Serverless on AWS - Lessons learned

Transcript

1. Serverless on AWS Driss Amri @drams88 LESSONS LEARNED

2. Who is Driss Amri? Blogger at drissamri.be Traveler, Diver, Software

   Engineer
3. None

4. Serverless is awesome! • Faster time to market • Significantly

   reduces server costs • No server maintenance • But...
5. None

6. • First invocation • Concurrent invocations • After provider resource

   clean up • After deployment & configuration change Frequency
7. None

8. • Keep function single purposed* • Minimize dependencies & use

   lightweight alternatives - ProGuard, serverless-optimizer-plugin, … • Prefer low overhead runtime (Go, node.js, Python) - … warming up strategies for Java, .NET Minimize bootstrap PRO TIP: https://www.graalvm.org/

9. https://github.com/alexcasalboni/aws-lambda-power-tuning

10. • Move state to global variables • Fail fast •

    Connections - Shorter server-side connection timeouts - Client side connection pool to 1 - Connections keep-alive & auto reconnect Optimize execution time

11. ✅ Access to Amazon RDS, Elasticache, RedShift, … ✅ Private

    API Gateway ✅ On-premise services over VPN When to use a VPC? ❌ Elastic Network Interface (ENI) increases cold start ❌ Limited number of ENIs per VPC ❌ NAT Gateway are required for Internet Access
12. None

13. Development

14. • Local development - Serverless - aws-sam-cli • Separate Lambda

    handler from business logic • Use Environment Variables - … learn to love SSM Parameter Store Development tips

15. • Serverless framework • Terraform • AWS SAM CLI •

    CloudFormation & AWS Cloud Development Kit (CDK) Tools
16. None

17. • Principle of least privileged - https://github.com/puresec/serverless-puresec-cli • Validate your

    dependencies - https://jeremylong.github.io/DependencyCheck/ • PureSec Function Shield - Disable /tmp access - Disable outbound internet connections - Disable child process execution • (Cross-) Account Lambda Authorizers Security

18. Monitoring

19. • Functions don’t call functions • Avoid RDBMS STOP!

20. Cost control

21. • AWS Lambda: $0.20 per million requests $0.00001667 per GB-second

    • API Gateway: $3.50 per million API calls • SQS: $0.40 per million requests • DynamoDB: $0.25 per GB-month Stream triggers to Lambda free • Kinesis*: $0.015 per shard per hour $0.014 per million PUT requests Pricing* NOTE: Prices vary per region + Free tier

22. https://github.com/open-guides/og-aws#aws-data-transfer-costs

23. • Max duration AWS API Gateway: 30 seconds • Total

    size deployment packages: 75 GB Gotchas

24. Example https://github.com/drissamri/serverless-architecture

25. Learn...

26. Get started! Amazon Web Services — a practical guide https://github.com/open-guides/og-aws

    AWS Certification preparation https://bit.ly/2aroFYb Serverless framework https://serverless.com AWS Well-Architected https://aws.amazon.com/architecture/well-architected AWS re:Invent 2017: Become a Serverless Black Belt https://www.youtube.com/watch?v=oQFORsso2go