S U M M I TB E R L I N

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Best Practices for Safe Deployments on AWS Lambda and Amazon API GatewayDanilo PocciaPrincipal Evangelist, ServerlessAWS

@danilop

S e s s i o n I D

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

What is serverless?

No infrastructure provisioning, no management

Automatic scaling

Pay for value Highly available and secure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

ListenIterate

Experiment

InnovationFlywheel

Experiments power the engine of rapid innovation

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Infrastructure as code

✓Make infrastructure

changes repeatable and predictable

✓Release infrastructure

changes using the same tools as code

changes

✓Replicate production

environment in a staging environment to

enable continuous testing

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Infrastructure as code

Declarative

I tell youwhat I need

I tell youwhat to do

Imperative

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Infrastructure as code best practices

✓Infrastructure

and applicationin the same

source repository

For example:

AWS CloudFormationHashiCorp Terraform

✓Deployments

includeinfrastructure

updates

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Infrastructure as code for serverless apps

For example:

AWS Serverless Application Model (SAM)Serverless Framework

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

SAM templateAWSTemplateFormatVersion: '2010-09-09’

Transform: AWS::Serverless-2016-10-31

Resources:

GetFunction:

Type: AWS::Serverless::Function

Properties:

Handler: index.get

Runtime: nodejs8.10

CodeUri: src/

Policies:

- DynamoDBReadPolicy:

TableName: !Ref MyTable

Events:

GetResource:

Type: Api

Properties:

Path: /resource/{resourceId}

Method: get

MyTable:

Type: AWS::Serverless::SimpleTable

Just 20 lines to create:• Lambda function• IAM role• API Gateway• DynamoDB table

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

SAM CLI

https://github.com/awslabs/aws-sam-cli

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Nested apps to simplify solving recurring problems

StandardComponent

TweetSource:Type: AWS::Serverless::ApplicationProperties:

Location:ApplicationId: arn:aws:serverlessrepo:...SemanticVersion: 2.0.0

Parameters:TweetProcessorFunctionName: !Ref MyFunctionSearchText: '#serverless -filter:nativeretweets’

CustomBusiness

Logic

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

AWS Cloud Development Kit (CDK)

https://awslabs.github.io/aws-cdk

AWS CDK Toolkit+

AWS Construct Library+

@aws-cdk/aws-serverless

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

What is continuous delivery?

Source Build Pre-Test Deploy Post-

Test

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Serverless deployments

Code

StackPackage Deploy

Template

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Serverless deployments with a test environment

FeedbackLoop

ProductionStack

Deploy

Code

TestStack

Package Deploy

Template

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy – Lambda deployments

Enable in your serverless application template

Resources:

GetFunction:

Type: AWS::Serverless::Function

Properties:

DeploymentPreference:

Type: Canary10Percent10Minutes

Alarms:

- !Ref ErrorsAlarm

Hooks:

PreTraffic: !Ref PreTrafficHook

Canary10Percent30MinutesCanary10Percent5MinutesCanary10Percent10MinutesCanary10Percent15Minutes

Linear10PercentEvery10MinutesLinear10PercentEvery1MinuteLinear10PercentEvery2MinutesLinear10PercentEvery3Minutes

AllAtOnce

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy – Lambda canary deployment

API Gateway

Lambda function weighted alias “live”

v1 Lambda function

code

100%

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy – Lambda canary deployment

API Gateway

Lambda function weighted alias “live”

v1 code100%

Run PreTraffic hook against v2 code before it receives traffic

v2 code0%

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy – Lambda canary deployment

API Gateway

Lambda function weighted alias “live”

v1 code90%

Wait for 10 minutes, roll back in case of alarm

v2 code10%

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy – Lambda canary deployment

API Gateway

Lambda function weighted alias “live”

v1 code0%

Run PostTraffic hook and complete deployment

v2 code100%

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

API Gateway canary stage

API Gateway

Productionstage

v1 code

v2 code

99.5%

0.5%Canarystage

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

BUSINESS LOGIC

LIB B

Before

BUSINESS LOGIC

LIB A

LIB B

BUSINESS LOGIC

LIB A

LIB B

BUSINESS LOGIC

LIB A

LIB B

LIB A

UseLambda Layersfor shared code

that doesn’t change frequently

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

BUSINESS LOGIC

BUSINESS LOGIC

BUSINESS LOGIC

BUSINESS LOGIC

LIB A LIB B

UseLambda Layers

for shared code that doesn’t change

frequently

Focus on your business logic and speed up function

deployments

After

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Code reviews

1. Review infrastructure changes2. Understand architectural impact3. How effective is to exchange feedback?4. How effective is to review code history?5. Using pull requests?6. Is manual approval really required?7. Look for different perspectives (cross team)

X X

X X

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Project

Product

v1 v2 v3

Customerneeds

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Project

Product

Reachmilestone

Customervalue

Lifecyclecosts

Cost to reachmilestone

Backwardlooking

Forwardlooking

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

“The process becomes the proxy for the result you want. You stop looking at outcomes

and just make sure you’re doing the process right.”

Jeff Bezos2016 Letter to Shareholders

Resist proxies

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Feedback to business

Code

TestStack

Package Deploy

Template

FeedbackLoop

ProductionStack

Deploy

Business

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Feedback to business

FeedbackLoop

ProductionStack

Deploy

Code

TestStack

Package Deploy

Template

Business

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Product

Features

Defects

Risks

Debts

Product developmentBusiness

Customers

Security &Compliance

Developers &Architects

AvoidOverutilization

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Capital One – Credit Offers API serverless architecture

Affiliates

www.capitalone.com/credit-cards/prequalify

AWS Cloud

Capital OneAPI Gateway

VPC

Lambda Function

Traces LogsProduction Support Command Center

COATCredit Offers API Team

Lambda Function

S3 Bucket

TTL

Third-Party API

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Capital One – Credit Offers API CI/CD pipeline

Continuous Improvement, Continuous Delivery!

GitHub LGTM Bot Jenkins AWS SAM

S3 Bucket(Versioning)

Lambda Function

DeploymentType:dev: AllAtOnceqa: AllAtOnceqaw: AllAtOnceprod: Canary10Percent10Minutesprodw: Canary10Percent10Minutes

canary5xxGetProductsAlarm:Type: AWS::CloudFormation::AlarmProperties:AlarmActions:

- !FindInMap:- params- AdminSNSTopic- !Ref Environment

AlarmDescription: 500 error from product listing Lambda.

ComparisonOperator: GreatherThanOrEqualTothreshold

Period: 300Statistic: SumThreshold: 1EvaluationPeriod: 1

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Capital One – Benefits from taking the API serverless

Performance gains

From the time the request is received by lambda to

the time to send the response back

70%

Cost savings

By removing EC2, ELB and RDS from our solution

90%

Increase in team velocity

Reduce investment in team’s time on DevOps and dedicate back to

feature development!

30%

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thank you!

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Danilo Poccia@danilop

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.