ClouDigest ClouDIY ClouDebrief

ClouDesign: Architecting Serverless

-

 

Serverless Solution Architecture



Introduction

AWS provides a comprehensive suite of serverless services that allow developers to build secure, scalable, and cost-efficient applications. In this article, we will design a serverless architecture.

We will look at common packages that usually come together for a given use case.


ClouDatum:

DynamoDB global tables replicate data across multiple AWS Regions in less than one second.

API Gateway can process over 10,000 requests per second per API.

DynamoDB DAX can improve read performance by up to 10x compared to standard DynamoDB reads.

Cognito user pools can scale to handle millions of users without manual intervention.


The goal here is to design architecture using serverless services offered by AWS. Also, the architecture might vary from each individual's POV. We should try to understand the core use case, which service is usually good to opt for and where.


Let us start with our first case.

1. Mobile App: MyTodoList 


Understanding the Requirements

For our mobile app, we have the following core requirements:

1. Expose a REST API with an HTTPS endpoint

2. Ensure a completely serverless architecture

3. Enable users to interact directly with their own folder in Amazon S3

4. Implement managed authentication and authorization

5. Support high read throughput for to-dos, which are frequently accessed but rarely modified

6. Use a database that scales seamlessly with traffic

To meet these requirements, we need a robust architecture leveraging AWS serverless services.


Designing the Serverless Architecture

1. REST API with HTTPS Endpoint

We will use Amazon API Gateway, a fully managed service that allows us to create, deploy, and manage APIs at any scale. API Gateway will act as the entry point for our mobile application.

2. Compute Layer with AWS Lambda

API Gateway will invoke an AWS Lambda function to process requests. Lambda allows us to execute backend logic in a serverless environment, ensuring automatic scaling and cost efficiency. The Lambda function will handle CRUD operations for the to-do list application.

3. Scalable Database with Amazon DynamoDB

For data storage, we need a serverless, high-throughput database. Amazon DynamoDB fits this use case perfectly as it offers seamless scaling, high availability, and single-digit millisecond latency. The Lambda function will store and retrieve to-dos from DynamoDB.

4. Authentication and Authorization with Amazon Cognito

To manage user authentication, we will use Amazon Cognito, a managed service that provides user sign-up, sign-in, and access control. Cognito will allow mobile users to authenticate and obtain temporary credentials to interact with AWS resources securely.

5. Enabling Direct S3 Access for Users

Users should be able to upload and retrieve files from Amazon S3. After authentication via Cognito, users can receive temporary credentials through Cognito Identity Pools. These credentials will enable them to access only their designated S3 folder, ensuring proper security and isolation.



Optimizing for Scalability and Cost Efficiency

As our application scales, optimizing performance and cost becomes crucial. Here are two key improvements we can implement:

1. Caching for High Read Throughput

Since to-dos are frequently read but rarely modified, we can introduce Amazon DynamoDB Accelerator (DAX) as a caching layer. DAX provides in-memory caching, significantly reducing read latency and decreasing the need for high read capacity units in DynamoDB.

2. API Gateway Caching

To further optimize performance, we can enable caching at Amazon API Gateway. This reduces redundant Lambda invocations and speeds up API responses, improving user experience and lowering costs.

Security Considerations

Authentication and Authorization: Cognito ensures secure user authentication and access control.

Least Privilege Access: Users receive temporary credentials with limited permissions, restricting access only to their resources.

API Security: API Gateway supports JWT validation, request throttling, and WAF integration to protect against common threats.

By leveraging AWS serverless services, we have designed a scalable, cost-efficient, and secure architecture for MyTodoList. Key takeaways from our approach include:

Using API Gateway and Lambda for a fully managed REST API

Employing DynamoDB for high-performance, scalable data storage

Leveraging Cognito for secure authentication and temporary AWS credentials

Implementing caching with DynamoDB DAX and API Gateway to optimize performance and cost


2.Serverless Hosted website: Myblog.com

Understanding the Requirements


1. Scalable, globally distributed static content

2. A public REST API for dynamic elements

3. Optimized caching for cost efficiency and low latency

4. Automated welcome emails for new subscribers

5. Automatic thumbnail generation for uploaded images



ClouDatum:


CloudFront reduces latency by up to 60% by serving cached content from edge locations.


Amazon SES sends over 300 million emails per day globally.


Designing the Serverless Architecture


1. Hosting Static Content

Our blog content consists mostly of static files. We will store these files in Amazon S3 and distribute them globally via Amazon CloudFront, a content delivery network (CDN) that caches content at edge locations, reducing latency.


2. Securing Access with Origin Access Control (OAC)

To prevent direct access to the S3 bucket, we will configure Origin Access Control (OAC) in CloudFront. The S3 bucket policy will allow access only through CloudFront, enhancing security.


3. Public REST API

For dynamic content, we will use Amazon API Gateway, which will invoke AWS Lambda to fetch data from Amazon DynamoDB. Since the blog has high read traffic, we can use DynamoDB Global Tables to reduce latency for international users.


4. Sending Welcome Emails

New subscribers should receive a welcome email. We will:

Enable DynamoDB Streams to capture subscription events.

Trigger an AWS Lambda function when a new user subscribes.

Use Amazon Simple Email Service (SES) to send the welcome email.



5. Automatic Thumbnail Generation

When a user uploads an image:

The upload triggers an S3 event.

An AWS Lambda function generates a thumbnail.

The thumbnail is stored in an S3 bucket.

This can be further optimized with Amazon S3 Transfer Acceleration for faster uploads.

We can also trigger SQS and SNS via S3 invocations, just to note if needed can be used in certain use cases.



Security Considerations

CloudFront OAC ensures secure static content delivery.

API Gateway throttling prevents abuse of the public REST API.

IAM roles enforce least privilege access for Lambda functions.

Conclusion


By using AWS serverless services, we have designed two scalable architectures:

  1. MyTodoList: A mobile to-do app with API Gateway, Lambda, DynamoDB, Cognito, and S3.

  2. MyBlog.com: A scalable blog using CloudFront, S3, API Gateway, DynamoDB, and Lambda.


Both architectures ensure high availability, scalability, and cost efficiency, making them ideal serverless solutions.

















Location: 24, Self Financed Society 208 Colony, Yelahanka New Town, Bengaluru, Karnataka 560064, India

Comments

Post a Comment

Popular posts from this blog

ClouDIY: Bootstrapping Linux Servers – Part 2

-
ClouDIY: Bootstrapping Linux Servers – Part 2 Advanced tools and services for Linux system administration (based on RH134) 1. Shell Scripting Basics Shell scripts allow you to automate tasks such as backups, user setup, or software installation. They're simply text files containing a sequence of shell commands. #!/bin/bash echo "Welcome" whoami Explanation: The first line tells Linux to use the Bash shell. echo displays text, and whoami prints the current user. Tip: To run the script, first make it executable: chmod +x script.sh ./script.sh  Loops and Conditions Scripts often need to make decisions or repeat actions. You can do this using if statements and loops . If statement: Checks if a file exists before taking action: if [ -f "/etc/passwd" ]; then echo "File exists" fi For loop: Repeats a command for each item in a list: for i in 1 2 3 do echo $i done This loop prints the numbers 1 to 3, one per line. grep, awk,...
Read more

ClouDebrief: Database Savings Plans

-
Image
Every year at AWS re:Invent, the spotlight naturally goes toward AI , bigger models, faster chips, smarter agents.  But amidst all the AI buzz, there was one announcement that made existing AWS customers sit up, lean forward, and whisper: “Finally… something that helps me save money today.” And that crowd favorite was the introduction of Database Savings Plans (DSP),  a flexible new pricing model that can reduce database costs by up to 35% when you commit to a consistent amount of usage (in $ per hour ) over a one-year term, with no upfront payment . What Is Database Savings Plans? The Problem Before DSP Before Database Savings Plans, saving money on AWS databases required juggling multiple, different mechanisms: Reserved Instances for Amazon RDS Aurora Reserved Capacity Reserved capacity for DynamoDB Region-specific and engine-specific reservation rules Different pric...
Read more