Using serverless technologies brings a number challenges for large, enterprise scale systems. This talk covers the problems faced and offers insights and recommendations to help others wanting to use serverless for non-trivial use cases.
4 … or you just want to build something more substantial multiple development teams, CI/CD, DevOps, automated testing, loose coupling, microservices, event-driven @RafalGancarz
• Tight coupling • Sprawling web of dependencies • All or nothing deployments • Team dependencies/ coordination challenges 8 Serverless monolith ABC API @RafalGancarz
• Scoped around domain bounded contexts or platform capabilities • Isolated infrastructure stack (Terraform state) • Consistent naming of resources • Dedicated build/deployment pipeline • 0 .. N Lambda functions • Explicitly defined security policies and dependencies • Optionally exposes an API • Optionally exposes domain events • Optionally subscribes to event sources 9 Serverless Components A B C API API @RafalGancarz
• Synchronous call to another component • via HTTPS API • via direct Lambda invokation • no buffering • you pay for the wait time :) 10 Integration patterns @RafalGancarz
• Swagger for API specifications • API definitions can be used for model validation and contract testing • API versioning (for non backward- compatible changes) • Developer portal for API discovery and documentation 13 APIs
• Least privilege policy based on IAM roles • IAM credentials and STS used for operations/tooling access • Credential/key rotation • Encryption in transfer • Encryption in storage (for sensitive data) 20 Security principles @RafalGancarz
• Serverless is still in its infancy - lots of problems to solve (sometimes not the problems you’d like to be solving) • Serverless evolves rapidly - new tools/solutions are emerging, new features becoming available, new ideas&patterns are being shared • Strong dependency on the cloud provider (SDKs, tools, support, limits) • Plan/adapt your capacity (DynamoDB, Kinesis) • Serverless frameworks are great for some use cases but quite opinionated and limiting for others (particularly around stack provisioning/management) • Tooling is sparse, a lot of ‘build your own’ Lessons learned 26 @RafalGancarz
• Automated rollback (when deployment fails) • Data migration (when DynamoDB table name or hashing key changes) • Involving the wider engineering team 27 Challenges to be addressed @RafalGancarz
rafalgancarz
line_developers_tw
cembasaranoglu
jacopen
sagara
kjstylepp
sbtechnight
makamaka
masashi_sutou
stefafafan
pauloxnet
ayanonanjo
nutslove
smashingmag
iamctodd
mthomps
aleyda
philhawksworth
pedronauck
3n
soudai
lara
speakerdeck
ufuk