Serverless is one of the (not so) new buzzword in town and it has been gaining a lot of attention lately. Cloud vendors are pushing this technology as much as they can, presenting it as the ultimate way to easily implement complex applications without the typical burdens of system administration. No OS friction, hardware management, scalability issues. No “servers” to manage, update, replace. The cloud provider takes care of all of it, letting the developers be free to focus on what really matters, aka developing their application, instead of wasting their energy in the infrastructure.

Aside from the marketing hype, serverless architectures are a very interesting approach to the ageless dilemma of finding the perfect balance when splitting energies between application development and infrastructure management. That is probably the reason why serverless is so popular, not only on public clouds, but also on-premises.

During Codemotion Milan 2019, Alex Casalboni, Sr. Technical Evangelist with Amazon Web Services, delivered a speech titled Advanced Serverless Architectural Patterns on AWS. In this article we will learn the basics of serverless technology provided by AWS.

If you want to learn more about serverless (even if with different technologies), do not miss the opportunity to attend Codemotion Berlin 2019! Check the agenda and particularly the talk by Ivan Culjak: tickets are still available, get yours here!

A service without a server

For the sake of clarity, let’s re-state the obvious: serverless doesn’t mean there aren’t servers involved (and how that could possibly be?). It simply means that the infrastructure that runs the application (or a part of it) is transparent to the developer.

Instead of deploying a whole microservice, a module or even an entire application as a container, deployment in a serverless environment is done by providing functions, pieces of code that the cloud provider will instantiate when needed. This execution model is often referred to as Function as a Service (FaaS).

Depending on the provider, functions can be implemented in a variety of programming languages such as JavaScript, Python, Java, Go, Ruby, C# and more.

Amazon was among the first cloud providers to offer a FaaS service with its well known AWS Lambda service. AWS Lambda is an event-driven serverless platform that allows the execution of code in response to predefined events. Lambda takes care of instantiating and managing the computing resources needed to execute the serverless code, scaling them automatically when needed.

The serverless Hello World

Let’s dive in the serverless world creating our first AWS Lambda function. Anyone can experiment with AWS Lambda for free, since the Lambda free tier does not expire and is immediately available after signing up, provided that our application does not perform more than 1 million requests per month or uses more than 400,000 GB-seconds of compute time per month.

After signing in the AWS Management Console, we are greeted with a list of wizards that can help getting started setting up the services we need.

Let’s click on the “Deploy a serverless microservice” wizard to create our simple serverless Hello World example.



The wizard is based on a blueprint, a template for our microservice: a simple REST endpoint to perform CRUD (Create, Read, Update, Delete) operations on a DynamoDB database. We will modify this template according to our needs, removing the connection to DynamoDB and simply returning an Hello World message instead.

Let’s fill in the details of our new lambda function, assigning the name “myHelloWorld” and creating a new security role for it.



Since we will not actually connect to DynamoDB, we can remove this policy from the execution role by clicking on the little X on the policy block.

Now let’s proceed with the API gateway trigger. This trigger will execute the lambda function whenever the API endpoint is reached.

Let’s choose to create a new API, set its security to “Open” so we can call the endpoint without authentication (just for the sake of the example) and assign a name to it.



After that, just scroll to the end of the page and click on the “Create function” button. We will modify the code our lambda function immediately after.

When AWS has finished creating the Lambda function, its code will be presented in the inline editor. Just replace the code with the following:

This function will respond with a JSON object containing the message “Hello World!” if called via the API gateway using the GET method.

Let’s click on the orange “Save” button on the top right corner of the page to apply the modifications.

Now let’s click on the API Gateway block in the Designer to close the function code editor and inspect the API Gateway URL:



The API endpoint URL is shown in the block below. Since authentication is disabled, we can simply point our browser to it be welcomed by our Hello World message:



Adding an API key

Let’s now suppose we want to provide our end users with an API key. We will therefore modify our gateway in order to deny requests performed without a valid API key. To do so, let’s click again on the API Gateway block in the designer, then on the name our gateway “myHelloWorld-API”. This will open the API Gateway editor. Click on “API Keys” to set up an API Key for our API:



Click on the “Actions” and then choose “Create API Key”. Give the key a name, and click on Save. For this example, we went with “testkey”.

Now let’s go back to the API to add authentication. Click on “Resources” then choose the “ANY” item in the API Method execution list:



Click on the “Method Request” link to change the authorization mode, switching the “API Key Required” parameter from “false” to “true”:



Then click on the little tick button to apply the change.

An important note here: in order to apply any changes to the API Gateway, we must re-deploy it. To do so, click on the Actions button again and then choose “Deploy API”. You can use the “default” stage created with the wizard to deploy the new version of the gateway.

Now that the API Gateway is up and running, any attempt to call it without providing a registered API key will fail.

Conclusions

There is a lot more to cover about serverless, considering best practices, performance and costs optimization and advanced architectures. Again, if you want to learn more about it, don’t miss the talk Ivan Culjak, Cloud Solution Architect with Celeste Maze, will give at Codemotion Berlin 2019: tickets are still available, get yours here!