Unlock self-serve streaming SQL with Amazon Managed Service for Apache Flink

This publish is co-written with Gal Krispel from Riskified.

Riskified is an ecommerce fraud prevention and threat administration platform that helps companies optimize on-line transactions by distinguishing reputable clients from fraudulent ones.

Utilizing synthetic intelligence and machine studying (AI/ML), Riskified analyzes real-time transaction information to detect and stop fraud whereas maximizing transaction approval charges. The platform gives a chargeback assure, defending retailers from losses as a consequence of fraudulent transactions. Riskified’s options embody account safety, coverage abuse prevention, and chargeback administration software program, making it a complete software for decreasing threat and enhancing buyer expertise. Companies throughout varied industries, together with retail, journey, and digital items, use Riskified to extend income whereas minimizing fraud-related losses. Riskified’s core enterprise of real-time fraud prevention makes low-latency streaming applied sciences a basic a part of its resolution.

Companies usually can’t afford to attend for batch processing to make essential selections. With real-time information streaming applied sciences like Apache Flink, Apache Spark, and Apache Kafka Streams, organizations can react immediately to rising traits, detect anomalies, and improve buyer experiences. These applied sciences are highly effective processing engines that carry out analytical operations at scale. Nevertheless, unlocking the total potential of streaming information usually requires advanced engineering efforts, limiting accessibility for analysts and enterprise customers.

Streaming pipelines are in excessive demand from Riskified’s Engineering division. Subsequently, a user-friendly interface for creating streaming pipelines is a essential function to extend analytical precision for detecting fraudulent transactions.

On this publish, we current Riskified’s journey towards enabling self-service streaming SQL pipelines. We stroll by means of the motivations behind the shift from Confluent ksqlDB to Apache Flink, the structure Riskified constructed utilizing Amazon Managed Service for Apache Flink, the technical challenges they confronted, and the options that helped them make streaming accessible, scalable, and production-ready.

Utilizing SQL to create streaming pipelines

Prospects have a spread of open supply information processing applied sciences to select from, comparable to Flink, Spark, ksqlDB, and RisingWave. Every platform provides a streaming API for information processing. SQL streaming jobs supply a strong and intuitive strategy to course of real-time information with minimal complexity. These pipelines use SQL, a extensively identified and declarative language, to carry out real-time transformations, filtering, aggregations, and joins in steady information streams.

For instance the ability of streaming SQL in ecommerce fraud prevention, take into account the idea of velocity checks, that are a essential fraud detection sample. Velocity checks are a kind of safety measure used to detect uncommon or fast exercise by monitoring the frequency and quantity of particular actions inside a given timeframe. These checks assist determine potential fraud or abuse by analyzing repeated behaviors that deviate from regular consumer patterns. Widespread examples embody detecting a number of transactions from the identical IP handle in a short while span, monitoring bursts of account creation makes an attempt, or monitoring the repeated use of a single fee technique throughout completely different accounts.

Use case: Riskified’s velocity checks

Riskified carried out a real-time velocity examine utilizing streaming SQL to observe buying habits based mostly on consumer identifier.

On this setup, transaction information is constantly streamed by means of a Kafka matter. Every message accommodates consumer agent info originating from the browser, together with the uncooked transaction information. Streaming SQL queries are used to mixture the variety of transactions originating from a single consumer identifier inside quick time home windows.

For instance, if the variety of transactions from a given consumer identifier exceeds a sure threshold inside a 10-second interval, this may sign fraudulent exercise. When that threshold is breached, the system can routinely flag or block the transactions earlier than they’re accomplished. The next determine and accompanying code present a simplified instance of the streaming SQL question used to detect this habits.

SELECT userIdentifier,TUMBLE_START(createdAt, INTERVAL '10' SECONDS) 
  AS windowStart,TUMBLE_END(createdAt, INTERVAL '10' SECONDS) 
  AS windowEnd, COUNT(*) AS paymentAttempts
FROM transactions
  WINDOW TUMBLING (SIZE 10 SECONDS)
GROUP BY userIdentifier;

Though defining SQL queries over static datasets may seem easy, growing and sustaining sturdy streaming purposes introduces distinctive challenges. Conventional SQL operates on bounded datasets, that are finite collections of information saved in tables. In distinction, streaming SQL is designed to course of steady, unbounded information streams resembling the SQL syntax.

To deal with these challenges at scale and make streaming job creation accessible to engineering groups, Riskified carried out a self-serve resolution based mostly on Confluent ksqlDB, utilizing its SQL interface and built-in Kafka integration. Engineers might outline and deploy streaming pipelines utilizing SQL, chaining ksqlDB streams from supply to sink. The system supported each stateless and stateful processing straight on Kafka subjects, with Avro schemas used to outline the construction of streaming information.

Though ksqlDB offered a quick and approachable place to begin, it will definitely revealed a number of limitations. These included challenges with schema evolution, difficulties in managing compute sources, and the absence of an abstraction for managing pipelines as a cohesive unit. Because of this, Riskified started exploring various applied sciences that would higher assist its increasing streaming use instances. The next sections define these challenges in additional element.

Evolving the stream processing structure

In evaluating alternate options, Riskified centered on applied sciences that would handle the precise calls for of fraud detection whereas preserving the simplicity that made the unique strategy interesting. The crew encountered the next challenges in sustaining the earlier resolution:

• Schemas are managed in Confluent Schema Registry, and the message format is Avro with FULL compatibility mode enforced. Schemas are consistently evolving based on enterprise necessities. They’re model managed utilizing Git with a strict steady integration and steady supply (CI/CD) pipeline. As schemas grew extra advanced, ksqlDB’s strategy to schema evolution didn’t routinely incorporate newly added fields. This habits required dropping streams and recreating them so as to add new fields as a substitute of simply restarting the appliance to include new fields. This strategy induced inconsistencies with offset administration as a result of stream’s tear-down.
• ksqlDB enforces a TopicNameStrategy schema registration technique, which gives 1:1 schema-to-topic coupling. This implies the precise schema definition needs to be registered a number of occasions, one time for every matter it’s used for. Riskified’s schema registry deployment makes use of RecordNameStrategy for schema registration. It’s an environment friendly schema registry technique that enables for sharing schemas throughout a number of subjects, storing fewer schemas, and decreasing registry administration overhead. Having combined methods within the schema registry induced errors with Kafka shopper shoppers trying to decode messages, as a result of the consumer implementation anticipated a RecordNameStrategy based on Riskified’s commonplace.
• ksqlDB internally registers schema definitions in particular methods the place fields are interpreted as nullable, and Avro Enum varieties are transformed to Strings. This habits induced deserialization errors when trying emigrate native Kafka shopper purposes to make use of the ksqlDB output matter. Riskified’s code base makes use of the Scala programming language, the place elective fields within the schema are interpreted as Possibility. Remodeling each discipline as elective within the schema definition required heavy refactoring, treating all Enum fields as Strings, and dealing with the Possibility information kind for each discipline that requires secure dealing with. This cascading impact made the migration course of extra concerned, requiring extra time and sources to realize a clean transition.

Managing useful resource rivalry in ksqlDB streaming workloads

ksqlDB queries are compiled right into a Kafka Streams topology. The question definition defines the topology’s habits.

Streaming question sources are shared slightly than remoted. This strategy usually results in the overallocation of cluster sources. Its duties are distributed throughout nodes in a ksqlDB cluster. This structure means processing duties with no useful resource isolation, and a selected process can impression different duties working on the identical node.

Useful resource rivalry between duties on the identical node is frequent in a production-intensive atmosphere when utilizing a cluster structure resolution. Operation groups usually fine-tune cluster configurations to keep up acceptable efficiency, ceaselessly mitigating points by over-provisioning cluster nodes.

Challenges with ksqlDB pipelines

A ksqlDB pipeline is a sequence of particular person streams and lacks flow-level abstraction. Think about a fancy pipeline the place a shopper publishes to a number of subjects. In ksqlDB, every matter (each enter and output) should be managed as a separate stream abstraction. Nevertheless, there is no such thing as a high-level abstraction to symbolize a complete pipeline that chains these streams collectively. Because of this, engineering groups should manually assemble particular person streams right into a cohesive information circulation, with out built-in assist for managing them as a single, full pipeline.

This architectural strategy notably impacts operational duties. Troubleshooting requires analyzing every stream individually, making it tough to observe and keep pipelines that comprise dozens of interconnected streams. When points happen, the well being of every stream must be checked individually, with no logical information circulation part to assist perceive the relationships between streams or their position within the total pipeline. The absence of a unified view of the information circulation considerably elevated operational complexity.

Flink as a substitute

Riskified started exploring alternate options for its streaming platform. The necessities had been clear: a powerful processing expertise that mixes a wealthy low-level API and a streaming SQL engine, backed by a powerful open supply group, confirmed to carry out in probably the most demanding manufacturing environments.

In contrast to the earlier resolution, which supported solely Kafka-to-Kafka integration, Flink provides an array of connectors for varied databases and Streaming platforms. It was shortly acknowledged that Flink had the potential to deal with advanced streaming use instances.

Flink provides a number of deployment choices, together with standalone clusters, native Kubernetes deployments utilizing operators, and Hadoop YARN clusters. For enterprises searching for a totally managed possibility, cloud suppliers like AWS supply managed Flink providers that assist alleviate operational overhead, comparable to Managed Service for Apache Flink.

Advantages of utilizing Managed Service for Apache Flink

Riskified determined to implement an answer utilizing Managed Service for Apache Flink. This selection provided a number of key benefits:

• It provides a fast and dependable strategy to run Flink purposes and reduces the operational overhead of independently managing the infrastructure.
• Managed Service for Apache Flink gives true job isolation by working every streaming software in its devoted cluster. This implies you may handle sources individually for every job and cut back the chance of heavy streaming jobs inflicting useful resource hunger for different working jobs.
• It provides built-in monitoring utilizing Amazon CloudWatch metrics, software state backup with managed snapshots, and automated scaling.
• AWS provides complete documentation and sensible examples to assist speed up the implementation course of.

With these options, Riskified might give attention to what really issues—getting nearer to the enterprise objective and beginning to write purposes.

Utilizing Flink’s streaming SQL engine

Builders can use Flink to construct advanced and scalable streaming purposes, however Riskified noticed it as greater than only a software for consultants. They needed to democratize the ability of Flink right into a software for your entire group, to resolve advanced enterprise challenges involving real-time analytics necessities without having a devoted information skilled.

To exchange their earlier resolution, they envisioned sustaining a “construct as soon as, deploy many” software, which encapsulates the complexity of the Flink programming and permits the customers to give attention to the SQL processing logic.

Kafka was maintained because the enter and output expertise for the preliminary migration use case, which is analogous to the ksqlDB setup. They designed a single, versatile Flink software the place end-users can modify the enter subjects, SQL processing logic, and output locations by means of runtime properties. Though ksqlDB primarily focuses on Kafka integration, Flink’s intensive connector ecosystem permits it to increase to numerous information sources and locations in future phases.

Managed Service for Apache Flink gives a versatile strategy to configure streaming purposes with out modifying their code. Through the use of runtime parameters, you may change the appliance’s habits with out modifying its supply code.

Utilizing Managed Service for Apache Flink for this strategy consists of the next steps:

1. Apply parameters for the enter/output Kafka matter, a SQL question, and the enter/output schema ID (assuming you’re utilizing Confluent Schema Registry).
2. Use AvroSchemaConverter to transform an Avro schema right into a Flink desk.
3. Apply the SQL processing logic and save the output as a view.
4. Sink the view outcomes into Kafka.

The next diagram illustrates this workflow.

Performing Flink SQL question compilation with out a Flink runtime atmosphere

Offering end-users with important management to outline their pipelines makes it essential to confirm the SQL question outlined by the consumer earlier than deployment. This validation prevents failed or hanging jobs that would devour pointless sources and incur pointless prices.

A key problem was validating Flink SQL queries with out deploying the total Flink runtime. After investigating Flink’s SQL implementation, Riskified found its dependency on Apache Calcite – a dynamic information administration framework that handles SQL parsing, optimization, and question planning independently of information storage. This perception enabled utilizing Calcite straight for question validation earlier than job deployment.

You could understand how the information is structured to validate a Flink SQL question on a streaming supply like a Kafka matter. In any other case, surprising errors may happen when trying to question the streaming supply. Though an anticipated schema is used with relational databases, it’s not enforced for streaming sources.

Schemas assure a deterministic construction for the information saved in a Kafka matter when utilizing a schema registry. A schema might be materialized right into a Calcite desk that defines how information is structured within the Kafka matter. It permits inferring desk constructions straight from schemas (on this case, Avro format was used), enabling thorough field-level validation, together with kind checking and discipline existence, all earlier than job deployment. This desk can later be used to validate the SQL question.

The next code is an instance of supporting primary discipline varieties validation utilizing Calcite’s AbstractTable:

public class FlinkValidator {
    public static void validateSQL(String sqlQuery, Schema avroSchema) throws Exception {
        SqlParser.Config sqlConfig = SqlParser.config()
                .withCaseSensitive(true);
        SqlParser sqlParser = SqlParser.create(sqlQuery, sqlConfig);
        SqlNode parsedQuery = sqlParser.parseQuery();
        RelDataTypeFactory typeFactory = new SqlTypeFactoryImpl(RelDataTypeFactory.DEFAULT);
        CalciteSchema rootSchema = createSchemaWithAvro(avroSchema);
        SqlValidator validator = SqlValidatorUtil.newValidator(
                Frameworks.newConfigBuilder().construct().getOperatorTable(),
                rootSchema.createCatalogReader(Collections.emptyList(), typeFactory),
                typeFactory,
                SqlValidator.Config.DEFAULT
        );
        validator.validate(parsedQuery);
    }
    personal static CalciteSchema createSchemaWithAvro(Schema avroSchema) {
        CalciteSchema rootSchema = CalciteSchema.createRootSchema(true);
        rootSchema.add("TABLE", new SimpleAvroTable(avroSchema));
        return rootSchema;
    }
    personal static class SimpleAvroTable extends org.apache.calcite.schema.impl.AbstractTable {
        personal closing Schema avroSchema;
        public SimpleAvroTable(Schema avroSchema) {
            this.avroSchema = avroSchema;
        }
        @Override
        public RelDataType getRowType(RelDataTypeFactory typeFactory) {
            RelDataTypeFactory.Builder builder = typeFactory.builder();
            for (Schema.Subject discipline : avroSchema.getFields()) {
                builder.add(discipline.identify(), convertAvroType(discipline.schema(), typeFactory));
            }
            return builder.construct();
        }
        personal RelDataType convertAvroType(Schema schema, RelDataTypeFactory typeFactory) {
            swap (schema.getType()) {
                case STRING:
                    return typeFactory.createSqlType(SqlTypeName.VARCHAR);
                case INT:
                    return typeFactory.createSqlType(SqlTypeName.INTEGER);
                default:
                    return typeFactory.createSqlType(SqlTypeName.ANY);
            }
        }
    }
}

You possibly can combine this validation strategy as an intermediate step earlier than creating the appliance. You possibly can create a streaming job programmatically with the AWS SDK, AWS Command Line Interface (AWS CLI), or Terraform. The validation happens earlier than submitting the streaming job.

Flink SQL and Confluent Avro information kind mapping limitation

Flink gives a number of APIs designed for various ranges of abstraction and consumer experience:

• Flink SQL sits on the highest degree, permitting customers to precise information transformations utilizing acquainted SQL syntax, which is right for analysts and groups comfy with relational ideas.
• The Desk API provides an identical strategy however is embedded in Java or Python, enabling type-safe and extra programmatic expressions.
• For extra management, the DataStream API exposes low-level constructs to handle occasion time, stateful operations, and sophisticated occasion processing.
• On the most granular degree, the ProcessFunction API gives full entry to Flink’s runtime options. It’s appropriate for superior use instances that demand detailed management over state and processing habits.

Riskified initially used the Desk API to outline streaming transformations. Nevertheless, when deploying their first Flink job to a staging atmosphere, they encountered serialization errors associated to the avro-confluent library and Desk API. Riskified’s schemas rely closely on Avro Enum varieties, which the avro-confluent integration doesn’t absolutely assist. Because of this, Enum fields had been transformed to Strings, resulting in mismatches throughout serialization and errors when trying to sink processed information again to Kafka utilizing Flink’s Desk API.

Riskified developed another strategy to beat the Enum serialization limitations whereas sustaining schema necessities. They found that Flink’s DataStream API might appropriately deal with Confluent’s Avro data serialization with Enum fields, not like the Desk API. They carried out a hybrid resolution combining each APIs as a result of the pipeline solely required SQL processing on the supply Kafka matter. It will probably sink to the output with none extra processing. The Desk API is used for information processing and transformations, solely changing to the DataStream API on the closing output stage.

Managed Service for Apache Flink helps Flink APIs. It will probably swap between the Desk API and the DataStream API.
A MapFunction can convert the Row kind of the Desk API right into a DataStream of GenericRecord. The MapFunction maps Flink’s Row information kind into GenericRecord varieties by iterating over the Avro schema fields and constructing the GenericRecord from the Flink Row kind, casting the Row fields into the proper information kind based on the Avro schema. This conversion is required to beat the avro-confluent library limitation with Flink SQL.

The next diagram and illustrates this workflow.

The next code is an instance question:

// SQL Question for filtering
Desk queryResults = tableEnv.sqlQuery(
       "SELECT * FROM InputTable");
// 1. Convert question outcomes from Desk API to a DataStream and use DataStream API to sink question outcomes to Kafka matter
DataStream rowStream = tableEnv.toDataStream(queryResults);
// Fetch the schema string from the schema registry
String schemaString = fetchSchemaString(schemaRegistryURL, schemaSubjectName);
// 2. Convert Row to GenericRecord with express TypeInformation, utilizing customized AvroMapper
TypeInformation typeInfo = new GenericRecordAvroTypeInfo(avroSchema);
DataStream genericRecordStream = rowStream
       .map(new AvroMapper(schemaString))
       .returns(typeInfo); // Explicitly set TypeInformation
// 3. Outline Kafka sink utilizing ConfluentRegistryAvroSerializationSchema
KafkaSink kafkaSink = KafkaSink.builder()
       .setBootstrapServers(bootstrapServers)
       .setRecordSerializer(
               KafkaRecordSerializationSchema.builder()
                       .setTopic(sinkTopic)
                       .setValueSerializationSchema(
                               ConfluentRegistryAvroSerializationSchema.forGeneric(
                                       schemaSubjectName,
                                       avroSchema,
                                       schemaRegistryURL
                               )
                       )
                       .construct()
       )
       .construct();
// Sink to Kafka
genericRecordStream.sinkTo(kafkaSink);

CI/CD With Managed Service for Apache Flink

With Managed Service for Apache Flink, you may run a job by choosing an Amazon Easy Storage Service (Amazon S3) key containing the appliance JAR. Riskified’s Flink code base was structured as a multi-module repository to assist extra use instances moreover supporting self-service SQL. Every Flink job supply code within the repository is an impartial Java module. The CI pipeline carried out a sturdy construct and deployment course of consisting of the next steps:

1. Construct and compile every module.
2. Run checks.
3. Package deal the modules.
4. Add the artifact to the artifacts bucket twice: one JAR underneath -.jar and the second as -latest.jar, resembling a Docker registry like Amazon Elastic Container Registry (Amazon ECR). Managed Service for Apache Flink jobs makes use of the most recent tag artifact on this case. Nevertheless, a duplicate of outdated artifacts is stored for code rollback causes.

A CD course of follows this course of:

5. When merged, it lists all jobs for every module utilizing the AWS CLI for Managed Service for Apache Flink.
6. The applying JAR location is up to date for every software, which triggers a deployment.
7. When the appliance is in a working state with no errors, the next software might be continued.

To permit secure deployment, this course of is finished progressively for each atmosphere, beginning with the staging atmosphere.

Self-service interface for submitting SQL jobs

Riskified believes an intuitive UI is essential for system adoption and effectivity. Nevertheless, growing a devoted UI for Flink job submission requires a realistic strategy, as a result of it may not be value investing in except there’s already an online interface for inside improvement operations.

Investing in UI improvement ought to align with the group’s present instruments and workflows. Riskified had an inside net portal for related operations, which made the addition of Flink job submission capabilities a pure extension of the self-service infrastructure.

An AWS SDK was put in on the net server to permit interplay with AWS parts. The consumer receives consumer enter from the UI and interprets it into runtime properties to regulate the habits of the Flink software. The net server then makes use of the CreateApplication API motion to submit the job to Managed Service for Apache Flink.

Though an intuitive UI considerably enhances system adoption, it’s not the one path to accessibility. Alternatively, a well-designed CLI software or REST API endpoint can present the identical self-service capabilities.

The next diagram illustrates this workflow.

Manufacturing expertise: Flink’s implementation upsides

The transition to Flink and Managed Service for Apache Flink proved environment friendly in quite a few points:

• Schema evolution and information dealing with – Riskified can both periodically fetch up to date schemas or restart purposes when schemas evolve. They’ll use present schemas with out self-registration.
• Useful resource isolation and administration – Managed Service for Apache Flink runs every Flink job as an remoted cluster, decreasing useful resource rivalry between jobs.
• Useful resource allocation and cost-efficiency – Managed Service for Apache Flink permits minimal useful resource allocation with automated scaling, proving to be extra cost-efficient.
• Job administration and circulation visibility – Flink gives a cohesive information circulation abstraction by means of its job and process mannequin. It manages your entire information circulation in a single job and distributes the workload evenly over a number of nodes. This unified strategy permits higher visibility into your entire information pipeline, simplifying monitoring, troubleshooting, and optimizing advanced streaming workflows.
• Constructed-in restoration mechanism – Managed Service for Apache Flink routinely creates checkpoints and savepoints that allow stateful Flink purposes to get better from failures and resume processing with out information loss. With this function, streaming jobs are sturdy and might get better safely from errors.
• Complete observability – Managed Service for Apache Flink exposes CloudWatch metrics that monitor Flink software efficiency and statistics. You too can create alarms based mostly on these metrics. Riskfied determined to make use of the Cloudwatch Prometheus Exporter to export these metrics to Prometheus and construct PrometheusRules to align Flink’s monitoring to the Riskified commonplace, which makes use of Prometheus and Grafana for monitoring and alerting.

Subsequent steps

Though the preliminary focus was Kafka-to-Kafka streaming queries, Flink’s big selection of sink connectors provides the potential of pluggable multi-destination pipelines. This versatility is on Riskfied’s roadmap for future enhancements.

Flink’s DataStream API gives capabilities that stretch far past self-serving streaming SQL capabilities, opening new avenues for extra subtle fraud detection use instances. Riskified is exploring methods to make use of DataStream APIs to reinforce ecommerce fraud prevention methods.

Conclusions

On this publish, we shared how Riskified efficiently transitioned from ksqlDB to Managed Service for Apache Flink for its self-serve streaming SQL engine. This transfer addressed key challenges like schema evolution, useful resource isolation, and pipeline administration. Managed Service for Apache Flink provides options comparable to together with remoted jobs environments, automated scaling, and built-in monitoring, which proved extra environment friendly and cost-effective. Though Flink SQL limitations with Kafka required workarounds, utilizing Flink’s DataStream API and user-defined capabilities resolved these points. The transition has paved the best way for future growth with multi-targets and superior fraud detection capabilities, solidifying Flink as a sturdy and scalable resolution for Riskified’s streaming wants.

If Riskified’s journey has sparked your curiosity in constructing a self-service streaming SQL platform, right here’s the best way to get began:

• Study extra about Managed Service for Apache Flink:
• Get hands-on expertise:

Concerning the authors

Gal Krispel is a Information Platform Engineer at Riskified, specializing in streaming applied sciences comparable to Apache Kafka and Apache Flink. He focuses on constructing scalable, real-time information pipelines that energy Riskified’s core merchandise. Gal is especially excited about making advanced information architectures accessible and environment friendly throughout the group. His work spans real-time analytics, event-driven design, and the seamless integration of stream processing into large-scale manufacturing methods.

Sofia Zilberman works as a Senior Streaming Options Architect at AWS, serving to clients design and optimize real-time information pipelines utilizing open-source applied sciences like Apache Flink, Kafka, and Apache Iceberg. With expertise in each streaming and batch information processing, she focuses on making information workflows environment friendly, observable, and high-performing.

Lorenzo Nicora works as Senior Streaming Resolution Architect at AWS, serving to clients throughout EMEA. He has been constructing cloud-centered, data-intensive methods for over 25 years, working throughout industries each by means of consultancies and product firms. He has used open-source applied sciences extensively and contributed to a number of initiatives, together with Apache Flink, and is the maintainer of the Flink Prometheus connector.