@gunnargrosch Gunnar Grosch September 22, 2020 Chaos engineering (not only) for serverless

@gunnargrosch “You can’t consider your workload to be resilient until you hypothesize how your workload will react to failures, inject those failures to test your design, and then compare your hypothesis to the testing results” Seth Eliot AWS Well-Architected

@gunnargrosch Agenda • What is chaos engineering? • Motivations behind chaos engineering • Running chaos experiments • Chaos experiments • Challenges with serverless • Serverless chaos experiments

@gunnargrosch About me Background in development, operations, and management Organizer of user groups and conferences AWS Serverless Hero Father of three

@gunnargrosch What is chaos engineering?

@gunnargrosch What is chaos engineering? Chaos engineering is not about breaking things

@gunnargrosch What is chaos engineering? Chaos engineering is not only for production

@gunnargrosch What is chaos engineering? Chaos engineering is not only for big streaming companies

@gunnargrosch What is chaos engineering? “Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production” principlesofchaos.org

@gunnargrosch What is chaos engineering? Chaos engineering is about performing controlled experiments to inject failures

@gunnargrosch What is chaos engineering? Chaos engineering is about finding the weaknesses in a system and fixing them before they break

@gunnargrosch What is chaos engineering? Chaos engineering is about building confidence in your system and in your organization

@gunnargrosch Motivations behind chaos engineering

@gunnargrosch Motivations behind chaos engineering Are your customers getting the experience they should? Is downtime or issues costing you money? Are you confident in your monitoring and alerting? Is your organization ready to handle outages? Are you learning from incidents?

@gunnargrosch Motivations behind chaos engineering Don’t ask what happens if a system fails; ask what happens when it fails

@gunnargrosch Motivations behind chaos engineering “Chaos engineering should be done regularly” Reliability Pillar AWS Well-Architected Framework

@gunnargrosch Running chaos experiments

@gunnargrosch Step 1: Define steady state The normal behavior of a system over time System metrics and business metrics Business metrics are usually more useful Steady state is not necessarily continuous

@gunnargrosch Step 2: Form your hypothesis Use what ifs to find it Chaos can be injected at any layer of the stack Scientific ”If… then…” method Always fix known problems first

@gunnargrosch Step 3: Plan and run your experiment Whiteboard the experiment in detail Contain the blast radius Notify the organization Have a “stop” button ready

@gunnargrosch Step 4: Measure and learn Use metrics to prove or disprove the hypothesis Was the system resilient to the injected failure? Did anything unexpected happen? Share your progress and success

@gunnargrosch Running chaos experiments Define steady state Form your hypothesis Plan and run your experiment Measure and learn

@gunnargrosch Chaos experiments

@gunnargrosch Chaos experiments Resource exhaustion Network reliability Datastore saturation Instance failure Dependencies Application layer Kubernetes

@gunnargrosch Chaos engineering tools Chaos Monkey Netflix SSM Documents Steadybit steadybit.com Gremlin gremlin.com Chaos Toolkit chaostoolkit.org

@gunnargrosch Chaos demo

@gunnargrosch Chaos demo

@gunnargrosch Chaos demo

@gunnargrosch Chaos demo

@gunnargrosch Demo

@gunnargrosch Challenges with serverless

@gunnargrosch Challenges with serverless “Serverless allows you to build and run applications and services without thinking about servers” Amazon Web Services (AWS)

@gunnargrosch Challenges with serverless “There are still servers in serverless” Serverhuggers

@gunnargrosch Challenges with serverless No servers to manage Less heavy lifting Lots of services to choose from Per function and service configuration More granular architectures

@gunnargrosch Serverless chaos experiments

@gunnargrosch Serverless chaos experiments Errors Failovers Fallbacks Timeouts Events

@gunnargrosch Serverless chaos experiments Inject errors into your code Remove downstream services Alter the concurrency of functions Restrict the capacity of tables Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

@gunnargrosch Serverless chaos experiments Security policy errors CORS configuration errors Service configuration errors Function disk space failure Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

@gunnargrosch Serverless chaos experiments Add latency to your functions Cold starts Cloud provider issues Runtime or code issues Integration issues Timeouts Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

@gunnargrosch Chaos engineering tools for serverless Chaos-lambda Python Failure-lambda NodeJS Failure- azurefunctions NodeJS Failure- cloudfunctions NodeJS

@gunnargrosch Failure-lambda NodeJS NPM package for NodeJS Lambdas https://github.com/gunnargrosch/failure-lambda Configuration using Parameter Store Several failure modes Latency Status code Exception Disk space Denylist const failureLambda = require('failure-lambda’) exports.handler = failureLambda(async (event, context) => { ... }) { "isEnabled": false, "failureMode": "latency", "rate": 1, "minLatency": 100, "maxLatency": 400, "exceptionMsg": "Exception message!", "statusCode": 404, "diskSpace": 100, “denylist": [ "s3.*.amazonaws.com", "dynamodb.*.amazonaws.com" ] }

@gunnargrosch Serverless chaos demo

@gunnargrosch Serverless chaos demo

@gunnargrosch Serverless chaos demo Client Amazon S3 Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda AWS Lambda

@gunnargrosch Client Amazon S3 Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda AWS Lambda Serverless chaos demo What if my function takes an extra 300 ms for each invocation? What if my function returns an error code? What if I can’t get data from DynamoDB? Hypothesis: If we inject failure to functions then my application will use graceful degradation.

@gunnargrosch Demo

@gunnargrosch What’s next? “Chaos engineering should be done regularly” Reliability Pillar AWS Well-Architected Framework

@gunnargrosch What’s next? “Chaos engineering should be done regularly, and be part of your CI/CD cycle” Reliability Pillar AWS Well-Architected Framework

@gunnargrosch Demo

@gunnargrosch Summary Chaos engineering helps us find weaknesses and fix them Chaos engineering is about building confidence Chaos engineering should be done regularly What tool you use isn’t the critical part It’s not rocket science; you can do it!

@gunnargrosch Do you want more? Follow @serverlesschaos on Twitter Serverless Chaos Demo app: https://demo.serverlesschaos.com Failure-lambda: https://github.com/gunnargrosch/failure-lambda Failure-cloudfunctions: https://github.com/gunnargrosch/failure-cloudfunctions Failure-azurefunctions: https://github.com/gunnargrosch/failure-azurefunctions Chaos-lambda: https://github.com/adhorn/aws-lambda-chaos-injection/ Chaos SSM Documents: https://github.com/adhorn/chaos-ssm-documents YouTube videos and repositories: https://grosch.se

@gunnargrosch Thank you! Gunnar Grosch @gunnargrosch