使用 API 网关、Lambda、Cognito、S3、Dynamodb 部署 AWS 全球基础设施
Deploying AWS Global infrastructure with API Gateway, Lambda, Cognito, S3, Dynamodb
假设我需要一个 API 网关,它将连接到 运行 Lambdas,我想打造全球分布式性能最佳的基础设施。此外,我将使用 Cognito 进行身份验证,使用 Dynamodb 和 S3 进行用户数据和前端静态分析。
我的应用程序位于 myapp.com
首先用户从最近的位置获取静态前端:
用户 ===> CloudFront 的边缘位置 <--- 任何区域的 S3(具有静态前端)
之后我们需要与API网关通信。
用户===> API 网关---> Lambda ---> S3 ||认知 || Dynamodb
API 网关可以位于多个区域,即使与 CloudFront 一起分发,每个端点都指向位于给定区域的 Lambda:假设我部署了一个 API欧盟西部-1。如果请求是从美国发送的,即使我的 API 在 CloudFront 上,它 运行 的 Lambda 位于 eu-west-1,所以无论如何延迟都会很高。
为了避免这种情况,我需要在 us-east-1 部署另一个 API 以及我所有的 Lambda。 API 将指向那些 Lambdas
如果我为每个区域部署一个 API,则每个区域都需要一个端点,前端应决定请求哪个。但是我们怎么知道哪一个是最近的位置呢?
理想情况是 api.myapp.com 处的单个全球端点,它将前往最近的 API 网关,运行Lambda 也位于该区域。我可以配置使用 Route 53 延迟路由和指向每个 api 网关的多个 A 记录吗?
如果这不是正确的方法,你能指出正确的方向吗?
遗憾的是,这目前不可能。这里的主要障碍是 CloudFront。
MikeD@AWS 在他们的论坛上提供信息:
When you create a custom domain name it creates an associated CloudFront distribution for the domain name and CloudFront enforces global uniqueness on the domain name.
If a CloudFront distribution with the domain name already exists, then the CreateCloudFrontDistribution will fail and API Gateway will return an error without saving the domain name or allowing you to define it's associated API(s).
Thus, there is currently (Jun 29, 2016) no way to get API Gateway in multiple regions to handle the same domain name.
自从 2016 年 7 月 4 日确认存在开放功能请求后,AWS 没有提供必要的更新。AWS Form thread for updates
Q: What is Lambda@Edge? Lambda@Edge allows you to run code across AWS
locations globally without provisioning or managing servers,
responding to end users at the lowest network latency. You just upload
your Node.js code to AWS Lambda and configure your function to be
triggered in response to Amazon CloudFront requests (i.e., when a
viewer request lands, when a request is forwarded to or received back
from the origin, and right before responding back to the end user).
The code is then ready to execute across AWS locations globally when a
request for content is received, and scales with the volume of
CloudFront requests globally. Learn more in our documentation.
用例,最大限度地减少全球分布用户的延迟
Q: When should I use Lambda@Edge? Lambda@Edge is optimized for latency
sensitive use cases where your end viewers are distributed globally.
Ideally, all the information you need to make a decision is available
at the CloudFront edge, within the function and the request. This
means that use cases where you are looking to make decisions on how to
serve content based on user characteristics (e.g., location, client
device, etc) can now be executed and served right from the edge in
Node.js-6.10 without having to be routed back to a centralized server.
AWS 最近宣布支持区域 API 端点,您可以使用它来实现这一目标。
下面是一个 AWS 博客,解释了如何实现这一点:
Building a Multi-region Serverless Application with Amazon API Gateway and AWS Lambda
博客摘录:
The default API endpoint type in API Gateway is the edge-optimized API
endpoint, which enables clients to access an API through an Amazon
CloudFront distribution. This typically improves connection time for
geographically diverse clients. By default, a custom domain name is
globally unique and the edge-optimized API endpoint would invoke a
Lambda function in a single region in the case of Lambda integration.
You can’t use this type of endpoint with a Route 53 active-active
setup and fail-over.
The new regional API endpoint in API Gateway moves the API endpoint
into the region and the custom domain name is unique per region. This
makes it possible to run a full copy of an API in each region and then
use Route 53 to use an active-active setup and failover.
假设我需要一个 API 网关,它将连接到 运行 Lambdas,我想打造全球分布式性能最佳的基础设施。此外,我将使用 Cognito 进行身份验证,使用 Dynamodb 和 S3 进行用户数据和前端静态分析。
我的应用程序位于 myapp.com
首先用户从最近的位置获取静态前端:
用户 ===> CloudFront 的边缘位置 <--- 任何区域的 S3(具有静态前端)
之后我们需要与API网关通信。
用户===> API 网关---> Lambda ---> S3 ||认知 || Dynamodb
API 网关可以位于多个区域,即使与 CloudFront 一起分发,每个端点都指向位于给定区域的 Lambda:假设我部署了一个 API欧盟西部-1。如果请求是从美国发送的,即使我的 API 在 CloudFront 上,它 运行 的 Lambda 位于 eu-west-1,所以无论如何延迟都会很高。
为了避免这种情况,我需要在 us-east-1 部署另一个 API 以及我所有的 Lambda。 API 将指向那些 Lambdas
如果我为每个区域部署一个 API,则每个区域都需要一个端点,前端应决定请求哪个。但是我们怎么知道哪一个是最近的位置呢?
理想情况是 api.myapp.com 处的单个全球端点,它将前往最近的 API 网关,运行Lambda 也位于该区域。我可以配置使用 Route 53 延迟路由和指向每个 api 网关的多个 A 记录吗?
如果这不是正确的方法,你能指出正确的方向吗?
遗憾的是,这目前不可能。这里的主要障碍是 CloudFront。 MikeD@AWS 在他们的论坛上提供信息:
When you create a custom domain name it creates an associated CloudFront distribution for the domain name and CloudFront enforces global uniqueness on the domain name.
If a CloudFront distribution with the domain name already exists, then the CreateCloudFrontDistribution will fail and API Gateway will return an error without saving the domain name or allowing you to define it's associated API(s).
Thus, there is currently (Jun 29, 2016) no way to get API Gateway in multiple regions to handle the same domain name.
自从 2016 年 7 月 4 日确认存在开放功能请求后,AWS 没有提供必要的更新。AWS Form thread for updates
Q: What is Lambda@Edge? Lambda@Edge allows you to run code across AWS locations globally without provisioning or managing servers, responding to end users at the lowest network latency. You just upload your Node.js code to AWS Lambda and configure your function to be triggered in response to Amazon CloudFront requests (i.e., when a viewer request lands, when a request is forwarded to or received back from the origin, and right before responding back to the end user). The code is then ready to execute across AWS locations globally when a request for content is received, and scales with the volume of CloudFront requests globally. Learn more in our documentation.
用例,最大限度地减少全球分布用户的延迟
Q: When should I use Lambda@Edge? Lambda@Edge is optimized for latency sensitive use cases where your end viewers are distributed globally. Ideally, all the information you need to make a decision is available at the CloudFront edge, within the function and the request. This means that use cases where you are looking to make decisions on how to serve content based on user characteristics (e.g., location, client device, etc) can now be executed and served right from the edge in Node.js-6.10 without having to be routed back to a centralized server.
AWS 最近宣布支持区域 API 端点,您可以使用它来实现这一目标。
下面是一个 AWS 博客,解释了如何实现这一点:
Building a Multi-region Serverless Application with Amazon API Gateway and AWS Lambda
博客摘录:
The default API endpoint type in API Gateway is the edge-optimized API endpoint, which enables clients to access an API through an Amazon CloudFront distribution. This typically improves connection time for geographically diverse clients. By default, a custom domain name is globally unique and the edge-optimized API endpoint would invoke a Lambda function in a single region in the case of Lambda integration. You can’t use this type of endpoint with a Route 53 active-active setup and fail-over.
The new regional API endpoint in API Gateway moves the API endpoint into the region and the custom domain name is unique per region. This makes it possible to run a full copy of an API in each region and then use Route 53 to use an active-active setup and failover.