Implementing safe deployments for serverless apps

Transcript

1. Alex Casalboni Technical Evangelist, AWS Implementing safe deployments for serverless

   apps @alex_casalboni @ 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved

2. About me • Software Engineer & Web Developer • Serverless

   Lover & AI Enthusiast • ServerlessDays Organizer • AWS Customer since 2013

3. Agenda 1. What is serverless computing 2. Serverless patterns on

   AWS 3. Safe deployments 4. Demo time

4. What is serverless computing

5. Serverless Computing in a nutshell No servers to provision or

   manage Scales with usage Never pay for idle Built-in availability and fault tolerance

6. Event-driven architectures Services (anything) Changes in data state Requests to

   endpoints Changes in resource state Event source Serverless Function Node.js (6.10, 8.10) Python (2.7, 3.6) Java (8) Go (1.x) .NET core (1.0, 2.0, 2.1) C#, F#, PowerShell

7. Common Use Cases Web apps • Static websites • Complex

   web apps • Packages for Flask and Express Data processing • Real time • MapReduce • Batch • Machine learning inference Chatbots • Powering chatbot logic Backends • Apps and services • Mobile • IoT </> </> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT automation • Policy engines • Extending AWS services • Infrastructure management

8. Serverless patterns

9. Serverless Functions 101 Simple resource model • Select RAM/Power (from

   128 MB to 3 GB) • CPU and network allocated proportionately Flexible use • Synchronous or asynchronous • Integrated with other Cloud services Flexible authorization • Securely grant access to Cloud resources • Fine-grained control for each function Bring your own code • Multiple runtimes • Bring your own libraries (even native ones)

10. Serverless Functions 101 Authoring functions • WYSIWYG editor or upload

    packaged .zip • Cloud-native IDE (Cloud9) • Third-party plugins (Eclipse, VS, etc.) Monitoring and logging • Metrics for requests, errors, and throttles • Built-in logs to the Cloud • Distributed tracing (microservices map) Programming model • Use processes, threads, /tmp, sockets normally • SDK to interact with other Cloud services Stateless • Persist data using external storage • No affinity or access to underlying infrastructure

11. Object storage NoSQL Database Real-time data ingestion IaC provisioning &

    automation Auditing & Compliance Platform Events User Authentication Pub/Sub Topics Email hooks (in/out-bound) Crojobs (scheduled) Data stores Endpoints Configuration repositories Event/message services Event Sources Source Control (Git) HTTP interface (RESTful) Chatbots and voice-apps MQTT interface Functions orchestration Message Queues

12. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail

    Amazon CloudWatch Amazon Cognito Amazon SNS Amazon SES Cron events Data stores Endpoints Configuration repositories Event/message services Event Sources (AWS) AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions Amazon SQS New

13. Function Execution Model Synchronous (push) Asynchronous (event) Stream-based HTTP request

    Function DB insert/update/delete New Message (queue, topic) File Upload or Update reqs changes Aggregation / buffer Function /order Real-time data ingestion New User Signup Function

14. λ λ λ DBMS λ λ λ λ λ λ

    λ λ λ Queue Modern serverless app

15. O pen Source A pache License states-language.net/spec.html

16. Orchestration as Visual Workflows (Step Functions) Task Choice Fail Parallel

17. “AWS Lambda Power Tuning” Data-driven cost & performance optimization for

    AWS Lambda github.com/alexcasalboni/aws-lambda-power-tuning Orchestration Example

18. Safe deployments

19. version NEW How do we safely deploy a new version

    of our code? version OLD ?

20. Pair programming Unit tests Local Integration tests Code reviews Continuous

    Integration (CI) Continuous Delivery (CD) Pre-prod integration tests Semi-automated acceptance tests Continuous Deployment First, let’s agree on “Safe”

21. But…

22. Bugs happen

23. None
24. None

25. A typical CI/CD pipeline Source Build Test Production Continuous integration

    Continuous delivery Continuous deployment

26. Cloud-native CI/CD on AWS Source Build Test Production AWS CodeCommit

    AWS CodeDeploy AWS CodeBuild Third-party tooling AWS CodePipeline New

27. Custom pipelines with AWS Step Functions github.com/aws-samples/aws-codepipeline-stepfunctions

28. AWS Serverless Application Model (SAM) Simplified template-driven deployment model for

    serverless applications New serverless resource types An extension (Macro) of AWS CloudFormation Open specification (Apache 2.0) github.com/awslabs/serverless-application-model

29. AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal:

    apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0' CloudFormation template

30. SAM Template Tells AWS CloudFormation this is a SAM template

    it needs to transform Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping and permissions necessary AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY

31. github.com/awslabs/aws-sam-local AWS SAM CLI CLI tool for local testing of

    serverless apps Works with Lambda functions and “proxy-style” APIs Response object and function logs available on your local machine Uses open-source Docker-Lambda images to mimic Lambda’s execution environment (timeout, memory limits, runtimes)

32. Let’s raise the safety bar!

33. IaC best practices Smart monitoring & metrics Data-driven strategies Customizable

    hooks Automatic rollback on Error What do we need?

34. AWS CodeDeploy + AWS Lambda Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes

    Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce • Lambda Alias Traffic Shifting enables canaries and blue|green deployments • Automatic rollback based on CloudWatch Metrics/Alarms • Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions)
35. None
36. None
37. None
38. None

39. <demo time>

40. Alex Casalboni Technical Evangelist, AWS Thank you! @alex_casalboni @ 2018,

    Amazon Web Services, Inc. or its Affiliates. All rights reserved