Deep Dive into AWS SAM

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
awesome thanks for joining us again here today we're coming in here live from the Davis loft in San Francisco we're here at the loft today covering a whole range of topics around server lists if you missed us here in the previous hour we just did an initial view into lambda and Sur bliss applications this next section here we're gonna be taking it a little bit further and doing a deep dive into something called aw Sam and a de BES Sam CLI and again we're here all day talking about serverless topics and there's a lot of things that we're gonna cover for those of you who are just joining us either both here physically in the loft or virtually on online here with twitch my name is Chris ones I am currently a principal in the lead developer advocate for serve lists at AWS I am based in New York City and have been at AWS here for a little over six and a half years across a couple of different roles primarily coming out of start-up space in New York City working for companies such as Etsy and meetup calm and as primarily as a DevOps person but today I get to talk about this this awesome space of service that is growing rapidly and really kind of transforming the industry to a degree so why are we here today again we've already been talking a lot about Cameo about the service space and in various aspects about it this section here today we're gonna talk a bit about some of the tooling that we have here from AWS that can really simplify your life with building service applications again there are just enough things about service that make it nuanced and different that having a purpose-built tool for building service applications can be really valuable and so in the last session I had a slide about some of the different frameworks that we had and one of them in particular that we're gonna focus on right now is my good squirrel friend here called Sam and so we're gonna talk here today about AWS Sam so what Sam stands for is service application model this is a kind of tooling framework that we have here for service applications at AWS it's been around now for just a little over a year and a half in total I believe and again we're really in deep in depth here about it so what Sam is is is built on top of another service that we have here at AWS called a TMS cloud formation a cloud formation is a service that provides a template driven way or document base driven way for provisioning managing updating your infrastructure and so you have a text document it represents the resources inside of your infrastructure and then you pass it to the service and it goes and provisions those and manages those for you now what Sam does is provide some special capabilities specific just a service on top of cloud formation and so we have a couple of special resources we have service functions API as tables and the layers and applications which is a newer concept for us here it could support almost anything that cloud formation supports today again it's built on top of that now Sam is an open source tool so not only is the specification open source but we'll talk about something later called the the translator which is also open sourced and you can find out about Sam by going to aws.amazon.com server lists and almost everything we're gonna cover here today gets mentioned there now previously I mentioned how when we talk about a service application there's kind of three main aspects to it there is your invocation source so today we've got over 40 services in AWS that can invoke lamda there is your lambda function and then there is what your lambda function might need to be talking to so databases data stores other endpoints on the internet now imagine we wanted to provision these three things and manage them so let's say we have an API based workload so we need to provision and manage an EPA gateway our lambda function and let's say we have a dynamo DB table for storage of our our data information now what's and what we can do is create a document that looks just like this this is about 20 or so lines of code and let's break down what goes on inside of this so in the first section what we have here the top two lines are considered the headers and CloudFormation the first one template format version is just kind of a thing that sells CloudFormation that this is a cloud formation template the second line though here transform is really important to us here in this talk now this transform says AWS : : server list - and then you see a date stamp there now this tells the cloud formation service that oh this is a special type of template file I'm going to need to apply a transform to it and what the transform is going to do is convert these special resources into rock information down below here then we see two different resources that are defined then I'll talk about the bottom one first in this case because it's really really basic we have a resource that's named list table it's of type AWS service simple table and what this represents is a DynamoDB table with a base five read and write units really really straightforward basic DynamoDB table that's all we need to do to define it if we go up kind of like the middle of this document the kind of the main body of it we see that we have a resource called get HTML function it's of type service function a data service function and then it has properties that are broken down into two areas now the first four properties are really specific to a lambda function we have where the handler is so we talked about on the previous session of the handler is what the service looks to invoke your code and inject the event into we have the runtime in this case nodejs 6.10 we have where the code lives we have a policy for my function so this function has read-only access to DynamoDB and the below that we have this event structure this event structure has a single resource called get HTML it's of type API and it has properties for proxy routing and the any method in HTTP now what's going to come out of this is a lambda function an API gateway stage and endpoint configured my code part of that lambda function and a DynamoDB table and then all of the resources and policies necessary to glue them together created for me and so again here it's about 17 18 lines of code another way to think about this and this is from an example that we have up in github called Sam farm is that from I believe here it's roughly lines 10 through 25 so 15 lines of code gives you seven different AWS resources and so it if you were to go through the console and go and create all of these you'd be doing quite a lot of clicking if you're doing these just from the CLI you'd be quite a lot of CLI commands but in this case this roughly total 25 lines of code with a bunch of CloudFormation specific things here is going to give you those seven resources now when you transform this using cloud formation behind the scenes to rock cloud formation this is about 70 or 80 lines of code so it can quickly go four or five X what you see here in this template if you were to do it in just raw CloudFormation so this really really really simplifies and streamlines what's required in building and managing a surplus application so it's go little bit deeper here so again we have five special resources today inside of Sam templates that you can create we have a service function and we see here just a snippet of actually what's available for a function we can define almost any aspect or attribute about our lambda function its event sources environment variables and all sorts of information about it we have an API definition so this represents an API gateway stage and we can configure things like caching we could also configure things like authorization an endpoint configuration like cores and headers and other stuff like that we have a simple table which is again a dynamodb table and DynamoDB table we have a couple of basic attributes here that you can configure we have something called a layer version and we're going to talk about layers here again after lunch but this is a exciting new capability inside of lambda today and then we have a service application and so one other thing that we announced back at reinvent which we'll talk a little bit deeper about here today is we already saw today in the service application repository that I could easily go and launch an application well we could actually do now is something called nested applications which allows me to have one service application reference an existing application in the application repo as if they were basically one entity so when I go to deploy my application I could say oh my application also deploy depends on this other app in SAR and it'll pull that down and install that in my account the same way so this allows me to define that other application as part of my application now in terms of functions and event sources we've got the ability to configure pretty almost any event source that you have here we're not going to go through all of these here today but it's all in the documentation for Sam and so each event might have some specific properties we see for an s3 bucket we can specify our for an s3 object we could specify just a bucket but we could also a filter on prefix or suffix say which specific s3 event we care about puts there deletes for example and so you can really get fine-grained as to what your your event trigger is I mentioned before he choose cloud watch events to replace cron jobs and for this you can actually just pass in the the true cron syntax from when a function should be executed and so for all the different services that we have you can get you know all of that configuration now what Sam will do in some case is actually configure that resource for you so if that resource doesn't exist it will go and create an s3 bucket for you for others it will expect you to pass in an existing resource start a little bit more about Sam from the CloudFormation side of things so again Sam is built a topic CloudFormation this is a CloudFormation template don't expect anybody be able to read what's in there but what I didn't want you get from it is that there are a couple of different kind of sections of codes that can exist inside of a CloudFormation template that have different capabilities so we already talked about the headers and we saw that we had a header that said this is a cloud formation template it has a transform and that's something that you need in pretty much every CloudFormation template and same template you're gonna create let me have other capabilities that can add a lot of interesting power to this so the concept of parameters and apologies here if the lighting makes a little harsh Cetus but these are parameters are things that are passed in at execution time of this template so at provision time you could pass in information maybe let's say a developers name you could pass in an environment you could pass in whatever information you might need to that could add some dynamic 'no stew this template we have mappings so in this case mappings are you can think of it as a predefined case statement or switch statement inside of your template we have conditionals which are similar to mappings but in the context basically allow you to say that a resource should or shouldn't be created given some other context so you know in production we will always do something h.a but in dev we won't type of a thing there's the resources so that's kind of the the meat of this document the the actual database resources that we're going to define and then our outputs so what outputs represent much like it sounds is what are the results of this template and I might need those results to pass into another application stack or to tell someone where they could find my applications endpoint or other information about it and so these capabilities make CloudFormation really powerful from a provisioning tool standpoint so again we can mix in these various capabilities we can launch other AWS resources or reference them and there's other things like we'll talk about here in a moment this concept of intrinsic functions which are basically shortcuts inside of CloudFormation code that could do things like reference other resources or split strings or join strings or do a number of other things that you can have here there's something called imports and exports and CloudFormation which is a bit too much again into here today but a long a short of it is that it allows you to define essentially inside of a region a global namespace for resources that have been created so I could create in one cloud formation templates something that I call prod DB and then in any other CloudFormation template or Sam template that I launch I can reference that database just by saying give me prod DB and it will tie that back to say like an RDS database or a dynamo DB table all right so again I can get all of those things put together and then lastly for both Sam and CloudFormation we support yeah Mille or JSON so pick your flavor and you can do that so let's tie this back into what we can do with lambda now inside of lambda we have a concept called environment variables pretty straightforward for any place else you ever seen environment variables in this case these are represented from the underlying operating system on up and so you could just use the native calls inside of whatever language you're using to get environment variables from the underlying operating system so for example here we show in Python its OS dot and fire on and so what we can do with these is all sorts of things we can pass in key value pairs for feature flags for credentials for databases or api's we can pass in all sorts of configuration information we can optionally encrypt this if we want to and so we can use these to add again further dynamic in this to our code and keep us from doing things like hard coding in sensitive information you typically wouldn't want to do similarly with API gateway we have a concept called stage variables and so much kind of like lambda environment variables stage variables add this this extra bit of dynamic miss that can get passed down from a request to my back-end and then we can act on it and and respond differently depending on what has been configured for this so let's put these two things together plus some Sam capabilities so what I have here is an example of think of this as one contiguous code file so kind of goes from the top of column one all the way down to the top of column two and so inside of this I have a parameter defined called my environment it is of type string it defaults to testing and then I have allowed values so I can specify only what can be passed into this parameter execution time so testing staging and prod if you tried to pass it in banana it's gonna fail right it's lonely to take these three values I then have a mapping so the mapping again you can think of as kind of a conditional switch statement so for this I have a mapping called special feature one and then we see that under special feature one for testing staging and production I then have an attribute called status and status is either on or off and then if you go over the other column you see that I have a service function defined and a service API to find now in the function I pass in some environment variables I pass in one that literally just called environment and that uses again what's called an intrinsic function that exclamation R EF for reference and then it references my parameter called my environment below that you see something called special feature one essentially as an environment variable and now this Maps uses a sorry an intrinsic function called find and map which points to the mapping in this template and it's a little bit more complex it basically says I'm using the map special feature 1 and I'm going to key off of the reference to my environment and I'm looking for the attribute status so the way that this will work out when it all gets spelled out is that the parameter that I end that I add in for my environment from the template will get passed into my lambda function as that and so inside of my code I might want to do something different for testing or staging your prod and based on how I launched this stack of resources it will do that different thing as well for the special feature aspect in you know testing for in this case I have status set to on but in production I have status set to OFF and maybe what do I wanna enable is some debugging output or contexts in testing and staging but not in production or I'm testing an actual new feature in one of those and so I want to control it that way and so again in this case I'm assuming that my code is just going to look for that environment variable and that's I'm going to pass that in at execution time okay now you can go by this to do some other interesting things so with lambda we have a concept of versions pretty straightforward as you launch a new version of your code it's gonna correspond to an innumerable numr of alyou that increments automatically I could then assign what's called an alias to that version so we see here under my function I have eight versions that I have deployed three of them have aliases so I see version 3 as alias - currently - prod version 6 is alias - beta version 8 is alias to death now what I can do on the API gateway side is using stage variables say based on the stage variable aligned to the alias of the lambda function and so where I pass in for the stage variable of lambda alias prod it's gonna point to my prod lambda function and so on so pretty straightforward I can have different environments I can have the same configuration generally speaking when I deploy these resources and then based on these environment variables it will do different things now when I want to go ahead and make it so that version 6 is now gonna leave beta and be promoted to prod it's pretty easy I can take the alias for pride pointed at version 6 and all my traffic we'll just swap over and cut over to that well this could be problematic and so often what you want to do is actually test this functionality slowly you want to slowly roll out the change to your function so you know maybe cause an impact all your customers and so in lambda we have a capability called alias traffic shifting and much like the name sounds what allows me to do is shift a portion of my traffic over to a new version with the same alias so we see here I have now configured version 6 - how also have the alias of prod but I'm only going to say only sent 5% of traffic towards it now on my API gateway for the prod stage that has the stage variable of lambda Elias equals prod I don't to do anything I'm a PA waste is exactly the same and so API requests are going to come in and 5% of them are gonna go to this new version and now I can do this by hand I can run the command line tools and and bump this and move it up and do all of that or I could do this with Sam and so inside of Sam we have a couple of capabilities that make what we call inside of Sam safe deployments really really easy and it's basically just these couple of lines of code right here then I'm gonna go into so the first is that inside of Sam we have a capability that you can have for your functions called auto publish alias basically what this says is that every time that I deploy this function I'm going to assign the alias of whatever I'm going to assign it to in here now in the previous code snippet it's a little hard to see maybe here it's kind of the top line of the highlighted box but you see that I'm gonna assign Auto publish alias to whatever I've assigned this environment to so if it was staging or testing or prod that's gonna be the alias for my function just like we see aliases for aligned here so that basically enables safe deployments for me then I have a deployment preference and so in deployment preference here with Sam we have a couple of predefined preferences that you can have and you can think of these at the speed at which I'm going to attempt to deploy this function so we see here a concept of Canaries Canaries is a term that you know exists outside of lambda but basically I'm going to shift just a certain percentage of traffic for a period of time and then if everything is okay then I'm gonna shift the rest of my traffic if not then I'm gonna roll it back we also see here a linear preference so in this case linear preference is going to automatically increment the percentage of traffic over the window of time and so I'm complete or I roll it back and so we see here for example canary 10% five minutes that means run ten percent of the traffic four or five minutes everything's good ramp it up to 100 we see linear 10% every two minutes and so every two minutes it's going to increase the traffic by 10 percent until we get to 100% and so with this model I can deploy out new code shift it out to a small percentage of my customer base and will actually create specific logs and metrics for the version of your canary code so that you could go and compare them that doesn't sound like a lot of fun that sounds like a little bit of work to sit there and side by side watch those metrics and see how differently things are performing and if that's good or not so the second part of this is that it supports the ability for you to align with your function alarms and apologies some of the colors got a little messed up here in this slide but what I could do here is actually tie back this deployment to cloud watch alarms so I can have cloud watch alarms on things like errors or latency or other metrics that are important to me in this function and if for some way it trips that alarm so Lindsay gets too high it will automatically stop and roll back this deployment for me so we'll end the impact to my customers and so you can define up to ten different alarms today and you can create custom alarms with cloud watch that represent you know business logic metrics again it can be the built in metrics things like latency or error rate and stuff like that but this allows you to be able to automate this process of to play up my code test it if things are good go forward if the alarm triggers automatically roll it back and then I can deal with that going along with this then we see this concepts down here of hooks so you have a pre traffic hook and a post traffic hook much like those names sound they are things that are executed before traffic is put on this function or after it and so we can use these to say put a message in the slack that says hey doing a deployment to prod or updates a change management system or calls off to a monitoring service or calls off to another function to test this function and hit it with a number of requests and make sure that it works so there's a lot of different things that you can do here and again the end goal is to make deployments really safe for your end customers and for your code another capability we have here in Sam is a concept called Global's so what we see here in this document and again imagine this is a single document running kind of top to bottom across these two columns is that I have a shot at my document called Global's it has a subsection called functions and then inside of this are attributes that pertain to lambda functions so we see my run time when my code lives my memory size my time out etcetera we then see three other service functions that are defined here and it's pretty obvious what they don't have in their definitions is the stuff that's in the Global's so imagine I had an API and my API had 50 different lambda functions in it if I have Global's to find that's 50 less lines of code times however many things I have in Global's that I don't have to define per function now if you look here at the get birds function you'll see that it does have time-out specified and this is basically that inside of the actual resource you can override what's in a global but again right the way that works the Sam template is each of these function lines of code if it was raw CloudFormation is going to be 3 to 4x what you see here in sam and then Global's allow you to write even less sam so again we're greatly reducing the lines of code that we need to manage this and we're getting kind of the benefits of being able to standardize across an entire application some of these capabilities cool another thing we have in Sam so I mentioned earlier today about talking about security with lambda there's two main concepts what can my function do and who can invoke my function both of them really critical to get right and make sure you've got the right level of security in your function so we have this concept called policy templates and this impacts the policies for what your function can do so what can it talk to you inside of your infrastructure and so in this case I have a policy that is called sqs polar policy it takes in a single attribute which is a queue name and in this case I'm using the intrinsic function ref to reference the queue that you see at the very bottom of the slide and now this single kind of really two lines of code will actually correspond out to a complete I am policy that will be keyed directly to what it says here basically doing sqs polling and so you'll see here kind of a snippet of this code kind of right in the middle there is the I am policy that is really important for this so if those you who are not familiar I am or write down any exes and management need of us is pretty much the core policy rules rights grouping user capability inside of a ws across the board like an impact security across the entirety of the platform and so I per service that you're talking to depending on what you're trying to do there could be a lot of things to learn about this it's kind of its own language in a sense we see here that I'm giving this function via this policy basically six different rights specific to this one Q and so this greatly greatly simplifies this right two lines of code twenty lines of code two lines of code twenty lines of code so you can kind of get here the impact of this now we have close to I think fifty or so different predefined policies for you today these cover things like only be able to read and write from a single DynamoDB table or a single s3 bucket or only be able to read from this specific Kinesis stream and so you can kind of think of it so this link here which hopefully still works but if not you can get to it from the the documentation for Sam it's basically acts as a cheat sheet for I am if at all you're dealing with I am and you've got to figure out how to configure it these predefined templates are gonna make it a lot easier for you and then again in Sam you can reference it and behind the scenes we unpacked it for you cool so let's go a little bit beyond the template here so we've talked about various capabilities of the template these are some of the big ones there's some other little nuance things that you can do but you've you've crafted the most beautiful template in the world you've painted the Mona Lisa of Sam template files what do you do with it from there the second part of Sam that we have is something that's now called the Sam CLI when we first launched it it was called Sam local and much like the name hinted at back then and the idea for the Sam CLI is that we allow you to run debug build test lambda function locally on your laptop on your desktop on any place that you can run the CLI which runs on Linux Windows Mac it's just a Python application at the end of the day and so this can become basically your interface into the serverless application world and so you take your template file and your codebase and what Sam CLI can do is basically take those things bundle them into a docker container running locally on your workstation it can mock API gateway for you essentially give you an API interface that you can test against it can create a lambda API for you such as you can test your own code two interfaces with lambda or you can generate fake events from other services that would cause lambda to be fired up it gives you all those capabilities actually could do quite a lot of things so just a quick run-through of where we stand today and I'm going to show you it much less here in a moment but you can build application dependencies you can package and deploy you can do again local testing you could create new service applications you can tail logs from production you can validate your template files you can publish to the app repo so a lot of things that you can do here from Sam CLI and it's a toolkit that we're seeing being built into all sorts of other tools as well so pretty cool thing to get started with in a play with here now I mentioned application repository already before we saw that I launched magic 8-ball from it and again this is a place where sorry so service app repo in order to publish app two it has to have a Sam template so there's a requirement for using the app repository and it's part of the magic that helps make the app repository so simple to use when you want to launch applications and so again you need Sam in order to be able to use SAR today so let's let's take a demo here and get out of slides for a bit okay so in this case I'm going to come over to cloud nine so cloud nine is in a cloud hosted IDE that we have here at AWS let me actually just real quick try to make these colors a little bit better for those either in the room and so you know cloud nine can be kind of the full you got a full cloud-based ID let's see if I can just do that's sorry let's say here let's see if this makes it a little bit easier is that any easier for people to see if I make it a little bit bigger here in the room sort of okay we'll take we'll take sort of for today I guess so Clementine managed IT in the cloud interacts and it's tied into AWS in a number of different ways and this actually runs here in ec2 so you see that I'm on a terminal window in here for ec2 user now this is again a full-fledged IDE I come in here I can write a native code and do all sorts of things now inside of cloud nine we actually already have Sam installed and so I can come in here and just see that Sam is installed I've got version 10 of the CLI I can come in here and run help and see all of the various capabilities that we just saw on that previous slide now I it's assuming I'm in a completely blank environment which in this case I am I have nothing else going on inside of this environment here today I could actually go and create a new service application so I can run Sam in it and I'm just showing you here with the help structure I can run Sam in it and then pass in my run time I can run Sam in it and pass in a github URL an HTTP path all sorts of different things that are out there and so we have a lot of companies that are sharing service applications via this way now I'm just going to come in and create a really basic application in Python 2.7 so I'm running Sam in it - - runtime Python 2.7 and you might notice here right above that we've got runtime support for all of the managed runtimes we don't yet have support for the bring your own runtime okay so I ran Sam in it - just one time Python 2.7 it came over here on the left and the File Explorer and it created this directory structure called Sam map in here is a test directory a hello world directory I've got a readme file a template um oh and it get ignore the readme basically explains everything that's inside here and what I would need to do to test this function and so that's cool the template file is an actual Sam template and so I see here that I have a global section I have my resources I have outputs inside of here I have a single function definition so this function definition a has you know my handler is my runtime environment variables and then an API path for it I can come here into hello world and find my actual app code this is Python code it's got basically some comments about how it works behind the scenes and what gets passed into it and if I come all the way to the bottom here really what happens inside my handler is that it makes a call to a URL out on the internet which is check IP to Amazon AWS calm this is a tool you can use to pretty easily get your IP address from wherever you are so it's gonna call that get my IP address from my function where it's running and it's going to do much like in the first demonstration that I showed here today it's gonna spit out a response wrapped in JSON that says hello world and then my my IP address for location so now this application also has requirements for it so it has some dependencies that need to be installed in this case it just has the request dependencies the requests is a really popular Python library and is not currently installed here so if I read the readme what it would tell me is that what I need to do is install that dependency before I can go forward and so to do this I can just from the root of this application type in Sam build and so what Sam build is going to do is it's going to go and it's going to look at my Sam template my Sam template says oh my function code is in the hollow world directory it's going to go and look at how long the world directory and it's going to say okay this is a Python application so I'm looking to see if there's a requirement text file which defines Python dependencies and then if it is I'm going to deploy this I'm going to install those dependencies so I ran that and it created another directory here called aw Sam and inside that a build directory and inside that a HelloWorld function directory and then you can see here kind of on the left-hand side of this all of these other folders and those are all of the dependencies and sub dependencies of this function and so that's all that's all in there for me I didn't have to run the PIP command or deal with that myself so I can go into this directory and I have now in here again a template UML file it's been slightly updated and it tells me where my code is it's now in this build directory and we'll have some been done to execute it and all of that so I basically at this point have a ready to go application that could be tested with and so I know this is an API so let me go ahead and do Sam local start - API oops and I'll reference the template file okay it's kind of jumbled here but what's gonna happen behind the scenes is that Sam CLI is going to take my code fire it up in a docker container running lis local running locally inside of this environment and it makes it available here on localhost colon 3000 my running application so I can copy this go over to another terminal window and I can just curl this local interface so now that failed I knew it would because what I actually have to do here is go and look at my event and my path is /hello so you can come back here and I'm gonna curl /hello okay so what I got back here now is my function actually running so I got message hello world and I got location and I got the IP address that it shows this lambda function running behind if I come back to the first terminal window that I was in again apologies for some of the text here being just a little kind of hard to read in this but when I see down below here is the actual execution taking place and maybe it's worse if I highlight um so I see a a start to the request I see an end of the request I see your report this is all the same information that lambda would be giving me if I actually ran this in you know quote-unquote production lambda I see also the log of the request so it was basically just an API call to /al oh it was HTTP 1.1 because it's curl and I spit out you know a 200 response and so I could sit here and I could test this and I can do all sorts of different things to test and you know see what happens if I type in something invalid and it's just gonna say that it there's that's not gonna work I tell us we come back to my code say hello world's kind of basic let's change this again hello I slept loft come back here to my code test that and so oh I edited the wrong file I will say yeah it remembers it in the right directory take two that's better I can live edit my code and in this case I don't have to stop and start the local utility it's just editing the code that's running in the docker container for me and so all of that work now let's imagine that I was a really bad developer and I changed for example here status code 202 cats cats is not a valid spec status code for those you know HTTP and so mmm no data that's strange I can then go back over to the local window here and I can see up you know what global named cats is not defined so again kind of a silly error to make in Python now I can also come in here and actually the IDE is smart and it told me hey wait a sec oh there's something not right about this there's other things that I could do here I can actually use a debugger inside of cloud 9 to set breakpoints in my code and be able to test those with my service application as I am building it I could also come in here once my application is working and I can deploy from here I could also go and pull down any of my live lambda functions and be able to edit them and repost them again so we do all this from cloud 9 you Sam local for testing and in do all of that let me go ahead and change cats back to 200 valid status code save it cleans the error here I can go and test this great everything is working again I could then go from here and deploy this function so let me get into the right directory here so I can run the same package command which is basically gonna take this code and zip it all up and put it up in s3 for me it then goes and modifies my template file and it creates a package template file which is what I named it here which is actually gonna say that my code lives in this specific URI so it takes that zip file it puts it up into an s3 bucket for me which in this case is just called month - code and it has a hash as the object name and I can come back down here to my Sam window and I can do Sam deploy let me give this a unique name second here Sam hold aloft and so from here what it's going to do is it's actually going to say okay based on this template file based on the code that we have just saved and created go and deploy this into production in actual lambda now it's getting use the Sam template file in here now to deploy this func to configure all of the services resources that we have so again just coming back and looking at the the package version of this my timeout is sent two to three milliseconds the outputs are defined here it will show it happens from that my single resource which is my function and then my API definition and it should take just a couple moments for it to tell CloudFormation to create this resource and push this up [Music] cool so down at the bottom here it says successfully created / updated stack Sam hello loft what I can now do is go back to my console there's a couple ways that I can find out more about this I can go to the cloud formation console oops let me go in the right region here Virginia I see that I have a stack here called Sam hello loft cloves the sidebar I could find out all the various bits of information about this so it has the name I if I had enabled something called drift detection I could go into the events and see the events of all the actions that it took to create this stack I come to resources and this is gonna show me all of the individual service resources that were created so function permissions I am roles API gateway stuff etc I could see here the outputs so I mentioned before the outputs are basically thing that you define that represents what comes out of this function and so I can see right here that I actually have the the URI for my endpoint right here so I can grab that if I wanted to I see the parameters in this case there were no parameters that I passed in and then I can go view the template and so this is the same template again as it shows up here just about 20 to 30 or so lines of code and I could actually click on a view process template and this shows me the actual template if I had written it in CloudFormation and look again how far I'm scrolling through this this is easily two to three times as many lines of code had I actually written this any CloudFormation verse Sam so again here's the Sam pretty much fit all in a single window here's the rock cloud formation a whole lot more code a couple times over the amount of code there's another thing that we have if I go to the lambda console I can go and click on this tab this item on the left hand nav bar called applications and now one thing that we've done so we've been building out this new applications dashboard over the last couple months we keep adding stuff kind of periodically to it but if you launch a a function with Sam or with CloudFormation it will show up here and so if I click into this I get kind of a little bit more of a view into the resources of this servlet application so I see here that there are seven resources they're grouped by the major category types of lambda function an API gateway and this is the same information that I would see from cloud formation I can actually view the Sam template so what was it that was deployed as part of this I can come over here and see the deployment history so this was an application that I was iterating on I could continue to see all of the deployments that had ever happened and then I can see the monitoring and metrics information from this for both lambda an API gateway and any other resource that was defined in the Sam template so this can become kind of a single go to dashboard for information about this coming back to overview here under the API I know that have an API endpoint so let's up into tab I have to throw in slash hello and then again here's the text that we saw cool so what kind of happened here we started in started in in this case cloud nine but could have been any terminal window I had Sam CLI installed I needed a new function which created a base directory that had Sam template and some application code I used Sam builds to pull in my applications dependencies I then was able to locally test and iterate and debug my function I was able to throw fake API calls out at C the response see what broke when I broke it and then fix that again really quick rapid iteration cycle on that I was then able to package it up and deploy it up to in quotes the cloud all directly from that CLI now I did all of that just using the raw shell commands cloud nine actually has a fun little GUI that you can use to edit the Sam template and to do Sam local testing and stuff like that but I wanted to show you just in the CLI because I could have done that in the OS X terminal you could have done it from a a Windows shell or from ec2 instance and Linux or anywhere else that you wanted to so Sam CLI really powerful tool great play to get started and again a lot of learning value there now behind the scenes for Sam the thing that takes those we saw was 30 or so lines of Sam template and turn it into about 80 lines of CloudFormation is this thing that's called the Sam translator the Sam translator is that transform construct that basically maps out the special resources that we have things like Global's policy templates the safe deployments capabilities and turns that into the raw underlying capabilities behind the scenes now back in the spring of 2018 we actually rewrote this from the way that it was originally written it's now in Python it's open sourced you can go and you can pull at it you can look what happens you can read about it you can also contribute and so we've had some really awesome contributions from the community a couple of these have have gone live have been really valuable the one that's kind of on the your left-hand side number four for seven inline code for Sam templates really pretty cool you can have a document that represents all the aspects of your function and your function code and just rip that and deploy that and not have to have anything more complicated all sorts of stuff that you can do with that there and so this is open source the CLI is also open source so back when we announced Ruby support a different developer inside of AWS actually put the Ruby support into the Sam CLI before the Sam team had the chance to do it so they were so excited about Ruby they put that in put in a PR team merged it awesome so seeing lots of interesting stuff happened here in in this space and we continue to see more and more capabilities come into this and so you can check this out you can make issues you can ask for feature requests all this stuff in github for the Sam CLI now to talk a little bit here again we've seen the application repository and we saw the magic 8-ball app that came out of it again what you can do with the app repository is you can share both publicly and privately inside of an organization entire service applications so I could have taken this this hello world application that we just created and tested locally and published it up to the app repo and you could have gone and and pull that down and done whatever you wanted to with it yourself that we announced at reinvent again just kind of the end of November is this concept called nested applications and so the concept of nesting is that you can basically again relate different entire service applications to each other and I think one of the the best examples that we have for this is the lead product manager for API gateway whose name is Dougal he was getting your request for a really basic authorization mechanism for API gateway and he said okay and we'll talk about this a little just afternoon yeah API gateway supports a concept called custom authorizers with lambda basically you can use a lambda function to do authorization for your API the people were looking for basic HTTP authentication which is a really basic kind of old-school way of doing user name/password inside of web apps it's not something typically encouraged these days but people are asking for it and he was trying to make an example of how easy it is and so he wrote the code published in github and then made a service a pre-poo application and so anybody can now go and find the template for this it uses dynamodb to store user name and password and you can just go and deploy this and so you can deploy this author this authorization mechanism tie it in to your api gateways and glue it all together now one thing that we did for the launch blog for this was show how you can have a Sam template that just references this app and basically save for all of your AP is include this authorizer and then that's not something that you have to write so where we see a lot of organizations do is let's say that you have a user management service already and you want to integrate that with a service application you could create a lambda function that talks to your user system and then tell everyone the organization this is the authorizer that you use if you want to build a surplus application and you just saved everyone your organization from ever having to write that code and so again you can really quickly and easily relate these two things together and that is kind of the power of nested applications and so you could build really really complex surplice architectures using all sorts of different applications together nested applications can refer to other nested applications so you can get kind of interesting bits and pieces there in this case I've already kind of demoed this before so you can read all about Sam again we talked about the templating structure today greatly reduces the amount of work that you need to do to build to provision and manage these resources in AWS we saw again that kind of one to five mapping of lines of Sam two lines of CloudFormation you got capabilities like safe deployments and Global's and policy templates all of the capabilities there in CloudFormation and for parameters and mappings let me saw the CLI being able to go from kind of zero to full application running in a cloud where we tested it we debugged it all that locally before we deployed it up you can find out all the information about Sam the open source repos documentation everything else at AWS to amazon.com slash service slash Sam again Sam is our the the squirrel that you see here that is Sam so Sam the squirrel is our mascot think of it like the docker will and the Go gopher this is our version of that we're happy today for those of you here at the laughs we've got all sorts of fun stickers that we're gonna put out on a table in the hallway here and so so make sure you grab some some Sam for your laptop I've got a little Sam guy here on my laptop as well but again you can find out a lot more about Sam Terms of Service stuff as I mentioned earlier today you go to aws.amazon.com slash server lists and find information and links to all sorts of different types of content getting up there and that kind of white middle header bar you got links to the service app repo - developer tools like Sam - resource pages and everything else that you might need if you're leaving us and not sticking around for the rest of the day and my name is Chris Mons I'm a principal developer advocate for service here at AWS based out of New York City if you find me at Munson amazon.com or AK responds on Twitter happy to take questions there follows you here at the loft we're breaking for lunch for the next hour for those of you who are live here on Twitch I think we're switching to some other fun stuff here for a little bit but we're gonna be here later today and hope you can join us thank you again for coming today and again if you can stick around for the afternoon we've got a lot more fun stuff to talk about layers of runtime api deep dive into AP a gateway step functions so we're still kind of in the early part of our day here but thank you again for coming [Applause]
Info
Channel: Amazon Web Services
Views: 39,706
Rating: undefined out of 5
Keywords: AWS, Amazon Web Services, Cloud, cloud computing, AWS Cloud
Id: CIdUU6rNdk4
Channel Id: undefined
Length: 52min 17sec (3137 seconds)
Published: Fri Feb 01 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.