Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Serverless on AWS - Lessons learned

4f58cc9aea7be8afbeede693832984c8?s=47 Driss Amri
October 11, 2018

Serverless on AWS - Lessons learned

After bringing several Serverless applications to production using Amazon Web Services (AWS Lambda), I decided to share some things I picked up. This presentation is currently still a draft.

4f58cc9aea7be8afbeede693832984c8?s=128

Driss Amri

October 11, 2018
Tweet

Transcript

  1. Serverless on AWS Driss Amri @drams88 LESSONS LEARNED

  2. Who is Driss Amri? Blogger at drissamri.be Traveler, Diver, Software

    Engineer
  3. None
  4. Serverless is awesome! • Faster time to market • Significantly

    reduces server costs • No server maintenance • But...
  5. None
  6. • First invocation • Concurrent invocations • After provider resource

    clean up • After deployment & configuration change Frequency
  7. None
  8. • Keep function single purposed* • Minimize dependencies & use

    lightweight alternatives - ProGuard, serverless-optimizer-plugin, … • Prefer low overhead runtime (Go, node.js, Python) - … warming up strategies for Java, .NET Minimize bootstrap PRO TIP: https://www.graalvm.org/
  9. https://github.com/alexcasalboni/aws-lambda-power-tuning

  10. • Move state to global variables • Fail fast •

    Connections - Shorter server-side connection timeouts - Client side connection pool to 1 - Connections keep-alive & auto reconnect Optimize execution time
  11. ✅ Access to Amazon RDS, Elasticache, RedShift, … ✅ Private

    API Gateway ✅ On-premise services over VPN When to use a VPC? ❌ Elastic Network Interface (ENI) increases cold start ❌ Limited number of ENIs per VPC ❌ NAT Gateway are required for Internet Access
  12. None
  13. Development

  14. • Local development - Serverless - aws-sam-cli • Separate Lambda

    handler from business logic • Use Environment Variables - … learn to love SSM Parameter Store Development tips
  15. • Serverless framework • Terraform • AWS SAM CLI •

    CloudFormation & AWS Cloud Development Kit (CDK) Tools
  16. None
  17. • Principle of least privileged - https://github.com/puresec/serverless-puresec-cli • Validate your

    dependencies - https://jeremylong.github.io/DependencyCheck/ • PureSec Function Shield - Disable /tmp access - Disable outbound internet connections - Disable child process execution • (Cross-) Account Lambda Authorizers Security
  18. Monitoring

  19. • Functions don’t call functions • Avoid RDBMS STOP!

  20. Cost control

  21. • AWS Lambda: $0.20 per million requests $0.00001667 per GB-second

    • API Gateway: $3.50 per million API calls • SQS: $0.40 per million requests • DynamoDB: $0.25 per GB-month Stream triggers to Lambda free • Kinesis*: $0.015 per shard per hour $0.014 per million PUT requests Pricing* NOTE: Prices vary per region + Free tier
  22. https://github.com/open-guides/og-aws#aws-data-transfer-costs

  23. • Max duration AWS API Gateway: 30 seconds • Total

    size deployment packages: 75 GB Gotchas
  24. Example https://github.com/drissamri/serverless-architecture

  25. Learn...

  26. Get started! Amazon Web Services — a practical guide https://github.com/open-guides/og-aws

    AWS Certification preparation https://bit.ly/2aroFYb Serverless framework https://serverless.com AWS Well-Architected https://aws.amazon.com/architecture/well-architected AWS re:Invent 2017: Become a Serverless Black Belt https://www.youtube.com/watch?v=oQFORsso2go