© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gunnar Grosch @gunnargrosch October 14, 2020 Performing chaos in a serverless world Serverless Architecture Conference

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Abstract The principles of chaos engineering have been battletested for years using traditional infrastructure and containerized microservices. But how do they work with serverless functions and managed services?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • What is chaos engineering? • Motivations behind chaos engineering • Running chaos experiments • Serverless chaos experiments

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About me Senior Developer Advocate Background in development, operations, and management Community builder Father of three

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is not about breaking things

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is not only for production

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is not only for big streaming companies

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? “Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production” principlesofchaos.org

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is about performing controlled experiments to inject failures

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is about finding the weaknesses in a system and fixing them before they break

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is chaos engineering? Chaos engineering is about building confidence in your system and in your organization

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivations behind chaos engineering

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivations behind chaos engineering Are your customers getting the experience they should? Is downtime or issues costing you money? Are you confident in your monitoring and alerting? Is your organization ready to handle outages? Are you learning from incidents?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivations behind chaos engineering Don’t ask what happens if a system fails; ask what happens when it fails

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Motivations behind chaos engineering “Chaos engineering should be done regularly” Reliability Pillar AWS Well-Architected Framework

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Running chaos experiments

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 1: Define steady state The normal behavior of a system over time System metrics and business metrics Business metrics are usually more useful Steady state is not necessarily continuous

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 2: Form your hypothesis Use what ifs to find it Chaos can be injected at any layer of the stack Scientific ”If… then…” method Always fix known problems first

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 3: Plan and run your experiment Whiteboard the experiment in detail Contain the blast radius Notify the organization Have a “stop” button ready

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Step 4: Measure and learn Use metrics to prove or disprove the hypothesis Was the system resilient to the injected failure? Did anything unexpected happen? Share your progress and success

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Running chaos experiments Define steady state Form your hypothesis Plan and run your experiment Measure and learn

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos experiments

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos experiments Errors Failovers Fallbacks Timeouts Events

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos experiments Inject errors into your code Remove downstream services Alter the concurrency of functions Restrict the capacity of tables Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos experiments Security policy errors CORS configuration errors Service configuration errors Function disk space failure Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos experiments Add latency to your functions • Cold starts • Cloud provider issues • Runtime or code issues • Integration issues • Timeouts Client Amazon Simple Storage Service (Amazon S3) Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda Amazon Simple Storage Service (Amazon S3)

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Failure-lambda NodeJS NPM package for NodeJS Lambdas https://github.com/gunnargrosch/failure-lambda Configuration using Parameter Store Several failure modes • Latency • Status code • Exception • Disk space • Denylist const failureLambda = require('failure-lambda’) exports.handler = failureLambda(async (event, context) => { ... }) { "isEnabled": false, "failureMode": "latency", "rate": 1, "minLatency": 100, "maxLatency": 400, "exceptionMsg": "Exception message!", "statusCode": 404, "diskSpace": 100, “denylist": [ "s3.*.amazonaws.com", "dynamodb.*.amazonaws.com" ] }

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos demo

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos demo

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos demo Client Amazon S3 Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda AWS Lambda

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Client Amazon S3 Amazon API Gateway AWS Lambda Amazon DynamoDB AWS Lambda AWS Lambda Serverless chaos demo • What if my function takes an extra 300 ms for each invocation? • What if my function returns an error code? • What if I can’t get data from DynamoDB?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s next?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s next? “Chaos engineering should be done regularly” Reliability Pillar AWS Well-Architected Framework

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What’s next? “Chaos engineering should be done regularly, and be part of your CI/CD cycle” Reliability Pillar AWS Well-Architected Framework

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos CI/CD demo

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Serverless chaos CI/CD demo • What if my function takes an extra 300 ms for each invocation? • What if my function returns an error code? • What if I can’t get data from DynamoDB? Default deploy

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Canary deploy Serverless chaos CI/CD demo • What if my function takes an extra 300 ms for each invocation? • What if my function returns an error code? • What if I can’t get data from DynamoDB?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Feature flag Serverless chaos CI/CD demo • What if my function takes an extra 300 ms for each invocation? • What if my function returns an error code? • What if I can’t get data from DynamoDB?

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary Chaos engineering helps us find weaknesses and fix them Chaos engineering is about building confidence Chaos engineering should be done regularly Chaos engineering should be part of your CI/CD It’s not rocket science; you can do it!

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Do you want more? Reliability pillar https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html Serverless Chaos Demo app https://demo.serverlesschaos.com Failure-lambda https://github.com/gunnargrosch/failure-lambda Chaos-lambda https://github.com/adhorn/aws-lambda-chaos-injection/ Serverless chaos lab https://github.com/jpbarto/serverless-chaos-lab

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Gunnar Grosch @gunnargrosch