This document provides an experience report on getting serverless applications ready for production. It discusses several important considerations for production readiness including testing, monitoring and alerting, configuration management, security, and continuous integration/delivery pipelines. The document also shares lessons learned from rebuilding several services using a serverless approach at Skype and the cost savings and velocity gains achieved.

1. in production
an experience reportan experience report
what you should know before you go to production
ServerlessServerless

2. Yan Cui
http://theburningmonk.com
@theburningmonk
AWS user since 2009

3. Yan Cui
http://theburningmonk.com
@theburningmonk

6. apr, 2016

8. hey guys, vote on this post
and I’ll announce a winner at
10PM tonight

9. 10PM
traffic

10. 10PM
traffic
70-100x

11. low utilisation to leave room for spikes
EC2 scaling is slow, so scale earlier

12. lots of $$$ for unused resources

13. up to 30 mins for deployment
deployment required downtime

14. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

16. “what would good
look like for us?”

17. be small
be fast
have zero downtime
have no lock-step
DEPLOYMENTS SHOULD...

18. FEATURES SHOULD...
be deployable independently
be loosely-coupled

19. WE WANT TO...
minimise cost for unused resources
minimise ops effort
reduce tech mess
deliver visible improvements faster

20. nov, 2016

21. 170 Lambda functions in prod
1.2 GB deployment packages in prod
95% cost saving vs EC2
15x no. of prod releases per month

22. time
is a good fit

23. 1st function in prod!
time
is a good fit

24. ?
time
is a good fit
1st function in prod!

25. ALERTING
CI / CD
TESTING
LOGGING
MONITORING

26. Practices ToolsPrinciples
what is good? how to make it good? with what?

27. Principles outlast Tools

28. 170 functions
? ?
time
is a good fit
1st function in prod!

29. SECURITY
DISTRIBUTED TRACING
CONFIG MANAGEMENT

30. evolving the PLATFORM

31. rebuilt search

32. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearch

33. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

34. new analytics pipeline

35. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery

36. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
1 developer, 2 days
design production
(his 1st serverless project)

37. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
“nothing ever got done
this fast at Skype!”
- Chris Twamley

38. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

39. Rebuilt
with Lambda

47. Rebuilt
with Lambda

48. BigQuery

49. BigQuery

50. grapheneDB
BigQuery

51. grapheneDB
BigQuery

52. grapheneDB
BigQuery

53. getting PRODUCTION READY

54. choose a tried-and-tested
deployment framework,
don’t invent your own

55. http://serverless.com

56. https://github.com/awslabs/serverless-application-model

57. http://apex.run

58. https://apex.github.io/up

59. https://github.com/claudiajs/claudia

60. https://github.com/Miserlou/Zappa

61. http://gosparta.io/

62. TESTING

63. amzn.to/29Lxuzu

64. Level of Testing
1.Unit
do our objects do the right thing?
are they easy to work with?

66. Level of Testing
1.Unit
2.Integration
does our code work against code we
can’t change?

67. handler

68. handler
test by invoking
the handler

69. Level of Testing
1.Unit
2.Integration
3.Acceptance
does the whole system work?

70. Level of Testing
unit
integration
acceptance
feedback
confidence

71. “…We find that tests that mock external
libraries often need to be complex to
get the code into the right state for the
functionality we need to exercise.
The mess in such tests is telling us that
the design isn’t right but, instead of
fixing the problem by improving the
code, we have to carry the extra
complexity in both code and test…”
Don’t Mock Types You Can’t Change

72. “…The second risk is that we have to be
sure that the behaviour we stub or mock
matches what the external library will
actually do…
Even if we get it right once, we have to
make sure that the tests remain valid
when we upgrade the libraries…”
Don’t Mock Types You Can’t Change

73. Don’t Mock Types You Can’t Change
Services

74. Paul Johnston
The serverless approach to
testing is different and may
actually be easier.
http://bit.ly/2t5viwK

75. LambdaAPI Gateway DynamoDB

76. LambdaAPI Gateway DynamoDB
Unit Tests

77. LambdaAPI Gateway DynamoDB
Unit Tests
Mock/Stub

78. is our request correct?
is the request mapping
set up correctly?is the API resources
configured correctly?
are we assuming the
correct schema?
LambdaAPI Gateway DynamoDB
is Lambda proxy
configured correctly?
is IAM policy set
up correctly?
is the table created?
what unit tests will not tell you…

80. most Lambda functions are simple
have single purpose, the risk of
shipping broken software has largely
shifted to how they integrate with
external services
observation

82. optimize towards shipping working
software, even if it means slowing
down your feedback loop…

83. …if a service can’t provide
you with a relatively easy
way to test the interface in
reality, then you should
consider using another one.
Paul Johnston

84. “…Wherever possible, an acceptance
test should exercise the system end-to-
end without directly calling its internal
code.
An end-to-end test interacts with the
system only from the outside: through
its interface…”
Testing End-to-End

85. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

86. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input

87. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input
Validate

88. integration tests exercise
system’s Integration with its
external dependencies
my code

89. acceptance tests exercise
system End-to-End from
the outside
my code

90. integration tests differ from
acceptance tests only in HOW the
Lambda functions are invoked
observation

93. CI + CD PIPELINE

94. me
the earlier you consider CI/CD
the more time you save in
the long run

95. “…We prefer to have the end-to-end
tests exercise both the system and the
process by which it’s built and
deployed…
This sounds like a lot of effort (it is), but
has to be done anyway repeatedly
during the software’s lifetime…”
Testing End-to-End

96. me
deployment scripts that only
live on the CI box is a disaster
waiting to happen…

97. Jenkins build config deploys and tests
unit + integration tests
deploy
acceptance tests

98. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi

99. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi
install Serverless framework
as dev dependency

100. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi
install Serverless framework
as dev dependency
mitigate version conflicts

102. http://alistair.cockburn.us/Hexagonal+architecture

103. build.sh allows repeatable builds on both local & CI

105. Auto Auto Manual

107. LOGGING

109. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?

110. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?
UTC Timestamp API Gateway Request Id
your log message

111. me
Logs are not easily searchable
in CloudWatch Logs.

112. CloudWatch Logs

113. CloudWatch Logs AWS Lambda ELK stack

114. …

115. CloudWatch Events

118. DISTRIBUTED TRACING

120. a user
my followers didn’t receive
my new post!

121. where could the
problem be?

122. correlation IDs*
* eg. request-id, user-id, yubl-id, etc.

123. wrap HTTP client & AWS SDK clients
to forward captured correlation IDs

124. kinesis client
http client
sns client

125. use X-Ray for performance tracing

126. Amazon X-Ray

127. Amazon X-Ray

128. X-Ray traces do not span over API
Gateway, or async event sources

129. MONITORING + ALERTING

130. no place to install agents/daemons

131. • invocation Count
• error Count
• latency
• throttling
• granular to the minute
• support custom metrics

132. • same metrics as CW
• better dashboard
• support custom metrics
https://www.datadoghq.com/blog/monitoring-lambda-functions-datadog/

136. my code

137. my code

138. my code
internet internet
press button something happens

139. those extra 10-20ms for
sending custom metrics
would compound when
you have microservices
and multiple APIs are
called within one slice
of user event

140. Amazon found every 100ms of latency
cost them 1% in sales.
http://bit.ly/2EXPfbA

141. no more background processing,
other than what the platform provides

142. console.log(“hydrating yubls from db…”);
console.log(“fetching user info from user-api”);
console.log(“MONITORING|1489795335|27.4|latency|user-api-latency”);
console.log(“MONITORING|1489795335|8|count|yubls-served”);
timestamp metric value
metric type
metric namemetrics
logs

143. CloudWatch Logs AWS Lambda
ELK stack
logs
metrics
CloudWatch

144. don’t forget to setup dashboards
& CW alarms

145. CONFIG MANAGEMENT

146. design for easy & quick
propagation of config changes

148. me
Environment variables make it
hard to share configurations
across functions.

149. me
Environment variables make it
hard to implement fine-grained
access to sensitive info.

150. config service
goes here

154. SSM
Parameter
Store

155. sensitive data should be encrypted
in-flight, and at-rest

156. enforce role-based access to sensitive
configuration values

157. SSM Parameter Store
HTTPS
role-based access
encrypted in-flight

158. SSM Parameter Store
encrypt
role-based access

159. SSM Parameter Store
encrypted at-rest

160. HTTPS
role-based access
SSM Parameter Store
encrypted in-flight

161. invest into a robust client library

162. fetch & cache at cold-start

163. invalidate at interval & weak signals

164. That’s it, folks!
Thank you all :-D

165. API Gateway and Kinesis
Authentication & authorisation (IAM, Cognito)
Testing
Running & Debugging functions locally
Log aggregation
Monitoring & Alerting
X-Ray
Correlation IDs
CI/CD
Performance and Cost optimisation
Error Handling
Configuration management
VPC
Security
Leading practices (API Gateway, Kinesis, Lambda)
Canary deployments
http://bit.ly/prod-ready-serverless
get 40% off
with: ytcui

166. @theburningmonk
theburningmonk.com
github.com/theburningmonk