Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
Being the cheap-o that I am, I had an idea the other day of running a web app for less than a nickel per month with AWS:
Serve a static site (html/css/javascript) via S3
Client-side code and forms post to Lambda golang microservices via API Gateway
Use DynamoDB (25 read/s, 25 write/s, 25GB, 1GB/mo in, 1GB/mo out) as database
Would this scheme work with say, cookie and sesssion-based authentication, as the page is being served by one domain name (S3), but the javascript is talking to another domain name (API Gateway)?
What other issues am I likely to run into?
Mike Roberts wrote a very thorough article on serverless architecture and its trade-offs: http://martinfowler.com/articles/serverless.html
Also discovered a framework designed for precisely this which runs on AWS: https://serverless.com/
However, it appears at this time, persistent connections (e.g. websockets) are not supported, which is a deal-breaker for me. I suspect AWS will eventually let API Gateway service the websocket and send its messages to Lambda, but as of today this does not appear to be possible.
I run multiple web apps exactly with your proposed design, and I extracted gofaas, an educational Go and Lambda app, to share the techniques.
Setting a cookie for the static site client is possible with CloudFront and a Lambda#Edge auth function.
Allowing the static site to talk to the API is possible with an API Gateway CORS configuration.
Finally this relies on JSON Web Tokens (JWT) to securely represent an authorization claim between your user, your static site and your API.
Here are some guides for setting all this up:
Static Website Security with Lambda#Edge and Google OAuth 2
API Security with Lambda, API Gateway, CORS and JWT
One of the things to keep in mind with 'serverless' architectures is:
"What happens if 'this thing' really takes off?"
Most people don't consider how high requests rates for Lambda or DynamoDB can get when your site becomes super popular, or is under a DDOS attack.
Like your request rates, your total charges will also see a significant spike during these events. So for "small projects" where low cost really is important I usually advise sticking some some small VMs to handle processing. While high request rates or a DDOS may overwhelm and take down your service, you likely won't be hit with an outrageous bill.
While serverless is very convenient for getting setup, it can very easily bite back much harder than expected.
Note: If you do find yourself in a situation where your bill is higher than expected, reach out to your cloud provider. Some of them maybe willing to help you with a one time credit for some portion of the charges depending on the circumstances.
But be prepared to explain what happened in detail. I also advise having service logs (not just for your applications), but also for any cloud services which you are using.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 days ago.
This post was edited and submitted for review 5 days ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
Question:
Can the below architecture be used in production?
Mobile app serviced by Firebase(FireStore + CloudStorage) and Cloud Functions for http calls to the external API) +
AchivementsApi deployed on Appengine standard conencted with CloudSQL.
Context:
I wrote two apps that have to be used as digital support for offline gaming events.
Expected usage pattern:
The traffic starts increasing at the beginning of the week when users have to do some online tasks, then a big spike will happen in the weekend when the offline gathering is taking place. We expect to have thousands of users. In the most optimistic case, let say we will reach 8000 users.
Flutter Mobile App
a. Authentication/Profile – for this I choose Firebase as is free and scalable (also this option provides monitoring, alarms, push notifications, etc.)
b. Event related data that in most cases will not change (event timetable, exhibitors, infos... nothing intensive here) – Using the Firebase backend with Cloud Firestore db looks like the obvious choice.
c. Images can be stored on Cloud Storage or even packaged with the app
d. Integration with Achievements Api – this implies sending REST requests to the below java service, using api key for auth. A scalable and safe(storing the api key) option for this seems to be Cloud Functions. Of course, if I opt for the dedicated back end deployed on Cloud Engine or App Engine or somewhere else that service can handle the Rest calls also
Springboot Achievements Api
Service with some complex queries but no process is extremely intensive or time consuming. This must be a stand alone service available for future integrations. Due to the choice made above of using Firestore, I was thinking that this can be deployed on stantard AppEngine environment with Cloud SQL connection.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed last year.
Improve this question
Due to current RBI guidelines on recurring payments for standing instructions I am unable to use Heroku which is great for small apps. Therefore I have to choose other platoforms. I have narrowed down my choice to two platforms aws and digital ocean.
overview of my django website :
The website which I made for my client is not that big. In this website a user registers, chooses some plan and then book an intructor to teach him/ her driving. A user after loging in has to accept an agreement and also has an udate plan page. Thats it on the user side. Now I use celery which uses redis, to send emails such as otp, registration successful, change password, contracts and updated contracts (the contracts' email are send both to the client and the user as per the clients demand). As you can see I have to use celery and redis because there is a lot email work that has to be done by the website. And the database i am using is Postgresql.
Now comming to traffic, we cannot predict what will be the number of visitors on the site, but we accept maximum of 10 registrations per month.
Therefore I want to know what will be the monthly cost of running this django website on aws and digital ocean. Not an accurate cost but atleast an average assumption will be helpful.
Note the redis server is neccessary otherwise it will really slow down the website. And the database is Postgresql.
Thank you.
So AWS is a vast ocean and it has lot of options to solve any problem. With that being said you can host your application starting from 0$ to 100s of $s. If your account is new then you can host your application on Free Tier and don't have to pay anything.
If your looking for cost efficient solution then AWS Lightsail is another option. Lightsail offers fixed monthly cost resources and is good way to start with AWS.
EC2 instances is also an option but I would suggest to host it on Fargate (less maintenance). And use AWS Elasticache for your Redis requirements. Using managed services will cost you more but it's reliable and highly scalable solution compared to self hosted solutions.
Depending on which services you go with, calculate your cost via this calculator https://calculator.aws/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am always faced with the term "cloud platform" and don't understand how a cloud platform differs from "a normal website" as a cloud platform still is a content delivered by the internet to the client computer typically through the web browser!
Microsoft 365, Slack are some examples of a cloud platform, but still i can use slack like any other website, so why i can't simply tell it is " a website"
1 - Can i call a cloud platform also a "website"?
2 - How a cloud platform differ from a normal website?
The simple version...
Stuff runs on computers. The computers can be located in various places.
Your computer might be a laptop, or something that sits on/under your desk. We conventionally call that the local computer because it's close to you.
Small companies put servers in a locked room with some good air conditioning. This is called on-premises because it is on the same premises as the business.
Larger companies prefer to put their computers in a data center because they are better for security, fire safety, access to backup power, and generally have better networking connections. The data center might be owned by the company, or it might be co-located (co-lo) meaning that somebody else (eg Equinix) runs the data center and the company leases space, power and network from them.
In the case of cloud computing, the company does not actually own the computer equipment. Rather, it is either rented (eg a hosting provider charges a monthly fee for a web server) or pay-as-you-go (eg Amazon EC2 instances are charged per-second).
Also, some 'cloud' services simply provide a service rather than a computer, such as Salesforce (online software) or Amazon S3 data storage. Microsoft 365 and Google's G-Suite fall into this category.
The term 'website' is not specific. For example, I could run a web server on my home computer and make it accessible to the Internet -- I could call it a 'website'. Or, I could upload a few static pages to Amazon S3 and create a website, or run a WordPress server and call it a website. The term simply means that it is something that responds to requests from a web browser. However, there is a lot more that typically happens 'behind the scenes' on a website. For example, StackOverflow is accessible as a website, but it also has a database, search engine, email system, etc to support the StackOverflow service. See: https://stackexchange.com/performance
I have a MVC 5 internet application with a web service that is hosted on Azure. I am wanting to implement some sort of security that prevents any users from "hammering" the web service. When I say "hammering", I am referring to a user constantly attacking a url thousands of times.
I have done some research online, yet cannot find any relevant resources.
Should I write my own code for this, or is there a library/tool that I can implement?
I am thinking of doing the following if I should write this myself:
Each time a user accesses the web service, increment a count variable for the ip address.
If the ip address count variable exceeds a number (i.e. 1000), do not send the web service data to the user
Before I write this myself, is there a library/tool that I can implement instead of writing my own?
Thanks in advance.
EDIT
Sorry, I forgot to add that I am not using a virtual machine, and instead, I have a website with a web API service.
Azure provides protection already for DDoS attacks. Take a look at the Microsoft Azure Trust Center documentation. There is a ton of protection and detection built into the platform and as for best practices for writing secure code, you will find that in the resources section of the trust center. But, writing code to count the number of requests from an IP address as you mentioned is not the way to go. Simon W points out an obvious problem with this approach in the comments.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I would like to know the differences between Mashery, WSO2 and 3scale. Someone who has used API Managers before can give his opinion? What are advantages and disadvantages of each one
thanks
cheers
Not sure, but this question might end up flagged as off topic - vendor comparison, but anyway I'll jump in. I work at 3scale (full disclosure) but hopefully this is useful anyway - the three are pretty different. Trying to be as neutral as possible!:
3scale uses NGNIX and/or open source code plugins to enforce all of the API traffic rules and limits (rate limits, key security, oauth, analytics, switching apps on and off etc.) and the traffic always flows directly to your servers (not via the cloud) so you don't have additional latency or privacy concerns. Because it's NGNIX it's also widely supported, very fast and flexible. Then it has a SAAS backend that manages all the analytics, rate limits, policies, developer portal, alerts etc. + synchronizes across all the traffic manager nodes. It's free to use up to nearly 5million API calls per month.
WSO2's system is an additional module to the WSO2 ESB so if you're using that it makes a lot of sense. It runs everything locally with no cloud components - a pro or a con depending on how you see it. It's also been around a lot less time and doesn't have such a large userbase.
Mashery has two systems - the main one with which the API traffic flows through Mashery's cloud systems first and has traffic management applied there. So there is always a latency heavy roundtrip between the users of the API and your servers + it means Mashery is in your API traffic critical path. They also have an on premise traffic manager but it's much less widely used. Both solutions have very significant costs and long term commitments.
As 3scale what we see as the main advantage is you have a tons of control as to how you set up all the traffic flow and never have to route through a third party plus you have the benefit if having all the heavy lifting hosted and synchronized across multiple data centers. We're also committed to having a strong free for ever tier of service since we want to see a lot of APIs out there! http://www.3scale.net/
Good luck with your choice!
steve.