ServerlessDays virtual wrap up
The first virtual serverless conference was held!
TL;DR - Serverless is a technology, mindset, and community that has so much to offer to the world! Enable serverless for everybody!
Code-wise, cloud-foolish
Be wise and build on top of the serverless services to leverage cloud power to the fullest extend in order to differentiate yourself.
Content
Most people are biased to what they feel is familiar.
People tend to want to build everything themselves.
However, this is code-wise and cloud-foolish.
Instead leverage cloud technology to do the heavy lifting for you and care about how you will leverage those cloud components to differentiate yourself.
Resources
Unfortunately I could not join the whole webinar cause of dinner time.
So I have to checkout the following myself.
Forrest has a brilliant article about that here on his website.
Shillings in serverless
Serverless shillings are coming from a combination of serverless resources that you should leverage in an optimal way.
Content
Sheen pointed out that is also a matter of knowing why you do serverless.
The picture is bigger than only thinking about costs or about a definition of "What is serverless".
Why we do serverless is an important question too!
And it is the combination of how you leverage the power of these serverless services that will determine your cost.
Sheen went on to give us insight in the pricing model and use of the different services. He ended with an overal overview.
Takeaways
- Optimise your lambda's (you can use lambda powertools)
- Setup billing alerts!
- Unforeseen things can cost you a lot of money: eg. forgetting to remove your logs.
- Monitor all your environments.
- API Gateway is often more expensive than lambda.
- Use the AWS cost explorer to get insights in your costs.
- When starting a project you need to at least make a rough cost estimation.
- don't try and compare Lambda to EC2. Serverless is a combination of more than lambda!
! Go Build Serverless !
CI/CD for serverless apps
Use CodePipeline to build a production ready CI/CD pipeline with multiple stages and actions.
Content
Some terminology first.
As you can see above a pipeline (CodePipeline) has multiple stages (the white blocks in the picture) which each have multiple stages (rectangles in the white blocks).
Writing a CodePipeline as IaC can be quite tedious. Therefore Marcia provided us with an example (in the resources below).
Best practices :
- Separate environments => Multiple accounts.
- Use the same artifact to deploy on all environments.
- Pick a framework that is right for the job (Serverless Framework, SAM) and stick with it.
- Put buildspec.yaml in root where it is automatically found by CodeBuild
CodeBuild
People are often confused about what is CodeBuild.
Basically it is a server enviroment that you can use to build your code, run tests, package your artifact.
This artifact is then transferred to another action or stage.
You can basically run commands on a server here.
For example when you specify in your pipeline definition that the provider for an action is CodeBuild: Provider: CodeBuild
.
This means that the current action will be performed by CodeBuild.
CodeBuild needs to know the commands it has to execute.
In order to do this it picks up the buildspec.yaml
file that contains the commands.
I advice you to check out the example project in the resources so that you can see for yourself.
Tip: use SAM policy templates if you have to specify permissions using the SAM framework. Saves you a bunch of time!
Resources
Check out this repository for an example pipeline: https://github.com/mavi888/demo-cicd-codepipeline
Attacking serverless servers: servers engineering
You can do a whole lot of reverse engineering that will give you insight in the function runtime environment
Content
If you want a tutorial on how to explore the runtime of your function, definitely rewatch this talk!
Even though the cloud provider does take care of a lot of security for you, you still need to be cautious.
Remediating security risks:
- Limit your policies to only that what is necessary. Don't use "*".
- Automate detection of overly open permissions.
- Monitor for attacks.
- Databases should not be accessible from the internet.
- Trigger an alert when you detect an attack.
Resources
Checkout this repository if you want a tool for a reverse shell to your function and start hacking: https://github.com/pumasecurity/serverless-prey
Beware of the potholes on the road to serverless
Productivity can skyrocket when adopting all the cloud service that enable the power of the cloud. If.. you it the right way.
How do we build serverless services the right way :
- Think about foreseeing observability.
- Think in events when designing your app.
- Still think about security!
- Know the technical limits of the cloud services that you use.
- Think about the bounded context of your application.
Yan went on to give so many good tips that I cannot possibly summarize all of them here.
Tips
- Use a good naming convention for your resources.
- Usually a fat function is not good.. Think about the challenges of bigger codebase to load, more rights for one function, a bug in one functionality impacting another...
- Use multiple accounts for multiple teams and environments.
- Consider ALB or the new HTTP API instead of REST ApiGateway.
- Do two weeks of research and two days of works. Not vice versa..
- Don't write your own deployment framework.
- 1 function is not 1 microservice is not 1 individual git repo. Make it 1 repository per service (combination of resources).
- Store secrets in SSM -> fetch secrets at cold start.
- Lock down the permissions.
- Lambda destinations provide extra context: on Failure caputure the request payload and context + stacktrace + extra metrics.
- Reserve concurrency for your Lambdas.
- Combine provisioned concurrency with autoscaling.
- Use RDS database proxy.
Resources
Deploy necessary alarms for a certain stack: Sar-cloudwatch-alarms-macro.
Humanity impacted by serverless
By Ken Robbins
A serverless project with a higher goal of helping people in need.
Content
Miles4Migrants helps people in need!
They reunite families around the world.
And they do it on top of a simple serverless architecture.
Let's not forget the people in need in this world.
It is beautiful that projects like this can exist on a voluntary basis.
Resources
Contribute to Miles4Migrants!
Summary
Serverless is an inclusive and kind community.
Thank you to all speakers, organisers, sponsors .. for making this possible!
Credits
This conference was made possible by a team of serverless enthousiast! Check out the conference details here: https://virtual.serverlessdays.io/