Learning Serverless: Design, Develop, and Deploy with Confidence

Copyright
Table of Contents
Preface
About This Book
How This Book Is Organized
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Introduction to Serverless
What Is Serverless?
History of Serverless
The Cloud Provider Landscape
Reliability, Availability, Disaster Recovery
Strengths of Serverless
Increased Scalability, Security, and Reliability
You Only Pay for What You Use
Saving Time and Money on Managing Servers
Improved Developer Productivity
Decreased Management Responsibilities
Convenient Integrations
Weaknesses of Serverless
The Cold (Start) War
Compute Time
VPC/Network Issues
Application Size
Potential to Be More Expensive
Vendor Lock-In
Complex Debugging
When Does It Make Sense to Use Serverless?
When Is Serverless Compute Not Right for You?
Let’s Get Started
Part I. The Path to Production
Chapter 1. Distributed Systems
What Is a Distributed System?
Why Do We Want a Distributed System?
The Harsh Realities of Distributed Systems
The Physical World
Missing Messages
Unreliable Clocks
Cascading Failures
Unexpected Ordering
Idempotency
What Am I Responsible For?
What Do You Need to Consider When Designing a Distributed System?
Loose Coupling (or Decoupling)
Fault Tolerance
Generating Unique (Primary) Keys
Planning for Idempotency
Two-Phase Changes
Further Reading
Conclusion
Chapter 2. Microservices
Why Do You Want to Use Microservices?
Improved Developer Velocity
Increased Developer Freedom
Issues with Microservices
Increased Complexity
Proper DevOps Practices and Resources Needed
Challenges with Local Development and Testing
How Do You Use Microservices Effectively?
Consistent Interfaces
Loosely Coupled
How Micro Is a Microservice?
Choosing Between Monoliths and Microservices
When Should You Use a Monolith?
When Do You Want to Use Microservices?
Conclusion
Chapter 3. Serverless Architecture and Patterns
The Role of an Architect
What Do You Need to Know to Be an Architect?
Making Decisions
What Kinds of Decisions?
Documenting Your Decisions
How Do We Make Decisions?
When Do We Make Decisions?
Cloud Provider Components
Streams
Queues
Buckets
Compute
Datastores
Identity Service
API Gateways
GraphQL
Networking
State Machines
Logging
Monitoring and Alerting
Events from Your Cloud Provider
Periodic Invocations
Patterns
Example 1: Serverless Monolith
Example 2: Incoming Webhook
Example 3: Using Your Cloud Provider for User Authentication
Example 4: Generic Background Task Pattern
Example 5: Streaming Extract, Transform, Load
Example 6: Create Your Own Polling Integration
Example 7: Processing Files and Images
Example 8: Migration Service Pattern
Example 9: Fanning Out
Conclusion
Chapter 4. Interfaces
Interfaces: Some Assembly Required
The Message
The Protocol
The Contract
Serverless Interfaces
Automatic Retries and Dead Letter Queues
Finite Versus Infinite Scale
Designing Your Interfaces
Messages/Payloads
Sessions and Users/Auth
Avoid Unbounded Requests
Interface Versus Implementation
Lines with Logic
Designing the Unhappy Path
Validating Input
Failures
Strategies for Integrating with Other Services
Time-Outs
Retries
Exponential Backoff
Webhooks
Evaluating External Services
Rate Limits
Conclusion
Part II. The Tools
Chapter 5. The Serverless Framework
Why Use the Serverless Framework?
When the Serverless Framework Isn’t for You
AWS Is the Only First-Class Citizen
AWS CloudFormation Is Not Perfect
Relying on Strangers for Your Infrastructure
What to Know Before You Start
YAML
Node.js
Cloud Resources and Permissions
Infrastructure Templates
Production Secrets
.gitignore
The Components of a serverless.yml File
Provider
Environment
Functions
Resources
Package
Plug-Ins
Custom
Namespacing for Sanity and Security
Using the serverless Command
Installing Serverless
Setting Up Serverless with Credentials
Pulling in Templates Using serverless install
Inspecting the Package of Our Sample Project (What’s Inside)
Deployment
Invoking the Function, and Viewing Logs
Rollbacks
Destroying the Service
Deployment Packages
Real-World serverless.yml
Setting Environment Variables
Modify Permissions
Conclusion
Chapter 6. Monitoring, Observability, and Alerting
What Is Monitoring?
Why Do We Need Monitoring?
How Does Monitoring Relate to Serverless?
The On-Ramp to Automation
What Are My Options?
Hosted SaaS Offerings
Self-Hosted and Open Source
Components of Monitoring
Metrics
Charts/Graphs
Dashboards
Alerts/Alarms
A Selection of Advanced Practices
Heartbeats
Smoke Testing and/or Canaries
The Most Important Metric in the World
Avoiding Vendor Lock-In
Cleaning Up Metrics and Alerts over Time
Conclusion
Chapter 7. Logging
What Does It Mean to Log?
Why Log?
When to Rely on Logs Instead of Metrics
What Should You Log?
What Shouldn’t You Log?
How Does Logging Work?
Ensuring Your Logs Scale
Structured Logging
More Effective Debugging with Logs
Searching Logs
Exception Logging (Sentry)
Collecting Other Logs
Compliance
Distributed Tracing
Encrypting Logs for Privacy and Compliance
Encrypt Only the Values of Sensitive Fields
Encrypt the Entire Log Statement
Conclusion
Chapter 8. Changes, Automation, and Deployment Pipelines
Dealing with Change
The Role of Automation
What Do We Automate?
Getting Your Code Ready for Production
Infrastructure as Code
Database Changes (Migrations)
Configuration Management
What Is a Pipeline?
Decisions to Make Regarding Your Pipeline
Canaries and Blue/Green Deployments
Pipeline Permissions
Why Do You Need a Pipeline?
Key Phases of a Deployment Pipeline
Step 1. Enforce Standards
Step 2. Build and Package
Step 3. Test
Step 4. Publish the Artifact
Step 5. Deploy to the Target Environment
Step 6. Validate Deployment
Step 7. Roll Back if Necessary (and Possible)
Handling Pipeline Failures
Conclusion
Part III. Concepts
Chapter 9. Security, Permissions, and Privacy
Everyone Is Responsible, but You Are Especially Responsible
Prepare to Be Hacked
Understanding Your Threats and Your Attackers
Design for Security
Limit, Track, and Review All Secrets and Access
Be Ready to Roll
Defense in Depth
Limit Blast Radius
Trust but Verify
Validate All User Input and Double-Check Those Settings
Monitoring Your System for Anomalies
Test Your Security
Select Dependencies Carefully and Keep Your Software Up to Date
Prioritize Privacy for Your Data and Your Customers’ Data
Don’t Mess with Production
Keep Your Machine Secure
Keep Learning
Conclusion
Chapter 10. Quality, Testing, and Staging
The Role of Code Quality
Code Style
Linting
Testing
What to Test and What Not to Test
Types of Testing
Code Coverage
Power Up Your Testing
Staging
Conclusion
Chapter 11. Planning for Failure
Introduction: Understand It, Even if You Don’t Manage It
Identify Risks
Exercise: Finding Your Failure Points
Be Prepared
Making a Runbook
Planning for Outages
On-Call/Escalation Plan
Monitor Your Cloud Provider
Know Your (Service) Limits
Conclusion
Chapter 12. Conclusion
Deciding among Vendors
Community
Gather the Advice of Others
What to Do When You Get Stuck
Taking the Next Step in Your Career
Index
About the Author
Colophon