DynamoWave Chat is a modern, scalable, serverless real-time chat application built using AWS Lambda, DynamoDB, and API Gateway.
➡️ Core Focus: Enhancing scalability, performance, and security from a non-functional standpoint.
- Establish WebSocket connection: Two-way communication between the client and server.
- ConnectHandler Lambda: Triggered when a connection is established, inserting the
connectionIdinto ConnectionsTable. - Notification to Client: Once the connection is established, the client is notified.
- SendMessageHandler Lambda: Iterates through
connectionIdsand sends messages to connected clients. - DisconnectHandler Lambda: Cleans up by removing inactive
connectionIdsafter the session ends.
| Service | Identifier | Purpose |
|---|---|---|
| API Gateway | WebSocket API | Enables real-time communication. |
| DynamoDB | ConnectionsTable | Tracks and manages active connections. |
| AWS Lambda | ConnectHandler | Records new connections for operational monitoring. |
| DisconnectHandler | Removes inactive connections from the registry. | |
| SendMessageHandler | Handles reliable communication among connected clients. | |
| DefaultHandler | Notifies clients when the connection has been established. |
-
Reserved Concurrency for Critical Lambdas: Critical Lambda functions have reserved concurrency quotas to ensure compute availability during peak times and prevent throttling.
➡️ Allocating resources ensures the application remains functional even during high load periods.
-
Data Durability via Point-In-Time Recovery (PITR): Enabled PITR for DynamoDB to restore data to any second in the past 35 days, ensuring data availability and fault tolerance, even in case of accidental overwrites or deletions.
➡️ Simplifies data recovery without operational overhead or over-provisioning costs.
-
Backpressure Resilience: Implemented API Gateway throttling and rate limiting to ensure backend services aren't overwhelmed during peak usage.
➡️ Defines a maximum threshold of incoming requests and caps client requests to avoid service downtime or DDoS attacks.
-
Resilience to Zonal Failures: While the application is resilient to zonal outages, to improve availability in production systems, DynamoDB Global Tables and regional redundancy with Route 53 DNS failover could be implemented.
➡️ Provides higher availability for mission-critical applications and geographically distributed user bases.
-
Error Handling: Incorporated error handling mechanisms in Lambda functions to prevent cascading failures and ensure system stability.
-
Retry Mechanisms: Implemented exponential backoff for critical functions to recover from transient errors such as network failures or database operations.
➡️ Increases the likelihood of successful message delivery without overwhelming the system.
-
Graceful Error Recovery: Configured a Dead Letter Queue (DLQ) to capture and reprocess failed messages, ensuring zero data loss.
-
Dynamic Auto-scaling for DynamoDB: Dynamically adjusts capacity based on fluctuating workloads to ensure cost-effective scalability.
➡️ Automatically scales based on demand, reducing costs during idle times and increasing capacity during peak times.
-
Custom Lambda Warmer: Implemented a Lambda warmer function to reduce cold starts and improve performance for sporadically used functions.
➡️ Configured a CloudWatch event to trigger the warmer function, maintaining low-latency performance.
-
API Gateway Resource Policies: Enforced HTTPS-only requests to ensure secure transport for all connections.
-
KMS Encryption for DynamoDB: Secures all data at rest with KMS encryption, protecting sensitive user information.
-
Least Privilege IAM Roles: Pruned down IAM policies for Lambda service roles to enforce least-privilege access, minimizing risks of privilege escalation.
-
Throttling for DDoS Mitigation: API throttling prevents potential DDoS attacks by limiting the number of requests a user or bot can send in a given time.
-
WAF Integration: Adding a Web Application Firewall (WAF) on top of API Gateway to protect against excessive resource consumption and ensure application availability.
➡️ Managed and custom rules will prevent potential security threats.
-
CloudWatch Alarms & SNS Integration: Configuring real-time alerts for abnormal API usage patterns or security incidents via CloudWatch alarms and SNS notifications.
➡️ Improves monitoring and operational insights.
We welcome suggestions to further improve the architecture or performance of DynamoWave Chat. Feel free to contact me at tanishka.marrott@gmail.com.
Special thanks to AWS for providing the foundational architecture guidelines for this project: AWS WebSocket API Chat App Guide.