This document provides an experience report on going to production with serverless applications. It discusses several lessons learned including hidden complexities, the need to scale services earlier than with EC2 to avoid latency issues, high costs for unused resources with EC2, and long deployment times requiring downtime with EC2. It then outlines goals for serverless deployments including being small, fast, having zero downtime, loose coupling, minimizing costs and ops effort. The document describes the author's migration of several services to serverless and the resulting improvements in deployment frequency, costs savings, and time to delivery. It concludes by discussing various practices and tools related to deploying and managing serverless applications at production scale.

1. in production
an experience reportan experience report
what you should know before you go to production
ServerlessServerless

3. Yan Cui
http://theburningmonk.com
@theburningmonk
AWS user since 2009

4. Yan Cui
Server Architect
Principal Engineer
Lead Developer
Senior Developer
http://theburningmonk.com
@theburningmonk
Senior Developer

5. Yan Cui
Server Architect
Principal Engineer
Lead Developer
Senior Developer
http://theburningmonk.com
@theburningmonk
Senior Developer

6. Domas Lasauskas
AWS user since 2012

7. Domas Lasauskas
Senior Developer
Server Developer
Senior Developer
Server Developer

10. apr, 2016

11. hidden complexities and dependencies
low utilisation to leave room for traffic spikes
EC2 scaling is slow, so scale earlier
lots of cost for unused resources
up to 30 mins for deployment
deployment required downtime

12. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

14. “what would good
look like for us?”

15. be small
be fast
have zero downtime
have no lock-step
DEPLOYMENTS SHOULD...

16. FEATURES SHOULD...
be deployable independently
be loosely-coupled

17. WE WANT TO...
minimise cost for unused resources
minimise ops effort
reduce tech mess
deliver visible improvements faster

18. nov, 2016

19. 170 Lambda functions in prod
1.2 GB deployment packages in prod
95% cost saving vs EC2
15x no. of prod releases per month

20. time
is a good fit

21. 1st function in prod!
time
is a good fit

22. ?
time
is a good fit
1st function in prod!

23. ALERTING
CI / CD
TESTING
LOGGING
MONITORING

24. Practices ToolsPrinciples
what is good? how to make it good? with what?

25. Principles outlast Tools

26. 170 functions
WOOF!
? ?
time
is a good fit
1st function in prod!

27. SECURITY
DISTRIBUTED
TRACING
CONFIG
MANAGEMENT

28. evolving the PLATFORM

29. rebuilt search

30. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearch

31. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

32. new analytics pipeline

33. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery

34. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
1 developer, 2 days
design production
(his 1st serverless project)

35. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
“nothing ever got done
this fast at Skype!”
- Chris Twamley

36. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

37. Rebuilt
with Lambda

44. Rebuilt
with Lambda

45. BigQuery

46. BigQuery

47. grapheneDB
BigQuery

48. grapheneDB
BigQuery

49. grapheneDB
BigQuery

51. getting PRODUCTION READY

52. CHOOSE A
FRAMEWORK
DEPLOYMENT

53. http://serverless.com

54. https://github.com/awslabs/serverless-application-model

55. http://apex.run

56. https://apex.github.io/up

57. https://github.com/claudiajs/claudia

58. https://github.com/Miserlou/Zappa

59. http://gosparta.io/

60. TESTING

61. amzn.to/29Lxuzu

62. Level of Testing
1.Unit
do our objects do the right thing?
are they easy to work with?

64. Level of Testing
1.Unit
2.Integration
does our code work against code we
can’t change?

65. handler

66. handler
test by invoking
the handler

67. Level of Testing
1.Unit
2.Integration
3.Acceptance
does the whole system work?

68. Level of Testing
unit
integration
acceptance
feedback
confidence

69. “…We find that tests that mock external
libraries often need to be complex to
get the code into the right state for the
functionality we need to exercise.
The mess in such tests is telling us that
the design isn’t right but, instead of
fixing the problem by improving the
code, we have to carry the extra
complexity in both code and test…”
Don’t Mock Types You Can’t Change

70. “…The second risk is that we have to be
sure that the behaviour we stub or mock
matches what the external library will
actually do…
Even if we get it right once, we have to
make sure that the tests remain valid
when we upgrade the libraries…”
Don’t Mock Types You Can’t Change

71. Don’t Mock Types You Can’t Change
Services

72. Paul Johnston
The serverless approach to
testing is different and may
actually be easier.
http://bit.ly/2t5viwK

73. LambdaAPI Gateway DynamoDB

74. LambdaAPI Gateway DynamoDB
Unit Tests

75. LambdaAPI Gateway DynamoDB
Unit Tests
Mock/Stub

76. is our request correct?
is the request mapping
set up correctly?is the API resources
configured correctly?
are we assuming the
correct schema?
LambdaAPI Gateway DynamoDB
is Lambda proxy
configured correctly?
is IAM policy set
up correctly?
is the table created?
what unit tests will not tell you…

78. most Lambda functions are simple
have single purpose, the risk of
shipping broken software has largely
shifted to how they integrate with
external services
observation

80. But it slows down
my feedback loop…
IT’S NOT
ABOUT YOU!

81. …if a service can’t provide
you with a relatively easy
way to test the interface in
reality, then you should
consider using another one.
Paul Johnston

82. “…Wherever possible, an acceptance
test should exercise the system end-to-
end without directly calling its internal
code.
An end-to-end test interacts with the
system only from the outside: through
its interface…”
Testing End-to-End

83. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

84. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input

85. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input
Validate

86. integration tests exercise
system’s Integration with its
external dependencies
my code

87. acceptance tests exercise
system End-to-End from
the outside
my code

88. integration tests differ from
acceptance tests only in HOW the
Lambda functions are invoked
observation

92. CI + CD PIPELINE

93. “the earlier you consider CI + CD, the
more time you save in the long run”
- Yan

94. “…We prefer to have the end-to-end
tests exercise both the system and the
process by which it’s built and
deployed…
This sounds like a lot of effort (it is), but
has to be done anyway repeatedly
during the software’s lifetime…”
Testing End-to-End

95. “deployment scripts
that only live on the CI
box is a disaster
waiting to happen”
- Yan

96. Jenkins build config deploys and tests
unit + integration tests
deploy
acceptance tests

97. build.sh allows repeatable builds on both local & CI

98. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi

99. Jenkinsfile

101. Auto Auto Manual

102. LOGGING

104. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?

105. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?
UTC Timestamp API Gateway Request Id
your log message

106. function name
date
function version

107. Yan
Logs are not easily searchable
in CloudWatch Logs.

108. LOG OVERLOAD

109. CENTRALISE LOGS

110. CENTRALISE LOGS
MAKE THEM EASILY
SEARCHABLE

111. + +
the elk stack

112. CloudWatch Logs

113. CloudWatch Logs AWS Lambda ELK stack

114. CloudWatch Events

116. http://bit.ly/2f3zxQG

117. DISTRIBUTED TRACING

119. “my followers didn’t
receive my new post!”
- a user

120. where could the
problem be?

121. correlation IDs*
* eg. request-id, user-id, yubl-id, etc.

122. ROLL YOUR OWN
CLIENTS

123. kinesis client
http client
sns client

124. http://bit.ly/2k93hAj

125. ROLL YOUR OWN
CLIENTS
X-RAY

126. Amazon X-Ray

127. Amazon X-Ray

128. traces do not span over
API Gateway

129. http://bit.ly/2s9yxmA

130. MONITORING + ALERTING

131. “where do I install
monitoring agents?”

132. you can’t

133. • invocation Count
• error Count
• latency
• throttling
• granular to the minute
• support custom metrics

134. • same metrics as CW
• better dashboard
• support custom metrics
https://www.datadoghq.com/blog/monitoring-lambda-functions-datadog/

138. my code

139. my code

140. my code
internet internet
press button something happens

141. “how do I batch up
and send logs in the
background?”

142. you can’t
(kinda)

143. console.log(“hydrating yubls from db…”);
console.log(“fetching user info from user-api”);
console.log(“MONITORING|1489795335|27.4|latency|user-api-latency”);
console.log(“MONITORING|1489795335|8|count|yubls-served”);
timestamp metric value
metric type
metric namemetrics
logs

144. CloudWatch Logs AWS Lambda
ELK stack
logs
metrics
CloudWatch

145. http://bit.ly/2gGredx

146. DASHBOARDS

147. DASHBOARDS
SET ALARMS

148. DASHBOARDS
SET ALARMS
TRACK APP-LEVEL
METRICS

149. Not Only CloudWatch

151. “you really don't want
your monitoring
system to fail at the
same time as the
system it monitors”
- me

152. CONFIG MANAGEMENT

153. easily and quickly propagate
config changes

155. Yan
Environment variables make it
hard to share configurations
across functions.

156. Yan
Environment variables make it
hard to implement fine-grained
access to sensitive info.

157. CENTRALISED
CONFIG SERVICE

158. config service
goes here

162. SSM
Parameter
Store

163. sensitive data should be encrypted
in-flight, and at rest
(credentials, connection string, etc.)

164. role-based access

165. SSM Parameter Store
HTTPS
role-based access
encrypted in-flight

166. SSM Parameter Store
encrypt
role-based access

167. SSM Parameter Store
encrypted at-rest

168. HTTPS
role-based access
SSM Parameter Store
encrypted in-flight

169. CENTRALISED
CONFIG SERVICE
CLIENT LIBRARY

170. fetch & cache at Cold Start

171. invalidate at interval + signal

172. http://bit.ly/2yLUjwd

173. PRO TIPS

174. max 75 GB total deployment package size*
* limit is per AWS region

175. Janitor Monkey

176. Janitor Lambda
http://bit.ly/2xzVu4a

177. disable versionFunctions in

178. install Serverless framework as dev
dependency at project level
dev dependencies are excluded since 1.16.0

179. http://bit.ly/2vzBqhC

180. http://amzn.to/2vtUkDU

181. UNDERSTAND
COLDSTARTS

182. Amazon X-Ray
1st invocation
2nd invocation
cold start

183. source: http://bit.ly/2oBEbw2

184. http://bit.ly/2rtCCBz

185. C#
http://bit.ly/2rtCCBz

186. Java
http://bit.ly/2rtCCBz

187. NodeJs, Python
http://bit.ly/2rtCCBz

188. EMBRACE
NODE.JS & PYTHON

189. what about type safety?

191. complexity ceiling of a
Node.js app
complexity

192. complexity ceiling of a
Node.js app
complexity
referential transparency
immutability as default
type inference
option types
union types
…

193. for managing complexity
complexity ceiling of a
Node.js app
complexity
referential transparency
immutability as default
type inference
option types
union types
…

194. complexity ceiling of a
Node.js app
complexity
complexity ceiling of a
Node.js Lambda function

195. if you can limit the complexity
of your solution, maybe you
won’t need the tools for
managing that complexity.
me

196. AVOID
COLDSTARTS

197. CloudWatch Event AWS Lambda

198. CloudWatch Event AWS Lambda
ping
ping
ping
ping

199. CloudWatch Event AWS Lambda
ping
ping
ping
ping

200. CloudWatch Event AWS Lambda
ping
ping
ping
ping
HEALTH CHECKS?

201. AVOID HARD
ASSUMPTIONS
ABOUT FUNCTION
LIFETIME

202. USE STATE
FOR
OPTIMISATION

203. max 5 mins execution time

204. USE RECURSION
FOR LONG
RUNNING TASKS

205. CONSIDER
PARTIAL
FAILURES

206. “AWS Lambda polls your stream and
invokes your Lambda function. Therefore, if
a Lambda function fails, AWS Lambda
attempts to process the erring batch of
records until the time the data expires…”
http://docs.aws.amazon.com/lambda/latest/dg/retries-on-errors.html

207. should function fail on
partial/any failures?

208. SNS
Kinesis
SQS
after 3 attempts
share processing logic
events are processed in
chronological order
failed events are retried out
of sequence

209. PROCESS SQS
WITH RECURSIVE
FUNCTIONS

210. http://bit.ly/2npomX6

211. AVOID HOT
KINESIS
STREAMS

212. “Each shard can support up to
5 transactions per second for
reads, up to a maximum total data
read rate of 2 MB per second.”
http://docs.aws.amazon.com/streams/latest/dev/service-sizes-and-limits.html

213. “If your stream has 100 active shards,
there will be 100 Lambda functions
running concurrently. Then, each
Lambda function processes events
on a shard in the order that they arrive.”
http://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html

214. when no. of processors goes up…

215. ReadProvisionedThroughputExceeded
can have too many Kinesis read operations…

216. ReadRecords.IteratorAge
unpredictable spikes in read ‘latency’…

217. can kinda workaround…

218. http://bit.ly/2uv5LsH

219. clever, but costly

220. for subsystems that don’t have
to be realtime, or are task-
based (ie. order doesn’t
matter), consider other
triggers such as S3 or SNS.me

221. @theburningmonk
theburningmonk.com
github.com/theburningmonk

222. API Gateway and Kinesis
Authentication & authorisation (IAM, Cognito)
Testing
Running & Debugging functions locally
Log aggregation
Monitoring & Alerting
X-Ray
Correlation IDs
CI/CD
Performance and Cost optimisation
Error Handling
Configuration management
VPC
Security
Leading practices (API Gateway, Kinesis, Lambda)
Step Functions
Serverless design patterns
https://bit.ly/aws-lambda-in-motion

223. API Gateway and Kinesis
Authentication & authorisation (IAM, Cognito)
Testing
Running & Debugging functions locally
Log aggregation
Monitoring & Alerting
X-Ray
Correlation IDs
CI/CD
Performance and Cost optimisation
Error Handling
Configuration management
VPC
Security
Leading practices (API Gateway, Kinesis, Lambda)
Step Functions
Serverless design patterns
get 40% off with: ytcui
https://bit.ly/aws-lambda-in-motion