Alex Casalboni Technical Evangelist, AWS Implementing safe deployments for serverless apps @alex_casalboni @ 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved 

About me • Software Engineer & Web Developer • Serverless Lover & AI Enthusiast • ServerlessDays Organizer • AWS Customer since 2013 

Agenda 1. What is serverless computing 2. Serverless patterns on AWS 3. Safe deployments 4. Demo time 

What is serverless computing 

Serverless Computing in a nutshell No servers to provision or manage Scales with usage Never pay for idle Built-in availability and fault tolerance 

Event-driven architectures Services (anything) Changes in data state Requests to endpoints Changes in resource state Event source Serverless Function Node.js (6.10, 8.10) Python (2.7, 3.6) Java (8) Go (1.x) .NET core (1.0, 2.0, 2.1) C#, F#, PowerShell 

Common Use Cases Web apps • Static websites • Complex web apps • Packages for Flask and Express Data processing • Real time • MapReduce • Batch • Machine learning inference Chatbots • Powering chatbot logic Backends • Apps and services • Mobile • IoT Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT automation • Policy engines • Extending AWS services • Infrastructure management 

Serverless patterns 

Serverless Functions 101 Simple resource model • Select RAM/Power (from 128 MB to 3 GB) • CPU and network allocated proportionately Flexible use • Synchronous or asynchronous • Integrated with other Cloud services Flexible authorization • Securely grant access to Cloud resources • Fine-grained control for each function Bring your own code • Multiple runtimes • Bring your own libraries (even native ones) 

Serverless Functions 101 Authoring functions • WYSIWYG editor or upload packaged .zip • Cloud-native IDE (Cloud9) • Third-party plugins (Eclipse, VS, etc.) Monitoring and logging • Metrics for requests, errors, and throttles • Built-in logs to the Cloud • Distributed tracing (microservices map) Programming model • Use processes, threads, /tmp, sockets normally • SDK to interact with other Cloud services Stateless • Persist data using external storage • No affinity or access to underlying infrastructure 

Object storage NoSQL Database Real-time data ingestion IaC provisioning & automation Auditing & Compliance Platform Events User Authentication Pub/Sub Topics Email hooks (in/out-bound) Crojobs (scheduled) Data stores Endpoints Configuration repositories Event/message services Event Sources Source Control (Git) HTTP interface (RESTful) Chatbots and voice-apps MQTT interface Functions orchestration Message Queues 

Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNS Amazon SES Cron events Data stores Endpoints Configuration repositories Event/message services Event Sources (AWS) AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions Amazon SQS New 

Function Execution Model Synchronous (push) Asynchronous (event) Stream-based HTTP request Function DB insert/update/delete New Message (queue, topic) File Upload or Update reqs changes Aggregation / buffer Function /order Real-time data ingestion New User Signup Function 

λ λ λ DBMS λ λ λ λ λ λ λ λ λ Queue Modern serverless app 

O pen Source A pache License states-language.net/spec.html 

Orchestration as Visual Workflows (Step Functions) Task Choice Fail Parallel 

“AWS Lambda Power Tuning” Data-driven cost & performance optimization for AWS Lambda github.com/alexcasalboni/aws-lambda-power-tuning Orchestration Example 

Safe deployments 

version NEW How do we safely deploy a new version of our code? version OLD ? 

Pair programming Unit tests Local Integration tests Code reviews Continuous Integration (CI) Continuous Delivery (CD) Pre-prod integration tests Semi-automated acceptance tests Continuous Deployment First, let’s agree on “Safe” 

But… 

Bugs happen 

No content

No content

A typical CI/CD pipeline Source Build Test Production Continuous integration Continuous delivery Continuous deployment 

Cloud-native CI/CD on AWS Source Build Test Production AWS CodeCommit AWS CodeDeploy AWS CodeBuild Third-party tooling AWS CodePipeline New 

Custom pipelines with AWS Step Functions github.com/aws-samples/aws-codepipeline-stepfunctions 

AWS Serverless Application Model (SAM) Simplified template-driven deployment model for serverless applications New serverless resource types An extension (Macro) of AWS CloudFormation Open specification (Apache 2.0) github.com/awslabs/serverless-application-model 

AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0' CloudFormation template 

SAM Template Tells AWS CloudFormation this is a SAM template it needs to transform Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping and permissions necessary AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY 

github.com/awslabs/aws-sam-local AWS SAM CLI CLI tool for local testing of serverless apps Works with Lambda functions and “proxy-style” APIs Response object and function logs available on your local machine Uses open-source Docker-Lambda images to mimic Lambda’s execution environment (timeout, memory limits, runtimes) 

Let’s raise the safety bar! 

IaC best practices Smart monitoring & metrics Data-driven strategies Customizable hooks Automatic rollback on Error What do we need? 

AWS CodeDeploy + AWS Lambda Deployment Preference Type Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce • Lambda Alias Traffic Shifting enables canaries and blue|green deployments • Automatic rollback based on CloudWatch Metrics/Alarms • Pre/Post-Traffic Triggers can integrate with other services (or even call Lambda functions) 

No content

No content

No content

No content



Alex Casalboni Technical Evangelist, AWS Thank you! @alex_casalboni @ 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved