Building a Serverless company with Node.js, React and the Serverless Framework

Slide 1

Slide 1 text

BUILDING A SERVERLESS COMPANY WITH NODE, REACT AND THE SERVERLESS FRAMEWORK MAY 10TH 2017, Verona Luciano Mammino loige.link/jsday2017 1

Slide 2

Slide 2 text

Who is LUCIANO lmammino loige loige.co 2

Slide 3

Slide 3 text

NeBK20JV -20% eBook NpBK15JV -15% Print loige.link/node-book fancy a coupon? 3

Slide 4

Slide 4 text

fullstackbulletin.com built with ⚡serverless 4

Slide 5

Slide 5 text

Agenda What is Serverless History & deﬁnition Advantages & costs How it Works Example on AWS Lambda Example with Serverless Framework Serverless at Planet 9 Architecture Security Quality Monitoring / Logging Step Functions 5

Slide 6

Slide 6 text

PART 1 What is Serverless 6

Slide 7

Slide 7 text

1996 - Let's order few more servers for this rack... 7

Slide 8

Slide 8 text

2006 - Let's move the infrastructure in "the cloud"... 8

Slide 9

Slide 9 text

2013 - I can "ship" the new API to any VPS as a "container" 9

Slide 10

Slide 10 text

TODAY - I ain't got no infrastructure, just code "in the cloud" baby! 10

Slide 11

Slide 11 text

loige.link/serverless-commitstrip 11

Slide 12

Slide 12 text

“ The essence of the serverless trend is the absence of the server concept during software development. — Auth0 loige.link/what-is-serverless 12

Slide 13

Slide 13 text

Serverless & Framework Serverless.com 13

Slide 14

Slide 14 text

Focus on business logic, not on infrastructure Virtually “inﬁnite” auto-scaling Pay for invocation / processing time (cheap!) Advantages of serverless 14

Slide 15

Slide 15 text

Is it cheaper to go serverless? ... It depends 15

Slide 16

Slide 16 text

Car analogy Cars are parked 95% of the time ( ) How much do you use the car? loige.link/car-parked-95 Own a car (Bare metal servers) Rent a car (VPS) City car-sharing (Serverless) 16

Slide 17

Slide 17 text

loige.link/serverless-calc Less than $0.40/day for 1 execution/second 17

Slide 18

Slide 18 text

What can we build? Mobile Backends APIs & Microservices Data Processing pipelines ⚡ Webhooks Bots and integrations ⚙ IoT Backends Single page web applications 18

Slide 19

Slide 19 text

The paradigm Event → 19

Slide 20

Slide 20 text

IF ________________________________ THEN ________________________________ "IF this THEN that" model 20

Slide 21

Slide 21 text

Cloud providers IBM OpenWhisk AWS Lambda Azure Functions Google Cloud Functions Auth0 Webtask 21

Slide 22

Slide 22 text

Serverless and JavaScript Frontend Serverless Web hosting is static, but you can build SPAs (React, Angular, Vue, etc.) Backend Node.js is supported by every provider ⚡ Fast startup (as opposed to Java) Use all the modules on NPM Support other languages/dialects (TypeScript, ClojureScript, ESNext...) 22

Slide 23

Slide 23 text

exports.myLambda = function ( event, context, callback ) { // get input from event and context // use callback to return output or errors } Anatomy of a Node.js lambda on AWS 23

Slide 24

Slide 24 text

Let's build a "useful" Hello World API 24

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

Slide 31

Slide 31 text

Slide 32

Slide 32 text

API Gateway conﬁg has been generated for us... 32

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Recap 1. Login to AWS Dashboard 2. Create new Lambda from blueprint 3. Configure API Gateway trigger 4. Configure Lambda and Security 5. Write Lambda code 6. Configure Roles & Publish ⚡Ready! No local testing ... Manual process 34

Slide 35

Slide 35 text

Enter the... 35

Slide 36

Slide 36 text

Get serverless framework npm install --global serverless@latest sls --help 36

Slide 37

Slide 37 text

Create a project mkdir helloWorldApi cd helloWorldApi touch handler.js serverless.yml 37

Slide 38

Slide 38 text

// handler.js 'use strict'; exports.helloWorldHandler = (event, context, callback) => { const name = (event.queryStringParameters && event.queryStringParameters.name) ? event.queryStringParameters.name : 'Verona'; const response = { statusCode: 200, headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({message: `Hello ${name}`}) }; callback(null, response); }; 38

Slide 39

Slide 39 text

# serverless.yml service: sls-helloWorldApi provider: name: aws runtime: "nodejs6.10" functions: helloWorld: handler: "handler.helloWorldHandler" events: - http: path: / method: get 39

Slide 40

Slide 40 text

Local test touch event.json { "queryStringParameters": { "name": "Tim Wagner" }, "httpMethod": "GET", "path": "/" } 40

Slide 41

Slide 41 text

Local test 41

Slide 42

Slide 42 text

Deploy the lambda 42

Slide 43

Slide 43 text

Recap 1. Install serverless framework 2. Create handler & serverless conﬁg 3. Test locally (optional) 4. Deploy 5. Party hard! 43

Slide 44

Slide 44 text

PART 2 Serverless at Planet 9 44

Slide 45

Slide 45 text

https://planet9energy.com 45

Slide 46

Slide 46 text

Slide 47

Slide 47 text

a Big Data company E.g. Meter readings per customer/year 2 × 24 × 365 Half Hours × 25 ~ meter reading points × 24 ~ data versions = load™ of data 47

Slide 48

Slide 48 text

Limited number of “Full stack” engineers ⚡ Write & deploy quality code fast Experiment diﬀerent approaches over diﬀerent features Adopt hot and relevant technologies Limited number of servers = LIMITED CALLS AT 2 AM! Why Serverless 48

Slide 49

Slide 49 text

Current infrastructure Serverless land Web API & Jobs Messaging 49

Slide 50

Slide 50 text

Serverless Frontend & Backend Cloufront & S3 API Gateway & Lambda planet9energy.io api.planet9energy.io Access-Control-Allow-Origin: https://planet9energy.io CORS HTTP HEADER Custom error page index.html Serverless Web Hosting Serverless APIs 50

Slide 51

Slide 51 text

Security: Authentication "Who is the current user?" JWT Tokens Custom Authorizer Lambda 51

Slide 52

Slide 52 text

JWT Token Authorizer Login user: "Podge" pass: "Unicorns<3" Users DB Check Credentials JWT token Validate token & extract userId API request 52 API 1 API 2 API 3

Slide 53

Slide 53 text

Security: Authorization "Can Podge trade for Account17 ?" User Action Resource 53

Slide 54

Slide 54 text

User Action Resource Podge trade Account17 Podge changeSettings Account17 Luciano delete * ... ... ... Custom ACL module used by every lambda Built on & Persistence in Postgres node-acl knex.js 54

Slide 55

Slide 55 text

import { can } from '@planet9/acl'; export const tradingHandler = async (event, context, callback) => { const user = event.requestContext.userId; const account = event.pathParameters.accountId; const isAuthorized = await can(user, 'trade', account); if (!isAuthorized) { return callback(new Error('Not Authorized')); } // ... business logic } 55

Slide 56

Slide 56 text

Security: Sensitive Data export const handler = (event, context, callback) => { const CONN_STRING = process.env.CONN_STRING; // ... } 56

Slide 57

Slide 57 text

# serverless.yml functions: myLambda: handler: handler.myHandler environment: CONN_STRING: ${env:CONN_STRING} Serverless environment variables 57

Slide 58

Slide 58 text

Split business logic into small testable modules Use dependency injection for external resources (DB, Filesystem, etc.) Mock stuﬀ with Jest Aim for 100% coverage Nyan Cat test runners! Quality: Unit Tests 58

Slide 59

Slide 59 text

Use child_process.exec to launch "sls invoke local" Make assertions on the JSON output Test environment simulated with Docker (Postgres, Cassandra, etc.) Some services are hard to test locally (SNS, SQS, S3) Quality: Functional Tests 59

Slide 60

Slide 60 text

Git-Flow Feature branches Push code GitHub -> CI Quality: Continuous integration CircleCI Lint code (ESlint) Unit tests Build project Functional tests if commit on "master": create deployable artifact 60

Slide 61

Slide 61 text

Development / Test / Deployment 61

Slide 62

Slide 62 text

Debugging 62

Slide 63

Slide 63 text

... How do we debug then console.log... Using the module Enable detailed logs only when needed (e.g. export DEBUG=tradingCalculations) debug 63

Slide 64

Slide 64 text

Step Functions Coordinate components of distributed applications Orchestrate different AWS Lambdas Visual flows Different execution patterns (sequential, branching, parallel) 64

Slide 65

Slide 65 text

Slide 66

Slide 66 text

Some lessons learned... Think serverless as microservices " " ❄ ! Be aware of There is still some infrastructure: use proper tools (Cloudformation, Terraform, ...) microfunctions Cold starts soft limits 66

Slide 67

Slide 67 text

Serverless architectures are COOL! Inﬁnite scalability at low cost Managed service Still, has some limitations Managing a project might be hard but: Technology progress and open source (e.g. Serverless.com) will make things easier Recap 67

Slide 68

Slide 68 text

Thanks loige.link/jsday2017 @loige (special thanks to , & ) @Podgeypoos79 @quasi_modal @augeva Feedback joind.in/talk/79fa0 68