Deploying MicroProfile on Quarkus as AWS Lambda with AWS CDK v2 watch and hotswap

With the cdk watch or cdk deploy --hotswap feature an AWS Lambda can be deployed faster creating a "drift" bypassing the regular AWS CloudFormation deployment.

The aws-quarkus-lambda-cdk-plain template already ships with watch mode configured to listen to local changes:

AWS CDK Plain, AWS CDK Lambda Plain and AWS Quarkus Lambda CDK Plain Templates are using AWS CDK GA v2 for Java

AWS Cloud Development Kit (AWS CDK) v2 is GA (also checkout: Building Reusable "Cloud Components" / Constructs with AWS CDK, Java and Maven), now you only need two Maven dependencies in your CDK project:


<dependency>
    <groupId>software.amazon.awscdk</groupId>
    <artifactId>aws-cdk-lib</artifactId>
    <version>2.0.0</version>
</dependency>
<dependency>
    <groupId>software.constructs</groupId>
    <artifactId>constructs</artifactId>
    <version>3.3.161</version>
</dependency>

AWS CDK v2 ships with additional features like: hot swapping, disabling rollback, the watch mode and JUnit assertions.

The AWS CDK Template, AWS (asynchronous) Lambda Template and API Gateway, AWS Lambda, Quarkus Template are updated from 2.0 Release Candidate to 2.0.0 GA.

GraalVM and Java 17, Truffle, Espresso and Native Image--an airhacks.fm podcast

Subscribe to airhacks.fm podcast via: spotify| iTunes| RSS

The #167 airhacks.fm episode with Shaun Smith (@shaunmsmith) about:
GraalVM 21.3.0 Java 11 and Java 17 release, Native Image performance optimizations, GraalVM in the clouds, Truffle, Espresso and the economic impact of performance
is available for

Live From Voxxed Days Romania: Java, Clouds and Cost Driven Architectures

An interactive keynote from Voxxed Days Romania about "Cost Driven Architectures" and serverless Java, with and without GraalVM, in the clouds:

Create a Quarkus / MicroProfile Project

To create a Quarkus / MicroProfile project, perform:

mvn io.quarkus.platform:quarkus-maven-plugin:[RECENT_VERSION].Final:create (e.g. mvn io.quarkus.platform:quarkus-maven-plugin:2.5.0.Final:create)

Add the following microprofile extensions to the <dependencies> in your pom.xml:

<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-openapi</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-opentracing</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-fault-tolerance</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-health</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-metrics</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-resteasy-jsonb</artifactId>
</dependency>
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-rest-client</artifactId>
</dependency>
<dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-smallrye-jwt</artifactId>
</dependency>

The dependencies are also maintained in the quarkus-microprofile-extensions gist.

From DevFlix: Hey Enterprise EJB Developers Now Is The Time To Go Serverless (and slideless)

Explaining AWS Lambda concepts like cold starts, concurrency, throttling, performance etc. ...with Stateless- and Message Driven Bean (SLSB, MDB) and answering questions on-the-go:

JCON: Building Complex Apps with plain Web Components

Building web applications with plain WebComponents including: internal structuring, routing, state management / data binding / unidirectional data flow, redux, HTTP backend communication and Server Sent Events. The BCE.design template was used as a starting point:

Debezium, Server, Engine, UI and the Outbox--an airhacks.fm podcast

Subscribe to airhacks.fm podcast via: spotify| iTunes| RSS

The #166 airhacks.fm episode with Gunnar Morling (@gunnarmorling) about:
Debezium, Debezium Engine and Server vs. Kafka Connect, Debezium UI, incremental snapshots and the Outbox pattern
is available for

How To Connect to an Insecure SSL Endpoint with Java HTTP Client

To connect to an insecure https endpoint (e.g. with self-signed certificates, here https://localhost:8443) with Java 11+ HTTP Client, you disable certificate checks in SSLContext first:


import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

static SSLContext insecureContext() {
    TrustManager[] noopTrustManager = new TrustManager[]{
        new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] xcs, String string) {}
            public void checkServerTrusted(X509Certificate[] xcs, String string) {}
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }
    };
    try {
        SSLContext sc = SSLContext.getInstance("ssl");
        sc.init(null, noopTrustManager, null);
        return sc;
    } catch (KeyManagementException | NoSuchAlgorithmException ex) {}
}    

The hostname verification is deactivated via Java's System properties. After setting the properties and passing the insecure SSLContext, the endpoint is ready to connect to a HTTP endpoint with an invalid SSL certificate:


@Test
public void connectToInsecureEndpoint() throws IOException, InterruptedException {
    var properties = System.getProperties(); 
    properties.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString());

    var uri = URI.create("https://localhost:8443");
    var client = HttpClient.newBuilder()
            .sslContext(insecureContext())
            .build();

    var request = HttpRequest.newBuilder(uri)
            .GET()
            .build();
    
    var content = client.send(request, BodyHandlers.ofString()).body();
    assertNotNull(content);
}    

Without the disabling the hostname verification you will get the following exception:


javax.net.ssl.SSLHandshakeException: No name matching localhost found
    at airhacks.HttpClientTest.connectToInsecureEndpoint(HttpClientTest.java:41)
Caused by: javax.net.ssl.SSLHandshakeException: No name matching localhost found
Caused by: java.security.cert.CertificateException: No name matching localhost found

...and without setting the insecure SSLContext the following exception is thrown:


javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at airhacks.HttpClientTest.connectToInsecureEndpoint(HttpClientTest.java:41)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target    

Performance Impression: MicroProfile on Quarkus as AWS Lambda Fat Function

Cold- and warm starts of a Quarkus / MicroProfile application (available from: github.com/AdamBien/aws-quarkus-lambda-cdk-plain) deployed as AWS Lambda running on fraction of a vCPU:

Online Workshops
...the last 150 posts
...the last 10 comments
License