name: aws-cloud-patterns description: AWS 云模式,适用于 Lambda、ECS、S3、DynamoDB,以及使用 CDK/Terraform 的基础设施即代码
AWS 云模式
Lambda 函数模式
import { APIGatewayProxyHandlerV2 } from "aws-lambda";
import { DynamoDBClient } from "@aws-sdk/client-dynamodb";
import { DynamoDBDocumentClient, GetCommand } from "@aws-sdk/lib-dynamodb";
const client = DynamoDBDocumentClient.from(new DynamoDBClient({}));
export const handler: APIGatewayProxyHandlerV2 = async (event) => {
const id = event.pathParameters?.id;
if (!id) {
return { statusCode: 400, body: JSON.stringify({ error: "缺少id" }) };
}
const result = await client.send(
new GetCommand({ TableName: process.env.TABLE_NAME!, Key: { pk: id } })
);
if (!result.Item) {
return { statusCode: 404, body: JSON.stringify({ error: "未找到" }) };
}
return {
statusCode: 200,
headers: { "Content-Type": "application/json" },
body: JSON.stringify(result.Item),
};
};
在处理器外部初始化 SDK 客户端,以在多个调用中重用连接。
DynamoDB 单表设计
interface OrderItem {
pk: string; // 用户#<userId>
sk: string; // 订单#<orderId>
gsi1pk: string; // 订单#<orderId>
gsi1sk: string; // 项目#<itemId>
entityType: string; // "订单" | "订单项目"
data: Record<string, any>;
ttl?: number;
}
const params = {
TableName: "AppTable",
KeyConditionExpression: "pk = :pk AND begins_with(sk, :prefix)",
ExpressionAttributeValues: {
":pk": `用户#${userId}`,
":prefix": "订单#",
},
};
先设计访问模式,再建模键。使用 GSI 进行替代查询模式。
CDK 基础设施
import * as cdk from "aws-cdk-lib";
import { Construct } from "constructs";
import * as lambda from "aws-cdk-lib/aws-lambda-nodejs";
import * as dynamodb from "aws-cdk-lib/aws-dynamodb";
import * as apigateway from "aws-cdk-lib/aws-apigatewayv2";
export class ApiStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const table = new dynamodb.Table(this, "AppTable", {
partitionKey: { name: "pk", type: dynamodb.AttributeType.STRING },
sortKey: { name: "sk", type: dynamodb.AttributeType.STRING },
billingMode: dynamodb.BillingMode.PAY_PER_REQUEST,
pointInTimeRecovery: true,
removalPolicy: cdk.RemovalPolicy.RETAIN,
});
const fn = new lambda.NodejsFunction(this, "ApiHandler", {
entry: "src/handler.ts",
runtime: cdk.aws_lambda.Runtime.NODEJS_22_X,
architecture: cdk.aws_lambda.Architecture.ARM_64,
memorySize: 256,
timeout: cdk.Duration.seconds(10),
environment: { TABLE_NAME: table.tableName },
});
table.grantReadWriteData(fn);
}
}
S3 事件处理
import { S3Event } from "aws-lambda";
import { S3Client, GetObjectCommand } from "@aws-sdk/client-s3";
const s3 = new S3Client({});
export async function handler(event: S3Event) {
for (const record of event.Records) {
const bucket = record.s3.bucket.name;
const key = decodeURIComponent(record.s3.object.key.replace(/\+/g, " "));
const obj = await s3.send(new GetObjectCommand({ Bucket: bucket, Key: key }));
const body = await obj.Body?.transformToString();
await processFile(key, body);
}
}
反模式
- 硬编码 AWS 凭证而不是使用 IAM 角色
- 未适当设置 Lambda 超时和内存
- 在 DynamoDB 上使用
SELECT *等效扫描而不是基于键条件的查询 - 为每个 CRUD 操作创建一个 Lambda 函数而不是按域分组
- 缺少 CloudWatch 警报用于错误率和限制
- 未启用 DynamoDB 表的点时间恢复
检查清单
- [ ] SDK 客户端在 Lambda 处理器外部初始化
- [ ] IAM 角色遵循最小权限原则
- [ ] 在表模式之前设计 DynamoDB 访问模式
- [ ] Lambda 使用 ARM64 架构以节省成本
- [ ] S3 桶具有版本控制和生命周期策略
- [ ] 设置 CloudWatch 警报用于 Lambda 错误、持续时间和限制
- [ ] 基础设施定义为代码(CDK 或 Terraform)
- [ ] 机密存储在 Systems Manager Parameter Store 或 Secrets Manager