Building a Development Workflow for Serverless Applications - March 2017 AWS Online Tech Talks

2. About me: Chris Munns - munns@amazon.com, @chrismunns • Senior Developer Advocate - Serverless • New Yorker • Previously: • Business Development Manager – DevOps, July ’15 - Feb ‘17 • AWS Solutions Architect Nov, 2011- Dec 2014 • Formerly on operations teams @Etsy and @Meetup • Little time at a hedge fund, Xerox and a few other startups • Rochester Institute of Technology: Applied Networking and Systems Administration ’05 • Internet infrastructure geek

3. https://secure.flickr.com/photos/mgifford/4525333972 Why are we here today?

4. No servers to provision or manage Scales with usage Never pay for idle Availability and fault tolerance built in Serverless means…

5. Serverless application SERVICES (ANYTHING) Changes in data state Requests to endpoints Changes in resource state EVENT SOURCE FUNCTION Node.js Python Java C#

6. Common Lambda use cases Web Applications • Static websites • Complex web apps • Packages for Flask and Express Data Processing • Real time • MapReduce • Batch Chatbots • Powering chatbot logic Backends • Apps & services • Mobile • IoT </></> Amazon Alexa • Powering voice-enabled apps • Alexa Skills Kit IT Automation • Policy engines • Extending AWS services • Infrastructure management

7. Amazon S3 Amazon DynamoDB Amazon Kinesis AWS CloudFormation AWS CloudTrail Amazon CloudWatch Amazon Cognito Amazon SNSAmazon SES Cron events DATA STORES ENDPOINTS DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES Event sources that trigger AWS Lambda … and a few more with more on the way! AWS CodeCommit Amazon API Gateway Amazon Alexa AWS IoT AWS Step Functions

8. Development Workflow Considerations If we combined all of our use-cases with all of our event sources, we end up with A LOT of possible options. • What AWS resources do we need to provision and configure and how should we do that? • How do we establish independent environments? • How can we ensure that we are testing and validating our architecture and application along the way? • How can we best automate all of the above?

9. Development Workflow Checklist Model your application and infrastructure resources Configure multiple environments Establish your testing/validation model Automate your delivery process

10. Model our application and infrastructure resources An example of services for building serverless applications: Best practice: Manage these AWS resources with “Infrastructure as Code” practices/tools! Amazon API Gateway AWS Step Functions Amazon S3 Amazon DynamoDB Amazon Kinesis AWS Lambda Amazon SNS

11. Create templates of your infrastructure CloudFormation provisions AWS resources based on dependency needs Version control/replicate/update templates like code Integrates with development, CI/CD, management tools JSON and YAML supported AWS CloudFormation

12. AWSTemplateFormatVersion: '2010-09-09' Resources: GetHtmlFunctionGetHtmlPermissionProd: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* ServerlessRestApiProdStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: Ref: ServerlessRestApiDeployment RestApiId: Ref: ServerlessRestApi StageName: Prod ListTable: Type: AWS::DynamoDB::Table Properties: ProvisionedThroughput: WriteCapacityUnits: 5 ReadCapacityUnits: 5 AttributeDefinitions: - AttributeName: id AttributeType: S KeySchema: - KeyType: HASH AttributeName: id GetHtmlFunction: Type: AWS::Lambda::Function Properties: Handler: index.gethtml Code: S3Bucket: flourish-demo-bucket S3Key: todo_list.zip Role: Fn::GetAtt: - GetHtmlFunctionRole - Arn Runtime: nodejs4.3 GetHtmlFunctionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com ServerlessRestApiDeployment: Type: AWS::ApiGateway::Deployment Properties: RestApiId: Ref: ServerlessRestApi Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d' StageName: Stage GetHtmlFunctionGetHtmlPermissionTest: Type: AWS::Lambda::Permission Properties: Action: lambda:invokeFunction Principal: apigateway.amazonaws.com FunctionName: Ref: GetHtmlFunction SourceArn: Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/* ServerlessRestApi: Type: AWS::ApiGateway::RestApi Properties: Body: info: version: '1.0' title: Ref: AWS::StackName paths: "/{proxy+}": x-amazon-apigateway-any-method: x-amazon-apigateway-integration: httpMethod: ANY type: aws_proxy uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03- 31/functions/${GetHtmlFunction.Arn}/invocations responses: {} swagger: '2.0' CloudFormation template

14. AWS Serverless Application Model (SAM) CloudFormation extension optimized for serverless New serverless resource types: functions, APIs, and tables Supports anything CloudFormation supports Open specification (Apache 2.0) https://github.com/awslabs/serverless-application-model

16. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable

17. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetHtmlFunction: Type: AWS::Serverless::Function Properties: CodeUri: s3://sam-demo-bucket/todo_list.zip Handler: index.gethtml Runtime: nodejs4.3 Policies: AmazonDynamoDBReadOnlyAccess Events: GetHtml: Type: Api Properties: Path: /{proxy+} Method: ANY ListTable: Type: AWS::Serverless::SimpleTable Tells CloudFormation this is a SAM template it needs to “transform” Creates a Lambda function with the referenced managed IAM policy, runtime, code at the referenced zip location, and handler as defined. Also creates an API Gateway and takes care of all mapping/permissions necessary Creates a DynamoDB table with 5 Read & Write units

18. SAM template From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml <-THIS BECOMES THIS->

19. SAM Template Properties AWS::Serverless::Function AWS::Serverless::Api AWS::Serverless::SimpleTable From SAM Version 2016-10-31

20. SAM Template Properties AWS::Serverless::Function AWS::Serverless::Api AWS::Serverless::SimpleTable Handler: index.js Runtime: nodejs4.3 CodeUri: 's3://my-code-bucket/my- function.zip' Description: Creates thumbnails of uploaded images MemorySize: 1024 Timeout: 15 Policies: AmazonS3FullAccess Environment: Variables: TABLE_NAME: my-table Events: PhotoUpload: Type: S3 Properties: Bucket: my-photo-bucket From SAM Version 2016-10-31

21. SAM Template Properties AWS::Serverless::Function AWS::Serverless::Api AWS::Serverless::SimpleTable StageName: prod DefinitionUri: swagger.yml CacheClusterEnabled: true CacheClusterSize: 28.4 Variables: VarName: VarValue From SAM Version 2016-10-31

22. SAM Template Properties AWS::Serverless::Function AWS::Serverless::Api AWS::Serverless::SimpleTable PrimaryKey: Name: id Type: String ProvisionedThroughput: ReadCapacityUnits: 5 WriteCapacityUnits: 5 From SAM Version 2016-10-31

23. SAM Template Capabilities • Can mix in other non-SAM CloudFormation resources in the same template • i.e. S3, Kinesis, Step Functions • Supports use of Parameters, Mappings, Outputs, etc • Supports Intrinsic Functions • Can use ImportValue (exceptions for RestApiId, Policies, StageName attributes) • YAML or JSON

24. AWS commands – Package & Deploy Package •Creates a deployment package (.zip file) •Uploads deployment package to an Amazon S3 bucket •Adds a CodeUri property with S3 URI Deploy •Calls CloudFormation ‘CreateChangeSet’ API •Calls CloudFormation ‘ExecuteChangeSet’ API

25. Development Workflow Checklist  Model your application and infrastructure resources Configure multiple environments Establish your testing/validation model Automate your delivery process

26. Configure multiple environments A good developer knows they need different environments for building, testing, and running their application! Why? • Avoid overlapping usage of resources • Safely test new code without impacting your customers • Safely test infrastructure changes How? • AWS Account strategies • Using Infrastructure as Code tools • Automating application delivery/testing

27. Two popular ways to do this: Same account, different stacks: + Easier management of resources + Easier visibility via management/monitoring tools - Can be harder to create permission/access separation Better for smaller teams/individuals Configure multiple environments Multiple accounts: + Assured separation of permissions and access + Resource limits per account to control usage - Overhead of managing multiple accounts and controls between them Better for larger teams/companies !! Check out AWS Organizations

28. Template File Defining Stack Source Control Dev Test Prod Use the version control system of your choice to store and track changes to this template Build out multiple environments, such as for Development, Test, Production and even DR using the same template, even across accounts Many Environments from One Template

29. Development Workflow Checklist  Model your application and infrastructure resources  Configure multiple environments Establish your testing/validation model Automate your delivery process

30. Establish our testing/validation model We want to make sure our code: • is without syntax issues • meets company standards for format • compiles • is sufficiently tested at the code level via unit tests We want to make sure our serverless service: • functions as it is supposed to in relation to other components • has appropriate mechanisms to handle failures up or down stream We want to make sure our entire application/infrastructure: • functions end to end • follows security best practices • handles scaling demands

31. Building a deployment package Node.js & Python • .zip file consisting of your code and any dependencies • Use npm/pip to install libraries • All dependencies must be at root level Java • Either .zip file with all code/dependencies, or standalone .jar • Use Maven / Eclipse IDE plugins • Compiled class & resource files at root level, required jars in /lib directory C# (.NET Core) • Either .zip file with all code/dependencies, or a standalone .dll • Use NuGet / VisualStudio plugins • All assemblies (.dll) at root level

32. Fully managed build service that compiles source code, runs tests, and produces software packages Scales continuously and processes multiple builds concurrently You can provide custom build environments suited to your needs via Docker images Only pay by the minute for the compute resources you use Launched with CodePipeline and Jenkins integration New: Can be used as a “Test” action in CodePipeline AWS CodeBuild

33. version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json buildspec.yml Example

34. version: 0.1 environment_variables: plaintext: "INPUT_FILE": "saml.yaml” "S3_BUCKET": "" phases: install: commands: - npm install pre_build: commands: - eslint *.js build: commands: - npm test post_build: commands: - aws cloudformation package --template $INPUT_FILE --s3- bucket $S3_BUCKET --output-template post-saml.yaml artifacts: type: zip files: - post-saml.yaml - beta.json • Variables to be used by phases of build • Examples for what you can do in the phases of a build: • You can install packages or run commands to prepare your environment in ”install”. • Run syntax checking, commands in “pre_build”. • Execute your build tool/command in “build” • Test your app further or ship a container image to a repository in post_build • Create and store an artifact in S3 buildspec.yml Example

35. Development Workflow Checklist  Model your application and infrastructure resources  Configure multiple environments  Establish your testing/validation model Automate your delivery process

36. Release processes levels Source Build Test Production Continuous integration Continuous delivery Continuous deployment

37. Continuous delivery service for fast and reliable application updates Model and visualize your software release process Builds, tests, and deploys your code every time there is a code change Integrates with third-party tools and AWS AWS CodePipeline

38. Delivery via CodePipeline Pipeline flow: 1. Commit your code to a source code repository 2. Package/Test in CodeBuild 3. Use CloudFormation actions in CodePipeline to create or update stacks via SAM templates Optional: Make use of ChangeSets 4. Make use of specific stage/environment parameter files to pass in Lambda variables 5. Test our application between stages/environments Optional: Make use of Manual Approvals

39. Testing tools Code Inspection/Test Coverage: • Landscape - https://landscape.io/ (only for Python) • CodeClimate - https://codeclimate.com/ • Coveralls.io - https://coveralls.io/ Mocking/stubbing tools: • https://github.com/atlassian/localstack - “A fully functional local AWS cloud stack. Develop and test your cloud apps offline!” • Includes: • https://github.com/spulec/moto - boto mock tool • https://github.com/mhart/dynalite - DynamoDB testing tool • https://github.com/mhart/kinesalite - Kinesis testing tool • more! API Interface/UI testing: • Runscope - https://www.runscope.com/ - API Monitoring/Testing • Ghost Inspector - https://ghostinspector.com/ - Web interface testing

40. Source Source CodeCommit MyApplication An example minimal pipeline: Build test-build-source CodeBuild Deploy Testing create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-stubs AWS Lambda Deploy Staging create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Run-API-test Runscope QA-Sign-off Manual Approval Review Deploy Prod create-changeset AWS CloudFormation execute-changeset AWS CloudFormation Post-Deploy-Slack AWS Lambda This pipeline: • Five Stages • Builds code artifact • Three deployed to “Environments” • Uses CloudFormation to deploy artifact and other AWS resources • Has Lambda custom actions for running my own testing functions • Integrates with a 3rd party tool/service • Has a manual approval before deploying to production

41. Development Workflow Checklist  Model your application and infrastructure resources  Configure multiple environments  Establish your testing/validation model  Automate your delivery process

42. DEMO!

43. aws.amazon.com/serverless

44. Additional Resources Serverless Application Model (SAM) - https://github.com/awslabs/serverless- application-model Learn more: AWS Lambda: https://aws.amazon.com/lambda Amazon API Gateway: https://aws.amazon.com/api-gateway AWS Step Functions: https://aws.amazon.com/step-functions Products that helped us today: CloudFormation: https://aws.amazon.com/cloudformation CodePipeline: https://aws.amazon.com/codepipeline CodeBuild: https://aws.amaz.com/codebuild

45. ? https://secure.flickr.com/photos/dullhunk/202872717/

Building a Development Workflow for Serverless Applications - March 2017 AWS Online Tech Talks

Amazon Web Services

Building a Development Workflow for Serverless Applications - March 2017 AWS Online Tech Talks