-
sls is shortcut for serverless.
-
VPC- Virtual Private Cloud
-
custom in serverless file means where we can declare the variables and can resuse them across the project.
-
plugins:- we define some dependencies under plugins. These dependencies get bundled with the lambda functions when we run serverless deploy cmd.
-
Lambda:- sync and async
-
Amazon eventBridge is for cron jobs. We can schedule any service like lambda, sns etc. using cron.
-
By default:- Lambda's timeout is 3secs and we can increase it upto 15mins
-
For storage lambda can use /tmp directory ( for non-persistent data) and S3 (for persistent data)
-
We normally set the timeout acc. to the function execution time.
-
cold start:- means when code is loaded, initialisation outside the lambda etc. So, generally the first request takes time To avoid cold start, we can use provisioned concurrency, this can be achived by auto scaling.
-
We can also set the reservedConcurrency for a lambda function, means no of concurrent request allowwe at a time.
-
Lambda can reference layers. We can have multiple layers where we can install or put common set of dependencies. So, that these can be accessed via multiple lambda functions. We have layer version as well.
Ques. In tuck backend, DB service has been made in layers. But we haven't exported DB service from there, we are simply exporting this into lambda functions. Not consuming as the layer.?
- Lambda versions:-
-- we work on $LATEST (latest code ) -- versions are immutable (means we can only look at the code of say version1, 2 etc , test it but can't modify the code of these versions). Code modification is only permissisible on the latest version i.e $LATEST -- each time when publish lambda, new version gets created -- versions gets their own ARN (Amazon Resource name)
Que. when we deploy using serverless, each time new version of lambda gets created?
- Lambda Aliases:- -- "pointers" to lambda function versions -- can define like "dev", "test", "prod" etc. -- aliases are mutable -- we can use 2 versions with single alias to divide the traffic on different versions Ques. How this thing actually works? Ques. CodeDeploy?
Best Practices of Lambda:
- perform heavy duty task outside the function handler like connect to DB, intialise AWS SDK
- Use Env variables for DB credentials, S3 bucket, they can be encrypted using KMS.
- Put reusable libraries in the Layers
- Avoid using recursive ocde, never have a lambda call fn itself --------------VERY Important
Ques. APIs name? Ques. How integration response got added on Tuck apis in API gateway and also not lambda proxy is enabled ?
-
We have stage variables that can be passed from api gateway to dynamically invoke the lambda fns
-
API Gateway - canary deployment:- To divide the traffic at the time of deployment
-
API Gateway Integration types:-
- MOCK:- returns response without sending a req, can be used for dev purpose
- HTTP/AWS(Lambda and AWS sewrvices):- -- need to configure both integration request and response -- setup data mapping using templates for both request and response
- Lambda Proxy:- -- incoming req from the client directly goes to lambda and res back to the client. Here lambda needs to return the res in the specific format -- no mapping template -- API Gateway is here to only proxy the request, rest everything is handled by lambda
-
SOAP API vs REST API:- SOAP are XML based whereas REST are JSON based
-
We can use API Keys to protect our apis. -- craete api key(custom or auto generated), enable it on any method. -- send that api key in header as X-API-Key in request while acccessing this api.
-
Can create a usage plan, throttling etc to track the usage of our api.
-
Errors:- -- 4xx: client side --5xx: server side
-
CORS must be enabled when you recive API calls from another domain. CORS can be enabled directly from API gateway for any integration req type except lambda proxy. For lambda proxy, we can just return Access-Control-Allow-Origin:'*' into the headers of lambda response.
-
API Gateway Security (Authentication and Authorization):-
- IAM Role and Policy
- Cognito user pool:- when using cognito to authenticate users
- Custom authorizer/lambda authorizer:- --when using 3rd party for auth -- pass 3rd party token through headers etc. in api -- retrive the token into lambda and then lambda will check for the authenticity of this token by communicating with that 3rd party api -- flexible -- need to write custom code
-
we can also add authroization using IAM Policy
-
Types of APIs:-
- HTTP API vs REST API:- HTTP has lesser feature than the REST
- Websocket APIs:- 2 way interactive comm b/w a user's browser and a server.
-
Cognito:-
- User Pool:- DB of users to login
- Identity Pool:- Provide users access to AWS Services
-
Cognito itself creates federated identities for the users of cognito user pool, federated identities, openId connect providers etc. But for custom login server, we can user developer auth identities. As if we don't use these then we need to create IAM roles for these user to access aws services but as these users will be too many. So this is not viable to do so.
Cloudformation:-
-
Cloudformation drift is a way to detect the changes done manually in any of the resources, we can view thoose changes and then fix our cfn accordingly.
-
CFN resources syntax: AWS::aws-product-name::data-type-name
-
Former2(Tool):- we can create cfn using existing resources
-
Deletion pOlicy; means even if we delete the cfn template still we don't want our resource to be deleted like db. It's of 3 types. We can consider this to care about our imp resources
-
Do not put credentials into your CFN, it should be either pass through params or KMS encrypted.
-
No need of auto scaling in serverless - Managed services
-
Serverless building block:- Faas ( Function as a service means AWS lambda, goggle cloud functions etc.)
-
Serverless plugins:-
- serverless-webpack:-bundle js application using webapck
- serverless-domain-manager:- craetes and assign domain to deployment
- serverless-offline:- helps to run lamnda functions locally using api gateway
- serverless-plugin-typescript:- provides ts support to lambas and there are many more.
-
Microservices vs Monolithic:- In monolithic, everything is under one hood. -- in microservices, we can scale independently of another services.
-
Commands:-
- sls create --name auction-service --template-url https://github.com/codingly-io/sls-base
- sls deploy -v --stage dev (Here, v stands for verbose means it will display the whole details of deployment)
- sls remove -v ( to delete the stack )
- sls deploy -f createAuction -v
-
.serverless folder gets created while deployment (sls deploy)
-
By Default,
- cfn stack name:- service name + stage name (dev/prod) and
- api name:- stage name + service name
- s3 bucket name:- service name + stage name + serverlessdeploymentbucket..
-
Each lambda get assigned an IAM role and this role actually defines what all permissions it has to access the other aws resources.
-
To see logs in the terminal just like cloudwatch, no need to go to cloudwatch
- sls logs --function func_name
- sls logs --function func_name --startTime 1m => means show the logs starting from 1m ago.
- sls logs --function func_name -t
- sls invoke --function func_mame -l =>invoke and view logs
-
Cron services gets stored in Amazon EventBridge.