$30 off During Our Annual Pro Sale. View Details »

Serverless on AWS - Lessons learned

Driss Amri
October 11, 2018

Serverless on AWS - Lessons learned

After bringing several Serverless applications to production using Amazon Web Services (AWS Lambda), I decided to share some things I picked up. This presentation is currently still a draft.

Driss Amri

October 11, 2018
Tweet

More Decks by Driss Amri

Other Decks in Programming

Transcript

  1. Serverless on AWS
    Driss Amri
    @drams88
    LESSONS LEARNED

    View Slide

  2. Who is Driss Amri?
    Blogger at drissamri.be
    Traveler, Diver, Software Engineer

    View Slide

  3. View Slide

  4. Serverless is awesome!
    ● Faster time to market
    ● Significantly reduces server costs
    ● No server maintenance
    ● But...

    View Slide

  5. View Slide

  6. ● First invocation
    ● Concurrent invocations
    ● After provider resource clean up
    ● After deployment & configuration change
    Frequency

    View Slide

  7. View Slide

  8. ● Keep function single purposed*
    ● Minimize dependencies & use lightweight alternatives
    - ProGuard, serverless-optimizer-plugin, …
    ● Prefer low overhead runtime (Go, node.js, Python)
    - … warming up strategies for Java, .NET
    Minimize bootstrap
    PRO TIP:
    https://www.graalvm.org/

    View Slide

  9. https://github.com/alexcasalboni/aws-lambda-power-tuning

    View Slide

  10. ● Move state to global variables
    ● Fail fast
    ● Connections
    - Shorter server-side connection timeouts
    - Client side connection pool to 1
    - Connections keep-alive & auto reconnect
    Optimize execution time

    View Slide

  11. ✅ Access to Amazon RDS, Elasticache, RedShift, …
    ✅ Private API Gateway
    ✅ On-premise services over VPN
    When to use a VPC?
    ❌ Elastic Network Interface (ENI) increases cold start
    ❌ Limited number of ENIs per VPC
    ❌ NAT Gateway are required for Internet Access

    View Slide

  12. View Slide

  13. Development

    View Slide

  14. ● Local development
    - Serverless
    - aws-sam-cli
    ● Separate Lambda handler from business logic
    ● Use Environment Variables
    - … learn to love SSM Parameter Store
    Development tips

    View Slide

  15. ● Serverless framework
    ● Terraform
    ● AWS SAM CLI
    ● CloudFormation & AWS Cloud Development Kit (CDK)
    Tools

    View Slide

  16. View Slide

  17. ● Principle of least privileged
    - https://github.com/puresec/serverless-puresec-cli
    ● Validate your dependencies
    - https://jeremylong.github.io/DependencyCheck/
    ● PureSec Function Shield
    - Disable /tmp access
    - Disable outbound internet connections
    - Disable child process execution
    ● (Cross-) Account Lambda Authorizers
    Security

    View Slide

  18. Monitoring

    View Slide

  19. ● Functions don’t call functions
    ● Avoid RDBMS
    STOP!

    View Slide

  20. Cost control

    View Slide

  21. ● AWS Lambda: $0.20 per million requests
    $0.00001667 per GB-second
    ● API Gateway: $3.50 per million API calls
    ● SQS: $0.40 per million requests
    ● DynamoDB: $0.25 per GB-month
    Stream triggers to Lambda free
    ● Kinesis*: $0.015 per shard per hour
    $0.014 per million PUT requests
    Pricing*
    NOTE:
    Prices vary per region + Free tier

    View Slide

  22. https://github.com/open-guides/og-aws#aws-data-transfer-costs

    View Slide

  23. ● Max duration AWS API Gateway: 30 seconds
    ● Total size deployment packages: 75 GB
    Gotchas

    View Slide

  24. Example
    https://github.com/drissamri/serverless-architecture

    View Slide

  25. Learn...

    View Slide

  26. Get started!
    Amazon Web Services — a practical guide
    https://github.com/open-guides/og-aws
    AWS Certification preparation
    https://bit.ly/2aroFYb
    Serverless framework
    https://serverless.com
    AWS Well-Architected
    https://aws.amazon.com/architecture/well-architected
    AWS re:Invent 2017: Become a Serverless Black Belt
    https://www.youtube.com/watch?v=oQFORsso2go

    View Slide