This ServerlessTO meetup covered various Serverless design patterns and best practices for building apps using the full #AWS #Serverless stack - not just Lambda. Event recording (including 25min long Q&A!) is at https://youtu.be/gsILTMXPUeU
4. Serverless?
No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
#serverlessTO @mikeapted
13. Microservice patterns: Lambda API
1. Lambda directly
invoked via invoke API
SDK clients
API provided by the Lambda service
Used by all other services that invoke
Lambda across all models
Supports sync and async
Can pass any event payload structure you
want
Client included in every SDK
Synchronous / Asynchronous
Lambda
function
#serverlessTO @mikeapted
14. Lambda Execu,on Model
Synchronous (push) Asynchronous (event) Stream
(poll-based)
Amazon
DynamoDB
Amazon
SNS
/order
Amazon
S3
reqs
Amazon Kinesis
Data Streams
changes
AWS Lambda
service
function
Amazon API
Gateway
Lambda
function
Lambda
function
15. Microservice pa,erns: Amazon SNS + Lambda
2. Lambda function(s) invoked
Amazon
SNS topic
1. Data published to a topic
Data
Simple, flexible, fully managed
publish/subscribe messaging and mobile
push notification service for high
throughput, highly reliable message delivery
Messages are published to a topic
Topics can have multiple subscribers (fanout)
Messages can be filtered and only sent to
certain subscribers
Asynchronous
Lambda
function
Lambda
function
#serverlessTO @mikeapted
16. Microservice patterns: Amazon SQS + Lambda
1. Message
inserted into
a queue
Message
Amazon
SQS3. SQS removes
message from
queue on
successful
response from
function
2. Lambda
function invoked
Simple, flexible, fully managed message
queuing service for reliably and
continuously exchanging any volume of
messages from anywhere
Processed in batches
At-least-once delivery
Visibility timeout allows for handling of
failures during processing
Asynchronous
Lambda
function
#serverlessTO @mikeapted
19. Streaming Data: Fan Out
Record
producers
AWS Cloud
Amazon Kinesis
Data Streams
AWS
Lambda
#serverlessTO @mikeapted
20. Streaming Data: Real Time Analy2cs
Record
producers
AWS Cloud
Amazon Kinesis
Data Streams
Amazon Kinesis
Data Analytics
AWS
Lambda
#serverlessTO @mikeapted
22. Orchestra)on: Step Func)ons
Serverless workflow management
with zero administration
• Makes it easy to coordinate the
components of distributed applications
and microservices using visual workflows
• Automatically triggers and tracks each
step and retries when there are errors, so
your application executes in order and as
expected
• Logs the state of each step, so when
things do go wrong, you can diagnose and
debug problems quickly
#serverlessTO @mikeapted
23. Orchestra)on: Step Func)ons
With serverless polling With direct service integrationStart
End
AWS
Lambda
functions
Start
End
No
Lambda
functions
#serverlessTO @mikeapted
25. DevOps: Tes*ng
• Decouple business logic from your Lambda handler
• Write unit tests as you normally would
• Leverage tools like “aws-sdk-mock”
• Leverage a framework for easier local testing
• i.e. SAM Local
• For integration tests leverage real services
26. DevOps: Deployments + Frameworks
• Build pipelines from source control to production
• Consider one pipeline per service
• Leverage capabilities that are built into frameworks like:
• traffic shifting between Lambda aliases
• canary or blue/green deployments
• error monitoring
• automatic rollbacks,
27. DevOps: Share Code w/ Lambda Layers
Lets functions easily share code: Upload layer
once, reference within any function
Layer can be anything: dependencies, training
data, configuration files, etc
Promote separation of responsibilities, lets
developers iterate faster on writing business
logic
Built in support for secure sharing by
ecosystem
#serverlessTO @mikeapted
28. Observability: X-Ray
• Lambda instruments incoming
requests for all supported
languages
• Lambda runs the X-Ray daemon on
all languages with an SDK
var AWSXRay = require(‘aws-xray-sdk-core‘);
AWSXRay.middleware.setSamplingRules(‘sampling-
rules.json’);
var AWS = AWSXRay.captureAWS(require(‘aws-sdk’));
S3Client = AWS.S3();
#serverlessTO @mikeapted
31. Observability: Metrics
• 6 Built in metrics for Lambda
• Invocation Count, Invocation duration,
Invocation errors, Throttled Invocation, Iterator
Age, DLQ Errors
• Can call “put-metric-data” from your function
code for custom metrics
• 7 Built in metrics for API-Gateway
• API Calls Count, Latency, 4XXs, 5XXs, Integration
Latency, Cache Hit Count, Cache Miss Count
• Error and Cache metrics now support averages
and percen,les
#serverlessTO @mikeapted
32. Observability: Logs
• API Gateway Logging
• 2 Levels of logging, ERROR and INFO
• Optionally log method request/body content
• Set globally in stage, or override per method
• Lambda Logging
• Logging directly from your code with your
language’s equivalent of console.log()
• Basic request information included
• Log Pivots
• Build metrics based on log filters
• Jump to logs that generated metrics
• Export logs to AWS ElastiCache or S3
• Explore with Kibana or Athena/QuickSight
#serverlessTO @mikeapted
33. Observability: DLQ
“By default, a failed Lambda function invoked
asynchronously is retried twice, and then the event is
discarded.”
https://docs.aws.amazon.com/lambda/latest/dg/dlq.html
• Turn this on! (for async use-cases)
• Monitor it via an SQS Queue length metric/alarm
• If you use SNS, send the messages to something durable
and/or a trusted endpoint for processing
• If and when things fail DLQ can save your invocation event
information
☠
✉
Q
#serverlessTO @mikeapted
34. Performance: Function Lifecycle
Bootstrap
the runtime
Start your
code
Full
cold start
Partial
cold start
Warm
start
Download
your code
Start new
Execution
environment
AWS optimization Your optimization
#serverlessTO @mikeapted
35. Anatomy of a Lambda functionImport sdk
Import http-lib
Import ham-sandwich
Pre-handler-secret-getter()
Pre-handler-db-connect()
Function myhandler(event, context) {
<Event handling logic> {
result = SubfunctionA()
}else {
result = SubfunctionB()
return result;
}
Function Pre-handler-secret-getter() {
}
Function Pre-handler-db-connect(){
}
Function subFunctionA(thing){
## logic here
}
Function subFunctionB(thing){
## logic here
}
36. Anatomy of a Lambda functionImport sdk
Import http-lib
Import ham-sandwich
Pre-handler-secret-getter()
Pre-handler-db-connect()
Function myhandler(event, context) {
<Event handling logic> {
result = SubfunctionA()
}else {
result = SubfunctionB()
return result;
}
Function Pre-handler-secret-getter() {
}
Function Pre-handler-db-connect(){
}
Function subFunctionA(thing){
## logic here
}
Function subFunctionB(thing){
## logic here
}
Dependencies, configuration information, common helper functions
Common helper functions
Business logic sub-functions
Your handler
38. Performance: Resource Alloca1on
Lambda exposes only a memory control, with the % of CPU
core and network capacity allocated to a function
proportionally
#serverlessTO @mikeapted
40. Performance: Mul/threading
• <1.8GB is still single core
• CPU bound workloads won’t see gains – processes share
same resources
• >1.8GB is multi core
• CPU bound workloads will gains, but need to multi thread
• I/O bound workloads WILL likely see gains
• e.g. parallel calculations to return
#serverlessTO @mikeapted
41. Security: Configura1on
• Key-value pairs that you can dynamically pass to
your function
• Available via standard environment variable APIs
such as process.env for Node.js or os.environ for
Python
• Can optionally be encrypted via AWS Key
Management Service (KMS)
• Allows you to specify in IAM what roles have access to
the keys to decrypt the information
• Useful for creating environments per stage (i.e.
dev, testing, production)
#serverlessTO @mikeapted
42. Security: Secrets
AWS Parameter Store
Centralized store to manage your
configuration data
• Supports hierarchies
• Plain-text or encrypted with KMS
• Can send notifications of changes to Amazon
SNS/ AWS Lambda
• Can be secured with IAM
• Calls recorded in CloudTrail
• Can be tagged
• Integrated with AWS Secrets Manager
• Available via API/SDK
Useful for: centralized environment
variables, secrets control, feature
flags
from __future__ import print_function
import json
import boto3
ssm = boto3.client('ssm', 'us-east-1')
def get_parameters():
response = ssm.get_parameters(
Names=['LambdaSecureString'],WithDec
ryption=True
)
for parameter in response['Parameters']:
return parameter['Value']
def lambda_handler(event, context):
value = get_parameters()
print("value1 = " + value)
return value # Echo back the first key
value
43. Security: Permissions
Function policies:
• “Actions on bucket X can invoke
Lambda function Z"
• Resource policies allow for cross
account access
Execution role:
• “Lambda function A can read
from DynamoDB table users”
• Define what AWS resources/API
calls can this function access via
IAM
Event source ServicesFunction
#serverlessTO @mikeapted