aws lambda
重点 (Top highlight)
With the evolution of technology from mainframe computers to personal computers and cloud computing, the one thing that is constant is the need to make technology more efficient, convenient and affordable.
随着技术从大型计算机向个人计算机和云计算的发展,不断出现的一件事就是需要使技术更加高效,便捷和负担得起。
The introduction of serverless architecture has gained ground all over the world and is now a favoured option by most companies. Backend as a Service (BaaS), such as the authentication services offered by providers like Facebook; or Function as a Service (Faas), where applications with server-side logic are run over stateless containers, and completely managed by 3rd party providers.
无服务器架构的引入已在全球范围内普及,现在已成为大多数公司的首选选择。 后端即服务(BaaS),例如Facebook等提供商提供的身份验证服务; 或功能即服务(Faas),其中具有服务器端逻辑的应用程序在无状态容器上运行,并完全由第三方提供程序进行管理。
Leading technology companies are now offering their own serverless implementations. Our main focus will be AWS Lambda.
领先的技术公司现在正在提供他们自己的无服务器实现。 我们的主要重点是AWS Lambda。
AWS Lambda (AWS Lambda)
AWS Lambda is a serverless computing platform, implemented on AWS platforms like EC2 and S3.
AWS Lambda是一种无服务器计算平台,在EC2和S3等AWS平台上实现。
AWS Lambda invokes your user code only when needed and automatically scales to support the rate of incoming requests without requiring the user to configure anything. There is no limit to the number of requests a user code can handle
AWS Lambda仅在需要时才调用您的用户代码,并自动扩展以支持传入请求的速率,而无需用户进行任何配置。 用户代码可以处理的请求数量没有限制
AWS Lambda can be used along side other AWS services such as to process lifecycle events from Amazon Elastic Compute Cloud and manage Amazon EC2 resources. Amazon EC2 sends events to Amazon CloudWatch Events for lifecycle events such as when an instance changes state, when an Amazon Elastic Block Store volume snapshot completes, or when a spot instance is scheduled to be terminated. You configure CloudWatch Events to forward those events to a Lambda function for processing.
AWS Lambda可以与其他AWS服务一起使用,例如处理来自Amazon Elastic Compute Cloud的生命周期事件并管理Amazon EC2资源。 Amazon EC2将事件发送到Amazon CloudWatch Events以获取生命周期事件,例如实例何时更改状态,何时完成Amazon Elastic Block Store卷快照或计划终止竞价型实例。 您将CloudWatch Events配置为将这些事件转发到Lambda函数进行处理。
Lambda functions can be built using Go, Python, Ruby, Node JS, Java,, and C#. When you create a Lambda function, you are to specify the runtime environment, the roles, the memory allocation and the method to execute it. Once these are provided, AWS Lambda deploys the code, administers it and handles maintenance and security patches and monitoring. But there are some best practices that one can employ to get the best out of each AWS Lambda deployment.
可以使用Go,Python,Ruby,Node JS,Java和C#构建Lambda函数。 创建Lambda函数时,将指定运行时环境,角色,内存分配以及执行该函数的方法。 提供这些代码后,AWS Lambda就会部署,管理代码并处理维护和安全补丁以及监控。 但是,可以采用一些最佳实践来充分利用每个AWS Lambda部署。
高可用性 (High Availability)
Lambda function runs on VPC by default, which has internet access (only S3 and Dynamodb AWS Services). However, it won’t have access to any other private VPC, including other AWS resources that run under another VPC.
Lambda函数默认在具有Internet访问权限的VPC上运行(仅S3和Dynamodb AWS Services)。 但是,它将无法访问任何其他私有VPC,包括在另一个VPC下运行的其他AWS资源。
If a function runs on a Lambda-managed VPC, Lambda is responsible for its availability running on multiple AZs of that VPC region.
如果某个功能在Lambda管理的VPC上运行,则Lambda负责在该VPC区域的多个AZ上运行其可用性。
Another key point is to have your Lambda compute capacity distributed across availability zones which makes your Lambdas inherently fault-tolerant in case of any data center failures.
另一个关键点是让您的Lambda计算能力分布在各个可用区域中,这使您的Lambda在本质上可以容错,以防万一数据中心出现故障。
成本优化 (Cost optimization)
In Lambda, memory, and CPU go hand-in-hand. If you increase memory, CPU allocation will also increase. Now, if we need to reduce the time of lambda execution, we would try increasing memory/CPU to process it faster. But, here is the catch, if we experiment in detail, we will find that after a certain limit increasing the memory doesn’t reduce the execution time but it increases the cost so there is a balance required between performance and the cost involved.
在Lambda中,内存和CPU齐头并进。 如果增加内存,CPU分配也会增加。 现在,如果需要减少lambda执行的时间,我们将尝试增加内存/ CPU以更快地处理它。 但是,这里有个问题,如果我们进行详细的实验,我们会发现在增加一定的限制后,增加内存并不会减少执行时间,但是会增加成本,因此在性能和成本之间取得平衡。
There are few open-source tools available which claim to help you find the best power configuration. However, I prefer to monitor the usage of the memory and execution time through CloudWatch logs and then adjust the configuration accordingly. Increasing or decreasing a small number makes a big difference in overall AWS cost.
几乎没有可用的开源工具声称可以帮助您找到最佳的电源配置。 但是,我更喜欢通过CloudWatch日志监视内存的使用情况和执行时间,然后相应地调整配置。 少量增加或减少对AWS的总体成本有很大的影响。
性能 (Performance)
When we invoke the Lambda’s first time, it does download the code from S3, download all the dependencies, create a container, and start the application before it executes the code. This whole duration (except the execution of code) is known as a cold start time. Once the container is up and running, for subsequent Lambda invocation, Lambda is already initialized and it just needs to execute the application logic and that duration is, called warm start time.
当我们第一次调用Lambda时,它确实会从S3下载代码,下载所有依赖项,创建一个容器,然后在执行代码之前启动应用程序。 这整个持续时间(代码执行除外)称为冷启动时间。 容器启动并运行后,对于后续的Lambda调用,Lambda已被初始化,它只需要执行应用程序逻辑,该持续时间就称为热启动时间。
So should we be worried about cold start time or warm start time? Well, cold start time takes a significant amount of time as part of the full execution, so more emphasis is around reducing that one. However, warm time also can be reduced by following good coding practice.
那么我们应该担心冷启动时间还是热启动时间? 好吧,冷启动时间需要花费大量时间作为整个执行的一部分,因此更多的重点放在减少启动时间上。 但是,遵循良好的编码习惯也可以减少预热时间。
Now, let’s discuss how can we improve the Lambda performance overall:
现在,让我们讨论如何改善整体Lambda性能:
- Choose interpreted languages like Python, Nodejs, as compared to Go, Java, C++ to reduce the cold start time. 与Go,Java和C ++相比,选择Python,Nodejs等解释型语言可以缩短启动时间。
- Use the default network environment unless you need a VPC resource with a private IP. Because setting up ENI takes significant time and add to the cold start time. With the upcoming release of AWS Lambda, more improvement is expected in this. 除非您需要具有专用IP的VPC资源,否则请使用默认网络环境。 因为设置ENI会花费大量时间,并且会增加冷启动时间。 随着即将发布的AWS Lambda的发布,有望在此方面进行更多的改进。
- Remove all unnecessary dependencies which are not required to run the function. Keep only the ones which are required at runtime only. 删除运行该功能不需要的所有不必要的依赖项。 仅保留运行时所需的那些。
- Use Global/Static variables, Singleton objects — these remain alive until the container goes down. So any subsequent call does not need to reinitialize these variables/objects. 使用Global / Static变量和Singleton对象-这些变量将保持活动状态,直到容器关闭。 因此,任何后续调用都不需要重新初始化这些变量/对象。
- Define your database connections at a global level so that it can be reused for subsequent invocation. 在全局级别定义数据库连接,以便可以将其重新用于后续调用。
安全 (Security)
With Lambda being able to access anything, security becomes a major consideration. WHat can invoke the lambda function(function policies)? What the lambda function can access(Execution roles)?
随着Lambda能够访问任何内容,安全性成为主要考虑因素。 哪些可以调用lambda函数(函数策略)? lambda函数可以访问什么(执行角色)?
One IAM role per function — One IAM role should be mapped with only one function even though multiple functions need the same IAM policies. It helps to ensure the least privilege policies when any enhancement happens for the security policies for the specific function.
每个功能一个IAM角色-即使多个功能需要相同的IAM策略,一个IAM角色也应仅映射一个功能。 当针对特定功能的安全策略进行任何增强时,它有助于确保最少特权策略。
- As Lambda would be running on shared VPC, it is not good practice to keep the AWS credential in code. 由于Lambda将在共享VPC上运行,因此将AWS凭证保留在代码中并不是一个好习惯。
- In most cases, the IAM execution role is sufficient to connect to AWS services by just using the AWS SDK. 在大多数情况下,仅使用AWS开发工具包,IAM执行角色就足以连接到AWS服务。
- In cases where a function needs to call the cross-account services, it might need the credentials. Then, just use the Assume Role API within AWS Security Token Service and retrieve temporary credentials. 如果某个功能需要调用跨帐户服务,则可能需要凭据。 然后,只需使用AWS Security Token Service中的Assume Role API并检索临时凭证。
- In cases where a function needs long-lived credentials to be stored like DB credentials, access key, either use environment variables with encryption helper or AWS System Manager. 如果某个功能需要长期存储的凭证(如数据库凭证,访问密钥)进行存储,则可以将环境变量与加密助手或AWS System Manager结合使用。
测试中 (Testing)
AWS Lambda is all about your code running in the cloud. So how should we test it in local?
AWS Lambda与您的代码在云中运行有关。 那么,我们应该如何在本地对其进行测试?
Lambda doesn’t provide any endpoint URL to test directly. It always depends on the event source systems to initiate.
Lambda不提供任何可直接测试的终结点URL。 它始终取决于要启动的事件源系统。
- We can use AWS SAM for doing the local testing of the Lambda function. It gives the CLI which provides a Lambda-like execution environment locally. We can get localhost URL for API Gateway which calls the lambda function in local. 我们可以使用AWS SAM对Lambda函数进行本地测试。 它提供了CLI,可在本地提供类似Lambda的执行环境。 我们可以获得API网关的本地主机URL,该API网关在本地调用lambda函数。
We can use localstack open source project to create a local environment having most of the AWS resources/services available. This can be used to run lambda along with other AWS services. You can integrate AWS SAM and localstack as well, as it provides all the services as APIs, running as a Docker container in the backend.
我们可以使用localstack开源项目来创建具有大多数可用AWS资源/服务的本地环境 。 这可以用于与其他AWS服务一起运行lambda。 您还可以集成AWS SAM和localstack,因为它提供所有服务作为API,并在后端作为Docker容器运行。
- Put business logic outside of the Lambda Handler. The Handler function should be used just to retrieve the inputs and then pass it to other functions/methods. These functions/methods should parse them into variables related to our application and use it. This will separate the business logic from the handler and it can be tested within the context of objects and functions we have created. 将业务逻辑放在Lambda Handler之外。 Handler函数仅应用于检索输入,然后将其传递给其他函数/方法。 这些函数/方法应将它们解析为与我们的应用程序相关的变量并使用它。 这会将业务逻辑与处理程序分开,并且可以在我们创建的对象和函数的上下文中对其进行测试。
部署中 (Deploying)
Lambda has Versioning and Alias features as well. We can publish multiple versions of a function. Each version can be invoked in parallel in a separate container. By default, the version would be $LATEST . We can use these versions during development for creating multiple environments like dev/UAT, however, it is not recommended to be used directly for Production env as every time we upload new code, the version will be incremented and clients need to point to the new one. That’s where Aliases comes into the picture.
Lambda也具有版本控制和别名功能。 我们可以发布一个函数的多个版本。 每个版本都可以在单独的容器中并行调用。 默认情况下,版本为$ LATEST。 我们可以在开发过程中使用这些版本来创建多个环境,例如dev / UAT,但是,不建议将其直接用于Production env,因为每次我们上传新代码时,该版本都会递增,并且客户需要指向新版本之一。 那就是Aliases出现的地方。
Aliases refer to a particular version of the function. So if the code changes and a newer version is published, event source will still point to the same alias but the alias will be updated to refer to the newer version. This helps to plan a Blue/Green Deployment. We can test the newer version with sample events and once it works fine, it can be pointed by the Alias to switch the traffic to it. This can be used for rollback to the original version also if any issues are found.
别名是指该功能的特定版本。 因此,如果代码更改并且发布了较新的版本,则事件源仍将指向相同的别名,但是该别名将被更新以引用较新的版本。 这有助于计划蓝/绿部署。 我们可以通过示例事件来测试较新的版本,一旦正常运行,Alias可以指出将流量切换到该版本。 如果发现任何问题,也可以将其用于回滚到原始版本。
监控方式 (Monitoring)
One of the best ways to enhance your AWS Lambda experience is by integrating software such as CloudWatch which works very well with Lambda and provides you with good details of the lambda execution. Lambda automatically tracks the number of requests, the execution duration per request, and the number of requests resulting in an error and publishes the associated CloudWatch metrics. You can leverage these metrics to set CloudWatch custom alarms as well.
增强AWS Lambda体验的最佳方法之一是集成CloudWatch之类的软件,该软件可与Lambda配合使用,并为您提供Lambda执行的详细信息。 Lambda自动跟踪请求数,每个请求的执行持续时间以及导致错误的请求数,并发布关联的CloudWatch指标。 您还可以利用这些指标来设置CloudWatch自定义警报。
We can also use X-Ray to identify potential bottlenecks in our Lambda execution. The X-Ray can be useful when trying to visualize where we are spending our function’s execution time. It also helps to trace all the downstream systems it connects with the complete flow.
我们还可以使用X射线识别Lambda执行过程中的潜在瓶颈。 当试图可视化我们花费函数执行时间的位置时,X射线可能会很有用。 它还有助于跟踪与整个流程连接的所有下游系统。
General positive feedback about Lambda is that it’s simple to set up, pricing is excellent, and it integrates with other internal AWS products such as RDS and ElastiCache.
关于Lambda的普遍正面反馈是,它易于设置,定价合理,并且与其他内部AWS产品(如RDS和ElastiCache)集成。
When it comes to drawbacks of the solution, there have been 2 main areas where there has been criticism:
当谈到该解决方案的缺点时,有两个主要方面受到批评:
“Cold Start”: Creating a temporary container (that is subsequently destroyed) can take between 100 milliseconds to 2 minutes, and this delay is referred to as “cold start”.There are various workarounds to negate this, but it is something important to be aware of.
“冷启动” :创建一个临时容器(随后被销毁)可能需要100毫秒到2分钟之间的时间,这种延迟称为“冷启动”。有多种解决方法可以消除这种情况,但对于意识到。
Computational Restrictions: Being based on temporary containers means that usable memory is limited, so functions requiring a lot of processing cannot be handled by AWS Lambda. Again workarounds are available, such as using a step function.
计算限制 :基于临时容器意味着可用内存受到限制,因此AWS Lambda无法处理需要大量处理的功能。 同样可以使用变通方法,例如使用步进功能。
Additionally, there is an element of “lock-in”, as choosing to go with AWS invariably means you’ll be integrating (and become reliant on) other AWS tools and products in the Amazon ecosystem.
此外,还有一个“锁定”元素,因为选择使用AWS总是意味着您将集成(并依赖)亚马逊生态系统中的其他AWS工具和产品。
结论 (Conclusion)
Like other AWS services, Lambda can be of great help and useful tool for your project or an integral part of your development stack. But to get the most out of the service, one most be acquainted with its best practises. But used skillfully, the end results usually exceed expectations.
与其他AWS服务一样,Lambda对于您的项目或开发堆栈的组成部分而言,可能是非常有用的工具。 但是要充分利用服务,请最了解其最佳实践。 但是,如果熟练使用,最终结果通常会超出预期。
我们将帮助您节省时间和资源 (We’ll help you save time and resources)
Avoid errors, apply best practices, and deploy high-performance streaming platforms that scales
避免错误,应用最佳实践并部署可扩展的高性能流平台
Originally published at AWS Lambda Architecture Best Practices.
最初发布于 AWS Lambda Architecture Best Practices 。
翻译自: https://medium.com/softkraft/aws-lambda-architecture-best-practices-e2ef23b85abf
aws lambda