Adrian Cantrill’s SAA-C02 study course, 50 minutes: Serverless and Application services section: Step Functions and API Gateway
AWS Step Functions
Lambda is Faas
Best practice: create functions which are small, focused, and do one thing really well
Never try to put a full application inside a Lambda function:
– bad practice
– execution duration limit of 15 minutes
Lambda functions can be chained together
– gets messy a scale
Runtime environments are stateless
– state cannot be held through different Lambda function invocations
Step Functions allow for the creation of state machines
– think of a State machine as a workflow (start → states → end)
States are things which occur
– state machines are designed to perform and activity or flow which consists of lots of individual components and maintain the idea of data between those states
Maximum duration for invocations in state machines is one year
Standard Workflow and Express workflow
– choice influences speed of workflows and maximum duration
– standard is the default; one year execution limit
– express: high-volume, event-driven processing workloads such as IOT, streaming data processing and transformation, mobile application backends; runs up to five minutes
– generally used for backend processing
State machines can be started via API Gateway, IOT Rules, EventBridge, Lambda….
Amazon States Language – JSON Template
IAM Role is used for permissions
STATES
Succeed and Fail
Wait: certain period of time; date and time; waits for a certain period of time and then pauses the processing until the duration time or until that specific point in time
Choice: allows the state machine to take a different path depending on the input; can be used to influence state machine behavior based on the path taken
Parallel: used to create parallel branches
Map: accepts a list, and performs a specific action based on the item in the list
All these states control flow
Task: represents a single unit of work performed by a state machine (Lambda, Batch, DynamoDB, ECS, SNS, SQS, Glue, SageMaker, EMR, Step Functions)
– task states allow the state machine to perform things
– tasks can be integrated with lots of different services
– coordinates the work occurring; coordinates with external services to perform the work
Summary: Step functions let you create state machines. State machines are long running serverless workflows, they have a start and an end, and in between they have states. States can be directional decision points or they can be tasks which actually perform things on behalf of the State Machine. By using them you can build complex workflows which integrated with lots of different AWS services.
API Gateway
Create and manage APIs
API: Application Programming Interface
– how applications communicate with each other
API gateway acts as an end point or entry point for applications looking to talk to services
Sits between applications and integrations (services)
Highly available, scalable, handles authorisation, throttling, caching, CORS, transformations, OpenAPI spec, direct integration and much more
Can connect to services/endpoints in AWS or on-premises
HTTP APIs, REST APIs and WebSocket APIs
Three phases:
1. Integration request: authorize, validate transform
2. Integration
3. Response: Transform, prepare, return
CloudWatch logs can store and manage full stage request and response logs. CloudWatch can store metrics for client and integration sides
API Gateway Cache can be used to reduce the number of calls made to backend integrations and improve client performance
Authentication
Cognito user pools: client authenticates with Cognito, receives authentication token in return; passes token in with a request to the API gateway; API gateway can natively verify the token
Lambda-based authorization: used to be called custom authorization; assumed that client has some form of bearer token, something which asserts and identification; passes this into API gateway with the request; API calls a Lambda authorizer, which validates the request (custom compute or local store); then invokes Lambda function or returns 403 access denied
IAM authorization: passes in credentials in the headers
ENDPOINT TYPES
Edge-optimize
– routed to nearest CloudFront POP (point of presence)
Regional
– Clients in same region
Private
– Endpoint accessible only within a VPC via interface endpoints
API GATEWAY STAGES
Most things in API Gateway defined based on a stage
Each stage has it’s own unique endpoint URL and it’s own settings
Each stage can be deployed into individually
Stages can be enabled for canary deployments; deployments are made to the canary, not the stage
Stages enabled for canary deployments can be configured so a certain percentage of traffic is sent to the canary. This can be adjusted over time – or the canary can be promoted to make it the new base ‘stage’
API Gateway: Errors
4XX – Client Error: Invalid request on client side
5XX – Server Error: Valid request, backend issue
400 – Bad Request – Generic
403 – Access Denied – authorized denies.. WAF Filtered
429 – API Gateway can throttle – you’ve exceeded that amount
502 – Bad Gateway Exception: bad output returned by Lambda
503 – Service Unavailable: backing endpoint offline? Major service issues
504 – Integration Failuer/Timeout – 29s limit
Caching
– configured per stage
– without caching any services making request to the API gateway stage will invoke backend integrations every time
– caching is defined on a stage (500 mb to 237 GB in size)
– caches from 0 to 3,600 seconds
– cache can be encrypted
– calls only made to backend when there is a cache miss
– reduced load, reduced cost, improved performance