Serverless Office Hours | Serverless for Startups

A story about Vacation Tracker a 100% serverless and bootstrapped
startup

In 2016 we decided to build a leave tracking system
to build a leave tracking system

To solve our own leave tracking problem

2017 To solve our own leave tracking problem

2017 2018 To solve our own leave tracking problem

The idea was simple: - track leave requests and number
of remaining days - We do not want to remember more passwords - use SSO - connect to Slack to show requests and info in the chat - connect to the calendar so we can subscribe to events

How hard can it be?

How hard can it be? Famous last words

We were solving our problem but we were not sure
if anyone else will use it

Everything started with a landing page with pricing and a
demo video

And then, first customers signed up!

- startups - sma! and medium companies - schools -
non-profits - teams from enterprises - government organizations - churches

The dashboard

Microsoft Teams

But, you are not here for the product demo. Let's
see the fun stuff!

The architecture v0.1 A simple serverless bot

Why serverless?

s e r v e r l e s s

s e r v e r l e s s
low xpensive endor lock-in esponse latency

Serverless because: - Sma! team without devops experience - AUTO
SCALABLE - Cheap - Fast to build a prototype - Secure

But it wasn't 100% "serverless"

- Quick and independent deployments - Easy to understand and
maintain - Easy to onboard new people - Cheap Benefits:

The Cost: $0/month

Adding new features?

- Independent deployments - Hard to manage - Hard to
scale - A bottleneck Downsides:

~ 100 paying teams

The architecture v1.0 A complex serverless application

Infrastructure-as-a-Code

Service Service (micro?) (micro?)

~150 Lambda functions

FIRST MIGRATIONS (FROM AN OLD SERVICE TO A NEW ONE)

Finding a good architecture

- Everything is in IaaC CloudFormation - Replaced Node.js server
with serverless services - Added TypeScript - Replaced MongoDB with DynamoDB Things we changed:

- independent deployments - Auto-scalable - Almost 100% uptime out-of-the-box
- Sti! cheap Benefits:

- Storing state not events - Wasting time on less
important things - Hard to onboard new developers - Many new services - Developers don't like YAML :) Downsides:

~ 600 paying teams

The architecture v2.0 An event driven system

Finding a good architecture v2.0

Command Query Responsibility Segregation (CQRS)

Why CQRS?

Storing the state vs storing the events

- Ana created a location and moved John and Mike
- Ana assigned Mike as an approver - Ana assigned a leave policy (20 PTO days per year) - John requested a leave, Ana approved - Ro!over, some unused days were transferred to the next year - Ana changed John's working w"k - Mike added some past leaves for John - Alex transferred John to another location with different policy - …

A quiz question: Calculate John's remaining PTO days for 2021

CQRS to the rescue

1. The client sends an API POST request or GraphQL
mutation

mutation 2. The event is stored in the Events table (append-only, no edits)

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus 4. EventBridge triggers the specific business logic Lambda function

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus 4. EventBridge triggers the specific business logic Lambda function 5. The business logic Lambda stores the "cached" data to one of the read-only DynamoDB tables

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus 4. EventBridge triggers the specific business logic Lambda function 5. The business logic Lambda stores the "cached" data to one of the read-only DynamoDB tables 6. And then triggers the mutation that sends a "fake" mutation

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus 4. EventBridge triggers the specific business logic Lambda function 5. The business logic Lambda stores the "cached" data to one of the read-only DynamoDB tables 6. And then triggers the mutation that sends a "fake" mutation 7. A "fake" mutation triggers the GraphQl subscription to notify the clients

mutation 2. The event is stored in the Events table (append-only, no edits) 3. The DynamoDB streams the event to the Lambda function that sends it to the EventBridge event bus 4. EventBridge triggers the specific business logic Lambda function 5. The business logic Lambda stores the "cached" data to one of the read-only DynamoDB tables 6. And then triggers the mutation that sends a "fake" mutation 7. A "fake" mutation triggers the GraphQl subscription to notify the clients 8. App uses an event bus to "route" the response to the user's platform

Client then query the read-only tables directly using GraphQl

Client then query the read-only tables directly using GraphQl Or
using the RESTful API in case of bots

193 Lambda functions

- Fu!y Managed GraphQL - Less code - Better control
- A! benefits from the previous architecture - Monorepo Benefits:

- More new services to learn - Velocity templates Downsides:

Challenges

Onboarding new developers

Current team - 3 fu! stack developers + 1 WP
+1 QA - 1 Product manager - 2 Marketing - 2 Customer support - 2 Founders - Some fr"lance support (marketing + design)

One environment per developer ~$3.75 per environment, because of serverless
:)

"Use the force, Luke!" a! developers are fu!-stack, but some
are better with front end and some are better with back end

Good to start with (front end)

Good to start with (front end) Good to start with
(back end)

Testing

@slobodan_

@slobodan_ export async function getPresignedUrl<T>({ event, bucket, region, userImagesManager, parser,
}: IGetPresignedUrlParams<T>): Promise<IGetPresignedUrlresponse> { try { const { userId, mimeType } = parser(event) const extension = getFileExtension(mimeType) const fileName = `${userId}-${Date.now()}.${extension}` const uploadUrl = await userImagesManager.getPresignedUrl(fileName) const imageUrl = `https://${bucket}.s3.${region}.amazonaws.com/${fileName}` return { uploadUrl, imageUrl, } } catch (error) { logger.error(error) throw generateError(PresignedUrlFailed) } } main.ts

@slobodan_ export async function handler (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> { try
{ const { imageUrl, uploadUrl } = await getPresignedUrl<APIGatewayProxyEvent>({ event, userImagesManager, parser: parseApiEvent, bucket: process.env.USER_IMAGES_BUCKET, region: process.env.AWS_REGION, }) return httpResponse({ body: { imageUrl, uploadUrl, }}) } catch (error) { return httpResponse({ statusCode: 400, body: error, }) } } lambda.ts

Testing VTL templates? Yes, you can and should do that
too.

Example: serverlesspub/upollo s" appsync/test folder

Migrations

@slobodan_

@slobodan_ But, how does this look like?

@slobodan_ describe('DynamoDB repository', () => { describe('unit', () => {
... }) describe('integration', () => { beforeAll(() => { // Create test DB }) afterAll(() => { // Destroy test DB }) // Tests }) })

@slobodan_ beforeAll(async () => { const params = { ...
} await dynamoDb.createTable(params).promise() await dynamoDb.waitFor('tableExists', { TableName: tableName }).promise() })

@slobodan_ afterAll(async () => { await dynamoDb.deleteTable({ TableName: tableName }).promise()
await dynamoDb.waitFor('tableNotExists', { TableName: tableName }).promise() })

Debugging and monitoring

Following best practices can be expensive! You do not n"d
to use a! the fancy tools. At least not at the beginning.

Monthly AWS Bill: ~$600 Less than 1% of our MRR

Cost per non-prod environment $3.75 ~ $15 when we turn
on WAF

The most expensive bug: ~$3200

Security

AWS SSO is awesome! Microsoft 365 users -> AWS SSO
+ Ben Kehoe's awesome OS tool

» aws-sso-util login --profile vtslobodan

» aws-sso-util login --profile vtslobodan Logging in https://notrealurl.awsapps.com/start AWS SSO
login required. Attempting to open the SSO authorization page in your default browser. If the browser does not open or you wish to use a different device to authorize this request, open the following URL: https://device.sso.eu-central-1.amazonaws.com/ Then enter the code: ABCD-EFGH Login succeeded, valid until 2022-06-22 02:26 CEST

Use the power of IAM Granular permissions. Hard to set
up, huge benefits.

We have many other smaller challenges, but we are happy
with serverless!

@slobodan_

@slobodan_ Summary

@slobodan_ • Evolve your architecture with your product • Pick
a good architecture, it helps you to keep your migration and onboarding costs low • Think about onboarding new team members • Hexagonal architecture is a nice fit for serverless apps • CQRS is also A nice fit for serverless apps and excellent fit for Vacation Tracker • Test your integrations (and app in general) • Testing is not enough, you'll need monitoring and error tracking

@slobodan_

@slobodan_ Running Serverless Realtime GraphQL Applications with AppSync slobodan.me/books Subscribe
at:

Serverless Office Hours | Serverless for Startups

Serverless Office Hours | Serverless for Startups

More Decks by Slobodan Stojanović

Other Decks in Programming

Featured

Transcript