© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Chris Munns – Senior Developer Advocate - Serverless

Building a Development Workflow for Serverless Applications

About me:

Chris Munns - munns@amazon.com, @chrismunns• Senior Developer Advocate - Serverless• New Yorker• Previously:

• Business Development Manager – DevOps, July ’15 - Feb ‘17• AWS Solutions Architect Nov, 2011- Dec 2014• Formerly on operations teams @Etsy and @Meetup• Little time at a hedge fund, Xerox and a few other startups

• Rochester Institute of Technology: Applied Networking and Systems Administration ’05

• Internet infrastructure geek

https://secure.flickr.com/photos/mgifford/4525333972

Why are we here today?

No servers to provision or manage

Scales with usage

Never pay for idle Availability and fault tolerance built in

Serverless means…

Serverless application

SERVICES (ANYTHING)

Changes in data state

Requests to endpoints

Changes in resource state

EVENT SOURCE FUNCTION

Node.jsPythonJavaC#

Common Lambda use cases

Web Applications• Static

websites

• Complex web apps

• Packages for Flask and Express

Data Processing

• Real time

• MapReduce

• Batch

Chatbots

• Powering chatbot logic

Backends

• Apps & services

• Mobile

• IoT

</></>

Amazon Alexa

• Powering voice-enabled apps

• Alexa Skills Kit

IT Automation

• Policy engines

• Extending AWS services

• Infrastructure management

Amazon S3

Amazon DynamoDB

Amazon Kinesis

AWS CloudFormatio

n

AWS CloudTrail

Amazon CloudWatc

h

Amazon Cognito

Amazon SNS

AmazonSES

Cron events

DATA STORES ENDPOINTS

DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES

Event sources that trigger AWS Lambda

… and a few more with more on the way!

AWS CodeCommit

AmazonAPI Gateway

AmazonAlexaAWS IoT AWS Step

Functions

Development Workflow Considerations

If we combined all of our use-cases with all of our event sources, we end up with A LOT of possible options.• What AWS resources do we need to provision and

configure and how should we do that?• How do we establish independent environments?• How can we ensure that we are testing and validating

our architecture and application along the way?• How can we best automate all of the above?

Development Workflow Checklist

Model your application and infrastructure resources

Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process

Model our application and infrastructure resources

An example of services for building serverless applications:

Best practice: Manage these AWS resources with “Infrastructure as Code” practices/tools!

AmazonAPI Gateway

AWS Step Functions

Amazon S3

Amazon DynamoDB

Amazon Kinesis

AWS Lambda

Amazon SNS

Create templates of your infrastructure

CloudFormation provisions AWS resources based on dependency needs

Version control/replicate/update templates like code

Integrates with development, CI/CD, management tools

JSON and YAML supported

AWS CloudFormation

AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:

ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'

CloudFormation template

AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:

ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'

CloudFormation template

AWS Serverless Application Model (SAM)

CloudFormation extension optimized for serverless

New serverless resource types: functions, APIs, and tables

Supports anything CloudFormation supports

Open specification (Apache 2.0)

https://github.com/awslabs/serverless-application-model

AWSTemplateFormatVersion: '2010-09-09'Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties:

ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0'

CloudFormation template

SAM templateAWSTemplateFormatVersion: '2010-09-09’Transform: AWS::Serverless-2016-10-31Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY  ListTable: Type: AWS::Serverless::SimpleTable

SAM templateAWSTemplateFormatVersion: '2010-09-09’Transform: AWS::Serverless-2016-10-31Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY  ListTable: Type: AWS::Serverless::SimpleTable

Tells CloudFormation this is a SAM template it needs to “transform”

Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary

Creates a DynamoDB table with 5 Read & Write units

SAM template

From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml

<-THISBECOMES THIS->

SAM Template Properties

AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable

From SAM Version 2016-10-31

SAM Template Properties

AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable

Handler: index.js Runtime: nodejs4.3 CodeUri: 's3://my-code-bucket/my-function.zip' Description: Creates thumbnails of uploaded images MemorySize: 1024 Timeout: 15 Policies: AmazonS3FullAccess Environment: Variables: TABLE_NAME: my-table Events: PhotoUpload: Type: S3 Properties: Bucket: my-photo-bucket

From SAM Version 2016-10-31

SAM Template Properties

AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable

StageName: prod DefinitionUri: swagger.ymlCacheClusterEnabled: trueCacheClusterSize: 28.4Variables: VarName: VarValue

From SAM Version 2016-10-31

SAM Template Properties

AWS::Serverless::FunctionAWS::Serverless::ApiAWS::Serverless::SimpleTable

PrimaryKey: Name: id Type: String ProvisionedThroughput: ReadCapacityUnits: 5 WriteCapacityUnits: 5

From SAM Version 2016-10-31

SAM Template Capabilities

• Can mix in other non-SAM CloudFormation resources in the same template

• i.e. S3, Kinesis, Step Functions

• Supports use of Parameters, Mappings, Outputs, etc

• Supports Intrinsic Functions• Can use ImportValue

(exceptions for RestApiId, Policies, StageName attributes)

• YAML or JSON

AWS commands – Package & Deploy

Package•Creates a deployment package (.zip file) •Uploads deployment package to an Amazon S3 bucket•Adds a CodeUri property with S3 URI

Deploy•Calls CloudFormation ‘CreateChangeSet’ API•Calls CloudFormation ‘ExecuteChangeSet’ API

Development Workflow Checklist

Model your application and infrastructure resources

Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process

Configure multiple environments

A good developer knows they need different environments for building, testing, and running their application!Why?• Avoid overlapping usage of resources• Safely test new code without impacting your customers• Safely test infrastructure changesHow?• AWS Account strategies• Using Infrastructure as Code tools• Automating application delivery/testing

Two popular ways to do this:Same account, different stacks:+ Easier management of resources+ Easier visibility via management/monitoring tools- Can be harder to create permission/access separation

Better for smaller teams/individuals

Configure multiple environments

Multiple accounts:+ Assured separation of permissions and access+ Resource limits per account to control usage- Overhead of managing multiple accounts and controls between them

Better for larger teams/companies!! Check out AWS Organizations

Template File Defining Stack

Source Control

Dev

Test

Prod

Use the version control system of

your choice to store and track changes to this

template

Build out multiple environments, such as for Development, Test, Production and even DR using the same template, even across accounts

Many Environments from One Template

Development Workflow Checklist

Model your application and infrastructure resources

Configure multiple environmentsEstablish your testing/validation modelAutomate your delivery process

Establish our testing/validation model

We want to make sure our code:• is without syntax issues• meets company standards for format• compiles• is sufficiently tested at the code level via unit testsWe want to make sure our serverless service:• functions as it is supposed to in relation to other components• has appropriate mechanisms to handle failures up or down streamWe want to make sure our entire application/infrastructure:• functions end to end• follows security best practices• handles scaling demands

Building a deployment package

Node.js & Python

• .zip file consisting of your code and any dependencies

• Use npm/pip to install libraries

• All dependencies must be at root level

Java

• Either .zip file with all code/dependencies, or standalone .jar

• Use Maven / Eclipse IDE plugins

• Compiled class & resource files at root level, required jars in /lib directory

C# (.NET Core)

• Either .zip file with all code/dependencies, or a standalone .dll

• Use NuGet / VisualStudio plugins

• All assemblies (.dll) at root level

Fully managed build service that compiles source code, runs tests, and produces software packages

Scales continuously and processes multiple builds concurrently

You can provide custom build environments suited to your needs via Docker images

Only pay by the minute for the compute resources you use

Launched with CodePipeline and Jenkins integration

New: Can be used as a “Test” action in CodePipeline

AWS CodeBuild

version: 0.1

environment_variables: plaintext:

"INPUT_FILE": "saml.yaml”"S3_BUCKET": ""

phases: install: commands:

- npm install pre_build: commands: - eslint *.jsbuild: commands:

- npm testpost_build: commands:

- aws cloudformation package --template $INPUT_FILE --s3-bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files:

- post-saml.yaml - beta.json

buildspec.yml Example

version: 0.1

environment_variables: plaintext:

"INPUT_FILE": "saml.yaml”"S3_BUCKET": ""

phases: install: commands:

- npm install pre_build: commands: - eslint *.jsbuild: commands:

- npm testpost_build: commands:

- aws cloudformation package --template $INPUT_FILE --s3-bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files:

- post-saml.yaml - beta.json

• Variables to be used by phases of build

• Examples for what you can do in the phases of a build:

• You can install packages or run commands to prepare your environment in ”install”.

• Run syntax checking, commands in “pre_build”.

• Execute your build tool/command in “build”

• Test your app further or ship a container image to a repository in post_build

• Create and store an artifact in S3

buildspec.yml Example

Development Workflow Checklist

Model your application and infrastructure resources

Configure multiple environments Establish your testing/validation modelAutomate your delivery process

Release processes levels

Source Build Test Production

Continuous integration

Continuous delivery

Continuous deployment

Continuous delivery service for fast and reliable application updates

Model and visualize your software release process

Builds, tests, and deploys your code every time there is a code change

Integrates with third-party tools and AWS

AWS CodePipeline

Delivery via CodePipeline

Pipeline flow:1. Commit your code to a source code repository2. Package/Test in CodeBuild3. Use CloudFormation actions in CodePipeline to

create or update stacks via SAM templatesOptional: Make use of ChangeSets

4. Make use of specific stage/environment parameter files to pass in Lambda variables

5. Test our application between stages/environmentsOptional: Make use of Manual Approvals

Testing tools

Code Inspection/Test Coverage:• Landscape - https://landscape.io/ (only for Python)• CodeClimate - https://codeclimate.com/• Coveralls.io - https://coveralls.io/Mocking/stubbing tools:• https://github.com/atlassian/localstack - “A fully functional local AWS cloud stack. Develop and test

your cloud apps offline!”• Includes:

• https://github.com/spulec/moto - boto mock tool• https://github.com/mhart/dynalite - DynamoDB testing tool• https://github.com/mhart/kinesalite - Kinesis testing tool• more!

API Interface/UI testing:• Runscope - https://www.runscope.com/ - API Monitoring/Testing• Ghost Inspector - https://ghostinspector.com/ - Web interface testing

Source

SourceCodeCommit

MyApplication

An example minimal pipeline:

Buildtest-build-sourceCodeBuild

Deploy Testingcreate-changesetAWS CloudFormation

execute-changesetAWS CloudFormation

Run-stubsAWS Lambda

Deploy Stagingcreate-changesetAWS CloudFormation

execute-changesetAWS CloudFormation

Run-API-testRunscope

QA-Sign-offManual Approval

Review

Deploy Prodcreate-changesetAWS CloudFormation

execute-changesetAWS CloudFormation

Post-Deploy-SlackAWS Lambda

This pipeline:• Five Stages• Builds code artifact• Three deployed to “Environments”• Uses CloudFormation to deploy

artifact and other AWS resources• Has Lambda custom actions for

running my own testing functions• Integrates with a 3rd party

tool/service• Has a manual approval before

deploying to production

Development Workflow Checklist

Model your application and infrastructure resources

Configure multiple environments Establish your testing/validation model Automate your delivery process

DEMO!

aws.amazon.com/serverless

Additional Resources

Serverless Application Model (SAM) - https://github.com/awslabs/serverless-application-model

Learn more:AWS Lambda: https://aws.amazon.com/lambdaAmazon API Gateway: https://aws.amazon.com/api-gatewayAWS Step Functions: https://aws.amazon.com/step-functions

Products that helped us today:CloudFormation: https://aws.amazon.com/cloudformationCodePipeline: https://aws.amazon.com/codepipelineCodeBuild: https://aws.amaz.com/codebuild

?https://secure.flickr.com/photos/dullhunk/202872717/