One year into an aws serverless app project - some of the lessons learned about lambda, Azure functions and API gateway

1. Serverless & Stateless
One year in, what we’ve learnt

2. Intro
• Been working on distributed apps for 10 years.
• Accordo’s new app has been built serverless* from the ground up and
has been in production seven months
• Why serverless? Simple, get a lot more done for your business by not
worrying about instances and administration.
* Disclaimer: At Accordo, Serverless has a broader meaning than static sites and FaaS

3. This isn’t all that new
If you struggle to explain to the boss. Think if it as
outsourcing to the best in the business
Simply the next generation of distributed apps and
containerisation
Serverless challenges are often just distributed
app challenges

4. Main app overview
1. Static website served via
cloudfront. Site is build using
React, Redux and webpack
2. Users authenticate via auth0
3. Access data apis using JWT
and APIGW
4. Most apis are implemented
as lambdas.
5. Main data in RDS postgres
6. Same lambdas for user apis
apso process async messages

5. Authorization – JWT claims based

6. Mind your (core) business
• Developers vary in skill, capacity and maturity, but
they’re all expensive for what you get.
• Every day, they turn up and write ‘stuff’. Make sure
they’re working on stuff that matters.
• Any hour spent on functionality not core to your
business is potential waste

7. Potential waste?
- A/B testing
- Alerting
- Analytics & Tracking
- Authentication
- Database
- Email
- Failover
- Queues & Message processing
- Reporting
- Search
- Automated Tests (not the testing)
- Configuration management
- Logging
- Permissions
Good ROI

8. Serverless Vs
The Twelve-Factor App
Can feel like a mis-match, but not impossible.
…and getting easier.
https://12factor.net

9. FaaS Vs Twelve-Factor pain points
- Configuration
- Much improved. was a major pain. Azure and
now AWS have environment variables.
- FaaS frameworks still have a tendency to
bundle config with build and or use named
environments.
- Ideally configuration management and
updates don’t require a re-build of app.
- Build artifacts
- Immutable build artifacts that and can be
deployed to any environment.
- Still Nothing of the shelf, but there are good
SDKs, not that hard to roll your own.
- Managed CI/CD is fine for nano services or
calculators. Be careful of loosing environment
control with larger components (build promotion,
rollbacks, config)

10. Frameworks
How to Manage your app?
- Developer workflow
- Build  Test  Artifact  Deploy
- Configuration
- Triggers & Endpoints
All frameworks have opinions. Some you’ll agree with.
Some….
Be clear on how you want to work, try not to
compromise
- CI for a user facing app – needs a lot of test
automation
- Its ok, it’s an evolving world, the frameworks will
catch up.
AWSServerless Application Model (SAM)

11. Log everything
- Logging services are the debugger
- Be careful of sensitive info.
- Log the positive and negative
- Keep them as long as is practical
- console.log(), console.time()
- Excited about AWS X-Ray or other things like Netflix
Vizceral

12. Warning 1 – alias confusion
AWS lambda Aliases and Versioning -
Great idea, very powerful useful concept but….. no support
for Alias level log groups or configuration.
V3
V2
V1
DEV
UAT
PROD
UAT API Stage
UAT API Stage
UAT API Stage
V2 logs
V2 code
V? config

13. Warning 2 – the cold start
Cold function invocation is a problem on AWS and
Azure. Webpack and sensible dependency
management helps the load speed.
Best band-aid to keep them alive is Cloudwatch +
a scheduled event. Event input can be
customised to a heartbeat type call.
Cold load is slow. Cold VPC load is like dial-up
speed. If function calls any outside resource it
waits for an ENI. Can be > 30 sec….
Semi related – database calls with
context.callbackWaitsForEmptyEventLoop

14. Warning 3 – Lambda Fast, API Gateway Slow
Calls to API gateway are routed through
cloudfront. Low traffic* APIs suffer from high
latency delays within cloudfront.
Delays reasons cited are low connection reuse,
routing algorithms and extra SSL handshakes.
This is made worse by app making OPTIONS calls.
You need to manually add ‘Access-Control-Max-
Age’
CORS OPTIONS call often takes ~1 second!
* Low traffic is less than 100 requests per second
Same level of latency affects all APIGW calls.
Common to see 1.5 sec round trip, but just 0.1 sec
lambda execution

15. Top 3 Integrations
Fastly - Consider a better CDN
Auth0 - Authenticate with anything…
Segment – Integrate with anything
Real-time CDN lets you purge content near
instantly - less than 150ms!
Cache API responses
One integration to rule them all…
Developer first, anything is possible

16. Testing
Write testable code, Strive for functional
Abstract the calling interface asap (lambda | azure | mocha)
Don’t sweat too much about the mocking side of things. We’re not testing AWS or
Azure

17. Links
Tidy diagrams https://cloudcraft.co/app
Some Auth strategies
https://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway
https://auth0.com/docs/integrations/aws-api-gateway
Twelve-factor App https://12factor.net
Lambda Versioning & Aliases http://docs.aws.amazon.com/lambda/latest/dg/versioning-aliases.html
One of the latency forum threads
https://forums.aws.amazon.com/message.jspa?messageID=729169#729169

18. Thanks!
linkedin.com/in/myles-henaghan