 Hey, thank you everyone for coming here today for the making headless Drupal serverless session My name is wassant Kumar Rajan. I'm a program manager with Cloud front team and along with me is Woodrow add-in turn. He's a AWS product manager and Join with him is Pratik. Yeah, though. He is a software development engineer with Lambda Edge team. He used to be at Cloud from first. Now. He's with Lambda Edge Let's give it a few more minutes for people to trickle in In this session, I'll talk I'll talk you through, you know, one of our media company challenges that we've recently, you know had interactions with and During that phase. I'll also talk about how headless Drupal actually helped us solve that problem and Go into going into that then Woodrow would go ahead and explain about hey, what's Amazon cloud front? What does it do as as a CDN? What does it do for the end users and then also touch base with serverless compute and what serverless computers all about and Lambda and Lambda Edge, what does serverless compute at the Edge means for end users? Combining all these three Woodrow, excuse me Combining all this three Pratik is going to go put together has put together this live demo and show you Hey, this is how we solve this customer challenge and believe it or not. It's just done. It was just done in two days It's a simplistic approach just shows you hey, these are the challenges. This is what we, you know Took to resolve there are a few other pending things which would be completed as a part of the whole solution as such This is just to show that how much you could do within two days as a proof of concept for this media company solution So I just want to walk you through this journey as a developer for this media company It's a huge multinational media company and the company uses Drupal as its core architecture because Drupal in itself, you know out of the box gives easy authoring and then it does multi-lingual ready and Recently its web services built in as well So now as a software developer, you know, you're faced with this a conundrum or challenge as such Hey, how am I going to do this highly scalable secure and flexible website? While doing that also take care of like, you know, various other stakeholders Problems that they're put forward like hey, it needs to be secure. It needs to be scalable It needs to be a performance oriented personalized flexible and financially sound as well If you see here in this case the one thing that we have commonly heard from, you know, the media company Website is that they want to value they want to maintain this high brand value along with that They want to figure out how to make, you know conversions and conversions later into actual content making money So let's go touch base with security, you know security is a top priority Irrespective of the size of the company big or large big or small and How does security come into play when it comes to how to provide secure connection? How to authorize the users? How to, you know make sure that you're not DDoS by anybody and SSO certifications and You know web application firewalls Then comes scalability, you know for a media company The most important thing is that you have this standard phase of you know, you know, it's it's pretty predictable that during the day It's going to be high Availability and during the night. It's not as much as us as how it is But all of a sudden we have this viral content going so popular like it's in Media it's in social media. So people start You know reaching out to the website and all of a sudden boom your your requests are like thousand Concurrents thousands of concurrent Request per second. So how are you going to scale with that kind of a traffic and scale back as soon as the The the media is not anymore as important as how it was. So how are you going to you know, make sure that the infrastructure scales with that? There comes then the performance like hey, how am I going to make sure that? The viewers are instantly getting the responses like today It's a pretty normal thing to expect for milliseconds response the moment It you know goes to a certain threshold people are not waiting there anymore they are moving on to the next media company giving the content and Comes with that is personalization. How am I going to you know reach to the specific reader that I have How am I going to make sure that hey during Super Bowl season? I want to make sure that if I'm a Redskins fan and not that you are many here if I'm a Redskins fan How how am I going to make sure that I get you know everything related to Redskins and whatnot and similarly How about politics during a political season? You want to make sure that the person is getting a sense good sense of real good news of political politics Flexibility you know great content management also means that you have this all of a sudden teams which are Which are pretty much tight coupled with what the team is going to give you you have the team limitations Along with the data structure as such so how am I going to break free from that? Then financial I mean the most important thing for our media companies that They want to make sure that they continue doing the The high journalism good journalism that they're doing today as well as making sure that They are able to convert as I said to you earlier convert the visits into actual money and These challenges are you know real and they are just not only unique to this media company You could pretty much put this into an enterprise Web solution as well. Everybody wants the stakeholders to be happy. You want to make sure that the Users using it are using it and it's also useful for them Now if you see typical monolithic architecture as such You have a user hitting a load balancer and then the load balancer for that then you know Diverts the traffic to one of the other node depending upon your configuration Then the node goes ahead and checks for cash and persistence from a layer then in a storage for you know your JS HTML CSS your assets and then a database to store your you know Activities like membership level has a member paid not paid is a do what not and all of this if you see are Having functions which are like hey authentication function Authorization function and then content management and processing Hey, how am I going to make sure that when I upload a specific image it not only fits for this particular screen devices What about the other ones? What about the bigger size screens? What about the small size screens? All of these modules are in this you know It's going on and on repeated again in each of these nodes And thereby if you see localization and personalization as a function as well If you see all of them they are together You know stacked and baked together in one single code repository that means you have this code repeated again and again and again and all of a sudden you want to change your provider you just realize that damn it I have you know these modules that I need to go and change them and It just not only is slowing the developers down. It's also prone to a lot of error and You know, that's where we see a trend towards you know headless Drupal Headless Drupal is where like you know in a traditional Drupal You have both the back end and the front end managed both by Drupal engines both the content Management engine and the content rendering engine and if you go headless, here's what you see You know the content writers and managers are still able to use their same old trusted content management screens that they're used to and Provided and it provides to all these UI and UX designers a new freedom Like all of a sudden you get this you get the great content available to you and you've got this freedom to move Your elements up and down, you know, and not only just as restricting to a specific theme as such So front end is stripped away entirely and are taken care by the UX UI export themselves so Headless Drupal out of the box helps solve a lot of these problems if you see the design flexibility You know sometimes close coupling is good, but sometimes it is not that good That's where a headless Drupal helps you to a break part of our break part from You know tight coupling as such Performance so let's say that if you really wanted to have a site where it would just churn out static content You could still do that with headless Drupal, you know generate that template that out and then publish those static HTML to You know CDNs that you want to Then multi endpoint. Hey, what happens like you have these varied visitors one using iPad one using, you know Android mobile phone and all of a sudden you have this gigantic, you know reception Desk where it shows this huge 4k monitor So you take care of all this and the UI UX export just need to agree upon Hey, the mobile developer accepts upon a specific JSON and so as the UI developer for the desktop as well Many of the benefits that I told you are relative to the Drupal instance that you have We've just specifically spoken about traditional Drupal installations. Okay Now with added this, you know Flexibility you all of a sudden have some constraints as well like let's not forget the constraints as well And like all of a sudden you are worrying like hey, how do I manage security? How do I manage the granular access level that each user were used to? How are going to make sure that whenever you publish a content? It looks a specific way that it was intended to because you don't have Drupal anymore controlling that Team anymore and who is responsible for reviewing it. So all these challenges pose Which are pretty valid ones and that's where you know Woodrow would come here and and try to answer them with you know The Amazon Cloud front and lambda and lambda edge woodrow Thank you. My name is Woodrow. I'm a product manager with Cloud front Thank you for stopping by for a session today and also for many of you at our booth as well It's a pleasure to meet many of you So our session today focusing on making that headless Drupal serverless We obviously want to talk about serverless and what it means to go serverless And what are some of the benefits you get when you go serverless away from a traditional architecture? Most importantly, we want to talk about how we can enable you to achieve that serverless architecture by using AWS services Such as Amazon Cloud front and lambda at edge So there are so many different ways that you can go serverless There's different aspects of what serverless means But today we're going to specifically talk about serverless compute and when we're talking about serverless compute We'll be talking later on about a service called adbs lambda But there are four main concepts that I want to set as a baseline for what it means to be serverless And what are some of those benefits in summary? So first and foremost is no server management What this means is that as a serverless architecture such as serverless compute It doesn't require you to provision scale or manage any servers And what that gives you is agility and the flexibility to build applications and websites that you can think of and that you'd like to test with greater speed Having this automatically Managed for you allows you and your developer team to focus on what are more value-added activities for your company such as again focusing on that next iteration of your core product and Being able to reclaim again your time and your energy to build again that next best iteration Due development workloads and test workloads as well So again as I mentioned the summary you know point here is that you have more agility by being able to go serverless and spin up Resources as you need it and have those managed on the back end by AWS and Again allow you to be more responsive to the demands that you're seeing within the market When we're looking at serverless We also point to built-in availability and fault tolerance and that serverless web applications have this built-in and fault tolerant Aspects by default Meaning that you don't have to be an expert in terms of architecting this into your own stack However, it might be and AWS will also make sure that these Resources and these stacks are replicated across multiple regions and availability zones as well Now with that we also talk about the scaling aspect of serverless architecture and that again As Vasanth had mentioned this will automatically scale to meet your needs However, the big they might be in the event of a traffic spike or reduce back down to a regular steady state That's more expected in line with you See on a daily basis Now all of this really helps drive it to be a very cost-effective solution as well The main thing here is that you're never paying for unused capacity There's never a worry about did I over provision too many Servers or data centers to run that test and then never saw the workload to actually meet You know the demands and so your utilization on a serverless architectures can be Essentially 100% and that again you're only using it resources as you consume it as you go So again, we're going to talk more into what is the AWS serverless compute, which is AWS Lambda so Talking about AWS Lambda as the serverless compute offering What it does it allows you to run code without provisioning those managed or managing those servers and again only paying for the compute time as It's consumed So if you talk about how this works the first thing you do is you identify a trigger or a hook for which an action is going To be initiated and this can come in many different forms But again, you have the flexibility to identify what that hook or that action is going to be but this can be such as a change in a data state a Request to an endpoint or a change in a resource state as well Now once you have identified where that hook is going to be and what you're going to action upon You're also going to write your code to execute upon when that specific event is triggered And so here the functions that you write is just plain old-fashioned code that you're used to today And you're going to upload this into the AWS management console on the Lambda service console And now your code and your function is going to sit idle until the event is triggered and when that event happens That's when AWS will kick in and start scaling Instantly to fulfill the requests and you know provision the resources that are just right to execute that function Now this is an amazingly powerful Service that I can really alter the way that your AWS stack responds to customer events in a very customized and personalized manner But we've always looked at how do we take that Lambda functionality and move it to the edge Essentially moving it closer to your end viewers around the world to again customize the response So it's fast and secure and highly personalized as well And this is where through the culmination of you know, some several years of work the Lambda function ality and the cloud front which is Amazon web services content delivery network came together and created a new service Called Lambda at Edge. This became generally became generally available to the public in July of last year and So we're really going to get into how Lambda at Edge Works and applies to a headless Drupal type architecture But before we get into Lambda at Edge We need to set a baseline for what is Amazon cloud front because that is where the Lambda at Edge functions will occur again using the cloud front infrastructure So we look at Amazon cloud front Amazon cloud front is AWS's global content delivery network At this core a content delivery network or also known as a CDN is a geographically distributed group of servers Which are working together to provide fast delivery of internet content And so whether you know it or not every one of us on a daily basis is interacting with CDNs around the world whether you're reading news articles from your favorite news outlet or shopping online watching YouTube videos or Browsing through social media fee Feeds you're all usually interacting through some type of intermediary service Which again is that content delivery network accelerating that connection for you around the world Now cloud front as a CDN is highly integrated within the AWS ecosystem and this comes from two main points The first being physically integrated with the AWS backbone, which is AWS's private network To really accelerate the data transfer between all of our services or also to your origins And then we're also integrated seamlessly from a software perspective as well with other AWS services So now you can start to tailor custom solutions and bring things together in a very highly integrated Environment and have it all packaged within you know the AWS Service as a whole So cloud front began in 2008 with 14 edge locations around the world and over the past 10 years We've grown to 114 edge locations Which are spread across 56 cities in 24 countries around the world in the past year We added 39 edge locations and the best thing about the service in terms of its growth is that it will continue to add More and more edge locations around the world and so geographic expansion is still something that is going on today When we look at the architecture that you see here There's really two types that I'll mention here the first being the edge location, which are the purple and blue dots These are providing the first line of caching or storage for your hottest the most requested content The second type of architecture is the regional edge cache and these serve as another caching layer that sits in between The edge location and your origin so it's another mid-tier caching layer What this does is it allows us to increase your overall cache hit ratio? So that again, we can respond we can respond to viewer requests with the content They're asking for and thus reducing the overall workload on your origins in the back end And so we're going to take a look at how this works in a typical AWS architecture So if we're looking at something as a simple application architecture a simple, you know website There are gonna be three main elements that we refer to as you know the compute the data store and some type of storage Compute could be something like an EC2 instance. It could be a container or a lambda function The data store could be a relational database like RDS or a non relational database as well such as Dynamo DB Either way, this is where you're going to store and track your user information That's accessing your applications or your websites and then storage could be something like an S3 bucket The Amazon simple storage service where you're going to host a lot of that static asset such as you know images or CSS or Javascript Now in our example here, let's say you take that simplified architecture. You have it deployed to a single origin in US East 1 What this means is that customers around the world are going to be requesting content And they're going to be routed across the public internet before they're able to retrieve the content that's been requested So what this means is that depending on their viewer location this could result in latency or delays that vary widely So those that might be closer to your origin might have an okay or a decent latency connection But viewers around the world may not have that same performance and it can have a big negative effect on your viewers experience with your content Or your website as a whole this can also result in potentially a higher likelihood of losing those viewer connections and Lost connections could result in customers going to other Sites or sources for the content that they're seeking What this also means is that you have no other outer layer protection in terms of another Security measure where all viewer requests and potential DDoS attacks are all going direct to your origin and could potentially take that down as a whole But what happens if you add an Amazon cloud front Amazon cloud front when you add that into your architecture can be an essential part of your cloud infrastructure for creating the highly Accelerated and secure web applications and websites And what this does is it allows you to move an important part of that simplified architecture closer to your viewers So if we take a look at just an example a subset of six of those edge locations among the 114 that we have What we can now do is move that storage Component to the edge and it allows customers around the world to access cashed content that is localed within their region or Within the regional edge cash that that edge location ties to either way It allows us to provide that content closer to viewers instead of backhauling all the way around the world to retrieve that content from the origin itself But cloud front is much more than just simplified bite delivery There's many more benefits that are provides we talked about that global reach with the edge locations around the world But it also again can really be an essential cloud infrastructure component in building highly secure and highly available websites and applications There's also a lot that cloud front can do to help increase the security posture of your infrastructure. It has a lot of inherently built in Security features and integrations with other AWS services. We'll touch on that a little bit more in a minute But also we talk about programmability and this is really we're going to dive into the second half of the presentation We're going to talk about how lambda at edge Transforms cloud from from being a traditional content delivery network to something that is a programmable content delivery network We're now you as a Dell developer have a whole new tool set available to you to make Customized or highly personalized responses to viewers around the world Like any other AWS service cloud front is scalable and that again, it will automatically absorb the requests that come to it and serve up the content as requested and Again, we'll scale up or scale down to meet your needs as they come in dynamically The great thing about Cloud front that I love so much is the breadth of type of customers we serve We serve individual developers, you know running their own personalized websites up to some of the largest enterprises that you were all familiar with today such as Major League Baseball or Samsung. So we have a wide breadth of customers that are all utilizing Cloud front because again, it's a highly scalable. It can go as little or as big as needed It's also cost effective from the standpoint that pricing is simple you're only going to pay for the bandwidth and the request that you actually use and There's going to be no minimum monthly platform fees for utilizing the service an added benefit is that if you're using a Origin within AWS such as EC2 or S3 the data transfer coming out of those services to cloud front is free of charge That there's nothing going to be charged as the information is transferred to cloud front the only thing again, you'd pay for is the request and the data transfer coming out of cloud front and there's also The AWS free tier usage to get started with cloud front for free Now I'm going to touch briefly on the performance and Security on the performance side many developers are familiar with content delivery Delivery networks being good at accelerating static content. This is going to be content like the images and the static Assets such as the CSS and the JavaScript But cloud front again can do more by helping accelerate dynamic content That is not either non-cashable or has short time to for lives Cloud front does this in a number of different ways as we mentioned we talked about that AWS backbone infrastructure being able to accelerate data transfer around the world, but also with that localized Data center you can now do TCP handshakes that are done closer to the end viewer again creating lower latency connections and more reliable connections as well Cloud front also maintains persistent connections going to our regional edge caches as well as to origins again, thus reducing the overhead and repeatedly establishing new connections to your origin and As I mentioned with scalability during any kind of traffic spike cloud front can collapse simultaneous requests for cash misses into a single request going to your origin again reducing unnecessary load to your origin But these are just a few examples of many more things that cloud front does to accelerate the performance of your web applications and your websites From a security standpoint, we can also improve the security posture of cloud infrastructure Again, there's many inherently and natively built-in security features that allow you to do things like access control or encryption either in motion Or at rest and allow you to also customize a lot of these things in the AWS console management or through API calls as well again, we're always looking at The regulatory environment as well because we know many of our customers are subject to different standards and we again seek to make sure that cloud front is always at the forefront of that making sure that we meet compliance and Exceed that and again help our developers and customers meet those standards that they need to address And then as I mentioned the integration with the AWS Ecosystem provides a lot of benefits here such as the AWS certificate manager, which will automatically manage your SSL certificates or AWS shield which is from a standard service It's automatically integrated for all cloud front users and so you natively already have a layer of DDoS or anti DDoS protection as well So when we talk about some of those challenges again that the cloud front Service solves for some of these media companies and other customers around the world is that again It can really help with that security and the performance and scalability of applications around the world But we want to talk about lambda at edge as well And again when we talk about lambda we talked about how do we take this to the edge? So just as a quick recap on what lambda was it's an event-driven model where you identify those trigger points and those Trigger points will activate code When requested and AWS will scale to meet that workload as needed So with lambda at edge what you do is you're going to write your code once in US East 1 and then cloud front will automatically And transparently replicate that code around the world And so now what we've essentially done with lambda at edge is we've now moved not only the storage Component of the architecture to the edge with cloud front, but now we've moved the serverless compute functionality to the edge as well So with lambda at edge you're going to get all the same benefits of lambda serverless compute functionality and What that again means is that you can now program cloud front to respond in ways that were not possible before And I'm going to get into the trigger points of where that happens in the cloud front events But I'm not going to get into specific use cases as I'll let critique going to that in more detail But in short with that compute and that programmability you now have the flexibility to run code closer to your viewers Using cloud front's global network again as you package these together You're now able to provide connections that are faster more secure and highly personalized for your viewers around the world the four events that I Mentioned or the events that I mentioned where cloud front can initiate the lambda at edge functions Happen in four different areas and that can happen on viewer requests for all requests coming in it can happen on origin Request where there's a cache miss and it needs to go back to the origin Then it also can be initiated upon an origin response back to cloud front And then it can also be initiated on all responses going back to viewers whether it was again based on a cache hit or a cache miss When we look at what these can do We now kind of look at it from a standpoint if you're now moving away from what was a traditional kind of monolithic You know type architecture to something that is now based on serverless micro services So that now is a request come back in you can have different lambda functions that are dedicated specifically for different services So now you can just do a specific service dedicated for authorization and authentication or you can do something that's just gonna be purely based on image manipulation or Something that's going to localize and personalize the content for that viewer as it comes in and again This can all be based on different types of origins whether it's in AWS or not or as we're talking about today a headless Drupal site But flexibility can come in so many different ways And that's really what lambda edge provides is the additional flexibility So we talked about headless Drupal providing flexibility and lambda edge now adding on a whole another layer of flexibility Not possible on its own Really what is great about this is we provide a tool set for our developers to imagine up new different ways That they can incorporate that into their own architecture for their own specific use case Now before I turn the time over to critique I just wanted to recap the journey so far as we again started off with the media company challenges that we had talked about The challenges included things like the security the scalability and performance and flexibility And now as we look at the anatomy of what makes up a media company's website We can now start to see how a headless Drupal a cloud front Distribution or lamb dead edge serverless compute functions can now start to provide the solutions for each of these challenges that we face today First you're going to have headless Drupal. That's going to be providing that core content And that's where again you can start to utilize that content in different ways depending on your viewers You're going to have cloud front here helping out with that both the static and the dynamic content but also increasing the security features of your infrastructure as well And then lastly you're going to have lamb dead edge coming in and being able to provide that Compute functionality for customized viewer experiences I'm now going to turn the time over to critique to dive deeper into use cases for lamb dead edge and headless Drupal and also go through a live demonstration on how these three things are integrated and how we did it and We'll share with you now. Thank you Thanks for true So before we jump into the details of lambda at the edge, let's Look at a simple a demo we put together In two days just to show you Give you a glimpse of what's possible with lambda at the edge, so All right, so I have the simple website which is as you can see running behind cloud front And I am displaying some articles here which are tagged as these three different categories This is a landing page of my dummy website All these articles are actually Being managed in headless Drupal all the content But apart from that, whatever else you see here There are no servers behind it. It's all serverless running with lambda at the edge Also on the top left. I am displaying this hello string I'll show you I have also I also have created three dummy users Let me actually Try to do a login. So I've created a dummy user as myself and I am interested in different set of articles. So this is how my landing page looks like So as you can see now I am being also displayed edge articles because I'm interested in that category as well And as you can see on the top left, I am being greeted by hello In my preferred language, which is Hindi Ideally I could have also translated all the articles To my language as well, but just for the simplicity for this demo. I'm just doing this But everything that I showed just now happened Inside lambda and I don't have any servers running anywhere and it's happening closer to me So probably this is running in Ohio where we have I think the closest data center Let me also try to log in as my friend Woodrow Who has different set of interests? And as you can see his landing page is personalized for him, whatever he's interested in and his preferred language is Anybody Portuguese? Yeah All right, so I'll go dive deep into how I have set these things up But before that, let me jump on to the slides and to show you guys Give you a more detailed dive deep into lambda the edge and then we'll come back and See how I have set up these things. All right So there were there were three things I was doing in that demo first was using lambda the edge First was authorization. I Was trying to authorize all these viewers who are trying to log in and trying to serve them And trying to validate whether they are Authorize users or not other thing I was doing inside my lambda the edge functions was content aggregation So I was switching content from Rupal on the fly for each of these requests and based on what the user is interested in I was trying to display a different content that processing is also being done in lambda the edge and the third thing I was doing in there was personalization Which was translating these strings into the language which the user is interested in and again those conversions were happening on the fly in line with all the requests So Let's dive deep into lambda the edge so we come back to this diagram again because This is where it explains you a nice detail Where we have these all four events which get triggered within cloud front So let's take a look what happens at an edge location when cloud front receives a request, right? So cloud front cache is a big blob in this picture But in general it's much more evolved and complex cache But for our purpose we can treat it as a giant blob So when a request arrives at a closest edge location in cloud front Cloud front tries to look set up in the cache if it's not in the cache It's a cache miss and cloud front goes to the back end to fetch your content cloud front knows which back end to go to because When you configure cloud front you tell which you point it to your back end and when It gets the response back from your back end if it's cacheable it caches it and serves serves it to the viewer Now what we have done with lambda at the edges? We have introduced these four points where you can actually intercept these requests and customize or manipulate them as you like So at these points you can attach a function Where wherein you can run any code you want and these events would be triggered automatically Every time a request for hits cloud front. So we have four events in here. The first one is we are request event These events happen when your viewer Requests hit cloud front and this will happen for each and every of request which Hits the cloud front from your viewers Then we have origin request events. These events only happen for cache misses misses and These events would be triggered when cloud front is trying to fetch content from your back end And again, you can inside those functions you can actually manipulate these change these requests which cloud front is making to your back end and Do whatever you want to like with them Then we have origin response events which will get triggered when cloud front receives Response from your back end and then we are response events when cloud front tries to serve content from the cache So lambda the edge provides you this generic compute platform, which is serverless and Which is running globally all the functions are replicated globally. You just write them once and upload it to Lambda the edge It takes care of replicating these functions globally and running them closer to your viewers Let's quickly glance over some of the properties of your request event because it will help us Understand better and we'll come back and look at the setup of that demo So These are some of the properties of these events. They are executed on every request from your viewers This and you can modify cache key in here, for example, the request URL cookies header is query sting and As a result of this you could potentially serve different objects from the cache based on the request So this is what lets you achieve that you can perform stateless authentication and authorization in these events This is the right place to do it because it happens for every request. So You can do network calls in these functions and you can not only reach out to an AWS service But any endpoint over the network And what this lets you do it? You can talk to other services You can talk to a DB and like fetch more details about this viewer or user And this is one of my favorite features. You can generate entire responses in cloud front in you need not have a running back end as well you can sort of Create all these customized responses on the fly for your viewers from your code You use them for example, you can use them for generating your viewers from HDDB to HDDBS So you can craft a custom response. So if this user is using HDDB, I'll generate a three or two redirect and Send him to HDDBS version You can deny access to illegitimate users here by inspecting whatever authorization cookies and Redirect them maybe to a landing page, which is a default login page or something or whatever Let's look at one of the specific Use cases which we can achieve using lambda at the edge and which is what I'm doing in my demo as well So one of the requirements of media companies is to do authorization, right? For instance when they have to implement some sort of paywall They have to do some sort of authorization Whether the viewer is allowed to view the paid content or not As was and said in monolithic applications everything is baked into a single application But with the advent of microservices you can potentially offload some of these things to the edge itself Let's define authorization right we can say it's a way of specifying access rights to your resources at your back end But why would you want to do at the edge, right? There are multiple benefits first is latency Because CloudFront is running these functions closer to your end viewers You are reducing response time to your viewers Second is load on your origin by offloading some of these Potentially heavy crypto operations You are reducing some load on your origin as well and last is a security Because you can filter out some of these illegitimate or unwanted requests right at the edge itself They'll never even reach your infrastructure These are some of the benefits of doing authorization at the edge and here is one way of setting it up, right? Let's say you have a leak You have a viewer who's trying to view your content and he queries CloudFront distribution I can have a viewer request function and from inside that function Let's say you already have some kind of entitlement service legacy entitlement service, which is running which you already use and you do not want to You want to still keep using it you can just make a street request that entitlement service from your function Which is running at the edge and it'll tell you the access decision and Based on if there's okay or not you can go to your back end or generate a custom paywall message or four or three at the edge itself I Can also do it in other way statelessly By using JSON web tokens for example JSON web tokens are a self-contained way for securely sharing information between parties you can Encrypt them you can sign them and you can embed any information in there So if you want to do it statelessly this time your function itself now You don't want to don't have to talk to any entitlement service. Your function has access to the public key It can itself validate the token and do the authorization and depending on the result it can Go out to your back end or generate a three four or three or three or two So Let's also look at a sample JSON web token This is the actual token payload which I'm using as part of my demo That's why I just put it here. Sorry. So as you can see I have this scope where I'm embedding this information that This user wasn't is interested in these articles Compute an edge and split languages Japanese This is the information. I'm storing in tokens and based on this information statelessly I'm trying to fetch content from Drupal and personalize the final response Let's also look at some of the properties of Origin request events So these events are executed on cashmas As you said earlier, you can also make network calls here You can dynamically select origins based on request in these functions and what that lets you achieve is There are multiple use cases which open up Because of this feature. We'll talk about this feature in more detail later But you can read you can also rewrite URLs so you can purify your URLs for your viewer You can generate responses again in these events as well But this time they'll be cash because these events happen behind the cash So whatever content you generate in these events would eventually get cashed in cloud front and your subsequent Viewer requests would just serve it from the cash and your functions will not be invoked and let's look at look at a specific example of content aggregation Sorry origin request events. I call it content aggregation and this is what exactly I'm using in my demo I have my users coming in which have their preference of what information they want to see and I'm going out to headless Drupal to fetch all the content with the tags and filtering the stuff Which my users are not interested in and generating a entire response page inside the function itself so I call this as a personalization feature, right? Because you are personalizing this content Which is very unique to the viewer who is trying to view your page and This personalization usually involves two things first is identifying who the user is and second is some information about this user in which you are interested this information can be specific to this user like His interest or his what the content he has paid for and it can also be specific to a group of users like The geographical location of your users or the device type they are using and based on all these information pieces You might want to build a very customized response for your viewers So as I said, this is what exactly I'm doing in my demo as well I'm actually validating and parsing the token. I'm receiving in the request fetching the Tags this viewer is interested in and based on that I'm sending aggregated response to the client You can also do a full attempt body generation in these functions You can generate full HTML responses by making use of templates for example, I can have static templates which I store in s3 bucket and I can have my actual data in some sort of DB and query them both from my origin request lambda function Combine them together generate a render template and cash it in cloud front. I Have just put this example here for the sake of completeness one example can be using moustache templates moustache can be used for HTML config files and Anything it works by expanding tags in a template Using values provided in the in a json object So I can have a moustache template and combine with the json from Dynamo DB or MongoDB and generate the full page I Also put a code snippet in here for this specific example just to show you guys this is All the code which you need for generating these templates So I'm just querying s3 and Dynamo here s3 has my templates Dynamo has the actual data And I'm just using moustache to directly generate a 200 and give it back to cloud front. That's all I'm doing here So this is an entire function which actually Run you can run at the edge So let's go back to our demo again and try to see how I set up things Behind the scenes so So I have this I have this Drupal instance running in my EC2 As you can see I'm on the content page and all I have these articles Which I was trying to display on my page And if I go to the views tab on my Drupal I have created this rest API which exports all the articles in json and If I go to this This is the whole json which I'm actually fetching and if I look at in the pretty Printer so as you can see here I have these title and body of the actual content and I have these field tags Which tells me which category they belong to and this is all I have in my Drupal And I'm fetching this every time when a request makes a viewer makes a request and based on these tags I am crafting a different response Now let's go back to The function itself Where all the stuff is happening so I'm in my I'm logged into my AWS console. This is the lambda console This is the actual function. I'm using as you can see This is the entry point for my function So whenever event happens in cloud friend this this method gets called as you can see I have three parameters event is The parameter which has all the details about this specific request This is how I fetch the request from this event It has all the properties like what all headers this request had the URL cookies everything Then you have this context, which is something which is a context specific to this event like request ID and stuff And then you have this callback which you can use to instruct cloud front To apply your modified request or responses back So as you can see here, I just have three cases in here Which I'm trying to handle first is the default case When this user is not logged in. I'm just fetching content from Drupal and then just trying to display top three articles Second case is when he's actually trying to do a login as you can see I'm trying to check that and then in that case I'm just acting as a pass-through service. I'm already I'm also running this authorization service separately Just for the simplicity of this demo I could have also put all the logic in here where I am generating these tokens by talking to a DB But in this case, I am acting as a pass-through I send the request forward it to authorization service get the response and send it back to client and In this response, it'll set up the cookie itself and then just sending back a 200 generating an entire response in here Telling cloud friend to use my response instead of the actual one. That's all I'm doing here and This is my lamp. This is what my lambda function looks like I Watch it also show you the girlfriend distribution Which I have set up It's it's just this one distribution. I have in my account. I'm just pointing it to I Have these parts I have created in here To for login and one for articles and then inside them. It's all default values Nothing I have changed. The only thing I've done is I've associated this function with a viewer request event Ideally, I should have done this in origin request event type because I am fetching this content I want to cash it in cloud friend, but for the demo. I didn't want to deal with all the cash headers That's why I'm associated to be a request So that's all I have done in cloud friend I just created a distribution and went there and associated this function with the event type So this is this is all the setup there was and it lets you as I showed Generate this highly personalized Content for your viewers and you can also do authorization at the edge and these are only One of the few examples that you can achieve using land at the edge and I focused on these things because these are some of the common Themes which we see our customers want to do at the edge But now we go back and see what are some of the other things you can do and quickly go over Other things which we can do so so so what are all the other things which you can do with lambda at the edge? So these are this is just this is not an exhaustive list. This is something I just put it up there to give you guys an overview of The common use cases people try to use it for you can definitely create highly personalized websites where Your website is unique to a viewer if you want You can do a response in relation inside these functions. You can view your rights access control and Remote network calls a be testing and dynamic origin selection Let's spend some time on dynamic origin selection because it lets you It opens up a lot of cool use cases which you can achieve using lambda Before that just also look at how you can pretty fire you are else for user API experience One example would be map types This is fairly standard. There's a fairly standard way of Creating URL scheme for map types. Well, let's say if you want to decouple them from the way you generate or store map types at your back end You can just in your origin request lambda functions rewrite the original URL and Inside go to the actual object in your back end and then again cash in cloud front using the actual Now let's come to origin selection part Why would you want to do origin selection at the edge itself, right? So there are multiple cases, right? Let's say if you have a multiple origin set up You are running your service stack in multiple regions across the world and you want your users to go to the nearest region you can do that by Choosing on the fly what origin you want to go to for this request and you can load balance across origins You can do a control rollout changes of your If you're making changes at your origin You can do a control rule out by using a be testing on Blue green origin deploys and all this code you only need to run in land at the edge So you don't you don't need to provision any servers and let's say if you are using a be testing You can just write your code once for this feature and once you're done with a be testing You don't pay for any more a compute When you're migrating between all origins for example from on premise to cloud you can slowly move your traffic From on premise to cloud by using these lambda functions where you brought your users to your origins And the way you do origin selection is very simple I have actually put an actual object with cloud friend exposes as the origin information Which he is going to talk to and you just have to modify the domain name and put any domain name in there, which is on their Which is out there on the internet and if you send this back to cloud friend cloud friend will take care of going to this new origin This is one of the things as I said you can do using origin selection, which is a be testing you can rely on cookies If there is an active you have already established a session Otherwise if the user is coming in for the first time from inside your lambda function You can throw a dice and send him to one of the origins and set the cookie Again, this isn't hope. This is the whole code. I have put in here. Just to show you guys How simple it is just to write a couple of lines of code and deploy to lambda the edge and You get your baby testing Another example would be let's say you are a SAS provider and operating in a single regional endpoint and let's say you want to Expand worldwide You can do that by slowly deploying your service in different regions and have this functionality Inside cloud friend. They're slowly routing users to your new regional endpoints Or you can load them based on their home region. Let's say you have a user DB Where you store this information about which region they belong to and then based you set the cookie when they come to you for the first time and then based on This information all the subsequent requests You always drop them to the nearest region You can route based on user agent if it's a Mobile viewer desktop viewer if let's say you are running different stacks at your back end for Rendering all these different applications. You can do this logic in lambda the edge to you can look at the user agent And we have the request to the correct origin As I said, you can generate redirects, but for example, you can redirect to viewers based on their country For example, if they are coming from Germany, you can redirect them to example.com slash D is a page again, this is one of the Examples I put in there just to show you It's very simple just to write this code up You can do image compression on the flag These are just some of the things which you can do I've just put it here for the sake of showing how generally the services you it's not tied to any use cases a lot of our customers are already doing a lot of cool things and It really opens up It really opens up CDNs for programmability. You can do pretty much whatever you want to do inside your CDN so Doing a recap what we saw was all these challenges which which are definitely not unique to a media company website these are some of the challenges which are faced by anybody who's trying to Create a web app or website and we saw how some of these things like security performance and scalability You get out of the box by using the slaughtering and With landed the edge now you can also add we can say you can also have flexibility and personalization in the mix as well This allows you to provide more faster more secure and highly personalized the viewer experience for your website. I Have also put in some getting started resources in the slides as well if you guys are interested you can just go ahead and Follow these getting started guys That's all I had. Thank you guys for coming here and joining us. Thank you for taking your time For listening to what is serverless and what is cloud front landing the edge? Thank you Just real quick. We're going to put the slides as a resource on slide share And so just keep it a look out for that for the next few days And then we'll also be following up if you stop by our booth and we can scan your badge Well, again, also will follow up with additional resources as well if you have any questions and you'd like to come up and speak with us we'll be here for a few more minutes and Thank you again for joining us