building resilient serverless systems · serverless resiliency on aws • regional...
TRANSCRIPT
![Page 1: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/1.jpg)
Building Resilient Serverless Systems
@johnchapin | symphonia.io
![Page 2: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/2.jpg)
John Chapin• Currently Partner, Symphonia
• Former VP Engineering, Technical Lead
• Data Engineering and Data Science teams
• 20+ yrs experience in govt, healthcare, travel, and ad-tech
• Intent Media, RoomKey, Meddius, SAIC, Booz Allen
![Page 3: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/3.jpg)
Agenda
• What is Serverless?
• Resiliency
• Demo
• Discussion and Questions
![Page 4: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/4.jpg)
What is Serverless?
![Page 5: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/5.jpg)
Serverless = FaaS + BaaS!
• FaaS = Functions as a Service
• AWS Lambda, Auth0 Webtask, Azure Functions, Google Cloud Functions, etc...
• BaaS = Backend as a Service
• Auth0, Amazon DynamoDB, Google Firebase, Parse, Amazon S3, etc...
go.symphonia.io/what-is-serverless
![Page 6: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/6.jpg)
Serverless attributes
• No managing of hosts or processes
• Self auto-scaling and provisioning
• Costs based on precise usage (down to zero!)
• Implicit high availability
go.symphonia.io/what-is-serverless
![Page 7: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/7.jpg)
Serverless benefits
• Cloud benefits ++
• Reduced TCO
• Scaling flexibility
• Shorter lead time
go.symphonia.io/what-is-serverless
![Page 8: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/8.jpg)
Loss of control
• Limited configuration options
• Fewer opportunities for optimization
• Hands-off issue resolution
go.symphonia.io/what-is-serverless
![Page 9: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/9.jpg)
Resiliency
![Page 10: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/10.jpg)
–Werner Vogels
(https://www.allthingsdistributed.com/2016/03/10-lessons-from-10-years-of-aws.html)
“Failures are a given and everything will eventually fail over time ...”
![Page 11: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/11.jpg)
Werner on Embracing Failure• Systems will fail
• At scale, systems will fail a lot
• Embrace failure as a natural occurrence
• Limit the blast radius of failures
• Keep operating
• Recover quickly (automate!)
![Page 12: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/12.jpg)
K.C. Green, Gunshow #648
![Page 13: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/13.jpg)
Failures in Serverless land• Serverless is all about using vendor-managed services.
• Two classes of failures:
• Application failures (your problem, your resolution)
• All other failures (your problem, but not your resolution)
• What happens when those vendor-managed services fail?
• Or when the services used by those services fail?
![Page 14: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/14.jpg)
Mitigation through architecture• No control over resolving acute vendor failures.
• Plan for failure, architect and build applications to be resilient.
• Take advantage of:
• Vendor-designed isolation mechanisms (like AWS regions).
• Vendor services designed to work across regions (like Route 53).
• Take advantage of vendor-recommended architectural practices, like the AWS Well-Architected Framework's Reliability Pillar: https://d1.awsstatic.com/whitepapers/architecture/AWS-Reliability-Pillar.pdf
![Page 15: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/15.jpg)
AWS isolation mechanisms
us-east-1a
us-east-1b
eu-west-2a
eu-west-2b
sa-east-1a
sa-east-1b
eu-west-2c
us-east-1d
us-east-1c
us-east-1e
us-east-1f
sa-east-1c
![Page 16: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/16.jpg)
Serverless resiliency on AWS• Regional high-availability = services running across multiple availability zones
in one region.
• With EC2 (and other traditional instance-based services), it's our problem.
• With Serverless (Lambda, DynamoDB, S3, etc), AWS handle it for us.
• Global high-availability = services running across multiple regions.
• We must architect our systems for global high-availability.
• The Serverless cost model is a huge advantage!
![Page 17: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/17.jpg)
Serverless resiliency on AWS (cont)• Event-driven Serverless systems with externalized state mean:
• Little or no data in-flight when a failure occurs
• Data persisted to reliable stores (like DynamoDB or S3)
• Serverless continuous deployment means:
• No persistent infrastructure to re-hydrate
• Highly likely to be a portable, infrastructure-as-code approach
• Again, Serverless is a huge advantage!
![Page 18: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/18.jpg)
Demo
![Page 19: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/19.jpg)
Overview• Global, highly-available API
• https://github.com/symphoniacloud/qcon-london-2019
• Serverless Application Model (SAM) template
• Lambda code (Typescript)
• Build system (NPM + shell)
• Elm front-end
![Page 20: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/20.jpg)
api.qcon.sym
phonia.io
api-ws.qco
n.symphoni
a.io
(eu-west-2)
messages
api.qcon.symphonia.ioapi-ws.qcon.symphonia.io
(us-west-2)
wss://
https://
/health
messages
wss://
https://
/health
eu-west-2
us-west-2
conns
conns
![Page 21: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/21.jpg)
Request flow• DNS lookup for api.qcon.symphonia.io
• Route 53 responds with IP address for
• lowest latency regional API Gateway endpoint
• that has a passing health check (HTTP 2xx or 3xx from /health endpoint)
• Request traverses regional API Gateway to regional Lambda
• Regional Lambda writes to regional DynamoDB table
• DynamoDB replicates data to all replica tables in other regions, last write wins
![Page 22: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/22.jpg)
Simulating failure
• Alter eu-west-2 health check to return HTTP error status
• Observe request routed to us-east-1 or us-west-2 instead
• Observe DynamoDB writes propagated from us-west-2 back to eu-west-2
![Page 23: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/23.jpg)
Rough edges
• DynamoDB Global Tables not available in CloudFormation
• API Gateway WebSockets + Custom Domains not available in CloudFormation
• Can't add new replicas to DynamoDB global tables after inserting data
• SAM not compatible with CloudFormation Stack Sets
![Page 24: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/24.jpg)
Additional approaches
• Multi-region deployment via Code Pipeline https://github.com/symphoniacloud/multi-region-codepipeline
• CloudFront Origin Failoverhttps://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html
• Global Accelerator (for ELB, ALB, and EIP)https://aws.amazon.com/global-accelerator/
![Page 25: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/25.jpg)
AWS Resources• James Hamilton's "Amazon Global Network Overview"
https://www.youtube.com/watch?v=uj7Ting6Ckk
• Rick Houlihan's DAT401: Advanced Design Patterns for DynamoDBhttps://www.youtube.com/watch?v=HaEPXoXVf2k
• https://aws.amazon.com/blogs/compute/building-a-multi-region-serverless-application-with-amazon-api-gateway-and-aws-lambda/(Magnus Bjorkman, November 2017)
• https://aws.amazon.com/blogs/database/how-to-use-amazon-dynamodb-global-tables-to-power-multiregion-architectures/(Adrian Hornsby, December 2018)
• https://aws.amazon.com/blogs/compute/announcing-websocket-apis-in-amazon-api-gateway/ (Diego Magalhaes, December 2018)
![Page 26: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/26.jpg)
Symphonia resources• What is Serverless? Our 2017 report, published by O'Reilly.
• Programming AWS Lambda - Our upcoming full-length book with O'Reilly.
• Serverless Architectures - Mike's de facto industry primer on Serverless.
• Learning Lambda - A 9-part blog series to help new Lambda devs get started.
• Serverless Insights - Our email newsletter covering Serverless news, event, etc.
• The Symphonium - Our blog, featuring technical content and analysis.
![Page 27: Building Resilient Serverless Systems · Serverless resiliency on AWS • Regional high-availability = services running across multiple availability zones in one region. • With](https://reader033.vdocument.in/reader033/viewer/2022042218/5ec45c6be8f156666a719cc3/html5/thumbnails/27.jpg)
Stay in touch!
@johnchapin
@symphoniacloud
symphonia.io/events
blog.symphonia.io