DEV Community: Girish Jaju

Multi-region Serverless Application with simulated Regional Fail-over and Routing using Amazon API Gateway and Lambda

Girish Jaju — Fri, 04 Feb 2022 17:54:33 +0000

In this post (and associated Youtube playlist), we will create a Serverless application, deploy it to two different AWS regions and use Route53’s latency based routing to drive traffic to a regional end point. We will use Route53’s healthcheck feature to achieve active-active setup which can fail over between regions.

Issue

When you deploy a Serverless application, the default API endpoint type is edge-optimized, which enables clients to access the API through Amazon Cloudfront distribution. For globally diverse clients, it improves the connection time. But there is one problem. For CDN, the custom domain name is globally unique and In case of Lambda integration, the Lambda is only deployed in Single Region. Therefore, we can not use "edge optimized" to achieve active-active failover setup with Route53.

Solution

To solve this problem and demo the solution, we will deploy the Serverless application in 2 different regions and choose API end point type as “Regional“. The custom domains that we get are now regionally unique. In the Serverless application, we will expose an end point that’s just for performing health-check. For the API, in Route53, we will setup Latency Based Routing, which directs the users to closest / best region based on latency. We will also setup health check in Route53. To mimic the regional failover, we will make the healthcheck end point FAIL, and Route53 should start directing the traffic to the other region.

As shown in the architecture diagram above, the clients requests are getting routed to Region A (solid box). When the health check starts failing, the Route53 will start to direct the traffic to Region B, until the HealthCheck starts passing again on Region A.

Tasks

(Some of the following are NOT FREE Tier applicable)

Purchase a domain / or you can use an already purchased domain. I have an old domain in godaddy, which I will use for this.
Go to AWS Console > Route53 and Create a new HostedZone, with the domain name you are planning to use.
We need to set the nameservers on the domain (in case you have the domain registered through a 3rd party like GoDaddy)
The step 3 may take a few mins to 24 hours.
Let’s create Simple Serverless application with 2 end points and 2 lambdas. First being the /hello and another one /health. Important to keep the endpoint type as “Regional“. Just to keep the demo simple, for the HealthCheck setup in Route53, we will look for a specific string in the response from /health end point. In practical usecase, you would be checking status of one or more of your critical components and determine if the application is healthy or not. (Sample code is in the github)
We will deploy this application to “us-west-2” (Closest to me) and “us-east-1” regions.
Let’s try to access both the end points in both the regions and make sure we are getting expected response.

I am using serverless framework as IaC and NodeJS for this solution:

Serverless.yml

service: multiregion-failover
frameworkVersion: '2'
provider:
  name: aws
  runtime: nodejs12.x
  lambdaHashingVersion: 20201221
  endpointType: REGIONAL
functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: /hello
          method: get
  health:
    handler: handler.health
    events:
      - http:
          path: /health 
          method: get

Lambda Function

'use strict';

module.exports.hello = async (event, context) => {
  return {
    statusCode: 200,
    body: JSON.stringify(
      {
        message: 'Hello from the function in region: ' + context.invokedFunctionArn.split(':')[3]
      },
      null,
      2
    ),
  };
};

// We will check for string HEALTHY when we setup the Healthcheck in Route53. In production environment, the HealthCheck is based // on checking multiple critical components of your application
module.exports.health = async (event, context) => {
  return {
    statusCode: 200,
    body: JSON.stringify(
      {
        message: 'Healthy instance! HEALTHY from region:' + context.invokedFunctionArn.split(':')[3],
      },
      null,
      2
    ),
  };
};

Solution Code: https://github.com/mycloudtutorials/serverless-demos/tree/master/serverless-multiregion-failover-demo

All the Tasks performed are in the following youtube playlist.
The entire playlist (all 8 videos) can be accessed at
https://youtube.com/playlist?list=PLss_bBhYYErsTc24oZSDUUO3PXLmMh9KU

Amazon VPC and Networking - Hands-On Demos

Girish Jaju — Thu, 03 Feb 2022 05:34:55 +0000

In this youtube video, I will demonstrate Amazon VPC and Networking. I have divided this video in 4 different parts. In each part we will perform certain steps to understand various VPC components.

Part 1:
Create a VPC, Create and attach Internet Gateway, Create a subnet, Setup Route table, Associate route for 0.0.0.0/0 to Internet Gateway, Setup IAM role, Launch a EC2 instance, setup Security group and SSH to instance to verify we can ping google.com and also list S3 buckets.

Part 2:
In the same VPC we will add another Subnet, a Route table, with no route to 0.0.0.0/0 hence it becomes Private Subnet. We will launch an EC2 instance in the Private Subnet, Setup Security Group to allow SSH to it via the Public Subnet's instance's Security group. Once we SSH into the Private instance, we can verify that we can't ping to google.com or list the S3 buckets as there is no Internet bound route for the Subnet.

Part 3:
Create NAT Gateway in Public Subnet, Set a route in the Private Subnet's Route table, Now Private instance can access Internet. We can verify is by SSH into the instance as we did in Part 2 and now we are able to ping google.com and also list the S3 buckets.

Part 4:
Delete the NAT Gateway. Setup VPC End point to S3 service and attach to the Private Subnet's Route. EC2 instance should be able to access S3 without Internet access. It should not be able to ping google.com.

The detailed instructions and architecture diagrams are available in the Github repository

https://github.com/mycloudtutorials/aws-demos/tree/master/aws-vpc-and-networking

Youtube Video:

Create and expose deployment using NodePort Service in Kubernetes

Girish Jaju — Tue, 23 Nov 2021 07:47:27 +0000

This is a practice question for Kubernetes CKA and CKAD exams.

Question
We have a 3 node cluster setup locally using kubeadm. We need to do the following:

Create a deployment named web-deploy with the 3 replicas of image mycloudtutorials/poddeployservicedemo:latest in namespace app1
(The Docker container is created from apache image, exposing the application on port 80)
Pass the following environment variables NODE_NAME, POD_NAME, POD_IP which are the name of the node where the pod is running, name of the pod and the ip address of the pod respectively
Verify the pods are working fine, by curl to the individual pods using POD’s internal ip address
Create a service for this deployment of type NodePort with name web-service in namespace app1 on port 30090
Check the End points
Access the service on each of the node:port of the cluster nodes from outside of the cluster

Answer
I have published a Youtube video for step by step solution for this question.
You can check at

.ltag__tag__id__961 .follow-action-button{ background-color: #326de6 !important; color: #ffffff !important; border-color: #326de6 !important; }

#kubernetes Follow

.ltag__tag__id__168 .follow-action-button{ background-color: #06B500 !important; color: #FFFFFF !important; border-color: #06B500 !important; }

#devops Follow

Content centering around the shifting left of responsibility, deconstruction of responsibility silos, and the automation of repetitive work tasks.

.ltag__tag__id__37544 .follow-action-button{ background-color: !important; color: !important; border-color: !important; }

#cka Follow

.ltag__tag__id__36641 .follow-action-button{ background-color: !important; color: !important; border-color: !important; }