Serverless introduces a number of challenges to existing tools for observability, we need to adapt our practices to fit this new paradigm. In this talk, we will discuss how we can build observability into a serverless application. We will see how you can implement log aggregation, distributed tracing and correlation IDs through both synchronous as well as asynchronous events. Recording of this talk is available at https://www.youtube.com/watch?v=AMKUKKGPJhQ

1. how to build
Serverless
OBSERVABILITY
into a application

2. @theburningmonk theburningmonk.com
What do I mean by “observability”?

3. Monitoring
watching out for
known failure modes
in the system,
e.g. network I/O, CPU,
memory usage, …

4. @theburningmonk theburningmonk.com
Observability
being able to debug
the system, and gain
insights into the
system’s behaviour

5. @theburningmonk theburningmonk.com
In control theory, observability is a measure of how well
internal states of a system can be inferred from
knowledge of its external outputs.
https://en.wikipedia.org/wiki/Observability

6. @theburningmonk theburningmonk.com
In control theory, observability is a measure of how well
internal states of a system can be inferred from
knowledge of its external outputs.
https://en.wikipedia.org/wiki/Observability
including non-
functional outputs

7. @theburningmonk theburningmonk.com
These are the four pillars of the Observability Engineering
team’s charter:
• Monitoring
• Alerting/Visualization
• Distributed systems tracing infrastructure
• Log aggregation/analytics
“
” http://bit.ly/2DnjyuW- Observability Engineering at Twitter

8. @theburningmonk theburningmonk.com
microservices death stars circa 2015

9. @theburningmonk theburningmonk.com
microservices death stars circa 2015
mm… I wonder what’s
going on here…

14. @theburningmonk theburningmonk.com
microservices death stars circa 2015
I got this!

16. @theburningmonk theburningmonk.com

17. Yan Cui
http://theburningmonk.com
@theburningmonk
AWS user for 10 years

18. http://bit.ly/yubl-serverless

19. Yan Cui
http://theburningmonk.com
@theburningmonk
Developer Advocate @

21. Yan Cui
http://theburningmonk.com
@theburningmonk
Independent Consultant
advisetraining delivery

22. https://theburningmonk.com/courses
lambdabestpractice.com

23. theburningmonk.com/workshops
in your
company
flexible datesHelsinki, Aug 20-21 London, Sep 24-25 Berlin, Oct 8-9
4-week virtual workshop, May 4 - May 29
Amsterdam, Jul 7-8

24. new
challenges

25. @theburningmonk theburningmonk.com
NO ACCESS
to underlying OS

26. @theburningmonk theburningmonk.com
NOWHERE
to install agents/daemons

27. @theburningmonk theburningmonk.com
•nowhere to install agents/daemons
new challenges

28. @theburningmonk theburningmonk.com
user request
user request
user request
user request
user request
user request
user request
critical paths:
minimise user-facing latency
handler
handler
handler
handler
handler
handler
handler

29. @theburningmonk theburningmonk.com
user request
user request
user request
user request
user request
user request
user request
critical paths:
minimise user-facing latency
StatsD
handler
handler
handler
handler
handler
handler
handler
rsyslog
background processing:
batched, asynchronous, low
overhead

30. @theburningmonk theburningmonk.com
user request
user request
user request
user request
user request
user request
user request
critical paths:
minimise user-facing latency
StatsD
handler
handler
handler
handler
handler
handler
handler
rsyslog
background processing:
batched, asynchronous, low
overhead
NO background processing
except what platform provides

31. @theburningmonk theburningmonk.com
•no background processing
•nowhere to install agents/daemons
new challenges

32. @theburningmonk theburningmonk.com
EC2
concurrency used to be
handled by your code

33. @theburningmonk theburningmonk.com
EC2
Lambda
Lambda
Lambda
Lambda
Lambda
now, it’s handled by the
AWS Lambda platform

34. @theburningmonk theburningmonk.com
EC2
logs & metrics used to be
batched here

35. @theburningmonk theburningmonk.com
EC2
Lambda
Lambda
Lambda
Lambda
Lambda
now, they are batched in each
concurrent execution, at best…

36. @theburningmonk theburningmonk.com

37. @theburningmonk theburningmonk.com

38. @theburningmonk theburningmonk.com
HIGHER concurrency to log
aggregation/telemetry system

39. @theburningmonk theburningmonk.com
•higher concurrency to telemetry system
•nowhere to install agents/daemons
•no background processing
new challenges

40. @theburningmonk theburningmonk.com
Lambda
cold start

41. @theburningmonk theburningmonk.com
Lambda
data is batched between
invocations

42. @theburningmonk theburningmonk.com
Lambda
idle
data is batched between
invocations

43. @theburningmonk theburningmonk.com
Lambda
idle
garbage collectiondata is batched between
invocations

44. @theburningmonk theburningmonk.com
Lambda
idle
garbage collectiondata is batched between
invocations
HIGH chance of data loss

45. @theburningmonk theburningmonk.com
•high chance of data loss (if batching)
•nowhere to install agents/daemons
•no background processing
•higher concurrency to telemetry system
new challenges

46. @theburningmonk theburningmonk.com
Lambda

47. @theburningmonk theburningmonk.com
my code
send metrics

48. @theburningmonk theburningmonk.com
my code
send metrics

49. @theburningmonk theburningmonk.com
my code
send metrics
internet internet
press button something happens

51. @theburningmonk theburningmonk.com
http://bit.ly/2Dpidje

52. @theburningmonk theburningmonk.com
?
functions are often chained together
via asynchronous invocations

53. @theburningmonk theburningmonk.com
?
SNS
Kinesis
CloudWatch
Events
CloudWatch
LogsIoT
DynamoDB
S3 SES

54. @theburningmonk theburningmonk.com
?
SNS
Kinesis
CloudWatch
Events
CloudWatch
LogsIoT
DynamoDB
S3 SES
tracing ASYNCHRONOUS
invocations through so many
different event sources is difficult

55. @theburningmonk theburningmonk.com
•asynchronous invocations
•nowhere to install agents/daemons
•no background processing
•higher concurrency to telemetry system
•high chance of data loss (if batching)
new challenges

56. @theburningmonk theburningmonk.com
These are the four pillars of the Observability Engineering
team’s charter:
• Monitoring
• Alerting/Visualization
• Distributed systems tracing infrastructure
• Log aggregation/analytics
“
” http://bit.ly/2DnjyuW- Observability Engineering at Twitter

57. LOGGING

58. @theburningmonk theburningmonk.com

59. @theburningmonk theburningmonk.com
2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?

60. @theburningmonk theburningmonk.com
2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?
UTC Timestamp Request Id
your log message

61. @theburningmonk theburningmonk.com

62. @theburningmonk theburningmonk.com
one log group per
function
one log stream for each
concurrent invocation

63. @theburningmonk theburningmonk.com
logs are not easily searchable in
CloudWatch Logs
me

64. @theburningmonk theburningmonk.com
CloudWatch Logs

65. @theburningmonk theburningmonk.com

66. @theburningmonk theburningmonk.com
CloudWatch Logs is an async event source for Lambda

67. @theburningmonk theburningmonk.com
Concurrent Executions
Time
regional max
concurrency
functions that are
delivering business value

68. @theburningmonk theburningmonk.com
Concurrent Executions
Time
regional max
concurrency
functions that are
delivering business value
ship logs

69. @theburningmonk theburningmonk.com
either set concurrency limit on the log shipping function
(and potentially lose logs due to throttling)
or…

70. @theburningmonk theburningmonk.com

71. @theburningmonk theburningmonk.com
1 shard = 1 concurrent execution
i.e. control the no. of concurrent
executions with no. of shards

72. @theburningmonk theburningmonk.com
…

73. @theburningmonk theburningmonk.com
CloudWatch Logs

74. @theburningmonk theburningmonk.com

75. @theburningmonk theburningmonk.com

76. @theburningmonk theburningmonk.com

77. @theburningmonk theburningmonk.com
https://amzn.to/2DnREgn

78. @theburningmonk theburningmonk.com
https://amzn.to/2uZYmEw

79. @theburningmonk theburningmonk.com
use structured logging with JSON

80. @theburningmonk theburningmonk.com
https://stackify.com/what-is-structured-logging-and-why-developers-need-it/ https://blog.treasuredata.com/blog/2012/04/26/log-everything-as-json/

81. @theburningmonk theburningmonk.com
https://www.loggly.com/blog/8-handy-tips-consider-logging-json/

82. @theburningmonk theburningmonk.com

83. @theburningmonk theburningmonk.com
traditional loggers are too heavy for Lambda

84. @theburningmonk theburningmonk.com
https://github.com/getndazn/dazn-lambda-powertools

85. @theburningmonk theburningmonk.com

86. @theburningmonk theburningmonk.com

87. @theburningmonk theburningmonk.com

88. @theburningmonk theburningmonk.com

89. @theburningmonk theburningmonk.com

90. @theburningmonk theburningmonk.com
Writing lots more data to
CloudWatch Logs

91. @theburningmonk theburningmonk.com
CloudWatch Logs
$0.50 per GB ingested
$0.03 per GB archived per month

92. @theburningmonk theburningmonk.com
CloudWatch Logs
$0.50 per GB ingested
$0.03 per GB archived per month
1M invocation of a 128MB function =
$0.000000208 * 1M + $0.20 =
$0.408

93. @theburningmonk theburningmonk.com
DON’T leave debug logging ON in production

94. @theburningmonk theburningmonk.com

95. @theburningmonk theburningmonk.com
have to redeploy ALL the
functions along the call path to
collect all relevant debug logs

96. @theburningmonk theburningmonk.com

97. @theburningmonk theburningmonk.com

98. @theburningmonk theburningmonk.com
https://github.com/middyjs/middy

99. @theburningmonk theburningmonk.com

100. @theburningmonk theburningmonk.com
EC2
Lambda
Lambda
Lambda
Lambda
Lambda
Concurrency is handled by
the AWS Lambda platform

101. @theburningmonk theburningmonk.com

102. @theburningmonk theburningmonk.com

103. @theburningmonk theburningmonk.com

104. @theburningmonk theburningmonk.com

105. @theburningmonk theburningmonk.com

106. @theburningmonk theburningmonk.com

107. @theburningmonk theburningmonk.com
sampling decision has to be
followed by an entire call chain

108. @theburningmonk theburningmonk.com
Initial Request ID
User ID
Session ID
User-Agent
Order ID
…

109. @theburningmonk theburningmonk.com
EC2
Lambda
Lambda
Lambda
Lambda
Lambda
Concurrency is handled by
the AWS Lambda platform

110. @theburningmonk theburningmonk.com
store correlation IDs in global variable

111. @theburningmonk theburningmonk.com

112. @theburningmonk theburningmonk.com

113. @theburningmonk theburningmonk.com
use middleware to auto-capture incoming correlation IDs

114. @theburningmonk theburningmonk.com
extract correlation IDs from
invocation event, and store them in
the correlation-ids module
reset

115. @theburningmonk theburningmonk.com

116. @theburningmonk theburningmonk.com

117. @theburningmonk theburningmonk.com
logger to always include captured correlation IDs

118. @theburningmonk theburningmonk.com
HTTP and AWS SDK clients to auto-forward correlation IDs on

119. @theburningmonk theburningmonk.com
context.awsRequestId
get-index

120. @theburningmonk theburningmonk.com
context.awsRequestId x-correlation-id
get-index

121. @theburningmonk theburningmonk.com
{
“headers”: {
“x-correlation-id”: “…”
},
…
}
get-index

122. @theburningmonk theburningmonk.com
{
“body”: null,
“resource”: “/restaurants”,
“headers”: {
“x-correlation-id”: “…”
},
…
}
get-index get-restaurants

123. @theburningmonk theburningmonk.com
get-restaurants
global.CONTEXT
global.CONTEXT
x-correlation-id = …
x-correlation-xxx = …
get-index
headers[“User-Agent”]
headers[“Debug-Log-Enabled”]
headers[“User-Agent”]
headers[“Debug-Log-Enabled”]
headers[“x-correlation-id”]
capture
forward
function
event
log.info(…)

124. @theburningmonk theburningmonk.com

125. @theburningmonk theburningmonk.com
https://github.com/getndazn/dazn-lambda-powertools

126. @theburningmonk theburningmonk.com

127. @theburningmonk theburningmonk.com
MONITORING

129. @theburningmonk theburningmonk.com
•no background processing
•nowhere to install agents/daemons
new challenges

130. @theburningmonk theburningmonk.com
my code
send metrics
internet internet
press button something happens

131. @theburningmonk theburningmonk.com
those extra 10-20ms for
sending custom metrics would
compound when you have
microservices and multiple
APIs are called within one slice
of user event

132. @theburningmonk theburningmonk.com
Amazon found every 100ms of latency cost them 1% in sales.
http://bit.ly/2EXPfbA

133. @theburningmonk theburningmonk.com

134. @theburningmonk theburningmonk.com

135. @theburningmonk theburningmonk.com

136. @theburningmonk theburningmonk.com
https://aws.amazon.com/cloudwatch/pricing/

137. @theburningmonk theburningmonk.com
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html

138. @theburningmonk theburningmonk.com
https://aws.amazon.com/cloudwatch/pricing/

139. @theburningmonk theburningmonk.com
happened system repaireduser impact
reduce MTTR

140. @theburningmonk theburningmonk.com
Identify & Resolve
Issues
Understanding
costs
Visibility

141. @theburningmonk theburningmonk.com
Identify & Resolve
Issues
Understanding
costs
Visibility

142. @theburningmonk theburningmonk.com
happened system repaireduser impact
MTTDiscovery

143. @theburningmonk theburningmonk.com

144. @theburningmonk theburningmonk.com
“What alerts should I have?”

145. @theburningmonk theburningmonk.com
It depends on what you’re building…

146. @theburningmonk theburningmonk.com
But, this is a good starting point

147. @theburningmonk theburningmonk.com
Lambda
error rate %
throttle count
DLR error count
iterator age
regional concurrency

148. @theburningmonk theburningmonk.com
Lambda
error rate %
throttle count
DLR error count
iterator age
regional concurrency
API Gateway
p90/95/99 latency
success rate %
4xx rate %
5xx rate %

149. @theburningmonk theburningmonk.com
API Gateway
p90/95/99 latency
success rate %
4xx rate %
5xx rate %
SQS
message age
Lambda
error rate %
throttle count
DLR error count
iterator age
regional concurrency

150. @theburningmonk theburningmonk.com
API Gateway
p90/95/99 latency
success rate %
4xx rate %
5xx rate %
SQS
message age
Step Functions
failed count
throttle count
timed out count
Lambda
error rate %
throttle count
DLR error count
iterator age
regional concurrency

151. @theburningmonk theburningmonk.com
SQS
message age
Step Functions
failed count
throttle count
timed out count
API Gateway
p90/95/99 latency
success rate %
4xx rate %
5xx rate %
Lambda
error rate %
throttle count
DLR error count
iterator age
regional concurrency

152. @theburningmonk theburningmonk.com
monitor and alert on message flow rate for
event processing pipelines

153. @theburningmonk theburningmonk.com
“Can’t you codify these?”

154. @theburningmonk theburningmonk.com

155. @theburningmonk theburningmonk.com
TRACING

156. X-Ray

160. poor support for async
invocations
good for identifying dependencies of a function,
but not good enough for tracing the entire call
chain as user request/data flows through the
system via async event sources.

161. don’t span over non-AWS services

164. write structured logs

165. instrument your code

166. make it easy to do the right thing

167. https://theburningmonk.com/hire-me
AdviseTraining Delivery
“Fundamentally, Yan has improved our team by increasing our
ability to derive value from AWS and Lambda in particular.”
Nick Blair
Tech Lead

168. @theburningmonk theburningmonk.com
Production-Ready Serverless

169. theburningmonk.com/workshops
in your
company
flexible datesHelsinki, Aug 20-21 London, Sep 24-25 Berlin, Oct 8-9
4-week virtual workshop, May 4 - May 29
Amsterdam, Jul 7-8
@theburningmonk theburningmonk.com
smartly-2020
€100 off all my workshops

170. @theburningmonk theburningmonk.com
lambdabestpractice.com bit.ly/complete-guide-to-aws-step-functions
smartly-2020
20% off my courses

171. @theburningmonk
theburningmonk.com
github.com/theburningmonk