This article is a continuation to our previous article titled ‘AWS Serverless Architecture- An Emerging Trend’ . It delves into the use cases of going serverless, how AWS Lambda plays a major role in the serverless world and explains how the API call flow through a gateway occurs.

Serverless Application Top Use Cases

Building web applications
You can build serverless web applications and backends using AWS Lambda, Amazon API Gateway, Amazon S3, and Amazon DynamoDB to handle web, mobile, Internet of Things (IoT) and chatbot requests.
The call flow for a serverless application starts with the application hosted on S3 unlike a EC2 instance which needs to be managed. On an event trigger, the app calls the REST api to endpoint and the Lambda function is triggered. Lambda executes the function to fetch details from the non-relational DB based DynamoDB to return data back to the user. DynamoDB, being non-relational, helps in faster fetching of data when the data size runs into Terrabytes.
Real-time Stream Processing
You can track application activities using Lambda and Kinesis to process real-time streaming data.
As depicted in the figure above, Kinesis is really useful in analyzing realtime data. For example, if certain hashtags are being analyzed from a social network feed, Kinsesis has the capacity to handle millions of raw data flowing in, trigger Lambda and generate trending information which is stored on DynamoDB and can be used for reporting using Amazon’s own BI tool QuickSight.
Extract, Transform, Load
You can use AWS Lambda to perform data validation, filtering, sorting, or other transformations for every data change in a DynamoDB table and load the transformed data to another data store.
AWS Lambda can be used for ETL as well. Incoming triggers from the web or mobile app can trigger Lambda which is capable of refining data for moving it to an in-house warehouse like Redshift from which Quicksight or a Tableau based reporting tool can show the trends. The data transformation from the operational DynamoDB to a data warehouse based Redshift is done by Lambda seamlessly.
Mobile Backends
Developers can build mobile backends using Lambda and API Gateway to authenticate and process API requests. Lambda eases the process of creating rich, personalized app experiences.
Other use cases are powering chatbot logic and voice enabled apps using Amazon Alexa.
An API Call Flow with Serverless
The Amazon API Gateway enables developers to build scalable APIs that run on the AWS serverless Lambda platform (which executes code directly), on its Elastic Compute Cloud, or on services hosted outside the cloud provider.
The API gateway routes all the incoming requests from the web or mobile app to EC2 or any other publicly available endpoints which can be in the form of multiple microservices and aggregate results back to the user. API gateways not only add an additional layer of security to the microservices,but also prevent exposing the service discovery or versions from the client.
Amazon’s Content delivery network Cloudfront can store objects being fetched to an endpoint closer to the user’s location making the application feel faster. All downtimes or api failures can be monitored using the Amazon CloudWatch and respective authorities notified via e-mail.
In the case of serverless, the event trigger is initiated by an application residing on S3 from which the api gateway redirects it to respective microservice and returns a response to the user.
Publishing Applications to the Repository
Publish applications to the AWS Serverless Application Repository to share solutions with developers or to help your customers quickly understand the value of products and services you sell and support. Anyone with an AWS account can publish a serverless application or application component to the AWS Serverless Application Repository. You can share your published applications within your team, across your organization, or with the community at large. Publicly shared applications must include a link to the application’s source code so others can view what the application does and how it works. All you need to do is package, publish and share.
Concerns and Solutions
The major concerns of going serverless are sacrificing security for convenience and vendor lock-in in. Some of the security concerns can be addressed as below:
Event injection?—?This can be solved with input validation and pre-defined database layer logic, such as an ORM or stored procedures.
Broken authentication?—?This can be solved with built-in authentication/authorization solutions and avoiding vulnerable deployment settings.
Insecure deployment settings?—?This can be avoided by never using publicly readable access control lists and keeping files encrypted.
Misuse of permissions and roles?—?This can be evaded by using the age old -least privilege principle.
Insufficient logging?—?Third party tools such as Dashbird or CloudWatch can help resolve this concern.
Insecure storing of app secrets?—?AWS KMS can be used to encrypt your application secrets.
DoS attacks – Attacks can be avoided by writing efficient code, using timeouts and throttling.
Improper exception handling?—?Consolebased logging stack traces or log files help to address this concern. You can also, hide stack traces from the end user.
Understanding Serverless (Lambda) Cost Management
Lambda counts a request each time it starts executing in response to an event notification or invoke call, including test invokes from the console. You are charged for the total number of requests across all your functions.  
Duration is calculated from the time your code begins executing until it returns or otherwise terminates, rounded up to the nearest 100ms. The price depends on the amount of memory you allocate to your function.
The Lambda free tier includes 1M free requests per month and 400,000 GB-seconds of compute time per month. 
Conclusion
While there are concerns in terms of vendor lock -in going serverless, the ease of use and the issue of managing servers tilt the scale in favor of AWS. Developers perceive security concerns in using AWS serverless architecture. However, most of these concerns can be addressed by following the best practices in coding. It is highly recommended to try AWS Lambda which is a new way to run event-driven applications as a service. Go for the serverless architecture and experiment its ease using the free tier Lambda.

By,
Nandita Menon, Managing Consultant, Digital Business Consulting, RapidValue

The post An Essential Guide to Implementing AWS Serverless Architecture appeared first on RapidValue.