S3 / CloudFront / API Gateway / Lambda / Intro AWS Serverless Services
Build Serverless Applications using AWS Solution. # S3 Bucket hosting a Static Website > S3: Simple Storage Service. - Usage: Customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases. - Websites - Mobile applications - Backup and restore - Archive - Enterprise apps - IoT devices - Big data analytics - Meets: - Cost-effectiveness - Security - Resilience - Static: But it can be interactive. - You just can't use server-side processing code, like .NET or PHP. - You can use a client-side script, like JavaScript. - You can still set up your website to interact with other AWS services, like DynamoDB or API Gateway, and pull dynamic information by passing variables using query strings. - Your site can be dynamic, but your processing happens on the client side, or using a service like API Gateway. - Workflow: - This bucket must have public read access. - The website is then available at the AWS Region-specific website endpoint. - Instead of using the website endpoint for S3, you can also bring your own domain name to serve your content. Amazon S3, along with Amazon Route 53, supports hosting a website at the root domain.

CloudFront Distribution

  • CDNs: Content delivery networks.
    • Since the late 90s, when the first generation CDNs were introduced to help reduce latency associated with media transfer.
    • Traditionally, static material was retrieved directly from origin each time a user requested it. That took way too long.
    • The CDN reduced that roundtrip request time by caching frequently used items at an internet exchange location. Now, to the current state of CDN.
  • Amazon CloudFront speeds up content delivery by leveraging its global network of data centers, known as “edge locations.”
  • CloudFront has edge servers and locations all around the world.
  • CloudFront fetches your content from an origin, such as an Amazon S3 bucket, an Amazon EC2 instance, an Amazon elastic load balancer, or your own web server and stores it in the edge location.
  • When a user requests content that you serve with CloudFront, their request is routed to a nearby edge location.
    • Requests are routed to the least latent edge location that is the closest in terms of delivery speed.
    • If CloudFront has a cached copy of the requested file, CloudFront delivers it to the user, providing a fast, low-latency response.
    • If the file they’ve requested isn’t yet cached, CloudFront retrieves it from origin - CloudFront leverages AWS global private network, a separate backbone across the internet that helps bypass worldwide networking issues to provide better performance for both static and dynamic content. Because the content traverses the AWS private network instead of public internet, and CloudFront optimizes the TCP handshake, the request and content return is still so much faster than crossing the public internet.
  • Security feature:
    • Can set up additional access restrictions, like GO restrictions, signed URLs, and signed cookies, to further constrain access to the content following different criteria.
    • OAI: Origin access identity restricts access to an S3 bucket and its content to only CloudFront in operations that CloudFront performs.
      • Goal: Place layers of protection between your user requests and the data origin, but to do it in such a way that it does not impact performance.
      • CloudFront includes additional protection against malicious exploits.
      • To provide these safeguards, CloudFront integrates with:
        • AWS WAF: a web application firewall that helps protect web applications from common web exploits. AWS WAF lets you control access to your content based on conditions that you specify. For example, IP addresses or the query string on a content request.
        • AWS Shield: a managed DDoS protection service for web applications running on AWS. All CloudFront customers benefit from the automatic protection of AWS Shield standard at no additional charge.

API Gateway

APIs: Application Programming Interfaces.

  • REST APIs
  • WebSocket APIs
  • Access:
    • Data
    • Business logic
    • Other functionality from your backend services
      • Workloads running on EC2
      • Web applications
      • Code running on AWS Lambda
      • Other AWS services

Why would you want to use API Gateway?

Software development organizations are moving more towards microservice architectures.
Microservice: An approach to software development where software is composed of small independent services that communicate over well-defined APIs. These services are - in turn - owned by small, self-contained teams. Microservices architectures make applications easier to scale and faster to develop. And that really enables innovation and accelerates the time-to-market for new features.
API Gateway Features:

  • Developers can add headers, map input variables from POST events, to something your target application needs
  • Efficient API Development:
    • Monitor performance of metrics and information
    • On API calls, data latency, error rates
    • From the API Gateway dashboard
  • Easy Monitoring
  • Performance:
    • Provide end users with the lowest possible latency for API requests and responses
    • By taking advantage of our global network of edge locations using Amazon CloudFront
    • Throttle traffic and cache the output of API calls
      • To ensure that the backend operations withstand traffic spikes
      • And backend systems are not unnecessarily called
  • Tiered pricing model for API requests
    • Decrease your costs based on the number of API requests you make, per Region, across your AWS accounts
  • Flexible security controls: You can authorize access to your APIs with:
    • AWS Identity and Access Management, or IAM
    • Amazon Cognito
    • For OAuth tokens or other authorization mechanisms, API Gateway can verify incoming requests
    • Providing an extra layer in front of your backend service

AWS Lambda Function

AWS Lambda: A serverless compute service. It lets you run your code without provisioning or managing servers. You pay only for the compute time you consume. That means no charge when your code is not running.

Author: Yuzu
Link: https://kamisu66.com/2022/06/05/Intro AWS Serverless Services/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.