AWS Lambda from the trenches
12 likes5,333 views
The document provides insights into the complexities and best practices for deploying applications using AWS Lambda, emphasizing the importance of independent deployments, cost-minimization, and reduced operational effort. It discusses various testing levels, CI/CD pipeline configurations, monitoring, and logging strategies to ensure effective production readiness. Additionally, it highlights the necessity of managing resources efficiently, understanding cold starts, and handling function failures in serverless architectures.
![if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION
elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run int-$STAGE
elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then
STAGE=$2
REGION=$3
PROFILE=$4
npm install
AWS_PROFILE=$PROFILE npm run acceptance-$STAGE
else
usage
exit 1
fi](https://image.slidesharecdn.com/awslambdafromthetrenches-170329220854/85/AWS-Lambda-from-the-trenches-79-320.jpg)
AWS Lambda from the trenches
- 1. from the TRENCHESTRENCHES what you should know before you go to production AWS LAMBDAAWS LAMBDA
- 2. hi,I’mYanCui
- 7. AWS user since 2009
- 10. apr, 2016
- 11. hidden complexities and dependencies low utilisation to leave room for traffic spikes EC2 scaling is slow, so scale earlier lots of cost for unused resources up to 30 mins for deployment deployment required downtime
- 12. - Dan North “lead time to someone saying thank you is the only reputation metric that matters.”
- 14. “what would good look like for us?”
- 15. be small be fast have zero downtime have no lock-step DEPLOYMENTS SHOULD...
- 16. FEATURES SHOULD... be deployable independently be loosely-coupled
- 17. WE WANT TO... minimise cost for unused resources minimise ops effort reduce tech mess deliver visible improvements faster
- 18. nov, 2016
- 19. 170 Lambda functions in prod 1.2 GB deployment packages in prod 95% cost saving vs EC2 15x no. of prod releases per month
- 20. time is a good fit
- 21. 1st function in prod! time is a good fit
- 22. ? time is a good fit 1st function in prod!
- 24. 170 functions WOOF! ? ? time is a good fit 1st function in prod!
- 27. rebuilt search
- 28. Legacy Monolith Amazon Kinesis Amazon Lambda Amazon CloudSearch
- 29. Legacy Monolith Amazon Kinesis Amazon Lambda Amazon CloudSearchAmazon API Gateway Amazon Lambda
- 31. Legacy Monolith Amazon Kinesis Amazon Lambda Google BigQuery
- 32. Legacy Monolith Amazon Kinesis Amazon Lambda Google BigQuery 1 developer, 2 days design production (his 1st serverless project)
- 33. Legacy Monolith Amazon Kinesis Amazon Lambda Google BigQuery “nothing ever got done this fast at Skype!” - Chris Twamley
- 34. - Dan North “lead time to someone saying thank you is the only reputation metric that matters.”
- 43. BigQuery
- 44. BigQuery
- 57. TESTING
- 58. amzn.to/29Lxuzu
- 59. Level of Testing 1.Unit do our objects do the right thing? are they easy to work with?
- 61. Level of Testing 1.Unit 2.Integration does our code work against code we can’t change?
- 62. handler
- 63. handler test by invoking the handler
- 64. Level of Testing 1.Unit 2.Integration 3.Acceptance does the whole system work?
- 66. “…We find that tests that mock external libraries often need to be complex to get the code into the right state for the functionality we need to exercise. The mess in such tests is telling us that the design isn’t right but, instead of fixing the problem by improving the code, we have to carry the extra complexity in both code and test…” Don’t Mock Types You Can’t Change
- 67. “…The second risk is that we have to be sure that the behaviour we stub or mock matches what the external library will actually do… Even if we get it right once, we have to make sure that the tests remain valid when we upgrade the libraries…” Don’t Mock Types You Can’t Change
- 68. Don’t Mock Types You Can’t Change Services
- 70. “…Wherever possible, an acceptance test should exercise the system end-to- end without directly calling its internal code. An end-to-end test interacts with the system only from the outside: through its interface…” Testing End-to-End
- 71. Legacy Monolith Amazon Kinesis Amazon Lambda Amazon CloudSearchAmazon API Gateway Amazon Lambda
- 72. Legacy Monolith Amazon Kinesis Amazon Lambda Amazon CloudSearchAmazon API Gateway Amazon Lambda Test Input
- 73. Legacy Monolith Amazon Kinesis Amazon Lambda Amazon CloudSearchAmazon API Gateway Amazon Lambda Test Input Validate
- 74. CI + CD PIPELINE
- 75. “the earlier you consider CI + CD, the more time you save in the long run” - me
- 76. “…We prefer to have the end-to-end tests exercise both the system and the process by which it’s built and deployed… This sounds like a lot of effort (it is), but has to be done anyway repeatedly during the software’s lifetime…” Testing End-to-End
- 77. “deployment scripts that only live on the CI box is a disaster waiting to happen” - me
- 78. Jenkins build config deploys and tests unit + integration tests deploy acceptance tests
- 79. if [ "$1" = "deploy" ] && [ $# -eq 4 ]; then STAGE=$2 REGION=$3 PROFILE=$4 npm install AWS_PROFILE=$PROFILE 'node_modules/.bin/sls' deploy -s $STAGE -r $REGION elif [ "$1" = "int-test" ] && [ $# -eq 4 ]; then STAGE=$2 REGION=$3 PROFILE=$4 npm install AWS_PROFILE=$PROFILE npm run int-$STAGE elif [ "$1" = "acceptance-test" ] && [ $# -eq 4 ]; then STAGE=$2 REGION=$3 PROFILE=$4 npm install AWS_PROFILE=$PROFILE npm run acceptance-$STAGE else usage exit 1 fi
- 80. build.sh allows repeatable builds on both local & CI
- 82. Auto Auto Manual
- 83. LOGGING
- 85. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae GOT is off air, what do I do now?
- 86. 2016-07-12T12:24:37.571Z 994f18f9-482b-11e6-8668-53e4eab441ae GOT is off air, what do I do now? UTC Timestamp API Gateway Request Id your log message
- 88. LOG OVERLOAD
- 89. CENTRALISE LOGS
- 90. CENTRALISE LOGS MAKE THEM EASILY SEARCHABLE
- 91. + + the elk stack
- 92. CloudWatch Logs
- 93. CloudWatch Logs AWS Lambda ELK stack
- 99. “my followers didn’t receive my new post!” - a user
- 100. where could the problem be?
- 101. correlation IDs* * eg. request-id, user-id, yubl-id, etc.
- 103. kinesis client http client sns client
- 106. Amazon X-Ray
- 107. Amazon X-Ray
- 108. traces do not span over API Gateway
- 109. useful, but hampered by current limitations
- 112. “where do I install monitoring agents?”
- 113. you can’t
- 114. • invocation Count • error Count • latency • throttling • granular to the minute • support custom metrics
- 115. • same metrics as CW • better dashboard • support custom metrics https://www.datadoghq.com/blog/monitoring-lambda-functions-datadog/
- 117. “how do I batch up and send logs in the background?”
- 118. you can’t (kinda)
- 119. console.log(“hydrating yubls from db…”); console.log(“fetching user info from user-api”); console.log(“MONITORING|1489795335|27.4|latency|user-api-latency”); console.log(“MONITORING|1489795335|8|count|yubls-served”); timestamp metric value metric type metric namemetrics logs
- 120. CloudWatch Logs AWS Lambda ELK stack logs metrics CloudWatch
- 122. DASHBOARDS
- 125. Not Only CloudWatch
- 127. “you really don't want your monitoring system to fail at the same time as the system it monitors” - me
- 128. CONFIG MANAGEMENT
- 129. easily and quickly propagate config changes
- 136. EC2 parameter store
- 140. sensitive data should be encrypted in-flight, and at rest (credentials, connection string, etc.)
- 141. role-based access
- 142. KMS
- 143. EC2 Parameter Store HTTPS role-based access encrypted in-flight
- 144. EC2 Parameter Store encrypt role-based access
- 145. EC2 Parameter Store encrypted at-rest
- 146. HTTPS role-based access EC2 Parameter Store encrypted in-flight
- 148. PRO TIPS
- 149. SERVERLESS FRAMEWORK
- 150. max 75 GB total deployment package size* * limit is per AWS region
- 152. Janitor Monkey
- 155. install Serverless framework as dev dependency at project level dev dependencies are excluded since 1.16.0
- 159. Amazon X-Ray 1st invocation 2nd invocation cold start
- 167. what about type safety?
- 169. complexity ceiling of a Node.js app complexity
- 170. complexity ceiling of a Node.js app complexity referential transparency immutability as default type inference option types union types …
- 171. for managing complexity complexity ceiling of a Node.js app complexity referential transparency immutability as default type inference option types union types …
- 172. complexity ceiling of a Node.js app complexity complexity ceiling of a Node.js Lambda function
- 173. if you can limit the complexity of your solution, maybe you won’t need the tools for managing that complexity. me
- 176. AVOID COLDSTARTS
- 177. CloudWatch Event AWS Lambda
- 178. CloudWatch Event AWS Lambda ping ping ping ping
- 179. CloudWatch Event AWS Lambda ping ping ping ping
- 180. CloudWatch Event AWS Lambda ping ping ping ping HEALTH CHECKS?
- 181. max 5 mins execution time
- 182. USE RECURSION FOR LONG RUNNING TASKS
- 184. “AWS Lambda polls your stream and invokes your Lambda function. Therefore, if a Lambda function fails, AWS Lambda attempts to process the erring batch of records until the time the data expires…” http://docs.aws.amazon.com/lambda/latest/dg/retries-on-errors.html
- 185. should function fail on partial/any failures?
- 186. SNS Kinesis SQS after 3 attempts share processing logic events are processed in chronological order failed events are retried out of sequence
- 190. “Each shard can support up to 5 transactions per second for reads, up to a maximum total data read rate of 2 MB per second.” http://docs.aws.amazon.com/streams/latest/dev/service-sizes-and-limits.html
- 191. “If your stream has 100 active shards, there will be 100 Lambda functions running concurrently. Then, each Lambda function processes events on a shard in the order that they arrive.” http://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html
- 192. when no. of processors goes up…
- 193. ReadProvisionedThroughputExceeded can have too many Kinesis read operations…
- 194. ReadRecords.IteratorAge unpredictable spikes in read ‘latency’…
- 197. clever but costly
- 198. for subsystems that don’t have to be realtime, or are task- based (ie. order doesn’t matter), consider other triggers such as S3 or SNS.me
- 200. sign up here: http://bit.ly/2xCwJEe