AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures? In this talk Yan will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.

1. from the
TRENCHESTRENCHES
what you should know before you go to production
AWS LAMBDAAWS LAMBDA

2. hi,I’mYanCui

7. AWS user since 2009

10. apr, 2016

11. hidden complexities and dependencies
low utilisation to leave room for traffic spikes
EC2 scaling is slow, so scale earlier
lots of cost for unused resources
up to 30 mins for deployment
deployment required downtime

12. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

14. “what would good
look like for us?”

15. be small
be fast
have zero downtime
have no lock-step
DEPLOYMENTS SHOULD...

16. FEATURES SHOULD...
be deployable independently
be loosely-coupled

17. WE WANT TO...
minimise cost for unused resources
minimise ops effort
reduce tech mess
deliver visible improvements faster

18. nov, 2016

19. 170 Lambda functions in prod
1.2 GB deployment packages in prod
95% cost saving vs EC2
15x no. of prod releases per month

20. time
is a good fit

21. 1st function in prod!
time
is a good fit

22. ?
time
is a good fit
1st function in prod!

23. ALERTING
CI / CD
TESTING
LOGGING
MONITORING

24. 170 functions
WOOF!
? ?
time
is a good fit
1st function in prod!

25. SECURITY
DISTRIBUTED
TRACING
CONFIG
MANAGEMENT

26. evolving the PLATFORM

27. rebuilt search

28. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearch

29. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

30. new analytics pipeline

31. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery

32. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
1 developer, 2 days
design production
(his 1st serverless project)

33. Legacy Monolith Amazon Kinesis Amazon Lambda
Google BigQuery
“nothing ever got done
this fast at Skype!”
- Chris Twamley

34. - Dan North
“lead time to someone saying
thank you is the only reputation
metric that matters.”

35. Rebuilt
with Lambda

42. Rebuilt
with Lambda

43. BigQuery

44. BigQuery

45. grapheneDB
BigQuery

46. grapheneDB
BigQuery

47. grapheneDB
BigQuery

48. getting PRODUCTION READY

49. CHOOSE A
FRAMEWORK
DEPLOYMENT

50. http://serverless.com

51. https://github.com/awslabs/serverless-application-model

52. http://apex.run

53. https://apex.github.io/up

54. https://github.com/claudiajs/claudia

55. https://github.com/Miserlou/Zappa

56. http://gosparta.io/

57. TESTING

58. amzn.to/29Lxuzu

59. Level of Testing
1.Unit
do our objects do the right thing?
are they easy to work with?

61. Level of Testing
1.Unit
2.Integration
does our code work against code we
can’t change?

62. handler

63. handler
test by invoking
the handler

64. Level of Testing
1.Unit
2.Integration
3.Acceptance
does the whole system work?

65. Level of Testing
unit
integration
acceptance
feedback
confidence

66. “…We find that tests that mock external
libraries often need to be complex to
get the code into the right state for the
functionality we need to exercise.
The mess in such tests is telling us that
the design isn’t right but, instead of
fixing the problem by improving the
code, we have to carry the extra
complexity in both code and test…”
Don’t Mock Types You Can’t Change

67. “…The second risk is that we have to be
sure that the behaviour we stub or mock
matches what the external library will
actually do…
Even if we get it right once, we have to
make sure that the tests remain valid
when we upgrade the libraries…”
Don’t Mock Types You Can’t Change

68. Don’t Mock Types You Can’t Change
Services

70. “…Wherever possible, an acceptance
test should exercise the system end-to-
end without directly calling its internal
code.
An end-to-end test interacts with the
system only from the outside: through
its interface…”
Testing End-to-End

71. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda

72. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input

73. Legacy Monolith Amazon Kinesis Amazon Lambda
Amazon CloudSearchAmazon API Gateway Amazon Lambda
Test Input
Validate

74. CI + CD PIPELINE

75. “the earlier you consider CI + CD, the
more time you save in the long run”
- me

76. “…We prefer to have the end-to-end
tests exercise both the system and the
process by which it’s built and
deployed…
This sounds like a lot of effort (it is), but
has to be done anyway repeatedly
during the software’s lifetime…”
Testing End-to-End

77. “deployment scripts
that only live on the CI
box is a disaster
waiting to happen”
- me

78. Jenkins build config deploys and tests
unit + integration tests
deploy
acceptance tests

79. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi

80. build.sh allows repeatable builds on both local & CI

82. Auto Auto Manual

83. LOGGING

85. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?

86. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae
GOT is off air, what do I do now?
UTC Timestamp API Gateway Request Id
your log message

87. function name
date
function version

88. LOG OVERLOAD

89. CENTRALISE LOGS

90. CENTRALISE LOGS
MAKE THEM EASILY
SEARCHABLE

91. + +
the elk stack

92. CloudWatch Logs

93. CloudWatch Logs AWS Lambda ELK stack

94. CloudWatch Events

96. http://bit.ly/2f3zxQG

97. DISTRIBUTED TRACING

99. “my followers didn’t
receive my new post!”
- a user

100. where could the
problem be?

101. correlation IDs*
* eg. request-id, user-id, yubl-id, etc.

102. ROLL YOUR OWN
CLIENTS

103. kinesis client
http client
sns client

104. http://bit.ly/2k93hAj

105. ROLL YOUR OWN
CLIENTS
X-RAY

106. Amazon X-Ray

107. Amazon X-Ray

108. traces do not span over
API Gateway

109. useful, but hampered by
current limitations

110. http://bit.ly/2s9yxmA

111. MONITORING + ALERTING

112. “where do I install
monitoring agents?”

113. you can’t

114. • invocation Count
• error Count
• latency
• throttling
• granular to the minute
• support custom metrics

115. • same metrics as CW
• better dashboard
• support custom metrics
https://www.datadoghq.com/blog/monitoring-lambda-functions-datadog/

117. “how do I batch up
and send logs in the
background?”

118. you can’t
(kinda)

119. console.log(“hydrating yubls from db…”);
console.log(“fetching user info from user-api”);
console.log(“MONITORING|1489795335|27.4|latency|user-api-latency”);
console.log(“MONITORING|1489795335|8|count|yubls-served”);
timestamp metric value
metric type
metric namemetrics
logs

120. CloudWatch Logs AWS Lambda
ELK stack
logs
metrics
CloudWatch

121. http://bit.ly/2gGredx

122. DASHBOARDS

123. DASHBOARDS
SET ALARMS

124. DASHBOARDS
SET ALARMS
TRACK APP-LEVEL
METRICS

125. Not Only CloudWatch

127. “you really don't want
your monitoring
system to fail at the
same time as the
system it monitors”
- me

128. CONFIG MANAGEMENT

129. easily and quickly propagate
config changes

131. CENTRALISED
CONFIG SERVICE

132. config service
goes here

136. EC2
parameter
store

137. CENTRALISED
CONFIG SERVICE
CLIENT LIBRARY

139. http://bit.ly/2yLUjwd

140. sensitive data should be encrypted
in-flight, and at rest
(credentials, connection string, etc.)

141. role-based access

142. KMS

143. EC2 Parameter Store
HTTPS
role-based access
encrypted in-flight

144. EC2 Parameter Store
encrypt
role-based access

145. EC2 Parameter Store
encrypted at-rest

146. HTTPS
role-based access
EC2 Parameter Store
encrypted in-flight

147. KMS
FRAMEWORK
PLUG-INS

148. PRO TIPS

149. SERVERLESS
FRAMEWORK

150. max 75 GB total deployment package size*
* limit is per AWS region

151. CLEAN UP OLD
PACKAGES

152. Janitor Monkey

153. Janitor Lambda
http://bit.ly/2xzVu4a

154. disable versionFunctions in

155. install Serverless framework as dev
dependency at project level
dev dependencies are excluded since 1.16.0

156. http://bit.ly/2vzBqhC

157. http://amzn.to/2vtUkDU

158. UNDERSTAND
COLDSTARTS

159. Amazon X-Ray
1st invocation
2nd invocation
cold start

160. source: http://bit.ly/2oBEbw2

161. http://bit.ly/2tb7bLJ

162. EMBRACE
NODE.JS & PYTHON

163. http://bit.ly/2rtCCBz

164. C#
http://bit.ly/2rtCCBz

165. Java
http://bit.ly/2rtCCBz

166. NodeJs, Python
http://bit.ly/2rtCCBz

167. what about type safety?

169. complexity ceiling of a
Node.js app
complexity

170. complexity ceiling of a
Node.js app
complexity
referential transparency
immutability as default
type inference
option types
union types
…

171. for managing complexity
complexity ceiling of a
Node.js app
complexity
referential transparency
immutability as default
type inference
option types
union types
…

172. complexity ceiling of a
Node.js app
complexity
complexity ceiling of a
Node.js Lambda function

173. if you can limit the complexity
of your solution, maybe you
won’t need the tools for
managing that complexity.
me

174. AVOID HARD
ASSUMPTIONS
ABOUT FUNCTION
LIFETIME

175. USE STATE
FOR
OPTIMISATION

176. AVOID
COLDSTARTS

177. CloudWatch Event AWS Lambda

178. CloudWatch Event AWS Lambda
ping
ping
ping
ping

179. CloudWatch Event AWS Lambda
ping
ping
ping
ping

180. CloudWatch Event AWS Lambda
ping
ping
ping
ping
HEALTH CHECKS?

181. max 5 mins execution time

182. USE RECURSION
FOR LONG
RUNNING TASKS

183. CONSIDER
PARTIAL
FAILURES

184. “AWS Lambda polls your stream and
invokes your Lambda function. Therefore, if
a Lambda function fails, AWS Lambda
attempts to process the erring batch of
records until the time the data expires…”
http://docs.aws.amazon.com/lambda/latest/dg/retries-on-errors.html

185. should function fail on
partial/any failures?

186. SNS
Kinesis
SQS
after 3 attempts
share processing logic
events are processed in
chronological order
failed events are retried out
of sequence

187. PROCESS SQS
WITH RECURSIVE
FUNCTIONS

188. http://bit.ly/2npomX6

189. AVOID HOT
KINESS
STREAMS

190. “Each shard can support up to
5 transactions per second for
reads, up to a maximum total data
read rate of 2 MB per second.”
http://docs.aws.amazon.com/streams/latest/dev/service-sizes-and-limits.html

191. “If your stream has 100 active shards,
there will be 100 Lambda functions
running concurrently. Then, each
Lambda function processes events
on a shard in the order that they arrive.”
http://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html

192. when no. of processors goes up…

193. ReadProvisionedThroughputExceeded
can have too many Kinesis read operations…

194. ReadRecords.IteratorAge
unpredictable spikes in read ‘latency’…

195. can kinda workaround…

196. http://bit.ly/2uv5LsH

197. clever but costly

198. for subsystems that don’t have
to be realtime, or are task-
based (ie. order doesn’t
matter), consider other
triggers such as S3 or SNS.me

199. @theburningmonk
theburningmonk.com
github.com/theburningmonk

200. sign up here: http://bit.ly/2xCwJEe