will introduce you to the areas that should be taken into account when building a serverless application and how Serverless Lens works – the latest collection of best practices from AWS.
Let’s start by listing the areas that are important in the application design process. Those are:
- compute / computing layer
- data layer
- streaming and messaging layer
- user identity management layer
- edge layer
- system deployment and monitoring
- deployment approaches
In order to properly approach both building and implementing improvements, it is worth setting the goals that we want to achieve during design or diagnosing the elements that need to be changed in the existing application using the AWS Well Architected Tool, which is located in the AWS Management Console. Before we move on to the issue of how to set Serverless Lens in the console, let’s discuss individual areas related to it.
It is responsible for managing requests from external systems, controlling accesses and taking care of their correct authorization. Provides a runtime environment in which to deploy and execute business processes
AWS services useful in the compute layer:
- AWS Lambda – allows for stateless implementation and commissioning of a serverless application, using platforms that support microservices, deployment and management of execution in the functional layer.
- Amazon API Gateway – allows you to run a fully manageable REST API that integrates with Lambda to implement business logic. It also enables traffic management, authorization, access control, monitoring and API versioning.
- AWS Step Functions – enables workflow control, including coordination, status and function chain, as well as long-term implementations not supported by AWS Lambda. By dividing them into several steps and calling workers on EC2 instances or on-premise servers.
It is responsible for managing permanent data storage from the system level. It provides mechanisms to ensure the safe storage of information. It also provides mechanisms to trigger events (events triggering) in response to changes in data.
AWS services useful in the data layer:
- Amazon DynamoDB – is a NoSQL database and was designed to store and manage data in a single table. The Dynamo DB table itself can be located in multiple AWS regions and act as a multimaster table. Its capabilities allow for handling over 10 trillion requests a day and accepting up to 20 million requests per second.
- Amazon S3 – a service that allows you to store files, available via https. It allows you to share static resources hosted through a Content Delivery Network (CDN) such as Amazon CloudFront.
- Amazon Elasticsearch Service – is a popular open-source search and analytics engine. It will find its application in activities such as log analysis, real-time application monitoring or clickstream analysis.
- AWS AppSync – is a ready backend for mobile and web applications (serverless) accelerates building applications, providing a tool for managing and subscribing to data in real-time, with synchronization between devices and offline support.
Streaming and messaging layer
You could say that it is a communication layer. The message layer is responsible for communication between the various components of the environment. The streaming layer is responsible for managing real-time data analysis and processing.
- Amazon SNS – a service responsible for sending notifications in various forms – e-mail, SMS, push notifications. SNS can integrate with various AWS cloud applications and services.
- Amazon Kinesis – a service for collecting data from various sources, such as the Internet of Things. The devices stream a lot of data that goes to Kinesis. The user himself can put the data in the application or Kinesis puts it in S3 or Redshift for him.
- Amazon Kinesis Data Firehose – a service for capturing, transforming and transferring data from a stream to S3, Amazon Redshift or Amazon Elasticsearch Service or Splunk.
User identity management layer
It is responsible for managing the identity, authentication and authorization of the interface for both external and internal clients.
- Amazon Cognito – provides supervision over the unusual status of the user, allowing the developer to decide what to do in an unusual situation (eg Logging in from an unusual location, unknown device or two other locations in this place). Solutions by AWS Lambda allows you to focus on the implementation of sales logic by implementing identity verification via SDK for queries to a given API endpoint.
It is responsible for presenting issues and communication with external clients. Amazon CloudFront provides a CDN that will securely store content and data from initial applications with delays and optimal transfer speeds.
- Amazon CloudFront is responsible for presentation issues and communication with external clients. Amazon CloudFront provides a CDN that will securely store content and data from initial applications with delays and optimal transfer speeds.
System monitoring and deployment
The monitoring layer is responsible for managing the system’s visibility by creating metrics and creating contextual awareness of how the system works and behaves over time. The deployment layer defines how workloads change during versioning in the management process.
- Amazon CloudWatch – provides the necessary information with indicators from all active AWS services on the account. It allows you to create logs at the application and system level and allows you to create KPIs as custom user indicators.
- AWS X-Ray – provides the necessary information with indicators from all active AWS services on the account. It allows you to create logs at the application and system level and allows you to create KPIs as custom user indicators.
- AWS SAM (Serverless Application Model) – is a framework supporting AWS CloudFormation, which is used to test and implement serverless applications. The AWS SAM interface can also enable faster debug cycles when developing Lambda functions locally.
It is worth following the best practices in implementations. The most important rule is to stick to the previously agreed conditions and make sure that the implemented changes do not violate the contract. When the API owner implements changes that violate the service contract and the user is not ready for it, there is a risk of failure.
It is worth paying attention to the fact that depending on the client’s needs, it is possible to choose the approach. The table below briefly describes a given option, the impact on the client’s application or its speed. A detailed description of each of them is provided in the source link below the table.
Source: AWS Serverless Lens Whitepaper
How does Serverless Lens work?
Well-Architected Tool is free of charge and the fee is charged only for AWS resources necessary for repair work. In the AWS console, after setting the necessary parameters related to workloads, in the next step, we choose the “lens” from among 2 options.
After selecting Serverless Lens, a series of questions related to each of the 5th pillars (operational, performance, etc.) appears. After answering, saving them, a risk-related message appears.
Immediately below a given risk category, there are suggestions for a recovery plan. After expanding the list, specific proposals appear along with links to AWS whitepapers related to the previously given answers.
See the AWS region table for the availability of Well-Architected. Take advantage of the new Serverless Lens feature to improve an application under development or to gain insight into existing workloads and redefine them. It is worth remembering that the output from the tool is a report with threats and a list of corrective action suggestions, so it is worth using the Well-Architected Tool during the entire life cycle of the application.