Save 37% off PRO during our Black Friday Sale! »

Implementing safe deployments for serverless apps

Implementing safe deployments for serverless apps

Continuous Integration (CI) and Continuous Delivery (CD) help developers automate the software release process. The faster you can release new features and fix bugs, the quicker you can innovate and respond to customer needs. Serverless computing has changed the game for application development, including how to properly perform CI/CD for your application. AWS provides developer tools that help you automate the end-to-end lifecycle of your serverless application. In this session, we will discuss a method for automating the deployment of serverless applications running on AWS Lambda, using services such as AWS CodePipeline and AWS CodeBuild, and techniques such as canary deployments and automatic rollbacks.


Alex Casalboni

September 20, 2018


  1. Alex Casalboni Technical Evangelist, AWS Implementing safe deployments for serverless

    apps @alex_casalboni @ 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved
  2. About me • Software Engineer & Web Developer • Serverless

    Lover & AI Enthusiast • ServerlessDays Organizer • AWS Customer since 2013
  3. Agenda 1. What is serverless computing 2. Serverless patterns on

    AWS 3. Safe deployments 4. Demo time
  4. What is serverless computing

  5. Serverless Computing in a nutshell No servers to provision or

    manage Scales with usage Never pay for idle Built-in availability and fault tolerance
  6. Event-driven architectures Services (anything) Changes in data state Requests to

    endpoints Changes in resource state Event source Serverless Function Node.js (6.10, 8.10) Python (2.7, 3.6) Java (8) Go (1.x) .NET core (1.0, 2.0, 2.1) C#, F#, PowerShell
  7. Common Use Cases Web apps • Static websites • Complex

    web apps • Packages for Flask and Express Data processing • Real time • MapReduce • Batch • Machine learning inference Chatbots • Powering chatbot logic Backends • Apps and services • Mobile • IoT </> </> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT automation • Policy engines • Extending AWS services • Infrastructure management
  8. Serverless patterns

  9. Serverless Functions 101 Simple resource model • Select RAM/Power (from

    128 MB to 3 GB) • CPU and network allocated proportionately Flexible use • Synchronous or asynchronous • Integrated with other Cloud services Flexible authorization • Securely grant access to Cloud resources • Fine-grained control for each function Bring your own code • Multiple runtimes • Bring your own libraries (even native ones)
  10. Serverless Functions 101 Authoring functions • WYSIWYG editor or upload

    packaged .zip • Cloud-native IDE (Cloud9) • Third-party plugins (Eclipse, VS, etc.) Monitoring and logging • Metrics for requests, errors, and throttles • Built-in logs to the Cloud • Distributed tracing (microservices map) Programming model • Use processes, threads, /tmp, sockets normally • SDK to interact with other Cloud services Stateless • Persist data using external storage • No affinity or access to underlying infrastructure
  11. Object storage NoSQL Database Real-time data ingestion IaC provisioning &

    automation Auditing & Compliance Platform Events User Authentication Pub/Sub Topics Email hooks (in/out-bound) Crojobs (scheduled) Data stores Endpoints Configuration repositories Event/message services Event Sources Source Control (Git) HTTP interface (RESTful) Chatbots and voice-apps MQTT interface Functions orchestration Message Queues
  12. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail

    Amazon CloudWatch Amazon Cognito Amazon SNS Amazon SES Cron events Data stores Endpoints Configuration repositories Event/message services Event Sources (AWS) AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions Amazon SQS New
  13. Function Execution Model Synchronous (push) Asynchronous (event) Stream-based HTTP request

    Function DB insert/update/delete New Message (queue, topic) File Upload or Update reqs changes Aggregation / buffer Function /order Real-time data ingestion New User Signup Function
  14. λ λ λ DBMS λ λ λ λ λ λ

    λ λ λ Queue Modern serverless app
  15. O pen Source A pache License

  16. Orchestration as Visual Workflows (Step Functions) Task Choice Fail Parallel

  17. “AWS Lambda Power Tuning” Data-driven cost & performance optimization for

    AWS Lambda Orchestration Example
  18. Safe deployments

  19. version NEW How do we safely deploy a new version

    of our code? version OLD ?
  20. Pair programming Unit tests Local Integration tests Code reviews Continuous

    Integration (CI) Continuous Delivery (CD) Pre-prod integration tests Semi-automated acceptance tests Continuous Deployment First, let’s agree on “Safe”
  21. But…

  22. Bugs happen

  23. None
  24. None
  25. A typical CI/CD pipeline Source Build Test Production Continuous integration

    Continuous delivery Continuous deployment
  26. Cloud-native CI/CD on AWS Source Build Test Production AWS CodeCommit

    AWS CodeDeploy AWS CodeBuild Third-party tooling AWS CodePipeline New
  27. Custom pipelines with AWS Step Functions

  28. AWS Serverless Application Model (SAM) Simplified template-driven deployment model for

    serverless applications New serverless resource types An extension (Macro) of AWS CloudFormation Open specification (Apache 2.0)
  29. AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0' CloudFormation template
  30. SAM Template Tells AWS CloudFormation this is a SAM template

    it needs to transform Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping and permissions necessary AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/ Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY
  31. AWS SAM CLI CLI tool for local testing of

    serverless apps Works with Lambda functions and “proxy-style” APIs Response object and function logs available on your local machine Uses open-source Docker-Lambda images to mimic Lambda’s execution environment (timeout, memory limits, runtimes)
  32. Let’s raise the safety bar!

  33. IaC best practices Smart monitoring & metrics Data-driven strategies Customizable

    hooks Automatic rollback on Error What do we need?
  34. AWS CodeDeploy + AWS Lambda Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes

    Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce • Lambda Alias Traffic Shifting enables canaries and blue|green deployments • Automatic rollback based on CloudWatch Metrics/Alarms • Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions)
  35. None
  36. None
  37. None
  38. None
  39. <demo time>

  40. Alex Casalboni Technical Evangelist, AWS Thank you! @alex_casalboni @ 2018,

    Amazon Web Services, Inc. or its Affiliates. All rights reserved