Rovshan Musayev presented on building a serverless self-service framework using AWS Lambda. He discussed how the need for automation led to creating a self-service model where teams can provision resources without asking. The framework uses AWS services like API Gateway, Lambda, SQS, and DynamoDB along with CI/CD tools. Testing is done through mocking and unit testing. Lessons learned include the importance of testing from the start and avoiding long living branches in source control.

1. Building Serverless Self
Service framework with
lambda
Rovshan Musayev, Cloud/DevOps Engineer

2. About me
● Worked in Azercell Telecom
● Moved to Czech Republic in 2016
● Currently Living in Prague
● Focus area DevOpsing in the Cloud
● Working in NN Group (Dutch company)
● Leading GoUp Open Source IT community along
with Sako

3. Agenda
● How all it get started?
● What is Self Service in our term?
● What & Why Serverless?
● Architecture of a framework
● Used tools and techniques
● Lesson learned
● Q & A

4. How all it get started ?

5. Central Automation Tooling (CAT)
Operational works, we hate them :/

7. Solution ?

8. Simple, Automation, means …
Self Service

9. Don’t ask, push the button

10. High level description
Team Component
SS framework

11. What is Serverless?
Serverless computing is an execution model where the
cloud provider (AWS, Azure, or Google Cloud) is
responsible for executing a piece of code by dynamically
allocating the resources

12. Why Serverless?
● No server management
● Pay as you go model
● Very scalable
● Easy to start
● Cheaper than traditional compute(aws lambda 1m requests
are free per month, then 0.2$ for per 1m)
● Easy to deploy using cloudformation

13. The big companies using Serverless

14. When NOT to use Serverless?
● If you have security concerns
● Long running processes
● Vendor lock in concerns
● Too complex architecture

15. Self Service diagram

16. Used tools and techniques
● AWS API Gateway
● Lambda functions
● Lambda Layers
● SQS
● DynamoDB
● Secrets Manager
● Parameter Store
● Gitlab CI/CD
● AWS X-Ray
● Mock testing
● Cloudformation
● Sceptre(troposphere)
● Jfrog Artifactory, Jfrog XRay
● Sonarqube

17. What is API Gateway?
Amazon API Gateway is an AWS service for creating,
publishing, maintaining, monitoring, and securing REST
and WebSocket APIs at any scale. API developers can
create APIs that access AWS or other web services

18. API Gateway Endpoints
● Edge optimized - Designed to reduce latency around the
globe
● Regional - Designed to reduce latency for the same region
with API
● Private - Designed to expose API only within specified
VPC

19. When to use which API Gateway

20. Securing API Gateway
● Resource policies - let you create resource-based policies
to allow or deny access to your APIs and methods from
specified source IP addresses or VPC endpoints
● IAM roles and policies
● Lambda authorizer - custom authorization scheme that
uses a bearer token authentication
● API Key - securing specific resources

21. API Gateway Integration
● Lambda Function
● HTTP
● Mock
● AWS Services
● VPC Link

22. A bit more about API Gateway
● Stages - Each stage is a snapshot of API and associated
with deployments like Dev/Test/Prod
● Stage variables - help to parametrize configurations
● Resources - is like a API path and methods
● Use OpenAPI(Swagger) - Import, export functionality
● Support canary, blue-green deployment

23. What is Lambda Function?
AWS Lambda is a compute service that lets you run code
without provisioning or managing servers.
● pay as you go
● no server management
● autoscaling

24. What is Lambda Layer?
A layer is a ZIP archive that contains libraries, a custom
runtime, or other dependencies. With layers, you can use
libraries in your function without needing to include them in
your deployment package.

25. SQS, DynamoDB, Secret Manager,
Parameter Store
● SQS - to provide asynchronous request processing
● DynamoDB - for storing requests in permanent location
● Secrets Manager - to store artifactory passwords
● Parameter Store - framework specific parameters

26. CI/CD implementation
● Gitlab CI/CD for execution of pipelines
● Artifactory for package management
● Sonarqube for code quality
● Sceptre for building cloudformation templates

27. CI/CD implementation

28. AWS Cloudformation yaml example

29. Testing Lambda function
● Using MOTO python library for mocking boto(AWS) library
● Using unittest.mock for mocking environment for local
Lambda testing
● http requests mocking
● Unittesting fully with mocking
● Integration testing on AWS environment

30. Specifications for Self-Service
● Storing configurations in another account which is
mutable in order to have mobility for reloading
● Using resource based policy for cross account
permissions
● For security we were using API key
● Using common python library and importing in as layer
(nndk.cat)
● Mapping git commits, branch names and environment
names to cloudformation stack name
Autoreading integration testing input parameters from
cloudformation stacks

31. Lessons learned
● Problems hiding in details
● Avoid long living branches in git
● Check open source project popularity before using
● Start thinking about testing and actually implementing in
the beginning of project
● Don’t underestimate yaml
● Avoid recreation of VPC attached lambda functions
● Use lambda layers where you can
● Don’t lean on AWS provided libraries in Lambda
environment

32. THANKS!
Does anyone have question?
Let’s get in touch:
● https://www.linkedin.com/in/rovshan-musayev/
● https://www.facebook.com/rovshan.musayev
How to find GoUP community.
● https://github.com/goupaz/0-to-hero
Interested? Contact with me