serverless meetup auckland #6
TRANSCRIPT
Serverless & StatelessOne year in, what we’ve learnt
Intro• Been working on distributed apps for 10 years.
• Accordo’s new app has been built serverless* from the ground up and has been in production seven months
• Why serverless? Simple, get a lot more done for your business by not worrying about instances and administration.
* Disclaimer: At Accordo, Serverless has a broader meaning than static sites and FaaS
This isn’t all that new
If you struggle to explain to the boss. Think if it as outsourcing to the best in the business
Simply the next generation of distributed apps and containerisation
Serverless challenges are often just distributed app challenges
Main app overview1. Static website served via
cloudfront. Site is build using React, Redux and webpack
2. Users authenticate via auth0
3. Access data apis using JWT and APIGW
4. Most apis are implemented as lambdas.
5. Main data in RDS postgres
6. Same lambdas for user apis apso process async messages
Authorization – JWT claims based
Mind your (core) business• Developers vary in skill, capacity and maturity, but
they’re all expensive for what you get.
• Every day, they turn up and write ‘stuff’. Make sure they’re working on stuff that matters.
• Any hour spent on functionality not core to your business is potential waste
Potential waste?- A/B testing- Alerting- Analytics & Tracking- Authentication- Database- Email- Failover- Queues & Message processing- Reporting- Search
- Automated Tests (not the testing)- Configuration management- Logging- Permissions
Good ROI
Serverless Vs The Twelve-Factor AppCan feel like a mis-match, but not impossible.
…and getting easier. https://12factor.net
FaaS Vs Twelve-Factor pain points- Configuration
- Much improved. was a major pain. Azure and now AWS have environment variables.
- FaaS frameworks still have a tendency to bundle config with build and or use named environments.
- Ideally configuration management and updates don’t require a re-build of app.
- Build artifacts- Immutable build artifacts that and can be
deployed to any environment.- Still Nothing of the shelf, but there are good
SDKs, not that hard to roll your own.
- Managed CI/CD is fine for nano services or calculators. Be careful of loosing environment control with larger components (build promotion, rollbacks, config)
Frameworks
How to Manage your app?- Developer workflow- Build Test Artifact Deploy- Configuration - Triggers & Endpoints
All frameworks have opinions. Some you’ll agree with. Some….Be clear on how you want to work, try not to compromise- CI for a user facing app – needs a lot of test
automation- Its ok, it’s an evolving world, the frameworks will
catch up.
AWS Serverless Application Model (SAM)
Log everything- Logging services are the debugger
- Be careful of sensitive info.
- Log the positive and negative
- Keep them as long as is practical
- console.log(), console.time()
- Excited about AWS X-Ray or other things like Netflix Vizceral
Warning 1 – alias confusionAWS lambda Aliases and Versioning - Great idea, very powerful useful concept but….. no support for Alias level log groups or configuration.
V3
V2
V1
DEV
UAT
PROD
UAT API Stage
UAT API Stage
UAT API Stage
V2 logs
V2 code
V? config
Warning 2 – the cold startCold function invocation is a problem on AWS and Azure. Webpack and sensible dependency management helps the load speed.
Best band-aid to keep them alive is Cloudwatch + a scheduled event. Event input can be customised to a heartbeat type call.
Cold load is slow. Cold VPC load is like dial-up speed. If function calls any outside resource it waits for an ENI. Can be > 30 sec….
Semi related – database calls withcontext.callbackWaitsForEmptyEventLoop
Warning 3 – Lambda Fast, API Gateway Slow
Calls to API gateway are routed through cloudfront. Low traffic* APIs suffer from high latency delays within cloudfront. Delays reasons cited are low connection reuse, routing algorithms and extra SSL handshakes.This is made worse by app making OPTIONS calls.You need to manually add ‘Access-Control-Max-Age’
CORS OPTIONS call often takes ~1 second!
* Low traffic is less than 100 requests per second
Same level of latency affects all APIGW calls. Common to see 1.5 sec round trip, but just 0.1 sec lambda execution
Top 3 Integrations
Fastly - Consider a better CDN
Auth0 - Authenticate with anything…
Segment – Integrate with anything
Real-time CDN lets you purge content near instantly - less than 150ms!
Cache API responses
One integration to rule them all…
Developer first, anything is possible
Testing
Write testable code, Strive for functional
Abstract the calling interface asap (lambda | azure | mocha)
Don’t sweat too much about the mocking side of things. We’re not testing AWS or Azure
Links
Tidy diagrams https://cloudcraft.co/appSome Auth strategieshttps://aws.amazon.com/blogs/compute/introducing-custom-authorizers-in-amazon-api-gatewayhttps://auth0.com/docs/integrations/aws-api-gateway
Twelve-factor App https://12factor.netLambda Versioning & Aliases http://docs.aws.amazon.com/lambda/latest/dg/versioning-aliases.htmlOne of the latency forum threads https://forums.aws.amazon.com/message.jspa?messageID=729169#729169
Thanks!
linkedin.com/in/myles-henaghan