Week of Java: Part 3: Designing and Implementing a Multi-Tier Lambda App

1

AWS WAF

This tier is responsible for exposing the front-end services that our clients will require to perform operations. In this case, I recommend having a Content Delivery Network (CDN) such as Cloudfront to cache and distribute your UI resources (located in our application tier). However, there are some non-AWS solutions such as Cloudflare that can provide not only caching services but also some security services such as Web Application Firewalls (WAF) and security rules to prevent DoS and DDoS attacks (AWS also provides some of them).

#Web Application Security #Security Monitoring #Identity And Access Management 27 social mentions

2

Amazon SQS

In a FaaM project, every communication between our functions should be event driven, meaning that we must reduce as much as possible the request-reply interaction between them, otherwise we could create an unnecessary coupling between our microservices. To achieve this, we can use services such as SQS, SNS or Kinesis.

#Data Integration #Stream Processing #Web Service Automation 64 social mentions

3

Amazon SNS

In a FaaM project, every communication between our functions should be event driven, meaning that we must reduce as much as possible the request-reply interaction between them, otherwise we could create an unnecessary coupling between our microservices. To achieve this, we can use services such as SQS, SNS or Kinesis.

#Data Integration #Stream Processing #Web Service Automation 54 social mentions

4

Amazon RDS

The data tier is responsible for hosting all the services that will persist and manage our data ( OLTP databases, OLAP databases, caches, etc). The diagram above is showing us an RDS database using a multi-tenant pattern in bridge: single database with multiple schemas (one per function/microservice), as well as DynamoDB tables for caching and keeping operational states. It’s important to keep in mind that, even when some people embrace having a complete data tier with DynamoDB, the answer will be “it depends”.

#Databases #NoSQL Databases #Relational Databases 68 social mentions

5

Amazon Cognito

Finally, we’ll require an authentication & authorisation service for our clients. As usual, you can develop your own, but I recommend to use out-of-the-box solutions that use the best practices, most common frameworks and industry standards. In the case of AWS, we can use Amazon Cognito as our **Authentication as a Service** (AaaS) provider. Cognito will help us with the complete authentication and authorisation life cycle of our system’s users. There are other non-AWS services such as Auth0 or Back& that you could also explore.

#Identity Provider #SAML #Identity And Access Management 63 social mentions

6

Amazon API Gateway

In this Tier we can find the **API gateway, **responsible for exposing our API services to our client apps and eventually third party systems. In the case of the AWS API Gateway, the lambda functions will be accessed using events, so even when the client communicates with the API using a request-reply approach, behind the scenes we have an Event Driven Architecture (EDA) to manage our requests.

#API Tools #APIs #Web Service Automation 94 social mentions

7

Auth0

Finally, we’ll require an authentication & authorisation service for our clients. As usual, you can develop your own, but I recommend to use out-of-the-box solutions that use the best practices, most common frameworks and industry standards. In the case of AWS, we can use Amazon Cognito as our **Authentication as a Service** (AaaS) provider. Cognito will help us with the complete authentication and authorisation life cycle of our system’s users. There are other non-AWS services such as Auth0 or Back& that you could also explore.

#Identity And Access Management #Identity Provider #SSO 175 social mentions