Category Archives: Programming

Simplifying Spring Security

Finally, the book is here. Simplifying Spring Security.

Why I wrote this book?

As part of writing this blog, I also follow few communities on Facebook. Most of these communities are related to Spring Framework and Spring Boot. The number of users asks questions related to Spring Security. Hence, I wondered why not write a book about it.

Also as a developer, when I’m writing a Spring Boot application, I often use Spring Security. Accordingly, I always felt like I was using this mysterious library that solves my authentication problems.  I wanted to understand the fundamentals and how Spring Security dealt with authentication and authorization.

Loading…

 

What do I cover?

In the book, I cover from fundamentals of authentication, authorization, and how to use Spring Security for different authentication flows. Also, I show these flows with examples. As part of the book, you will also get access to a source code repository that you can play with.

In short, I cover the following topics in the book:

  • Introduction
    • What is Spring Security?
    • How Spring Security fits in with Spring Boot Application?
    • Why you need Spring Security?
  • Authentication
    • What is authentication?
    • Authentication Architecture
    • Types of Authentication
    • Implementation of Different Flows
  • Authorization
    • What is authorization?
    • How does Spring Security handle authorization?
    • What are GrantedAuthorities?
    • Implementation of Authorization in an application
  • Protection against common exploits
    • Introduction
    • Transport Layer Security
    • Security HTTP Response Headers
    • Clickjacking Attack
    • Cross-site Request Forgery Attack (CSRF)
  • Miscellaneous

Why should you buy this book?

First, it is a technical book and if you are a developer, it will easily help you improve your career. You’ll learn a lot about authentication and can solve some crucial security problems that many applications face.

Most importantly, you can also build your own application and use any of these authentication mechanisms for the application.

Subsequently, if you are getting started for a job in Spring Boot or Spring Framework, the book will also help you in preparing for Spring Security interviews.

Finally, the book is currently in Pre-Launch, it will be available on 7th February 2021. Why don’t you take advantage of Pre-launch?

Spring WebClient vs RestTemplate – Comparison and Features

Introduction

Spring 5 introduced a new reactive web client called WebClient. In this post, I will show when and how we can use Spring WebClient vs RestTemplate. I will also describe what features WebClient offers.

What is RestTemplate?

RestTemplate is a central Spring class that allows HTTP access from the client-side. RestTemplate offers POST, GET, PUT, DELETE, HEAD, and OPTIONS HTTP methods. The simple use case of RestTemplate is to consume Restful web services.

You can create a bean that provides the instance of RestTemplate. You can then @autowire this bean in any class where you plan to call REST services. RestTemplate is the class that implements the interface RestOperations.

The following code shows the declaration of the bean:

    @Bean
    public RestOperations restOperations()
    {
        return new RestTemplate();
    }

The following code shows a REST client `YelpClient` calling Yelp’s REST API to get rental property reviews.

   @Autowired
   private final RestOperations restOperations;

   public List getRentalPropertyReviews(String address)
   {
        String url = buildRestUrl(businessId);
        HttpHeaders httpHeaders = new HttpHeaders();
        String apiKey = getApiKey(YELP);
        httpHeaders.add("Authorization","Bearer " + apiKey);
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);

        HttpEntity entity = new HttpEntity("parameters", httpHeaders);
        ResponseEntity response;

        try
        {
            response = restOperations.exchange(url, HttpMethod.GET,entity, String.class);
        }
        catch(RestClientException e)
        {
            throw new RuntimeException("Unable to retrieve reviews", e);
        }

    }

In the above code, we are building HTTP Headers by adding Yelp’s REST API key as part of the authorization. We call the GET method to get review data.

Basically, one has to do

  • Autowire the RestTemplate object
  • Build HTTP Headers with authorization and Content Type
  • Use HttpEntity to wrap the request object
  • Provide URL, Http Method, and the Return type for exchange method.

What is WebClient?

Spring 5 introduced a reactive web client called WebClient. It’s an interface to perform web requests. It is part of the Spring web reactive module. WebClient will be replacing RestTemplate eventually.

Most importantly, WebClient is reactive, nonblocking, asynchronous, and works over HTTP protocol Http/1.1.

To use WebClient, one has to do

  • Create an instance of WebClient
  • Make a request to the REST endpoint
  • handle the response

 

   WebClient webClient = WebClient
       .builder()
       .baseUrl("https://localhost:8443")
       .defaultCookie("cookieKey", "cookieValue")
       .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) 
       .defaultUriVariables(Collections.singletonMap("url", "https://localhost:8443"))
       .build();

The above code shows one way to instantiate WebClient. You can also create an instance by simply using WebClient webClient = WebClient.create();

WebClient provides two methods exchange and retrieve . exchange method usually fetches the response along with status and headers. retrieve method gets the response body directly. It’s easier to use.

Also depending on if you are trying to fetch a single object in response or a list of objects, you can use mono or flux.

this.webClient =
                webClientBuilder.baseUrl("http://localhost:8080/v1/betterjavacode/").build();

this.webClient.get()
                .uri("users")
                .accept(MediaType.APPLICATION_JSON)
                .retrieve().bodyToFlux(UserDto.class).collectList();

The above code basically uses webClient to fetch a list of users from the REST API.

Spring WebClient vs RestTemplate

We already know the one key difference between these two features. WebClient is a non-blocking client and RestTemplate is a blocking client.

RestTemplate uses Java Servlet API under the hood. Servlet API is a synchronous caller. Because it is synchronous, the thread will block until webclient responds to the request.

Consequently, Requests waiting for results will increase. This will result in an increase in memory.

On the other hand, WebClient is an asynchronous non-blocking client. It uses Spring’s reactive framework under the hood. WebClient is a part of the Spring-WebFlux module.

Spring WebFlux uses reactor library. It provides Mono and Flux API to work data sequences. Reactor is a reactive streams library. And, all of its operators support non-blocking back pressure.

Example of how to use WebClient in a Spring Boot Application

We can combine the capabilities of Spring Web MVC and Spring WebFlux. In this section, I will create a sample application. This application will call a REST API using WebFlux and we will build a response to show a web page with a list of users.

RestController for this example is an API to get a list of users:

package com.betterjavacode.webclientdemo.controllers;

import com.betterjavacode.webclientdemo.dto.UserDto;
import com.betterjavacode.webclientdemo.managers.UserManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@RestController
@RequestMapping("v1/betterjavacode")
public class UserController
{
    @Autowired
    public UserManager userManager;

    @GetMapping(value = "/users")
    public List getUsers()
    {
        return userManager.getAllUsers();
    }
}

Controller class that uses a WebClient to call REST API looks like below:

package com.betterjavacode.webclientdemo.controllers;

import com.betterjavacode.webclientdemo.clients.UserClient;
import com.betterjavacode.webclientdemo.dto.UserDto;
import com.betterjavacode.webclientdemo.managers.UserManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

import java.util.List;

@Controller
public class MainController
{
    @Autowired
    UserClient userClient;

    @GetMapping(value = "/")
    public String home()
    {
        return "home";
    }

    @GetMapping(value = "/users")
    public String getUsers(Model model)
    {
        List users = userClient.getUsers().block();

        model.addAttribute("userslist", users);
        return "users";
    }
}

Now, the important piece of code of UserClient is where we will be using WebClient to call REST API.

package com.betterjavacode.webclientdemo.clients;

import com.betterjavacode.webclientdemo.dto.UserDto;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

import java.util.List;

@Service
public class UserClient
{

    private WebClient webClient;

    public UserClient(WebClient.Builder webClientBuilder)
    {
        this.webClient =
                webClientBuilder.baseUrl("http://localhost:8080/v1/betterjavacode/").build();
    }

    public Mono<List> getUsers()
    {
        return this.webClient.get()
                .uri("users")
                .accept(MediaType.APPLICATION_JSON)
                .retrieve().bodyToFlux(UserDto.class).collectList();
    }
}

Above code shows first building the WebClient and then using it to retrieve response from REST API. retrieve method offers two options of mono or flux. Since we have more than one user to get, we are using flux.

This shows we can use reactive, non-blocking WebClient which is part of WebFlux in Spring Web MVC framework.

What Else Is There in Spring WebClient?

Spring WebClient is part of Spring WebFlux framework. The major advantage of this API is that the developer doesn’t have to worry about concurrency or threads. WebClient takes care of that.

WebClient has a built-in HTTP Client library support to perform requests with. That includes Apache HttpComponents, Jetty Reactive HttpClient, or Reactor Netty.

WebClient.builder() offers following options:

  • uriBuilderFactory – customized uriBuilderFactory to use base URL
  • defaultHeader – Headers for every request
  • defaultCookie – Cookies for every request
  • defaultRequest – To customize every request
  • filter – Client filter for every request
  • exchangeStrategies – HTTP Message reader/writer customizations

I already showed retrieve method in the above code demo.

WebClient also offers a method exchange with varients like exchangeToMono and exchangeToFlux.

With attribute(), we can also add attributes to the request.

Alternatively, one can use WebClient for synchronous use also. In my example above MainController, I use block to get the final result. This basically blocks parallel calls till we get the result.

One key feature that WebClient offers is retryWhen(). For more resilient system, it is a great feature that you can add while using WebClient.

        webClient
            .get()
            .uri(String.join("", "/users", id))
            .retrieve()
            .bodyToMono(UserDto.class)
            .retryWhen(Retry.fixedDelay(5, Duration.ofMillis(100)))
            .block();

retryWhen takes Retry class as a parameter.

WebClient also offers a feature for error handling. doOnError() allows you to handle the error. It is triggered when mono ends with an error. onErrorResume() is a fallback based on the error.

Conclusion

In this post, I showed what is Spring WebClient is, how we can use Spring WebClient vs RestTemplate, and what different features it offers.

If you enjoyed this post, you can subscribe to my blog here.

References

  1. Spring WebClient – Spring Documentation
  2. WebClient Cheatsheet – Spring WebClient

The Complete Guide to Use Docker Compose

In this post, I will cover the complete guide to using docker compose. You can use it to build a multi-container application. But what is a docker compose and why one should use it?

What is Docker Compose?

If you don’t know what a docker is, you can read about that here. If you have an application that is running on a docker and if that application is using multiple other services like database, web-server, and load balancer, then you can write multiple docker files and run multiple containers. It can be cumbersome to manage these files. And if you have to change something, you might have to change all files.

Docker compose solves this problem by allowing you to write a YAML file to define multiple containers in a single file. You write one docker file and build and run that file for all the containers.

Installing Docker Compose

Based on the definition from docker.com, docker compose is a tool for defining and running multiple Docker containers.

Depending on your environment, you will have to use the instructions to install docker compose. You will also need docker engine before you can install docker compose. I use the Windows environment, so I will show those instructions here.

  • Launch Power shell in administrator mode
  • Run this command – [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  • Then run the following command – Invoke-WebRequest “https://github.com/docker/compose/releases/download/1.27.4/docker-compose-Windows-x86_64.exe” -UseBasicParsing -OutFile $Env:ProgramFiles\Docker\docker-compose.exe

This will install docker compose. Open a new command prompt and type the first command

docker-compose -v

This should provide the docker-compose version if your installation has run without any issues.

Setting up a Spring Boot application with Docker

To show the power of docker-compose, we will be using a simple To-Do list spring boot app. I will share this app in a GitHub repository along with docker compose file. But this app includes the following applications that we will be using in docker compose:

  1. Spring Boot application
  2. Java version 8
  3. MySQL for database
  4. Keycloak for Authentication

So I won’t show implementing the Spring Boot application. If you want to download this application, you can visit the github repository or you can read my previous post here.

We will create a docker file for this Spring Boot application and this will run in its own container. Now this application connects to Keycloak and MySQL database for authentication. Keycloak will use Postgres database instead of using the same MySQL database.

The docker file for the Spring Boot application will look like below:

FROM openjdk:8-jdk-alpine
VOLUME /tmp
COPY ./build/libs/*.jar app.jar
ENTRYPOINT ["java", "-jar", "/app.jar"]

This docker file basically downloads Open JDK 8. It mounts the disk at /tmp. It copies an application jar file as app.jar. And of course, it will start the application by running java -jar .

How to write Docker Compose file

Now comes the docker-compose.yml file. This will look like below:

version: "3.8"

services:
  web:
    build: .
    ports:
      - "8080:8080"
    depends_on:
      - db
      - keycloak
    environment:
      SPRING_DATASOURCE_URL: jdbc:mysql://db:3306/todolist?autoReconnect=true&useSSL=false
      SPRING_DATASOURCE_USERNAME: betterjavacode
      SPRING_DATASOURCE_PASSWORD: betterjavacode
      KEYCLOAK_URI: http://keycloak:8180/auth
      REALM: SpringBootKeycloakApp
    networks:
      - common-network
  db:
    image: mysql:5.7
    ports:
      - "3307:3306"
    restart: always
    environment:
      MYSQL_DATABASE: todolist
      MYSQL_USER: betterjavacode
      MYSQL_PASSWORD: betterjavacode
      MYSQL_ROOT_PASSWORD: root
    volumes:
      - db-data:/var/lib/mysql
    networks:
      - common-network
  postgres:
    image: postgres
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    networks:
      - common-network
  keycloak:
    image: jboss/keycloak
    ports:
      - "8180:8180"
    command: ["-Djboss.socket.binding.port-offset=100"]
    environment:
      DB_VENDOR: POSTGRES
      DB_ADDR: postgres
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_PASSWORD: password
      DB_SCHEMA: public
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: Pa55w0rd
    depends_on:
      - postgres
    networks:
      - common-network
networks:
  common-network:
    driver: bridge
volumes:
  db-data:
    driver: local
  postgres_data:
    driver: local

The first line in this docker-compose file is the version of your docker-compose.

services define different types of services that we will use to build our docker container. web service uses an image that builds from a docker file. In our case, we are building a docker image of our Spring Boot application. This application will run on port 8080. We also have to make sure to pass the required environment variables. As you see in the file, we are using our database as db and the variable SPRING_DATASOURCE_URL shows that. db is the name of our database service that our application will connect to.

Our database service db runs on host port of 3307, but uses port 3306 (default port) on the container. This is because I have MySQL running on my host machine at port 3306, so to avoid port conflict, I am using 3307.

We have another database service postgres in our docker compose file. That uses default ports of 5432 and that’s why not specified here. Keycloak uses postgres as part of this entire application. If you don’t specify postgres, Keycloak will use an in-memory H2 database by default. The problem with an in-memory database is once you stop your container, it will lose all the data. To avoid that, I am using a real database that will save our realm and users’ data.

Another service, that we are using is keycloak. This is our IDP for authentication. The service is running on port 8180. It uses the Postgres database to connect. The command part of keycloak service instructs to run the service on port 8180 in the container instead of default 8080.

networks service defines that all these containers are part of the same network common-network with a driver of type bridge.
To make sure we can use the database, we need to mount the disk volume for both MySQL and Postgres databases. We mount these volumes locally.

Running the containers

Now to execute the containers with the application, execute the following command (make sure you build your application)

docker-compose up

This will build Docker containers for all our services and start them. Now if we access our application at http://localhost:8080

Fundamentals of Docker Compose

If a user clicks on Get all tasks, user will see keycloak login screen as below:

Enter the username and password, and the user will see the tasks for the logged-in user.

Useful commands

docker-compose up – This command will build the docker containers and start them.

docker-compose up -d – This is a similar command as above, except it will run all the processes in the background.

docker-compose stop – Stop the docker services. This will retain the previous state of containers even after you have stopped the containers.

docker-compose start – Start the docker services

docker-compose logs – Show the logs from docker containers

docker-compose ps – List the Docker containers

docker-compose run – Run one-off command. Example – docker-compose run web env – List the environment variables of web service.

Advantages of Docker Compose

  • By running most of the services in docker, you don’t have to install those services in your environment.
  • It’s easier to collaborate on the development environment with other developers by checking in the source in version control with docker-compose.
  • Quick and easy configuration. You can run your services across platforms.

Advance use of docker compose

Something I have not covered in this post is using network as  a service that you can really extend with docker compose. It also allows you to run a load balancer (or reverse proxy-like nginx) and manage the load with multiple hosts.

Instead of using environment variables, you can also use .env file for environment variables and load it while starting the containers.

Conclusion

In this post, I showed how you can use docker compose to run multiple containers with a single docker compose file. It also allows you to easily manage your environment. Similarly, you can learn about Kubernetes.

References

  1. Docker Compose – docker compose
  2. Keycloak – Keycloak containers

Fundamentals of a Distributed System Design

When you are a beginner software developer, your focus is on the micro-level. What happens in your code? What happens in your application? But if you start thinking in a System Design way, it can help you immensely in your career. System design is a big topic, but I will cover the important fundamentals of distributed system design. Understanding System Design is the key to building a good system. Therefore, a developer should definitely try to learn about system design.

Fundamentals of a Distributed System

In this post, we will learn the following fundamentals.

  1. Key characteristics of a distributed system
  2. Load balancing
  3. Caching
  4. Database
  5. Database indexes
  6. Proxies
  7. CAP Theorem
  8. Consistent Hashing

Key Characteristics of a distributed system

Scalability

  • Scalability is the system’s ability to grow and manage increased demand
  • Horizontal scaling – you scale by adding more servers into your pool of resources.
  • Vertical scaling – you scale by adding more power to an existing server.

Reliability

  • It is the probability a system will fail in a given period. Specifically, the goal is to minimize this probability as much as possible.
  • To achieve reliability, redundancy is required. Therefore, it has a cost.

Availability

  • Availability is the time a system remains operational to perform its required function in a specific period.
  • If a system is reliable, it is available. By comparison, if it is available, it is not necessarily reliable.

Efficiency

  • Latency – response time
  • Throughput – the number of items delivered in a given time unit

Load Balancing

The load balancer routes the traffic from clients to different servers. It keeps track of the status of all the resources while distributing requests. Equally, a load balancer reduces individual server load and prevents any one application server from becoming a single point of failure. So, the load balancer can be added between clients and web servers, between webservers and an internal platform layer (application server), and between internal platform and database servers.

To organize a load balancer for distributing requests to servers, one can use different algorithms like Round Robin, Weighted Round Robin, Least Connection Method, Least Response Time, Least Bandwidth, IP Hash.

As a result, the load balancer can be a single point of failure. To overcome this, a second load balancer can be connected to the first to form a cluster.

Caching

Caches take advantage of the locality of references principle. A cache is like a short term memory. That is to say, it is faster with limited space. Furthermore, caches can exist at all levels in the architecture but often found at the level nearest to the front end.

Application Server Cache

Placing a cache directly on a request layer node enables the local storage of response data.

Content Distribution Network

CDNs are a kind of cache that comes into play for sites serving large amounts of static data.

Cache Invalidation

  1. Write through cache – Write the data into the cache and the corresponding database at the same time.
  2. Write around cache – Write the data to permanent storage, bypassing the cache. Therefore, recently written data will create a cache miss.
  3. Write-back cache – Write the data to cache alone and sync with backend storage after a specified interval.

Cache Eviction Policies

  1. First In First Out
  2. Last In First Out
  3. Least Recently Used
  4. Least Frequently Used
  5. Most Recently Used
  6. Random Replacement

Database

You will need a storage system for your data. Obviously, Databases are the most common solution. Accordingly, there are two types of databases. Basically, Relational databases and Non-Relational databases.

If your data is structured, you can use a relational database. Also, relational databases offer structured query language (SQL) to query the databases.

Non-relational databases are unstructured, and distributed.

SQL

  1. Store data in rows and columns
  2. Each row contains information about one entity
  3. MySQL, MS SQL, Oracle, PostgreSQL, SQLite are some examples of relational databases.
  4. SQL databases use SQL for querying.
  5. Vertically scalable, but expensive.
  6. Horizontally scalable, but time-consuming process.
  7. SQL databases are ACID (Atomicity, Consistency, Isolation, and Durability) compliant.
  8. If you need ACID compliance and structured data, use SQL databases.

NoSQL

  1. Key-Value Stores  – Redis, Dynamo DB
  2. Document databases – Couch DB and MongoDB
  3. Wide-Column databases – Columnar databases are best suited for analyzing large datasets – Cassandra and HBase
  4. Graph databases – data stored and related to each other in graph format.  Subsequently, data is stored with nodes (entities), properties (info about entities), and lines (the connection between entities) – Neo4J and InfiniteGraph
  5. Schemas are dynamic. Columns can be added on the fly and each row doesn’t have to contain data for each column.
  6. Use UnQL (Unstructured Query Language).
  7. Horizontally scalable easily.
  8. Not ACID Compliant
  9. Allows rapid development, stores a large volume of data with no structure.

Database Indexes

If the database search performance has been bad, we create indexes to improve that performance. Henceforth, the goal of creating an index on a particular table in a database is to make it faster to search through the table.

Indexes improve read performance, but decrease write performance. Consequently, indexes also increase memory usage. If your database is read-intensive, indexes are a good strategy. Don’t add indexes if the database is write-intensive.

Proxies

Proxy server is a piece of software or hardware that acts as an intermediary for requests from clients seekings resources from other servers. Accordingly, Proxies are used to filter requests, log requests, and sometimes transform the requests. Even more, proxy server cache can serve a lot of requests.

Open Proxy

An open proxy server is accessible by any internet user. As a result, any internet user is able to use the proxy for forwarding the requests.

Reverse Proxy

A reverse proxy retrieves resources on behalf of the client from one or more servers. Consequently, these resources are then returned to the client.

CAP Theorem

In any distributed system, you can not achieve all three consistency, availability, and partition tolerance.

CAP Theorem states that you can only get two out of these three options.

Consistency – All nodes see the same data at the same time.

Availability – Every request gets a response on success/failure.

Partition Tolerance – A partition tolerant system can tolerate any amount of network failure that doesn’t result in a failure of the entire network. Particularly, data replication across nodes helps to keep the system up.

Consistent Hashing

Consistent hashing is a mechanism that allows distributing the data across a cluster in such a way that will minimize reorganization when nodes are added or removed. As a result, when you employ consistent hashing, resizing of the hash table results in the remapping of k/n keys.

Conclusion

In conclusion, knowing these fundamentals about a distributed system can immensely help a developer while writing code or designing a system. By all means, study these fundamentals, but you should also learn about domain-driven design. Nonetheless, if you enjoyed this post, you can subscribe to my blog here.

References

  1. System Design Primer – System Design Primer
  2. System Design – System Design

7 AWS Services Every Developer Should Know About

In this post, I will describe the 7 AWS Services a developer should know about. As a developer, it is important to understand when and how to use these services.

Even though moving the infrastructure to the cloud movement began in the last decade, it has picked up the speed in the last 5-6 years. As always, Amazon had been leading on this front. Now the most companies use cloud whether AWS, Google, or Microsoft Azure services for cloud infrastructure.

Amazon Web Services offer a number of services, but we will look at the 7 AWS services only. These services help users to administrator their applications smoothly. If you are building an application and using old on-premise infrastructure, you will be better off moving to the cloud. The dilemma comes what services to use, which Cloud service to choose.

Personally, Amazon is the best solution. It also offers alerts for price management. There are millions of features available with AWS.

7 AWS Services to know

  • Elastic Container Service
  • AWS Lambda
  • Simple Cloud Storage (S3)
  • DynamoDB
  • Route53
  • Elastic Load Balancer (ELB)
  • Kinesis

Elastic Container Service (ECS)

ECS is a container orchestration service. What does container orchestration mean?

  • Basically, you build your application.
  • Deploy that application on a docker container.
  • Push the docker image to ECR (Elastic Container Repository).
  • Build your elastic container service while using the docker image from ECR.

ECS does a good job of choosing what EC2 instance to use, how to identify a load balancer to use, and how many instances to run for your service.

ECS easily integrates with other cloud services that Amazon offers. These services include Amazon Route53, Secrets Manager, Identity and Access Management, and Cloudwatch.

While deploying your service on ECS, you can choose an EC2 container or AWS Fargate container. AWS Fargate is a serverless compute engine that works with both Elastic Container Service or Elastic Kubernetes Service (EKS).

EC2 is an Elastic Cloud Computing service that offers a server instance. You can choose what you want on your server instance installed.

Lambda

If you have heard the word “Serverless”, it is the AWS Lambda that has made it popular. You can write your code without provisioning or managing servers. The selling point of Lambda is that you don’t have to worry about backend infrastructure. Lambda takes care of that, you only pay for the compute time you use. So this makes writing efficient code even more important.

The alacrity with which Lambda handles running your code, it makes Lambda one of the most useful services. Lambda is definitely the most useful when you want to automate repetitive tasks.

Running an entire application on Lambda may not be the best idea. If it’s a static website, then surely you can use Lambda. But a scalable and dynamic application, you will be better off using an EC2 instance than Lambda.

One heuristic to consider to decide when to use Lambda – If you have a code that will not change, but will also perform repetitive tasks without much monitoring efforts, then use Lambda.

S3

S3 is a Simple Cloud Storage. Irrespective of what kind of application you build, you have to store static files somewhere. AWS offers a simple and effective service called S3.

To understand S3 is to understand a hash table. Usually, when you store any file on S3, the service generates a random string as a key to identify that file. The file is the blob format data.

S3 is targeted towards application builders to individual users. The advantages of S3 are scalability, high availability, performance, and security. S3 can also be used for redundancy. One thing to remember that you can not use S3 to host a static website, especially if you want to use it with HTTPS.

DynamoDB

DyanmoDB is a No-SQL database service. The advantages of DynamoDB over regular DB are:

  • High performance even at a scale
  • a simple API allowing for simple key-value access

Dynamo DB is a partitioned B-Tree Data structure. The performance in DynamoDB remains consistent irrespective of the data you are inserting in it. Key-Value pair makes it easy to access Dyanmo DB.

You can get aggregated or sorted data from a regular relational database. But with DynamoDB, your application has to do everything on its own. Once the application fetches the data from DynamoDB, it can get a single data or a contiguous range of data. This is the key point in deciding if you want to use DynamoDB or not.

Route53

Route53 as the name suggests is a DNS service that translates a domain name to IP address. When a request comes from an application to AWS infrastructure, Route53 translates that request to either load balancers or EC2 instance or S3 bucket.

Route53 may not have many advantages over any other infrastructure, but as a developer knowing about Route53 is important. Once you deploy your application in AWS, you will need to make sure it is accessible to users. From a network perspective, understanding Route53 is important.

Route53 integrates well with ELB (Elastic Load Balancer).

ELB

ELB is an elastic load balancer service. It offers a load balancer for application and for the network. So we can say application load balancer (ALB) or network load balancer (NLB).

Application load balancer basically routes the traffic from the internet to your application and vice versa. ALBs offer different features like routing rules, sticky sessions, authentications.

Network load balancers route the network packets. NLB is a network router and not an HTTP request router.

Both NLBs and ALBs support TLS/HTTPS and integrates with AWS Certificate Manager. NLBs and ALBs don’t validate certificates, but since these load balancers run in a VPC, there is a protection from spoofing and man-in-the-middle attack.

One disadvantage of ALBs is that it adds a few milliseconds to each request, increasing the latency in the process. AWS handles scaling ALB automatically based on the demand for your service.

Kinesis

Kinesis is a streaming service. It basically collects, processes, and analyzes real-time data. Once the data arrives in the streaming service, you can build an event to handle the data. Kinesis steam is a highly durable linked list.

You can have multiple applications consuming data from Kinesis. As data streaming getting more and more popular, kinesis offers a lot of flexibility.

Conclusion

There are a lot of other AWS services like SQS, Cloud Formation, Cognito, API Gateway, Step Functions, etc. Here I described 7 AWS services that you will end up using the most frequently. Also, I want to thank Daniel Vassallo and his insightful book The Good Parts of AWS.

If you enjoyed this post, please subscribe to my blog here.