Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) - AWS re:Invent 2018

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best Practices for CI/CD with AWS
Lambda and Amazon API
Gateway
Chris Munns
Principal Developer Advocate
AWS Serverless
S R V 3 5 5

About me:
Chris Munns - munns@amazon.com, @chrismunns
Principal Developer Advocate - Serverless
New Yorker
Previously:
AWS Business Development Manager – DevOps, July ’15 - Feb ‘17
AWS Solutions Architect Nov, 2011- Dec 2014
Formerly on operations teams @Etsy and @Meetup
Little time at a hedge fund, Xerox and a few other startups
Rochester Institute of Technology: Applied Networking and Systems
Administration ’05
Internet infrastructure geek

https://secure.flickr.com/photos/mgifford/4525333972
Why are we
here today?

Serverless applications
SERVICES (ANYTHING)
Changes in
data state
Requests to
endpoints
Changes in
resource state
EVENT SOURCE FUNCTION
Node.js
Python
Java
C#
Go

Where do you ..
https://secure.flickr.com/photos/stevendepolo/57491920?

Meet
SAM!

AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized for
serverless
New serverless resource types: functions,
APIs, and tables
Supports anything AWS CloudFormation
supports
Open specification (Apache 2.0)
https://aws.amazon.com/serverless/sam

SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs6.10
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable

SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs6.10
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells AWS CloudFormation this is a
SAM template it needs to
“transform”
Creates a AWS Lambda function
with the referenced managed AWS
IAM policy, runtime, code at the
referenced zip location, and handler
as defined. Also creates an Amazon
API Gateway and takes care of all
mapping/permissions necessary
Creates a Amazon DynamoDB table
with 5 Read & Write units

https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
<-THIS
BECOMES THIS->
AWS SAM Templates

AWS SAM Template Properties
Handler: index.js
Runtime: nodejs4.3
CodeUri: 's3://my-code-bucket/my-function.zip'
Description: Creates thumbnails of uploaded
images
MemorySize: 1024
Timeout: 15
Policies: AmazonS3FullAccess
Environment:
Variables:
TABLE_NAME: my-table
Events:
PhotoUpload:
Type: S3
Properties:
Bucket: my-photo-bucket
Tracing: Active|PassThrough
Tags:
AppNameTag: ThumbnailApp
DepartmentNameTag: ThumbnailDepartment
From SAM Version 2016-10-31
AWS::Serverless::Function
AWS::Serverless::Api
AWS::Serverless::SimpleTable

StageName: prod
DefinitionUri: swagger.yml
CacheClusterEnabled: true
CacheClusterSize: 28.4
EndpointConfiguration: REGIONAL
Variables:
VarName: VarValue

PrimaryKey:
Name: id
Type: String
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
Tags:
Department: Engineering
AppType: Serverless
SSESpecification:
SSEEnabled: true

Note: Events are a map of string to Event Source
Object
Event Source Objects have the following structure:
Type:
Properties:
For Example:
Events:
MyEventName:
Type: S3
Properties:
Bucket: my-photo-bucket
AWS::Serverless::Function Event source types
S3
SNS
Kinesis | DynamoDB
Api
Schedule
CloudWatchEvent
IoTRule
AlexaSkill

AWS Lambda Environment Variables
• Key-value pairs that you can dynamically pass to
your function
• Available via standard environment variable APIs
such as process.env for Node.js or os.environ for
Python
• Can optionally be encrypted via AWS Key
Management Service (KMS)
• Allows you to specify in IAM what roles have access to the keys
to decrypt the information
• Useful for creating environments per stage (i.e.
dev, testing, production)

Amazon API Gateway Stage Variables
Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API
Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings

AWS SAM Template Capabilities
• Can mix in other non-SAM CloudFormation
resources in the same template
• i.e. Amazon S3, Amazon Kinesis, AWS Step
Functions
• Supports use of Parameters, Mappings, Outputs,
etc
• Supports Intrinsic Functions
• Can use ImportValue
(exceptions for RestApiId, Policies, StageName attributes)
• YAML or JSON

AWS Lambda and Amazon API Gateway Variables + SAM
Parameters:
MyEnvironment:
Type: String
Default: testing
AllowedValues:
- testing
- staging
- prod
Description: Environment of this stack of
resources
Mappings:
SpecialFeature1:
testing:
status: on
staging:
status: on
prod:
status: off
#Lambda
MyFunction:
Type: 'AWS::Serverless::Function'
Properties:
…
Environment:
Variables:
ENVIRONMENT: !Ref: MyEnvironment
Spec_Feature1: !FindInMap [SpecialFeature1,
!Ref MyEnvironment, status]
…
#API Gateway
MyApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
…
Variables:

Parameters:
MyEnvironment:
Type: String
Default: testing
AllowedValues:
- testing
- staging
- prod
Description: Environment of this stack of
resources
Mappings:
SpecialFeature1:
testing:
status: on
staging:
status: on
prod:
status: off
#Lambda
MyFunction:
Type: 'AWS::Serverless::Function'
Properties:
…
Environment:
Variables:
Spec_Feature1: !FindInMap [SpecialFeature1,
!Ref MyEnvironment, status]
…
#API Gateway
MyApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
…
Variables:
AWS Lambda and Amazon API Gateway Variables + SAM

Stage Variables and AWS Lambda Aliases
Using Stage Variables in API Gateway together with Lambda function
Aliases you can manage a single API configuration and Lambda function
for multiple environment stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev

AWS Lambda Alias Traffic Shifting
myLambdaFunction
1
2
3 = prod
4
5
6 = prod 5%
My First API
Prod
lambdaAlias = prod

AWS SAM + Safe Deployments
MyLambdaFunction:
Properties:
Handler: index.handler
Runtime: nodejs6.10
AutoPublishAlias: !Ref ENVIRONMENT
DeploymentPreference:
Type: Linear10PercentEvery10Minutes
Alarms:
# A list of alarms that you want to monitor
- !Ref AliasErrorMetricGreaterThanZeroAlarm
- !Ref LatestVersionErrorMetricGreaterThanZeroAlarm
Hooks:
# Validation Lambda functions that are run before & after traffic shifting
PreTraffic: !Ref PreTrafficLambdaFunction
PostTraffic: !Ref PostTrafficLambdaFunction

AWS Lambda Alias Traffic Shifting & AWS SAM
AutoPublishAlias
By adding this property and specifying an
alias name, AWS SAM will do the
following:
• Detect when new code is being
deployed based on changes to the
Lambda function's Amazon S3 URI.
• Create and publish an updated version
of that function with the latest code.
• Create an alias with a name you
provide (unless an alias already exists)
and points to the updated version of
the Lambda function.
Deployment Preference Type
Canary10Percent30Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
AllAtOnce
In SAM:

AWS Lambda Alias Traffic Shifting & AWS SAM
Alarms: # A list of alarms that you want to monitor
- !Ref AliasErrorMetricGreaterThanZeroAlarm
- !Ref LatestVersionErrorMetricGreaterThanZeroAlarm
Hooks: # Validation Lambda functions that are run before & after
traffic shifting
PreTraffic: !Ref PreTrafficLambdaFunction
PostTraffic: !Ref PostTrafficLambdaFunction
Note: You can specify a maximum of 10 alarms
In SAM:

AWS Lambda Alias Traffic Shifting
myLambdaFunction
1
...
6 = prod
My First API
Prod
lambdaAlias = prod

AWS SAM Globals
Globals:
Function:
Runtime: nodejs6.10
CodeUri: s3://code-artifacts/pet_app1234.zip
MemorySize: 1024
Timeout: 30
AutoPublishAlias: !Ref ENVIRONMENT
getDogsFunction:
Properties:
Handler: getdogs.handler
Events:
GetDogs:
Type: Api
Properties:
Path: /Dogs
Method: ANY
getCatsFunction:
Properties:
Handler: getCats.handler
Events:
GetCats:
Type: Api
Properties:
Path: /Cats
Method: ANY
getBirdsFunction:
Properties:
Handler: getBirds.handler
Timeout: 15
Events:
GetBirds:
Type: Api
Properties:
Path: /Birds
Method: ANY

AWS SAM Policy Templates
MyQueueFunction:
Properties:
...
Policies:
# Gives permissions to poll an SQS Queue
- SQSPollerPolicy:
queueName: !Ref MyQueue
...
MyQueue:
Type: AWS::SQS::Queue

SAM Policy Templates
45+ predefined policies
All found here:
https://bit.ly/2xWycnj

AWS SAM Best Practices
• Use Parameters and Mappings when possible to
build dynamic templates based on user inputs
and pseudo parameters such as AWS::Region
• Use the Globals section to simplify templates
• Use ExportValue & ImportValue to share
resource information across stacks
• Build out multiple environments, such as for
Development, Test, Production and even DR
using the same template, even across accounts SAM Template
Source
Control
Dev
Test
Prod

AWS SAM Best Practices
• Unless function handlers share code, split them into
their own independent Lambda functions files or
binaries
• Another option is to use language specific packages to
share common code between functions
• Unless independent Lambda functions share event
sources, split them into their own code repositories
with their own SAM templates
• Locally lint & validate your YAML or JSON SAM files
before committing them. Then do it again in your
CI/CD process

AWS Cloud9

AWS SAM CLI
CLI tool for local development, debugging, testing,
deploying and monitoring of serverless applications
Supports API Gateway “proxy-style” and Lambda service
API testing
Response object and function logs available on your local
machine
Uses open source docker-lambda images to mimic
Lambda’s execution environment such as timeout, memory
limits, runtimes
Can tail production logs from CloudWatch Logs
https://aws.amazon.com/serverless/sam

Build & deploy your
application
https://secure.flickr.com/photos/spenceyc/7481166880

Building a deployment package
Node.js & Python
• .zip file consisting
of your code and
any dependencies
• Use npm/pip to
install libraries
• All dependencies
must be at root
level
Java
• Either .zip file with all
code/dependencies,
or standalone .jar
• Use Maven / Eclipse
IDE plugins
• Compiled class &
resource files at root
level, required jars in
/lib directory
C# (.NET Core)
• Either .zip file with
all code /
dependencies, or a
standalone .dll
• Use NuGet /
VisualStudio
plugins
• All assemblies (.dll)
at root level
Go
• .zip file
consisting of
your Go binary
and any
dependencies
• Use “go get” to
install
dependencies

AWS CodeBuild
Fully managed build service that can compile source
code, runs tests, and produces software packages
Scales continuously and processes multiple builds
concurrently
Can consume environment variables from AWS SSM
Parameter Store
NEW: Can run in your VPC and locally!
Supports dependency caching

buildspec.yml Example
version: 0.1
environment_variables:
plaintext:
"INPUT_FILE": "saml.yaml”
"S3_BUCKET": ""
phases:
install:
commands:
- npm install
pre_build:
commands:
- eslint *.js
build:
commands:
- npm test
post_build:
commands:
- aws cloudformation package --template $INPUT_FILE --s3-
bucket $S3_BUCKET --output-template post-saml.yaml
artifacts:
type: zip
files:
- post-saml.yaml
- beta.json

buildspec.yml Example
• Variables to be used by phases
of build
• Examples for what you can do in
the phases of a build:
• You can install packages or run
commands to prepare your
environment in ”install”.
• Run syntax checking,
commands in “pre_build”.
• Execute your build
tool/command in “build”
• Test your app further or ship a
container image to a repository
in post_build
• Create and store an artifact in
Amazon S3
version: 0.1
environment_variables:
plaintext:
"INPUT_FILE": "saml.yaml”
"S3_BUCKET": ""
phases:
install:
commands:
- npm install
pre_build:
commands:
- eslint *.js
build:
commands:
- npm test
post_build:
commands:
- aws cloudformation package --template $INPUT_FILE --s3-
bucket $S3_BUCKET --output-template post-saml.yaml
artifacts:
type: zip
files:
- post-saml.yaml
- beta.json

Building your
pipeline
https://www.flickr.com/photos/seattlemunicipalarchives/12504672623/

Continuous delivery service for fast and
reliable application updates
Model and visualize your software release
process
Builds, tests, and deploys your code every
time there is a code change
Integrates with third-party tools and AWS
AWS CodePipeline

An example minimal Developer’s pipeline:
MyBranch-Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
MyDev-Deploy
create-changeset
AWS CloudFormation
execute-changeset
AWS CloudFormation
Run-stubs
AWS Lambda
This pipeline:
• Three Stages
• Builds code artifact
• One Development environment
• Uses SAM/CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions

An example minimal production pipeline:
This pipeline:
• Five Stages
• Builds code artifact
• Three deployed to
“Environments”
• Uses SAM/CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a 3rd party
tool/service
• Has a manual approval before
deploying to production
Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWS Lambda

Where and what to test?
Source
MyApplication
Build
Deploy Testing
Deploy Staging
Deploy Prod
• Code review via Pull
Requests
• Lint/syntax check
• Unit tests pass
• Code successfully
compiles
• Application deploys
successfully
• Mocked/stubbed
integration tests
• Application deploys
successfully
• Tests against real services
(potentially against
production dependencies)
• Deploy canaries
• Complete wait period
successfully
• Deploy 100%
1.
2.
3.
4.
5.

Environments, Stages, Versioning, & Canaries?
A few best practices:
1. Use blue|green or canaries for production deployments with a
rollback as automated as possible
2. In Lambda Versioning is useful if you need to support multiple
versions to multiple consumers/invocation points
3. In API-Gateway Stages work similarly and are useful if you need to
support multiple API versions
4. Try to always have separate “stacks” for Development, Testing,
Staging, Production environments
1. Do not use Stages or Versioning for this
2. Think about having different accounts all together for
different environments

Start with AWS CodeStar

FIN, ACK
• AWS SAM: Easily get started building new serverless applications!
Local testing, deploy, and then manage after!
• Peer review: Step 1 for most CI/CD processes
• Continuous Integration: A Must!
• Continuous Delivery: Configure it up through pre-Production
environments, use a ”gate” or manual approval/task to push to
production
• Multiple Environments: So easy and so low cost with #serverless
• “Basic” 5 stage pipeline: Source, Build, Test, Pre-Production,
Production

aws.amazon.com/serverless

Learn more at sessions and breakouts
Thursday, November 29
Leadership Session: Using DevOps, Microservices, and Serverless to
Accelerate Innovation (SRV325)
12:15 – 1:15 PM | Venetian Theatre (Level 2)
A Serverless Journey: AWS Lambda Under the Hood (SRV409-R1)
1:45 PM - 2:45 PM | Numerous overflow rooms
Inside AWS: Technology Choices for Modern Applications (SRV305-R1)
2:30 PM - 3:30 PM | Numerous overflow rooms

Thank you!
Chris Munns – Principal Developer
Advocate – AWS Serverless
munns@amazon.com
@chrismunns

Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) - AWS re:Invent 2018

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) - AWS re:Invent 2018

Semelhante a Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) - AWS re:Invent 2018 (20)

Mais de Amazon Web Services

Mais de Amazon Web Services (20)

Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) - AWS re:Invent 2018