Serverless functions deep dive

Transcript

1. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Serverless functions deep dive Danilo Poccia Principal Evangelist, Serverless AWS @danilop Caroline Rennie Product Lead Comic Relief @cagsr89

2. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T AWS operational responsibility models On-Premises Cloud Less More Compute Virtual Machine EC2 Elastic Beanstalk AWS Lambda Fargate Databases MySQL MySQL on EC2 RDS MySQL RDS Aurora Aurora Serverless DynamoDB Storage Storage S3 Messaging ESBs Amazon MQ Kinesis SQS / SNS Analytics Hadoop Hadoop on EC2 EMR Elasticsearch Service Athena

3. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T

4. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Serverless applications Services (anything) Changes in data state Requests to endpoints Changes in resource state Event source Function Node.js Python Java C# / F# / PowerShell Go Ruby Runtime API

5. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Anatomy of a Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda function Invocation Context object Methods available to interact with runtime information (request ID, log group, more) import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello World!') }

6. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Lambda Layers Lets functions easily share code: Upload layer once, reference within any function Promote separation of responsibilities, lets developers iterate faster on writing business logic Built in support for secure sharing by ecosystem

7. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Using Lambda Layers • Put common components in a ZIP file and upload it as a Lambda Layer • Layers are immutable and can be versioned to manage updates • When a version is deleted or permissions to use it are revoked, functions that used it previously will continue to work, but you won’t be able to create new ones • You can reference up to five layers, one of which can optionally be a custom runtime Lambda Layers arn:aws:lambda:region:accountId:layer:shared-lib Lambda Layers arn:aws:lambda:region:accountId:layer:shared-lib:2 Lambda Layers arn:aws:lambda:region:accountId:layer:shared-lib:3

8. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Lambda Runtime API Bring any Linux compatible language runtime Powered by new Runtime API - Codifies the runtime calling conventions and integration points At launch, custom runtimes powering Ruby support in AWS Lambda, more runtimes from partners (like Erlang) Custom runtimes distributed as “layers” Rule Stack

9. © 2019, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. S U M M I T Runtime Bootstrap • The bootstrap executable act as a bridge between the Runtime HTTP API and the Function to be executed • Bootstrap needs to manage response/error handling, context creation and function execution • Information on the interface endpoint and the function handler are shared as environment variables /runtime API /invocation/next /init/error /ID/error /invocation/ID/response /invocation/ID/error bootstrap Process events/headers Clean up Initialize and Invoke function Response/Error handling Lambda Function

10. Build PCI and HIPAA compliant serverless applications! Serverless platform services

    that can be used in both:

11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Start with a framework AWS Chalice AWS Amplify AWS SAM AWS: Third-party: Serverless Framework

12. Meet SAM!

13. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T AWS Serverless Application Model (SAM) AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetFunction: Type: AWS::Serverless::Function Properties: Handler: index.get Runtime: nodejs8.10 CodeUri: src/ Policies: - DynamoDBReadPolicy: TableName: !Ref MyTable Events: GetResource: Type: Api Properties: Path: /resource/{resourceId} Method: get MyTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway • DynamoDB table O pen Source

14. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Use SAM CLI to package and deploy SAM templates pip install --user aws-sam-cli sam init --name my-app --runtime python cd my-app/ sam local ... # generate-event/invoke/start-api/start-lambda sam validate # The SAM template sam build # Depending on the runtime sam package --s3-bucket my-packages-bucket \ --output-template-file packaged.yaml sam deploy --template-file packaged.yaml \ --stack-name my-stack-prod sam logs -n MyFunction --stack-name my-stack-prod -t # Tail sam publish # To the Serverless Application Repository O pen Source CodePipeline Use CloudFormation deployment actions with any SAM application Jenkins Use SAM CLI plugin

15. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T

16. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T TweetSource: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:... SemanticVersion: 2.0.0 Parameters: TweetProcessorFunctionName: !Ref MyFunction SearchText: '#serverless -filter:nativeretweets' Nested apps to simplify solving recurring problems Standard Component Custom Business Logic Polling schedule (CloudWatch Events rule) trigger TwitterProcessor SearchCheckpoint TwitterSearchPoller Twitter Search API

17. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T AWS SAM Template Capabilities • Can mix in other non-SAM CloudFormation resources in the same template • i.e. Amazon S3, Amazon Kinesis, AWS Step Functions • Supports use of Parameters, Mappings, Outputs, etc • Supports Intrinsic Functions • Can use ImportValue (exceptions for RestApiId, Policies, StageName attributes) • YAML or JSON

18. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Using AWS CloudFormation Export/ImportValue Outputs: WebServerSecurityGroup: Description: Security group for public web servers Value: Fn::GetAtt: - WebServerSecurityGroup - GroupId Export: Name: Fn::Sub: "${AWS::StackName}-SecurityGroupID” PublicSubnet: Description: Subnet for public web servers Value: Ref: PublicSubnet Export: Name: Fn::Sub: "${AWS::StackName}-SubnetID" Resources: WebServerInstance: Type: AWS::EC2::Instance Properties: InstanceType: t2.micro ImageId: ami-a1b23456 NetworkInterfaces: - GroupSet: - Fn::ImportValue: Fn::Sub: "${NetworkStackName}-SecurityGroupID" AssociatePublicIpAddress: 'true' DeviceIndex: '0' DeleteOnTermination: 'true' SubnetId: Fn::ImportValue: Fn::Sub: "${NetworkStackName}-SubnetID" Stack A – Network Stack B – Web Servers This is a Parameter

19. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T AWS Lambda Environment Variables • Key-value pairs that you can dynamically pass to your function • Available via standard environment variable APIs such as process.env for Node.js or os.environ for Python • Can optionally be encrypted via AWS Key Management Service (KMS) • Allows you to specify in IAM what roles have access to the keys to decrypt the information • Useful for creating environments per stage (i.e. dev, testing, production)

20. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Amazon API Gateway Stage Variables Stage variables act like environment variables • Use stage variables to store configuration values • Stage variables are available in the $context object • Values are accessible from most fields in API Gateway • Lambda function ARN • HTTP endpoint • Custom authorizer function name • Parameter mappings

21. AWS Lambda and Amazon API Gateway Variables + SAM Parameters:

    MyEnvironment: Type: String Default: test AllowedValues: - test - staging - prod Description: Environment of this stack of resources Mappings: SpecialFeature1: test: status: on staging: status: on prod: status: off #Lambda MyFunction: Type: 'AWS::Serverless::Function' Properties: … Environment: Variables: ENVIRONMENT: !Ref MyEnvironment Spec_Feature1: !FindInMap [SpecialFeature1, !Ref MyEnvironment, status] … #API Gateway MyApiGatewayApi: Type: AWS::Serverless::Api Properties: … Variables: ENVIRONMENT: !Ref MyEnvironment

22. Parameters: MyEnvironment: Type: String Default: test AllowedValues: - test -

    staging - prod Description: Environment of this stack of resources Mappings: SpecialFeature1: test: status: on staging: status: on prod: status: off #Lambda MyFunction: Type: 'AWS::Serverless::Function' Properties: … Environment: Variables: ENVIRONMENT: !Ref MyEnvironment Spec_Feature1: !FindInMap [SpecialFeature1, !Ref MyEnvironment, status] … #API Gateway MyApiGatewayApi: Type: AWS::Serverless::Api Properties: … Variables: ENVIRONMENT: !Ref MyEnvironment AWS Lambda and Amazon API Gateway Variables + SAM

23. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T MyLambdaFunction: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs6.10 AutoPublishAlias: !Ref ENVIRONMENT DeploymentPreference: Type: Linear10PercentEvery10Minutes Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction AWS SAM + Safe Deployments

24. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T AWS Lambda Alias Traffic Shifting & AWS SAM AutoPublishAlias By adding this property and specifying an alias name, AWS SAM will do the following: • Detect when new code is being deployed based on changes to the Lambda function's Amazon S3 URI. • Create and publish an updated version of that function with the latest code. • Create an alias with a name you provide (unless an alias already exists) and points to the updated version of the Lambda function. Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce In SAM:

25. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Alarms: # A list of alarms that you want to monitor - !Ref AliasErrorMetricGreaterThanZeroAlarm - !Ref LatestVersionErrorMetricGreaterThanZeroAlarm Hooks: # Validation Lambda functions that are run before & after traffic shifting PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PostTrafficLambdaFunction AWS Lambda Alias Traffic Shifting & AWS SAM Note: You can specify a maximum of 10 alarms In SAM:

26. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Globals: Function: Runtime: nodejs6.10 CodeUri: s3://code-artifacts/pet_app1234.zip MemorySize: 1024 Timeout: 30 AutoPublishAlias: !Ref ENVIRONMENT getDogsFunction: Type: AWS::Serverless::Function Properties: Handler: getDogs.handler Events: GetDogs: Type: Api Properties: Path: /Dogs Method: ANY getCatsFunction: Type: AWS::Serverless::Function Properties: Handler: getCats.handler Events: GetCats: Type: Api Properties: Path: /Cats Method: ANY getBirdsFunction: Type: AWS::Serverless::Function Properties: Handler: getBirds.handler Timeout: 15 Events: GetBirds: Type: Api Properties: Path: /Birds Method: ANY AWS SAM Globals

27. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T Lambda permissions model Fine grained security controls for both execution and invocation: Execution policies: • Define what AWS resources/API calls can this function access via IAM • Used in streaming invocations • E.g. “Lambda function A can read from DynamoDB table users” Function policies: • Used for sync and async invocations • E.g. “Actions on bucket X can invoke Lambda function Z” • Resource policies allow for cross account configst access

28. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T AWS SAM Policy Templates MyQueueFunction: Type: AWS::Serverless::Function Properties: ... Policies: # Gives permissions to poll an SQS Queue - SQSPollerPolicy: queueName: !Ref MyQueue ... MyQueue: Type: AWS::SQS::Queue ...

29. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. S U M M I T SAM Policy Templates 45+ predefined policies All found here: https://bit.ly/2xWycnj

30. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.

31. Caroline Rennie Product Lead @cagsr89 medium.com/comic-relief

32. SCALING CHALLENGES 350 DONATIONS PER SECOND

33. 2016 Drupal 7 monolith - Static content - Pay-in fundraising

    - Gift aid declaration - Fundraiser gallery - Contact us Giving Pages Donate

34. 2017 Drupal 7 monolith - Static content - Contact us

    Drupal 8 - Static content Pay-in fund- raising SMS Gift aid Fundraise gallery Giving Pages Donate

35. 2018 Drupal 8 - Static content Pay-in fund- raising SMS

    Gift aid Giving Pages Donate Contact us Red Nose Comp School step calc

36. 2018 Drupal 8 - Static content Pay-in fund- raising SMS

    Gift aid Contact us Giving Pages Donate Red Nose Comp School step calc Mailer Service Postcode lookup

37. 2019 Drupal 8 - Static content Pay-in fund- raising Contact

    us Payment Service layer Image uploader service Marketing preferences service Mailer Service Postcode lookup service SMS Gift Aid Donate

38. Donate bit.ly/cr-donate-blueprint

39. OLD VS NEW

40. OLD VS NEW

41. OLD VS NEW March 2019 cost* $5,393 March 2015 cost*

    $83,908 *All hosting costs are paid for through corporate partnerships. 100% of public donations go to the projects we fund.

42. WE COULD DO IT ALL AGAIN TOMORROW Serverless services cost

    $92

43. • Identify limiting factors

44. • Identify limiting factors • Utilise rapid reusability

45. • Identify limiting factors • Utilise rapid reusability • Monitor

    to optimize

46. • Identify limiting factors • Utilise rapid reusability • Monitor

    to optimize • Use Serverless load testing

47. We couldn’t have done it without… Inquisitive engineers Great tech

    partners Trust from organisation

48. comicrelief.com/donate

49. Thank you! S U M M I T © 2019,

    Amazon Web Services, Inc. or its affiliates. All rights reserved. Danilo Poccia @danilop Caroline Rennie @cagsr89

50. S U M M I T © 2019, Amazon Web

    Services, Inc. or its affiliates. All rights reserved.