Date post: | 05-Apr-2017 |
Category: |
Technology |
Upload: | amazon-web-services |
View: | 612 times |
Download: | 2 times |
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris Munns – Senior Developer Advocate - Serverless
Building a Development Workflow for Serverless Applications
About me:
Chris Munns - [email protected], @chrismunns• Senior Developer Advocate - Serverless• New Yorker• Previously:
• Business Development Manager – DevOps, July ’15 - Feb ‘17• AWS Solutions Architect Nov, 2011- Dec 2014• Formerly on operations teams @Etsy and @Meetup• Little time at a hedge fund, Xerox and a few other startups
• Rochester Institute of Technology: Applied Networking and Systems Administration ’05
• Internet infrastructure geek
https://secure.flickr.com/photos/mgifford/4525333972
Why are we here today?
No servers to provision or manage
Scales with usage
Never pay for idle Availability and fault tolerance built in
Serverless means…
Serverless application
SERVICES (ANYTHING)
Changes in data state
Requests to endpoints
Changes in resource state
EVENT SOURCE FUNCTION
Node.jsPythonJavaC#
Common Lambda use cases
Web Applications• Static
websites
• Complex web apps
• Packages for Flask and Express
Data Processing
• Real time
• MapReduce
• Batch
Chatbots
• Powering chatbot logic
Backends
• Apps & services
• Mobile
• IoT
</></>
Amazon Alexa
• Powering voice-enabled apps
• Alexa Skills Kit
IT Automation
• Policy engines
• Extending AWS services
• Infrastructure management
Amazon S3
Amazon DynamoDB
Amazon Kinesis
AWS CloudFormatio
n
AWS CloudTrail
Amazon CloudWatc
h
Amazon Cognito
Amazon SNS
AmazonSES
Cron events
DATA STORES ENDPOINTS
DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES
Event sources that trigger AWS Lambda
… and a few more with more on the way!
AWS CodeCommit
AmazonAPI Gateway
AmazonAlexaAWS IoT AWS Step
Functions
Development Workflow Considerations
If we combined all of our use-cases with all of our event sources, we end up with A LOT of possible options.• What AWS resources do we need to provision and
configure and how should we do that?• How do we establish independent environments?• How can we ensure that we are testing and validating
our architecture and application along the way?• How can we best automate all of the above?
Development Workflow Checklist
Model your application and infrastructure resources
Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process
Model our application and infrastructure resources
An example of services for building serverless applications:
Best practice: Manage these AWS resources with “Infrastructure as Code” practices/tools!
AmazonAPI Gateway
AWS Step Functions
Amazon S3
Amazon DynamoDB
Amazon Kinesis
AWS Lambda
Amazon SNS
Create templates of your infrastructure
CloudFormation provisions AWS resources based on dependency needs
Version control/replicate/update templates like code
Integrates with development, CI/CD, management tools
JSON and YAML supported
AWS CloudFormation
AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:
ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'
CloudFormation template
AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:
ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'
CloudFormation template
AWS Serverless Application Model (SAM)
CloudFormation extension optimized for serverless
New serverless resource types: functions, APIs, and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model
AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:
ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'
CloudFormation template
SAM templateAWSTemplateFormatVersion: '2010-09-09’Transform: AWS::Serverless-2016-10-31Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable
SAM templateAWSTemplateFormatVersion: '2010-09-09’Transform: AWS::Serverless-2016-10-31Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable
Tells CloudFormation this is a SAM template it needs to “transform”
Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary
Creates a DynamoDB table with 5 Read & Write units
SAM template
From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
<-THISBECOMES THIS->
SAM Template Properties
AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable
From SAM Version 2016-10-31
SAM Template Properties
AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable
Handler: index.js Runtime: nodejs4.3 CodeUri: 's3://my-code-bucket/my-function.zip' Description: Creates thumbnails of uploaded images MemorySize: 1024 Timeout: 15 Policies: AmazonS3FullAccess Environment: Variables: TABLE_NAME: my-table Events: PhotoUpload: Type: S3 Properties: Bucket: my-photo-bucket
From SAM Version 2016-10-31
SAM Template Properties
AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable
StageName: prod DefinitionUri: swagger.ymlCacheClusterEnabled: trueCacheClusterSize: 28.4Variables: VarName: VarValue
From SAM Version 2016-10-31
SAM Template Properties
AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable
PrimaryKey: Name: id Type: String ProvisionedThroughput: ReadCapacityUnits: 5 WriteCapacityUnits: 5
From SAM Version 2016-10-31
SAM Template Capabilities
• Can mix in other non-SAM CloudFormation resources in the same template
• i.e. S3, Kinesis, Step Functions
• Supports use of Parameters, Mappings, Outputs, etc
• Supports Intrinsic Functions• Can use ImportValue
(exceptions for RestApiId, Policies, StageName attributes)
• YAML or JSON
AWS commands – Package & Deploy
Package•Creates a deployment package (.zip file) •Uploads deployment package to an Amazon S3 bucket•Adds a CodeUri property with S3 URI
Deploy•Calls CloudFormation ‘CreateChangeSet’ API•Calls CloudFormation ‘ExecuteChangeSet’ API
Development Workflow Checklist
Model your application and infrastructure resources
Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process
Configure multiple environments
A good developer knows they need different environments for building, testing, and running their application!Why?• Avoid overlapping usage of resources• Safely test new code without impacting your customers• Safely test infrastructure changesHow?• AWS Account strategies• Using Infrastructure as Code tools• Automating application delivery/testing
Two popular ways to do this:Same account, different stacks:+ Easier management of resources+ Easier visibility via management/monitoring tools- Can be harder to create permission/access separation
Better for smaller teams/individuals
Configure multiple environments
Multiple accounts:+ Assured separation of permissions and access+ Resource limits per account to control usage- Overhead of managing multiple accounts and controls between them
Better for larger teams/companies!! Check out AWS Organizations
Template File Defining Stack
Source Control
Dev
Test
Prod
Use the version control system of
your choice to store and track changes to this
template
Build out multiple environments, such as for Development, Test, Production and even DR using the same template, even across accounts
Many Environments from One Template
Development Workflow Checklist
Model your application and infrastructure resources
Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process
Establish our testing/validation model
We want to make sure our code:• is without syntax issues• meets company standards for format• compiles• is sufficiently tested at the code level via unit testsWe want to make sure our serverless service:• functions as it is supposed to in relation to other components• has appropriate mechanisms to handle failures up or down streamWe want to make sure our entire application/infrastructure:• functions end to end• follows security best practices• handles scaling demands
Building a deployment package
Node.js & Python
• .zip file consisting of your code and any dependencies
• Use npm/pip to install libraries
• All dependencies must be at root level
Java
• Either .zip file with all code/dependencies, or standalone .jar
• Use Maven / Eclipse IDE plugins
• Compiled class & resource files at root level, required jars in /lib directory
C# (.NET Core)
• Either .zip file with all code/dependencies, or a standalone .dll
• Use NuGet / VisualStudio plugins
• All assemblies (.dll) at root level
Fully managed build service that compiles source code, runs tests, and produces software packages
Scales continuously and processes multiple builds concurrently
You can provide custom build environments suited to your needs via Docker images
Only pay by the minute for the compute resources you use
Launched with CodePipeline and Jenkins integration
New: Can be used as a “Test” action in CodePipeline
AWS CodeBuild
version: 0.1
environment_variables: plaintext:
"INPUT_FILE": "saml.yaml”"S3_BUCKET": ""
phases: install: commands:
- npm install pre_build: commands: - eslint *.jsbuild: commands:
- npm testpost_build: commands:
- aws cloudformation package --template $INPUT_FILE --s3-bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files:
- post-saml.yaml - beta.json
buildspec.yml Example
version: 0.1
environment_variables: plaintext:
"INPUT_FILE": "saml.yaml”"S3_BUCKET": ""
phases: install: commands:
- npm install pre_build: commands: - eslint *.jsbuild: commands:
- npm testpost_build: commands:
- aws cloudformation package --template $INPUT_FILE --s3-bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files:
- post-saml.yaml - beta.json
• Variables to be used by phases of build
• Examples for what you can do in the phases of a build:
• You can install packages or run commands to prepare your environment in ”install”.
• Run syntax checking, commands in “pre_build”.
• Execute your build tool/command in “build”
• Test your app further or ship a container image to a repository in post_build
• Create and store an artifact in S3
buildspec.yml Example
Development Workflow Checklist
Model your application and infrastructure resources
Configure multiple environments Establish your testing/validation modelAutomate your delivery process
Release processes levels
Source Build Test Production
Continuous integration
Continuous delivery
Continuous deployment
Continuous delivery service for fast and reliable application updates
Model and visualize your software release process
Builds, tests, and deploys your code every time there is a code change
Integrates with third-party tools and AWS
AWS CodePipeline
Delivery via CodePipeline
Pipeline flow:1. Commit your code to a source code repository2. Package/Test in CodeBuild3. Use CloudFormation actions in CodePipeline to
create or update stacks via SAM templatesOptional: Make use of ChangeSets
4. Make use of specific stage/environment parameter files to pass in Lambda variables
5. Test our application between stages/environmentsOptional: Make use of Manual Approvals
Testing tools
Code Inspection/Test Coverage:• Landscape - https://landscape.io/ (only for Python)• CodeClimate - https://codeclimate.com/• Coveralls.io - https://coveralls.io/Mocking/stubbing tools:• https://github.com/atlassian/localstack - “A fully functional local AWS cloud stack. Develop and test
your cloud apps offline!”• Includes:
• https://github.com/spulec/moto - boto mock tool• https://github.com/mhart/dynalite - DynamoDB testing tool• https://github.com/mhart/kinesalite - Kinesis testing tool• more!
API Interface/UI testing:• Runscope - https://www.runscope.com/ - API Monitoring/Testing• Ghost Inspector - https://ghostinspector.com/ - Web interface testing
Source
SourceCodeCommit
MyApplication
An example minimal pipeline:
Buildtest-build-sourceCodeBuild
Deploy Testingcreate-changesetAWS CloudFormation
execute-changesetAWS CloudFormation
Run-stubsAWS Lambda
Deploy Stagingcreate-changesetAWS CloudFormation
execute-changesetAWS CloudFormation
Run-API-testRunscope
QA-Sign-offManual Approval
Review
Deploy Prodcreate-changesetAWS CloudFormation
execute-changesetAWS CloudFormation
Post-Deploy-SlackAWS Lambda
This pipeline:• Five Stages• Builds code artifact• Three deployed to “Environments”• Uses CloudFormation to deploy
artifact and other AWS resources• Has Lambda custom actions for
running my own testing functions• Integrates with a 3rd party
tool/service• Has a manual approval before
deploying to production
Development Workflow Checklist
Model your application and infrastructure resources
Configure multiple environments Establish your testing/validation model Automate your delivery process
DEMO!
aws.amazon.com/serverless
Additional Resources
Serverless Application Model (SAM) - https://github.com/awslabs/serverless-application-model
Learn more:AWS Lambda: https://aws.amazon.com/lambdaAmazon API Gateway: https://aws.amazon.com/api-gatewayAWS Step Functions: https://aws.amazon.com/step-functions
Products that helped us today:CloudFormation: https://aws.amazon.com/cloudformationCodePipeline: https://aws.amazon.com/codepipelineCodeBuild: https://aws.amaz.com/codebuild
?https://secure.flickr.com/photos/dullhunk/202872717/