The document discusses securing and tracing serverless applications in AWS using Go concurrency and context. It introduces the Serverless Framework for deploying Lambda functions, AWS services like KMS for encryption and X-Ray for tracing. Go's context package is used to propagate request data between processes and APIs. X-Ray can be retrieved from the console or via APIs to visualize traces. Concurrency is managed using techniques like goroutines and tomb to handle context cancellation across derived contexts.
1. (Don’t) Go Tracing Server Calls
Leveraging Go’s Concurrency and Context
for Securing, Visualizing, and Tracing a Serverless Architecture in AWS
Brandon Hunter
3. Problems Presented By Voice
Normal Conversation Pace
Quick Response
Logical, Smooth Response
Expectation is to be Human
No Jarring, Cryptic Errors
Trust Building
Secure, Private Conversation
Fast Startup, Lightweight Multitasking
4. Solutions for Voice
AWS Lambda
The Serverless Framework
& CloudFormation
Key Management Service (KMS)
X-Ray Tracing & Vizualization
Go Concurrency & Optimization
11. AWS Key Management Service
(KMS)
Encrypting and Decrypting Stored Environment Variables.
12. Key Management Service (KMS)
● Generate keys in AWS KMS
● Import your own
● Integrated with All Major AWS
Services
Centrally Managed Keys
● Security and Durability of Key
Storage Fully Managed by AWS
● Store Keys Encrypted at Rest
● Submit data directly to AWS
KMS to be encrypted, or
decrypted
● Can be used by other AWS
services to encrypt your data
Encryption/Decryption
Service
● Built-in CloudTrail Auditing
● Certified by multiple
compliance schemes
● Uses FIPS 140-2 validated
hardware security modules to
generate and store keys.
● Keys can only be used inside
above devices.
Secure
16. X-Ray Tracing & Go’s Context
”You got X-Ray tracing in my Go context!”
“You got Go context in my X-Ray Tracing!”
Can Be Retrieved in Console or Programmatically AWS - GetTraceSummaries API.
Record Arbitrary Metadata X-Ray subsegment method to addMetadata and addError.
17. The Context Package
From The GoDocs:
● “Package context defines the Context type, which carries deadlines, cancelation signals, and
other request-scoped values across API boundaries and between processes.”
● “Incoming requests to a server should create a Context, and outgoing calls to servers should
accept a Context. The chain of function calls between them must propagate the Context [or
optionally derived].”
● “The same Context may be passed to functions running in different goroutines; Contexts are
safe for simultaneous use by multiple goroutines.”
● Canceling a context releases resources associated with it. Call `cancel` as soon as all
operations using it complete.
https://golang.org/pkg/context/
18. 3 Rules For Using Context
1. “Do not store Contexts inside a struct type.”
a. Pass Contexts explicitly to each function using them. Conventionally called `ctx`.
2. Don’t Pass a nil Context even if it is permitted by a function.
a. Use `context.TODO` when context is not needed or it is unclear what context to use.
b. context.TODO returns an empty context.
3. Use Context Values only for request-scoped data that transits processes and APIs.
a. Don’t use it as a Trojan Horse to pass optional parameters to functions.
b. Yes, this means you, Mr. JavaScript Developer… You know who you are.
From the Go docs: https://golang.org/pkg/context/
19. Tracing New Outgoing Requests
Package ctxhttp
● golang.org/x/net/context/ctxhttp
● Uses `net/http.WithContext()`
● More in depth tools for creating self-managed traces in
○ golang.org/net/http/httptrace
○ golang.org/x/net/context/trace
21. Using Go Concurrency To
Leverage Performance Insights
On Your Mark!
Get Set!
GO!
22. Managing Context Concurrently
From the GoDocs: "When a Context is canceled, all Contexts derived from it are also canceled.”
Why? This is done so that the system & network resources are not unnecessarily wasted.
What does this mean for our apps? Think Government shutdown...
● Solutions:
○ Gorilla: github.com/gorilla/context
○ Tomb: gopkg.in/tomb.v2
From golang.org blog: “At Google, we require that Go
programmers pass a Context parameter as the first
argument to every function on the call path between
incoming and outgoing requests. This allows Go code
developed by many different teams to interoperate well.
It provides simple control over timeouts and
cancelation and ensures that critical values like security
credentials transit Go programs properly.”