Serverless

The pros and cons of building a company

without infrastructure 

Luciano Mammino

1 June 2017, Split

Who is LUCIANO

NeBK20FUA

-20% eBook

 

NpBK15FUA

-15% Print

 

fancy a coupon? πŸ˜‡

</ shameless-self-promotion >

Agenda

What is Serverless

History & definition

Advantages & costs

How it Works

Example: AWS Lambda

Example: Serverless Framework

Serverless at Planet 9

Architecture

Security

Quality

Monitoring / Logging

Step Functions

PART 1

What is Serverless

1996 - Let's order few more servers for this rack...

2006 - Let's move the infrastructure in "the cloud"...

2013 - I can "ship" the new API to any VPS as a "container"

TODAY - I ain't got no infrastructure, just code "in the cloud" baby!

The essence of the serverless trend is the absence of the server concept during software development.

 

β€” Auth0

Serverless & Serverless.com Framework

πŸ‘¨β€πŸ’»   Focus on business logic, not on infrastructure

🐎   Virtually β€œinfinite” auto-scaling

πŸ’°   Pay for invocation / processing time

Advantages of serverless

Is it cheaper to go serverless?

... It depends

Car analogy

Cars are parked 95% of the time (loige.link/car-parked-95)

How much do you use the car?

Own a car

(Bare metal servers)

Rent a car

(VPS)

City car-sharing

(Serverless)

Less than $0.40/day

for 1 execution/second

What can we build?

πŸ“±  Mobile Backends

πŸ”Œ  APIs & Microservices

πŸ“¦  Data Processing pipelines

⚑️  Webhooks

πŸ€–  Bots and integrations

βš™οΈ  IoT Backends

πŸ’»  Single page web applications

The paradigm

Event β†’ 𝑓

IF   ________________________________ 

THEN ________________________________

"IF this THEN that" model

A new CSV file is saved in the object storage

Process it and save it in the DB

HTTP request: GET /products

Retrieve products from DB and return a JSON

It's 2 AM

Scrape weather forecast for next days

Cloud providers

IBM

OpenWhisk

AWS

Lambda

Azure

Functions

Google

Cloud Functions

Auth0

Webtask

Serverless and JavaScript

Frontend

🌏 Serverless Web hosting is static, but you can build SPAs
(React, Angular, Vue, etc.)

 

Backend

πŸ‘Œ Node.js is supported by every provider

⚑️ Fast startup (as opposed to Java)

πŸ“¦ Use all the modules on NPM

πŸ€“ Support other languages/dialects
(TypeScript, ClojureScript, ESNext...)

exports.myLambda = function (
    event,
    context,
    callback
) {

  // get input from event and context

  // use callback to return output or errors

}

Anatomy of a Node.js lambda on AWS

Let's build a "useful"

Hello World API

// write code here

'use strict'

exports.helloWorldHandler = (event, context, callback) => {
  
  const name = 
   (event.queryStringParameters && event.queryStringParameters.name) ?
    event.queryStringParameters.name : 'Split';
    
  const response = {
    statusCode: 200,
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({message: `Hello ${name}`})
  };

  callback(null, response);
};

πŸ€™

API Gateway config has been generated for us...

Recap

  1. Login to AWS Dashboard

  2. Create new Lambda from blueprint

  3. Configure API Gateway trigger

  4. Configure Lambda and Security

  5. Write Lambda code

  6. Configure Roles & Publish

⚑️Ready!

No local testing πŸ˜ͺ ... Manual process 😫

Enter the...

Get serverless framework

 npm install --global serverless@latest


 sls --help

Create a project

 mkdir helloWorldApi

 cd helloWorldApi

 touch handler.js serverless.yml
// handler.js

'use strict';
exports.helloWorldHandler = (event, context, callback) => {
    const name = 
     (event.queryStringParameters && event.queryStringParameters.name) ?
      event.queryStringParameters.name : 'Split';
    const response = {
      statusCode: 200,
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({message: `Hello ${name}`})
    };
    callback(null, response);
};
# serverless.yml

service: sls-helloWorldApi

provider:
  name: aws
  runtime: "nodejs6.10"

functions:
  helloWorld:
    handler: "handler.helloWorldHandler"
    events:
      - http:
        path: /
        method: get

Local test

touch event.json
{
  "queryStringParameters": {
    "name": "Tim Wagner"
  },
  "httpMethod": "GET",
  "path": "/"
}

Local test

Deploy the lambda

Recap

  1. Install serverless framework

  2. Create handler & serverless config

  3. Test locally (optional)

  4. Deploy

  5. Party hard! 🀘

PART 2

Serverless at Planet 9

a Big Data company

E.g. Meter readings per customer/year

2 Γ— 24 Γ— 365

Half Hours

Γ— 25

~ meter reading points

Γ— 24

~ data versions

= πŸ’©loadβ„’

of data

πŸ‘©β€πŸš€ Limited number of β€œFull stack” engineers

⚑️ Write & deploy quality code fast

πŸ‘» Experiment different approaches over different features

😎 Adopt hot and relevant technologies

 

Limited number of servers = LIMITED CALLS AT 2 AM!

Why Serverless

Current infrastructure

Serverless land

Web

API & Jobs

Messaging

Serverless

Frontend & Backend

Cloufront & S3

API Gateway & Lambda

planet9energy.io
api.planet9energy.io
Access-Control-Allow-Origin: https://planet9energy.io

CORS HTTP HEADER

 Custom error page
index.html

Serverless Web Hosting

Serverless APIs

Security: Authentication

"Who is the current user?"

JWT Tokens

Custom
Authorizer Lambda

JWT Token

Authorizer

Login

user: "Podge"
pass: "Unicorns<3"

Users DB

Check
Credentials

JWT token

Validate token & extract userId

API request

API 1

API 2

API 3

Security: Authorization

"Can    Podge    trade    for     Account17 ?"

User

Action

Resource

User

Action

Resource

Podge

trade

Account17

Podge

changeSettings

Account17

Luciano

delete

*

...

...

...

Custom ACL module used by every lambda

Built on node-acl & knex.js

Persistence in Postgres

import { can } from '@planet9/acl';

export const tradingHandler =
  async (event, context, callback) => {

  const user = event.requestContext.userId;
  const account = event.pathParameters.accountId;
  const isAuthorized = await can(user, 'trade', account);

  if (!isAuthorized) {
    return callback(new Error('Not Authorized'));
  }

  // ... business logic
}

Security: Sensitive Data

export const handler = (event, context, callback) => {

  const CONN_STRING = process.env.CONN_STRING;

  // ...
}
# serverless.yml

functions:
  myLambda:
    handler: handler.myHandler
    environment:
      CONN_STRING: ${env:CONN_STRING}
  • Split business logic into small testable modules

  • Use dependency injection for external resources
    (DB, Filesystem, etc.)

  • Mock stuff with Jest

  • Aim for 100% coverage

  • Nyan Cat test runners! 😼

Quality: Unit Tests

  • Use child_process.exec to launch "sls invoke local"

  • Make assertions on the JSON output

  • Test environment simulated with Docker (Postgres, Cassandra, etc.)

  • Some services are hard to test locally (SNS, SQS, S3)

Quality: Functional Tests

πŸ‘¨ Git-Flow

  • Feature branches

  • Push code
    GitHub -> CI

Quality: Continuous integration

πŸ€– CircleCI

  • Lint code (ESlint)

  • Unit tests

  • Build project

  • Functional tests

  • if commit on "master": create deployable artifact

Development / Test / Deployment

Debugging

... How do we debug then

  • console.log... πŸ˜‘

  • Using the debug module

  • Enable detailed logs only when needed
    (e.g. export DEBUG=tradingCalculations)

Step Functions

  • Coordinate components of distributed applications

  • Orchestrate different AWS Lambdas

  • Visual flows

  • Different execution patterns (sequential, branching, parallel)

Some lessons learned...

πŸš— Think serverless as microservices "microfunctions"

❄️ Cold starts!

🚫 Be aware of soft limits

πŸ›  There is still some infrastructure: use proper tools
(Cloudformation, Terraform, ...)

πŸ‘ PROs

πŸ‘

Agility

πŸ‘

Focus on delivering

Business Value

πŸ‘

Auto-scalability

πŸ‘

Managed service

No calls at 2 am...

πŸ‘

Smooth
Learning Curve

πŸ‘

Pay as you go!

πŸ‘Ž CONs

πŸ‘Ž

No live debugging

πŸ‘Ž

Local development & testing

πŸ‘Ž

Service/Functions

Orchestration

πŸ‘Ž

Servers are still there

πŸ‘Ž

lacking

Tooling / Best practices

Should I switch to
SERVERLESS ? 😱

Thanks

(special thanks to @katavic_d, @Podgeypoos79, @quasi_modal & @augeva)

Serverless, the pros and cons of building a company without infrastructure - Shift Conference, Split 2017

By Luciano Mammino

Serverless, the pros and cons of building a company without infrastructure - Shift Conference, Split 2017

Planet9energy.com is a new electricity company building a sophisticated analytics and energy trading platform for the UK market. Since the earliest draft of the platform, we took the unconventional decision to go serverless and build the product on top of AWS Lambda and the Serverless framework using Node.js. In this talk, I want to discuss why we took this radical decision, what are the pros and cons of this approach and what are the main issues we faced as a tech team in our design and development experience. We will discuss how normal things like testing and deployment need to be re-thought to work on a serverless fashion but also the benefits of (almost) infinite self-scalability and the piece of mind of not having to manage hundreds of servers. Finally, we will underline how Node.js seems to fit naturally in this scenario and how it makes developing serverless applications extremely convenient.

  • 22,711