Slide 1

Slide 1 text

What's the scariest thing about serverless?

Slide 2

Slide 2 text

@slobodan_ Long-running tasks?

Slide 3

Slide 3 text

@slobodan_ Compliance?

Slide 4

Slide 4 text

@slobodan_ Using binaries and large dependencies?

Slide 5

Slide 5 text

@slobodan_ Coldstart?

Slide 6

Slide 6 text

@slobodan_ Cold start with VPC?

Slide 7

Slide 7 text

@slobodan_ Local development and debugging?

Slide 8

Slide 8 text

@slobodan_ Losing control?

Slide 9

Slide 9 text

@slobodan_ Node.js?

Slide 10

Slide 10 text

@slobodan_ But, what about…

Slide 11

Slide 11 text

@slobodan_ BIG

Slide 12

Slide 12 text

@slobodan_ BAD

Slide 13

Slide 13 text

@slobodan_ VENDOR LOCK-IN

Slide 14

Slide 14 text

@slobodan_ What is vendor lock-in?

Slide 15

Slide 15 text

@slobodan_ "In economics, vendor lock-in, makes a customer dependent on a vendor for products and services, unable to use another vendor without substantial switching costs."

Slide 16

Slide 16 text

@slobodan_

Slide 17

Slide 17 text

@slobodan_

Slide 18

Slide 18 text

@slobodan_

Slide 19

Slide 19 text

@slobodan_ A guy with a lot of servers. Let's call him Jeff.

Slide 20

Slide 20 text

@slobodan_ A guy with a lot of servers. Let's call him Jeff.

Slide 21

Slide 21 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 22

Slide 22 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 23

Slide 23 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 24

Slide 24 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 25

Slide 25 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 26

Slide 26 text

@slobodan_ Jeff is smart, and he knows how do you use his servers.

Slide 27

Slide 27 text

@slobodan_ But what if Jeff is actually a villain?

Slide 28

Slide 28 text

@slobodan_ Your wallet would not be happy…

Slide 29

Slide 29 text

@slobodan_ Another guy with a lot of servers. Let's call him Bill.

Slide 30

Slide 30 text

@slobodan_ Another guy with a lot of servers. Let's call him Bill.

Slide 31

Slide 31 text

@slobodan_ Another guy with a lot of servers. Let's call him Bill.

Slide 32

Slide 32 text

@slobodan_ Another guy with a lot of servers. Let's call him Bill.

Slide 33

Slide 33 text

@slobodan_ That's vendor lock-in in the cloud

Slide 34

Slide 34 text

@slobodan_ "My train of thought went like this: the term “lock-in” is misleading. We are really talking about switching costs." Mark Schwartz Enterprise Strategist at AWS

Slide 35

Slide 35 text

@slobodan_ "As soon as you commit yourself to a platform or a vendor you will have switching costs if you later decide to change." Mark Schwartz Enterprise Strategist at AWS

Slide 36

Slide 36 text

@slobodan_ Howtofight vendorlock-in?

Slide 37

Slide 37 text

@slobodan_ Or, how to keep your switching costs reasonable?

Slide 38

Slide 38 text

@slobodan_ • Planning and analysis • Good architecture • Deployment procedures How likely wi! I n"d to switch? What would be the cost?

Slide 39

Slide 39 text

@slobodan_ That leads us to our topic…

Slide 40

Slide 40 text

Writing testable serverless apps and preventing vendor lock-in using hexagonal architecture

Slide 41

Slide 41 text

@slobodan_ But, before we continue…

Slide 42

Slide 42 text

Slobodan Stojanovic CTO @ Cloud Horizon & CTO @ Vacation Tracker co-author of Serverless Applications with Node.js book AWS Serverless Hero @slobodan_

Slide 43

Slide 43 text

@slobodan_ Writing testable serverless apps using hexagonal architecture

Slide 44

Slide 44 text

@slobodan_ Why is testing important for serverless apps?

Slide 45

Slide 45 text

@slobodan_ Most of the time serverless apps are not fully isolated monoliths without integrations

Slide 46

Slide 46 text

@slobodan_ Instead, they contain many services interacting with each other and with external dependencies

Slide 47

Slide 47 text

@slobodan_ An Example: Vacation Tracker

Slide 48

Slide 48 text

@slobodan_ VacationTracker.io

Slide 49

Slide 49 text

@slobodan_

Slide 50

Slide 50 text

@slobodan_ Integrations can change or fail every moment!

Slide 51

Slide 51 text

@slobodan_

Slide 52

Slide 52 text

@slobodan_

Slide 53

Slide 53 text

@slobodan_

Slide 54

Slide 54 text

@slobodan_

Slide 55

Slide 55 text

@slobodan_

Slide 56

Slide 56 text

@slobodan_ Tests don't prevent changes. They make sure your changes are not accidental.

Slide 57

Slide 57 text

@slobodan_ But how do we prevent changes?

Slide 58

Slide 58 text

@slobodan_ We can't. Our app needs to adapt fast! But we'! discuss that later today.

Slide 59

Slide 59 text

@slobodan_ But how do you know what should you test in a serverless app?

Slide 60

Slide 60 text

@slobodan_ Testing pyramid

Slide 61

Slide 61 text

@slobodan_

Slide 62

Slide 62 text

@slobodan_ Testing pyramid vs "Serverless testing pyramid"

Slide 63

Slide 63 text

@slobodan_

Slide 64

Slide 64 text

@slobodan_ Integration tests are cheaper, but also more important, because the common serverless app is split into many small pieces

Slide 65

Slide 65 text

@slobodan_ Writing testable serverless apps using hexagonal architecture

Slide 66

Slide 66 text

@slobodan_ Ok, so which architecture is the best for serverless apps?

Slide 67

Slide 67 text

@slobodan_ Any architecture that will let you test your serverless app easily and keep switching costs low.

Slide 68

Slide 68 text

@slobodan_ Because sooner or later you'll need to switch/migrate pieces of your app.

Slide 69

Slide 69 text

@slobodan_ Not to another cloud vendor, but to your new service, new or changed integration…

Slide 70

Slide 70 text

@slobodan_ Risks to consider when building a serverless app

Slide 71

Slide 71 text

@slobodan_ • configuration risks • technical workflow risks • business logic risks • integration risks

Slide 72

Slide 72 text

@slobodan_ One of the architectures that fits these needs is Hexagonal Architecture or Ports and Adapters

Slide 73

Slide 73 text

@slobodan_ Writing testable serverless apps using hexagonal architecture

Slide 74

Slide 74 text

@slobodan_ "Allow an application to equally be driven by users, programs, automated test or batch scripts, and to be developed and tested in isolation from its eventual run-time devices and databases." Alistair Cockburn Creator of Hexagonal architecture

Slide 75

Slide 75 text

@slobodan_

Slide 76

Slide 76 text

@slobodan_

Slide 77

Slide 77 text

@slobodan_ Let's go back to Vacation Tracker for an example

Slide 78

Slide 78 text

@slobodan_

Slide 79

Slide 79 text

@slobodan_

Slide 80

Slide 80 text

@slobodan_

Slide 81

Slide 81 text

@slobodan_

Slide 82

Slide 82 text

@slobodan_

Slide 83

Slide 83 text

@slobodan_

Slide 84

Slide 84 text

@slobodan_ Code, please!

Slide 85

Slide 85 text

@slobodan_ const { httpResponse, parseApiEvent, EventBridgeRepository } = require('../common') const main = require('./main') export async function handler(event) { // Create instance of SNS notification repository const notification = new EventBridgeRepository( process.env.topic ) // Invoke main function with all dependencies await main(event, parseApiEvent, notification) return httpResponse() }

Slide 86

Slide 86 text

@slobodan_ await main(event, parseApiEvent, notification)

Slide 87

Slide 87 text

@slobodan_ Unit tests

Slide 88

Slide 88 text

@slobodan_ await main(event, parseApiEvent, notification) Mock notification repository instance Some static values Parser mock

Slide 89

Slide 89 text

@slobodan_ Integration tests

Slide 90

Slide 90 text

@slobodan_ await main(event, parseApiEvent, notification) Local notification adapter, using JS events for example Some static values Parser function

Slide 91

Slide 91 text

@slobodan_ await main(event, parseApiEvent, notification) EventBridge notification adapter has its own integration tests

Slide 92

Slide 92 text

@slobodan_ Simple and nice

Slide 93

Slide 93 text

@slobodan_ What about End-to-End and UI tests?

Slide 94

Slide 94 text

@slobodan_ Serverless is mainly a back end thing, but it can help with UI tests!

Slide 95

Slide 95 text

@slobodan_ UI tests are slow and expensive

Slide 96

Slide 96 text

@slobodan_ Benefits of serverless are cheap infrastructure and easy/fast parallelization

Slide 97

Slide 97 text

@slobodan_

Slide 98

Slide 98 text

@slobodan_ Or, you can use your favorite tool, such as cypress.io

Slide 99

Slide 99 text

@slobodan_ But, do you remember…

Slide 100

Slide 100 text

@slobodan_ BIG

Slide 101

Slide 101 text

@slobodan_ BAD

Slide 102

Slide 102 text

@slobodan_ VENDOR LOCK-IN

Slide 103

Slide 103 text

@slobodan_

Slide 104

Slide 104 text

@slobodan_ How does hexagonal architecture help you fightingvendorlock-in?

Slide 105

Slide 105 text

@slobodan_ How does hexagonal architecture help you to keep switching costs reasonable?

Slide 106

Slide 106 text

@slobodan_ Story time

Slide 107

Slide 107 text

@slobodan_ Vacation Tracker VacationTracker.io

Slide 108

Slide 108 text

@slobodan_ • Serverless prototype • Small team (1 fulltime developer) • Initial product was Serverless chatbot + Express.js and MongoDB • Growing fast (200+ teams using it)

Slide 109

Slide 109 text

@slobodan_ + A few bad decisions as a bonus :)

Slide 110

Slide 110 text

@slobodan_ We did a few migrations in past few months.

Slide 111

Slide 111 text

@slobodan_ • Express API -> Serverless API migration • MongoDB -> DynamoDB migration For example:

Slide 112

Slide 112 text

@slobodan_ Let's talk about MongoDB -> DynamoDB switch

Slide 113

Slide 113 text

@slobodan_ We defined an interface for our MongoDB Repository.

Slide 114

Slide 114 text

@slobodan_ For example, this: Returns a single user with its properties. const db = new MongoDbRepository(something) const user = db.getUser(userId)

Slide 115

Slide 115 text

@slobodan_ We created DynamoDB Repository with the same interface.

Slide 116

Slide 116 text

@slobodan_ Returns a single user with the same properties. const mdb = new MongoDbRepository(something) const ddb = new DynamoDbRepository(somethingElse) const user1 = mdb.getUser(userId) const user2 = ddb.getUser(userId) expect(user1).toEqual(user2) // They are equal! For example, this:

Slide 117

Slide 117 text

@slobodan_ So we simply did the following:

Slide 118

Slide 118 text

@slobodan_

Slide 119

Slide 119 text

@slobodan_

Slide 120

Slide 120 text

@slobodan_

Slide 121

Slide 121 text

@slobodan_ But, how does this look like?

Slide 122

Slide 122 text

@slobodan_ describe('DynamoDB repository', () => { describe('unit', () => { ... }) describe('integration', () => { beforeAll(() => { // Create test DB }) afterAll(() => { // Destroy test DB }) // Tests }) })

Slide 123

Slide 123 text

@slobodan_ beforeAll(async () => { const params = { ... } await dynamoDb.createTable(params).promise() await dynamoDb.waitFor('tableExists', { TableName: tableName }).promise() })

Slide 124

Slide 124 text

@slobodan_ afterAll(async () => { await dynamoDb.deleteTable({ TableName: tableName }).promise() await dynamoDb.waitFor('tableNotExists', { TableName: tableName }).promise() })

Slide 125

Slide 125 text

@slobodan_ And we lived happily ever after…

Slide 126

Slide 126 text

@slobodan_ Writing testable serverless apps using hexagonal architecture Beyond testing

Slide 127

Slide 127 text

@slobodan_ What should we do with things that can't be tested? For example, Slack changes an API while your app is in production

Slide 128

Slide 128 text

@slobodan_ Make sure you are monitoring your app and tracking errors

Slide 129

Slide 129 text

@slobodan_ Monitoring/error-tracking tools

Slide 130

Slide 130 text

@slobodan_ • Built-in tools (CloudWatch, X-Ray) • Epsagon • Thundra • New Relic (they bought IOpipe) • Lumigo • and many others

Slide 131

Slide 131 text

@slobodan_ Serverless apps often heavily relies on front end, make sure you track front end errors too!

Slide 132

Slide 132 text

@slobodan_ Also, services are smaller and smaller, but integrations require fine grained permissions.

Slide 133

Slide 133 text

@slobodan_ There are tools that can help you to improve your permissions and keep your app secure.* * Protego, Puresec, and others.

Slide 134

Slide 134 text

@slobodan_ But sometimes even monitoring can't help you!

Slide 135

Slide 135 text

@slobodan_ You'll need a direct communication with your end users all the time!

Slide 136

Slide 136 text

@slobodan_

Slide 137

Slide 137 text

@slobodan_ Summary

Slide 138

Slide 138 text

@slobodan_ • Good architecture helps you to maintain your switching costs low (or at least reasonable) • Hexagonal architecture is a nice fit for serverless apps • Test your integrations (and app in general) • Testing is not enough, you'll need monitoring and error tracking for your serverless apps

Slide 139

Slide 139 text

@slobodan_