Getting the most out of Serverless

Transcript

1. Getting the most out of Serverless Learnings from Serverless Application

   Lens Rumesh Eranga Hapuarachchi

2. Outline • Serverless & Building Blocks • General Design Principles

   • Five Excellence Pillars • Using Well Architected Tool

3. Serverless & Building Blocks

4. Compute Layer AWS Lambda Amazon API Gateway AWS Step Functions

5. Data Layer Amazon DynamoDB Amazon DynamoDB Accelerator (DAX) Amazon S3

   Amazon Elasticsearch AWS AppSync

6. Messaging and Streaming Layer Amazon SNS Amazon Kinesis Amazon Kinesis

   Data Firehose

7. User Management and Identity Layer Amazon Cognito & Federated Identities

8. Edge Layer Amazon CloudFront

9. System Monitoring and Deployment Amazon CloudWatch AWS X-Ray AWS Serverless

   Application Model

10. General Design Principles

11. • Speedy, Simple, Singular • Think of concurrent requests instead

    of total request • Share nothing • Assume no hardware affinity • Orchestrate using state machines instead of functions • Use events to trigger transactions • Design for failures and duplicates

12. Five Excellence Pillars

13. Reliability

14. Handling inbound requests

15. • Throttling ◦ Unknown access patterns ◦ Number of requests

    ◦ Enable at API Level ◦ API Keys ◦ Lambda Concurrency Controls

16. Image Source: Serverless Application Lens, PDF

17. Building the resiliency

18. • Asynchronous calls and Events • Queue • pub/sub •

    Webhooks • State machines

19. Failure Management

20. • Retry • DLQ • Step Functions as Sagas

21. Image Source: Serverless Application Lens, PDF

22. Performance Efficiency

23. Selection 1. Lambda a. Memory, CPU, Network, Storage IOPS (https://github.com/alexcasalboni/aws-lambda-power-tunin

    g) b. VPC if needed 2. API Gateway a. Regional and Edge endpoints 3. DynamoDB a. on-demand/provisioned b. Partitioning Strategy

24. Optimize • Design tradeoffs and SLA requirements • API Gateway

    ◦ API Gateway, AppSync caching ◦ Content encoding for compression ▪ Minimum response size • DynamoDB ◦ DAX ◦ GSI, LSI • Lambda ◦ Higher timeouts will incur higher costs ◦ Load testing ◦ Minimize dependency complexity ◦ Global scope

25. Optimize • Event submission with Status updates ◦ WebSockets with

    GraphQL • Image Source: Serverless Application Lens, PDF

26. Cost Optimization

27. • Cost Effective Resources ◦ Pay per value ◦ Use

    when needed (DAX, Provisioned Lambda) ◦ CPU vs Execution time • Expenditure Awareness ◦ With growth, resource list will increase. ◦ AWS Cost explorer • Logging and Storage ◦ Log retention periods and archival ◦ Remove unnecessary logging

28. • Direct integrations Image Source: Serverless Application Lens, PDF

29. • Code Optimization ◦ Global Scope ◦ Using of managed

    service features ▪ S3 full object vs Athena SQL/ S3 select Image Source: Serverless Application Lens, PDF

30. Operational Excellence

31. Application Health

32. • Metrics and Alerts ◦ CloudWatch ▪ (Cross Service and

    Per Service) Dashboards ◦ Business Metrics ▪ Application performance against business goals ◦ Customer Experience Metrics ◦ System Metrics ▪ HTTP errors, mem utilization, Throttling, integration latency ◦ Operational Metrics ▪ CI/CD Stats • Setup Alarms as needed in many levels ◦ Lambda ◦ API Gateway ◦ SQS….

33. • Distributed Tracing Image Source: Serverless Application Lens, PDF

34. Application Lifecycle Management

35. • Prototyping ◦ Infra as code ◦ Dedicated accounts ◦

    Configuration Management • Testing ◦ Unit, Integration, Ui ◦ Modular Code ◦ Service limits vs performance testing • Deploying ◦ Isolated Environments ◦ Infra as code ◦ SAM/Serverless ◦ Code Build, Code Deploy, Code Pipelines ◦ All at once, Blue Green, Canary

36. Security

37. Access Control

38. • AWS_IAM authorization • Amazon Cognito user pools • API

    Gateway Lambda authorizer • Resource policies

39. Image Source: Serverless Application Lens, PDF

40. Image Source: Serverless Application Lens, PDF

41. Image Source: Serverless Application Lens, PDF

42. Image Source: Serverless Application Lens, PDF

43. • Detective Control ◦ Log Management ◦ OWASP Dependency Check

    • Infrastructure Protection ◦ VPC ◦ Network Boundaries ◦ Dynamic Authentication for service to service communication • Data Protection ◦ API Gateway access logs ▪ Be careful about sensitive data ▪ Encrypt sensitive data ▪ Compliancy check before logging

44. Using Well Architected Tool

45. Reference https://aws.amazon.com/architecture/well-architected/ https://d1.awsstatic.com/whitepapers/architecture/AWS-Serverles s-Applications-Lens.pdf https://aws.amazon.com/well-architected-tool/ https://aws.amazon.com/whitepapers/?whitepapers-main.sort-by=i tem.additionalFields.sortDate&whitepapers-main.sort-order=desc

46. Contact me Email: [email protected] LinkedIn: https://www.linkedin.com/in/rehrumesh Twitter: https://twitter.com/rehrumesh