SlideShare a Scribd company logo

Deep Dive on Serverless Application Development

Amazon Web Services
Amazon Web Services

by John Pignata, Startup Solutions Architect, AWS AWS Lambda and Amazon API Gateway have changed how developers build and run their applications or services. But what are the best practices for tasks such as deployment, monitoring, and debugging in a serverless world? In this session, we’ll dive into best practices that serverless developers can use for application lifecycle management, CI/CD, monitoring, and diagnostics. We’ll talk about how you can build CI/CD pipelines that automatically build, test, and deploy your serverless applications using AWS CodePipeline, AWS CodeBuild, and AWS CloudFormation. We’ll also cover the built-in capabilities of Lambda and API Gateway for creating multiple versions, stages, and environments of your functions and APIs. Finally, we’ll cover monitoring and diagnostics of your Lambda functions with Amazon CloudWatch and AWS X-Ray.

1 of 58
©2018, Amazon Web Services, Inc. or its affiliates. All rights reserved Deep Dive on Serverless Application Development Chris Munns – Senior Developer Advocate - Serverless
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. About me: Chris Munns - munns@amazon.com, @chrismunns • Senior Developer Advocate - Serverless • New Yorker • Previously: • AWS Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups • Rochester Institute of Technology: Applied Networking and Systems Administration ’05 • Internet infrastructure geek
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. https://secure.flickr.com/photos/mgifford/4525333972 Why are we here today?
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Common Lambda use cases Web Applications • Static websites • Complex web apps • Packages for Flask and Express Data Processing • Real time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps & services • Mobile • IoT </></> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT Automation • Policy engines • Extending AWS services • Infrastructure management
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Release processes have four major phases • Integration tests with other systems • Load testing • UI tests • Penetration testing Source Build Test Production • Check-in source code such as .java files. • Peer review new code • Compile code • Unit tests • Style checkers • Code metrics • Create deployable artifacts • Deployment to production environments
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Release processes levels Source Build Test Production Continuous integration Continuous delivery Continuous deployment
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Deploying your applications https://secure.flickr.com/photos/simononly/15386966677
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Environment Variables • Key-value pairs that you can dynamically pass to your function • Available via standard environment variable APIs such as process.env for Node.js or os.environ for Python • Can optionally be encrypted via AWS Key Management Service (KMS) • Allows you to specify in IAM what roles have access to the keys to decrypt the information • Useful for creating environments per stage (i.e. dev, testing, production)
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Stage Variables and Lambda Aliases Using Stage Variables in API Gateway together with Lambda function Aliases you can manage a single API configuration and Lambda function for multiple environment stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version.”
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version.”
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version. To minimize this impact, you can implement the routing-config parameter of the Lambda alias that allows you to point to two different versions of the Lambda function and dictate what percentage of incoming traffic is sent to each version.” – AWS Lambda docs on “Traffic Shifting Using Aliases” aws lambda update-alias --name alias name --function-name function- name --routing-config AdditionalVersionWeights={”6"=0.05}
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 1 2 3 = prod 4 5 6 = prod 5% My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --routing-config AdditionalVersionWeights={”6"=0.05}
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 5 6 = prod My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --function-version 6 --routing-config ''
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS Step Functions Blog link: http://amzn.to/2FjlWA7
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM AutoPublishAlias By adding this property and specifying an alias name, AWS SAM will do the following: • Detect when new code is being deployed based on changes to the Lambda function's Amazon S3 URI. • Create and publish an updated version of that function with the latest code. • Create an alias with a name you provide (unless an alias already exists) and points to the updated version of the Lambda function. Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce In SAM:
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction In SAM: Note: You can specify a maximum of 10 alarms
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM commands – Package & Deploy Package •Creates a deployment package (.zip file) •Uploads deployment package to an Amazon S3 Bucket •Adds a CodeUri property with S3 URI Deploy •Calls CloudFormation ‘CreateChangeSet’ API •Calls CloudFormation ‘ExecuteChangeSet’ API
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. NEW: Can deploy AWS Lambda!! Uses AWS SAM to deploy serverless applications Supports Lambda Alias Traffic Shifting enabling canaries and blue|green deployments Can rollback based on CloudWatch Metrics/Alarms Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions) AWS CodeDeploy + Lambda
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. CodeDeploy comes with a number of added capabilities: • Custom deployment configurations. Examples: • “Canary 5% for 1 hour” • “Linear 20% every 1 hour” • Notification events via SNS on success/failure/rollback • Console with visibility on deploy status, history, and rollbacks. AWS CodeDeploy + Lambda
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Build & deploy your application https://secure.flickr.com/photos/spenceyc/7481166880
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Establish our testing/validation model We want to make sure our code: • is without syntax issues • meets company standards for format • compiles • is sufficiently tested at the code level via unit tests We want to make sure our serverless service: • functions as it is supposed to in relation to other components • has appropriate mechanisms to handle failures up or down stream We want to make sure our entire application/infrastructure: • functions end to end • follows security best practices • handles scaling demands
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Building a deployment package Node.js & Python • .zip file consisting of your code and any dependencies • Use npm/pip to install libraries • All dependencies must be at root level Java • Either .zip file with all code/dependencies , or standalone .jar • Use Maven / Eclipse IDE plugins • Compiled class & resource files at root level, required jars in /lib directory C# (.NET Core) • Either .zip file with all code / dependencies, or a standalone .dll • Use NuGet / VisualStudio plugins • All assemblies (.dll) at root level Go • .zip file consisting of your Go binary and any dependencies • Use “go get” to install dependencies
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. AWS CodeBuild Fully managed build service that can compile source code, runs tests, and produces software packages Scales continuously and processes multiple builds concurrently Can consume environment variables from AWS SSM Parameter Store NEW: Can run in your VPC NEW: Supports dependency caching
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. buildspec.yml Example version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. buildspec.yml Example version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json • Variables to be used by phases of build • Examples for what you can do in the phases of a build: • You can install packages or run commands to prepare your environment in ”install”. • Run syntax checking, commands in “pre_build”. • Execute your build tool/command in “build” • Test your app further or ship a container image to a repository in post_build • Create and store an artifact in S3
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Testing tools Code Inspection/Test Coverage: • Landscape - https://landscape.io/ (only for Python) • CodeClimate - https://codeclimate.com/ • Coveralls.io - https://coveralls.io/ Mocking/stubbing tools: • https://github.com/atlassian/localstack - “A fully functional local AWS cloud stack. Develop and test your cloud apps offline!” • Includes: • https://github.com/spulec/moto - boto mock tool • https://github.com/mhart/dynalite - DynamoDB testing tool • https://github.com/mhart/kinesalite - Kinesis testing tool • more! API Interface/UI testing: • Runscope - https://www.runscope.com/ - API Monitoring/Testing • Ghost Inspector - https://ghostinspector.com/ - W eb interface testing
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. https://secure.flickr.com /photos/jasoneppink/499531891 Can’t move fast if you can’t measure what's going on.
Metrics and logging are a universal right! CloudWatch Metrics: • 7 Built in metrics for Lambda • Invocation Count, Invocation duration, Invocation errors, Throttled Invocation, Iterator Age, DLQ Errors, Concurrency • Can call “put-metric-data” from your function code for custom metrics • 7 Built in metrics for API-Gateway • API Calls Count, Latency, 4XXs, 5XXs, Integration Latency, Cache Hit Count, Cache Miss Count • Error and Cache metrics support averages and percentiles
Deep Dive on Serverless Application Development
Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight
Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Custom Access Logging
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved.
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. AWS X-Ray
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Application instrumentation (Node.js)
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. X-Ray Service Map
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. X-Ray Trace Timeline
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. How do I figure out what’s wrong? These tools are here, so use them! 1. Turn on X-Ray now 1. look at wrapping your own calls with it via the X-Ray SDKs 2. Don’t underestimate the power of logging in Lambda 1. Simple “debug: in functionX” statements work great and are easy to find in CloudWatch Logs 3. The most valuable metrics are the ones closest to your customer/use-case 1. How many gizmos did this function call/create/process/etc
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Dead Letter Queues “By default, a failed Lambda function invoked asynchronously is retried twice, and then the event is discarded. Using Dead Letter Queues (DLQ), you can indicate to Lambda that unprocessed events should be sent to an Amazon SQS queue or Amazon SNS topic instead, where you can take further action.” – https://docs.aws.amazon.com/lambda/latest/dg/dlq.html • Turn this on! (for async use-cases) • Monitor it via an SQS Queue length metric/alarm • If you use SNS, send the messages to something durable and/or a trusted endpoint for processing • Can send to Lambda functions in other regions • If and when things go “boom” DLQ can save your invocation event information ☠ ✉ Q
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Building your pipeline https://www.flickr.com/photos/seattlemunicipalarchives/12504672623/
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Continuous delivery service for fast and reliable application updates Model and visualize your software release process Builds, tests, and deploys your code every time there is a code change Integrates with third-party tools and AWS AWS CodePipeline
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. An example minimal Developer’s pipeline: MyBranch-Source Source CodeCommit MyApplication Build test-build-source CodeBuild MyDev-Deploy create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda This pipeline: • Three Stages • Builds code artifact • One Development environment • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda and API Gateway Variables + SAM Parameters: MyEnvironment: Type: String Default: testing AllowedValues: - testing - staging - prod Description: Environment of this stack of resources SpecialFeature1: Type: String Default: false AllowedValues: - true - false Description: Enable new SpecialFeature1 … … #Lambda MyFunction: Type: 'AWS::Serverless::Function' Properties: … Environment: Variables: ENVIRONMENT: !Ref: MyEnvironment Spec_Feature1: !Ref: SpecialFeature1 … #API Gateway MyApiGatewayApi: Type: AWS::Serverless::Api Properties: … Variables: ENVIRONMENT: !Ref: MyEnvironment SPEC_Feature1: !Ref: SpecialFeature1 …
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Best Practices • Use Parameters and Mappings when possible to build dynamic templates based on user inputs and pseudo parameters such as AWS::Region • Use the Globals section to simplify templates • Use ExportValue & ImportValue to share resource information across stacks • Build out multiple environments, such as for Development, Test, Production and even DR using the same template, even across accounts SAM Template Source Control Dev Test Prod
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. CodePipeline + CloudFormation Parameters Via referenced parameter file: Via Parameter Overrides:
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. An example minimal production pipeline: This pipeline: • Five Stages • Builds code artifact • Three deployed to “Environments” • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions • Integrates with a 3rd party tool/service • Has a manual approval before deploying to production Source Source CodeCommit MyApplication Build test-build-source CodeBuild Deploy Testing create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWSLambda Deploy Staging create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-API-test Runscope QA-Sign-off Manual Approval Review Deploy Prod create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Post-Deploy-Slack AWSLambda
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Where and what to test? Source M yApplication Build Deploy Testing Deploy Staging Deploy Prod • Code review via Pull Requests • (NEW In CodeCommit) • Lint/syntax check • Unit tests pass • Code successfully compiles • Application deploys successfully • Mocked/stubbed integration tests • Application deploys successfully • Tests against real services (potentially against production dependencies) • Deploy canaries • Complete wait period successfully • Deploy 100% 1. 2. 3. 4. 5.
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Environments, Stages, Versioning, & Canaries? A few best practices: 1. Use blue|green or canaries for production deployments with a rollback as automated as possible 2. In Lambda Versioning is useful if you need to support multiple versions to multiple consumers/invocation points 3. In API-Gateway Stages work similarly and are useful if you need to support multiple API versions 4. Try to always have separate “stacks” for Development, Testing, Staging, Production environments 1. Do not use Stages or Versioning for this 2. Think about having different accounts all together for different environments
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Start with AWS CodeStar
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. aws.amazon.com/serverless
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Chris Munns munns@amazon.com @chrismunnshttps://www.flickr.com /photos/theredproject/3302110152/
©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. ? https://secure.flickr.com/photos/dullhunk/202872717/

More Related Content

Deep Dive on Serverless Application Development

  • 1. ©2018, Amazon Web Services, Inc. or its affiliates. All rights reserved Deep Dive on Serverless Application Development Chris Munns – Senior Developer Advocate - Serverless
  • 2. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. About me: Chris Munns - munns@amazon.com, @chrismunns • Senior Developer Advocate - Serverless • New Yorker • Previously: • AWS Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups • Rochester Institute of Technology: Applied Networking and Systems Administration ’05 • Internet infrastructure geek
  • 3. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. https://secure.flickr.com/photos/mgifford/4525333972 Why are we here today?
  • 4. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…
  • 5. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C# Go Serverless applications
  • 6. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Common Lambda use cases Web Applications • Static websites • Complex web apps • Packages for Flask and Express Data Processing • Real time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps & services • Mobile • IoT </></> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT Automation • Policy engines • Extending AWS services • Infrastructure management
  • 7. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Release processes have four major phases • Integration tests with other systems • Load testing • UI tests • Penetration testing Source Build Test Production • Check-in source code such as .java files. • Peer review new code • Compile code • Unit tests • Style checkers • Code metrics • Create deployable artifacts • Deployment to production environments
  • 8. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Release processes levels Source Build Test Production Continuous integration Continuous delivery Continuous deployment
  • 9. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Deploying your applications https://secure.flickr.com/photos/simononly/15386966677
  • 10. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Environment Variables • Key-value pairs that you can dynamically pass to your function • Available via standard environment variable APIs such as process.env for Node.js or os.environ for Python • Can optionally be encrypted via AWS Key Management Service (KMS) • Allows you to specify in IAM what roles have access to the keys to decrypt the information • Useful for creating environments per stage (i.e. dev, testing, production)
  • 11. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. API Gateway Stage Variables • Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings
  • 12. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Stage Variables and Lambda Aliases Using Stage Variables in API Gateway together with Lambda function Aliases you can manage a single API configuration and Lambda function for multiple environment stages myLambdaFunction 1 2 3 = prod 4 5 6 = beta 7 8 = dev My First API Stage variable = lambdaAlias Prod lambdaAlias = prod Beta lambdaAlias = beta Dev lambdaAlias = dev
  • 13. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version.”
  • 14. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version.”
  • 15. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & Safe Deployments “By default, an alias points to a single Lambda function version. When the alias is updated to point to a different function version, incoming request traffic in turn instantly points to the updated version. This exposes that alias to any potential instabilities introduced by the new version. To minimize this impact, you can implement the routing-config parameter of the Lambda alias that allows you to point to two different versions of the Lambda function and dictate what percentage of incoming traffic is sent to each version.” – AWS Lambda docs on “Traffic Shifting Using Aliases” aws lambda update-alias --name alias name --function-name function- name --routing-config AdditionalVersionWeights={”6"=0.05}
  • 16. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 1 2 3 = prod 4 5 6 = prod 5% My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --routing-config AdditionalVersionWeights={”6"=0.05}
  • 17. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting myLambdaFunction 5 6 = prod My First API Stage variable = lambdaAlias Prod lambdaAlias = prod aws lambda update-alias --name prod --function-name myLambdaFunction --function-version 6 --routing-config ''
  • 18. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS Step Functions Blog link: http://amzn.to/2FjlWA7
  • 19. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction
  • 20. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Globals + Safe Deployments Globals: Function: Runtime: nodejs4.3 AutoPublishAlias: !Ref ENVIRONMENT MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction
  • 21. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM AutoPublishAlias By adding this property and specifying an alias name, AWS SAM will do the following: • Detect when new code is being deployed based on changes to the Lambda function's Amazon S3 URI. • Create and publish an updated version of that function with the latest code. • Create an alias with a name you provide (unless an alias already exists) and points to the updated version of the Lambda function. Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce In SAM:
  • 22. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Alias Traffic Shifting & AWS SAM Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction In SAM: Note: You can specify a maximum of 10 alarms
  • 23. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM commands – Package & Deploy Package •Creates a deployment package (.zip file) •Uploads deployment package to an Amazon S3 Bucket •Adds a CodeUri property with S3 URI Deploy •Calls CloudFormation ‘CreateChangeSet’ API •Calls CloudFormation ‘ExecuteChangeSet’ API
  • 24. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. NEW: Can deploy AWS Lambda!! Uses AWS SAM to deploy serverless applications Supports Lambda Alias Traffic Shifting enabling canaries and blue|green deployments Can rollback based on CloudWatch Metrics/Alarms Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions) AWS CodeDeploy + Lambda
  • 25. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. CodeDeploy comes with a number of added capabilities: • Custom deployment configurations. Examples: • “Canary 5% for 1 hour” • “Linear 20% every 1 hour” • Notification events via SNS on success/failure/rollback • Console with visibility on deploy status, history, and rollbacks. AWS CodeDeploy + Lambda
  • 26. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Build & deploy your application https://secure.flickr.com/photos/spenceyc/7481166880
  • 27. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Establish our testing/validation model We want to make sure our code: • is without syntax issues • meets company standards for format • compiles • is sufficiently tested at the code level via unit tests We want to make sure our serverless service: • functions as it is supposed to in relation to other components • has appropriate mechanisms to handle failures up or down stream We want to make sure our entire application/infrastructure: • functions end to end • follows security best practices • handles scaling demands
  • 28. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Building a deployment package Node.js & Python • .zip file consisting of your code and any dependencies • Use npm/pip to install libraries • All dependencies must be at root level Java • Either .zip file with all code/dependencies , or standalone .jar • Use Maven / Eclipse IDE plugins • Compiled class & resource files at root level, required jars in /lib directory C# (.NET Core) • Either .zip file with all code / dependencies, or a standalone .dll • Use NuGet / VisualStudio plugins • All assemblies (.dll) at root level Go • .zip file consisting of your Go binary and any dependencies • Use “go get” to install dependencies
  • 29. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. AWS CodeBuild Fully managed build service that can compile source code, runs tests, and produces software packages Scales continuously and processes multiple builds concurrently Can consume environment variables from AWS SSM Parameter Store NEW: Can run in your VPC NEW: Supports dependency caching
  • 30. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. buildspec.yml Example version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json
  • 31. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. buildspec.yml Example version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json • Variables to be used by phases of build • Examples for what you can do in the phases of a build: • You can install packages or run commands to prepare your environment in ”install”. • Run syntax checking, commands in “pre_build”. • Execute your build tool/command in “build” • Test your app further or ship a container image to a repository in post_build • Create and store an artifact in S3
  • 32. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Testing tools Code Inspection/Test Coverage: • Landscape - https://landscape.io/ (only for Python) • CodeClimate - https://codeclimate.com/ • Coveralls.io - https://coveralls.io/ Mocking/stubbing tools: • https://github.com/atlassian/localstack - “A fully functional local AWS cloud stack. Develop and test your cloud apps offline!” • Includes: • https://github.com/spulec/moto - boto mock tool • https://github.com/mhart/dynalite - DynamoDB testing tool • https://github.com/mhart/kinesalite - Kinesis testing tool • more! API Interface/UI testing: • Runscope - https://www.runscope.com/ - API Monitoring/Testing • Ghost Inspector - https://ghostinspector.com/ - W eb interface testing
  • 33. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. https://secure.flickr.com /photos/jasoneppink/499531891 Can’t move fast if you can’t measure what's going on.
  • 34. Metrics and logging are a universal right! CloudWatch Metrics: • 7 Built in metrics for Lambda • Invocation Count, Invocation duration, Invocation errors, Throttled Invocation, Iterator Age, DLQ Errors, Concurrency • Can call “put-metric-data” from your function code for custom metrics • 7 Built in metrics for API-Gateway • API Calls Count, Latency, 4XXs, 5XXs, Integration Latency, Cache Hit Count, Cache Miss Count • Error and Cache metrics support averages and percentiles
  • 36. Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight
  • 37. Metrics and logging are a universal right! CloudWatch Logs: • API Gateway Logging • 2 Levels of logging, ERROR and INFO • Optionally log method request/body content • Set globally in stage, or override per method • Lambda Logging • Logging directly from your code with your language’s equivalent of console.log() • Basic request information included • Log Pivots • Build metrics based on log filters • Jump to logs that generated metrics • Export logs to AWS ElastiCache or S3 • Explore with Kibana or Athena/QuickSight
  • 38. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Amazon API Gateway Custom Access Logging
  • 39. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved.
  • 40. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. AWS X-Ray
  • 41. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Application instrumentation (Node.js)
  • 42. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. X-Ray Service Map
  • 43. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. X-Ray Trace Timeline
  • 44. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. How do I figure out what’s wrong? These tools are here, so use them! 1. Turn on X-Ray now 1. look at wrapping your own calls with it via the X-Ray SDKs 2. Don’t underestimate the power of logging in Lambda 1. Simple “debug: in functionX” statements work great and are easy to find in CloudWatch Logs 3. The most valuable metrics are the ones closest to your customer/use-case 1. How many gizmos did this function call/create/process/etc
  • 45. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda Dead Letter Queues “By default, a failed Lambda function invoked asynchronously is retried twice, and then the event is discarded. Using Dead Letter Queues (DLQ), you can indicate to Lambda that unprocessed events should be sent to an Amazon SQS queue or Amazon SNS topic instead, where you can take further action.” – https://docs.aws.amazon.com/lambda/latest/dg/dlq.html • Turn this on! (for async use-cases) • Monitor it via an SQS Queue length metric/alarm • If you use SNS, send the messages to something durable and/or a trusted endpoint for processing • Can send to Lambda functions in other regions • If and when things go “boom” DLQ can save your invocation event information ☠ ✉ Q
  • 46. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Building your pipeline https://www.flickr.com/photos/seattlemunicipalarchives/12504672623/
  • 47. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Continuous delivery service for fast and reliable application updates Model and visualize your software release process Builds, tests, and deploys your code every time there is a code change Integrates with third-party tools and AWS AWS CodePipeline
  • 48. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. An example minimal Developer’s pipeline: MyBranch-Source Source CodeCommit MyApplication Build test-build-source CodeBuild MyDev-Deploy create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda This pipeline: • Three Stages • Builds code artifact • One Development environment • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions
  • 49. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Lambda and API Gateway Variables + SAM Parameters: MyEnvironment: Type: String Default: testing AllowedValues: - testing - staging - prod Description: Environment of this stack of resources SpecialFeature1: Type: String Default: false AllowedValues: - true - false Description: Enable new SpecialFeature1 … … #Lambda MyFunction: Type: 'AWS::Serverless::Function' Properties: … Environment: Variables: ENVIRONMENT: !Ref: MyEnvironment Spec_Feature1: !Ref: SpecialFeature1 … #API Gateway MyApiGatewayApi: Type: AWS::Serverless::Api Properties: … Variables: ENVIRONMENT: !Ref: MyEnvironment SPEC_Feature1: !Ref: SpecialFeature1 …
  • 50. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. SAM Best Practices • Use Parameters and Mappings when possible to build dynamic templates based on user inputs and pseudo parameters such as AWS::Region • Use the Globals section to simplify templates • Use ExportValue & ImportValue to share resource information across stacks • Build out multiple environments, such as for Development, Test, Production and even DR using the same template, even across accounts SAM Template Source Control Dev Test Prod
  • 51. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. CodePipeline + CloudFormation Parameters Via referenced parameter file: Via Parameter Overrides:
  • 52. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. An example minimal production pipeline: This pipeline: • Five Stages • Builds code artifact • Three deployed to “Environments” • Uses SAM/CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions • Integrates with a 3rd party tool/service • Has a manual approval before deploying to production Source Source CodeCommit MyApplication Build test-build-source CodeBuild Deploy Testing create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWSLambda Deploy Staging create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-API-test Runscope QA-Sign-off Manual Approval Review Deploy Prod create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Post-Deploy-Slack AWSLambda
  • 53. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Where and what to test? Source M yApplication Build Deploy Testing Deploy Staging Deploy Prod • Code review via Pull Requests • (NEW In CodeCommit) • Lint/syntax check • Unit tests pass • Code successfully compiles • Application deploys successfully • Mocked/stubbed integration tests • Application deploys successfully • Tests against real services (potentially against production dependencies) • Deploy canaries • Complete wait period successfully • Deploy 100% 1. 2. 3. 4. 5.
  • 54. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Environments, Stages, Versioning, & Canaries? A few best practices: 1. Use blue|green or canaries for production deployments with a rollback as automated as possible 2. In Lambda Versioning is useful if you need to support multiple versions to multiple consumers/invocation points 3. In API-Gateway Stages work similarly and are useful if you need to support multiple API versions 4. Try to always have separate “stacks” for Development, Testing, Staging, Production environments 1. Do not use Stages or Versioning for this 2. Think about having different accounts all together for different environments
  • 55. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Start with AWS CodeStar
  • 56. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. aws.amazon.com/serverless
  • 57. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. Chris Munns munns@amazon.com @chrismunnshttps://www.flickr.com /photos/theredproject/3302110152/
  • 58. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved. ? https://secure.flickr.com/photos/dullhunk/202872717/