servicefull - geekwire...management, secret rotation, on-call schedule, configuration management,...

SERVICEFULL Using Serverless to Build Servicefull Applications

Matt Weagle Director of Infrastructure

ShiftLeft, Inc.

TIME

Unknown Dependencies

Unplanned Work

Conflicting Priorities

Neglected Work

Time Thieves

Too Much WIP

10

Software Delivery Performance Metrics

deployfrequencylead/memean/metorestorechangefailpercentage

Deploy Frequency

Lead Time

Mean Time to Restore

Change/Fail Percentage

11

Characteristics of High Performing Teams

Loosely coupled systems

Experimentation & adjustment

WIP limits with shared visualization & feedback loops

Frequent deployments, short-lived branches

Security best handled by shifting left

12

Accelerate Forsgren, Humble, & Kim

“Software delivery performance predicts organizational performance and noncommercial performance.”

Microservices!

Service Boundaries

Even a small number of services requires an ongoing operational resource commitment that must scale sublinearly.

Minimum Expected Commitment

16

Concerns for a Single Service

ConcernsforaSingleService-SeanTreadway

Service name, Programming language(s), Programming paradigm(s), Architectural choices, Integration pattern(s), Transport protocols, Authentication, Authorization, Reporting, ETLs, Databases, Caching, Platform libraries, Service dependencies, CI pipeline dependencies, 3rd party library dependencies, 3rd party service dependencies, Security threat model, License audit, Compliance audit, Capacity plan, Provisioning plan, Cost reporting plan, Monitoring plan, Maintenance process, Backup and restore process, Secret management, Secret rotation, On-call schedule, Configuration management, Workflow management, Alerts, Log aggregation, Unhandled failure aggregation, Operations and incident response runbooks, API documentation, Source code repository, Humane service registry, Service discovery registry, Distributed tracing registry, Monitoring dashboard registry, Build artifact repository, CI pipeline(s): build, test, publish, Integration tests, Contract tests, Canary, Deploy, Post-deploy tests

FOCUS

18

Building Up

19

Cloud Materials

SERVICEFULL Serverless + Cloud Services

Serverless Development Tooling

https://gosparta.io/

CONFIG < CODE

X-Ray CloudWatch

Polly

SSM

Bucket

Website

Comprehend

Presigned S3 URL

Rekognition API Gateway

1

4

3

2

Architecture

Define Lambda Function func (gws *ServicefulService) s3GetPresignedURLLambda(ctx context.Context, apigRequest spartaEvents.APIGatewayRequest) (*presignedResponse, error) { objectPath := fmt.Sprintf("%s/%s",

gws.connections.S3KeyspaceUploads, lambdaContext.AwsRequestID)

putObjectInput := &s3.PutObjectInput{ Bucket: aws.String(s3Resource.ResourceRef), Key: aws.String(objectPath), } presignedReq, _ := s3svc.PutObjectRequest(putObjectInput) url, err := presignedReq.Presign(5 * time.Minute) if nil != err { return nil, err } return &presignedResponse{ PresignedURL: url, }, nil }

Define Lambda Options func (gws *ServicefulService) newS3PresignedPutItemLambda(api *sparta.API)

*sparta.LambdaAWSInfo { // Register lambdaFn := sparta.HandleAWSLambda("PresignedURLProvider", gws.s3GetPresignedURLLambda, sparta.IAMRoleDefinition{}) // IAM lambdaFn.RoleDefinition.Privileges = gws.bucketGetPutPrivileges() // X-Ray lambdaFn.Options.TracingConfig = &gocf.LambdaFunctionTracingConfig{ Mode: gocf.String("Active"), } // API Gateway apiMethod, apiMethodErr := apiGatewayResource.NewMethod("GET", http.StatusOK, http.StatusInternalServerError) … }

Define Lambda Triggers

// IAM Role privileges lambdaFn.RoleDefinition.Privileges =

gws.bucketGetPutPrivileges("polly:SynthesizeSpeech") // Event Triggers lambdaFn.Permissions = append(lambdaFn.Permissions, gws.s3NotificationPrefixBasedPermission(gws.connections.S3KeyPrefix))

Define Service

lambdaFunctions := service.New(connections, apiGateway) stackName := spartaCF.UserScopedStackName("SpartaGeekwire") sparta.MainEx(stackName, fmt.Sprintf("GeekWire service combines S3 with multiple AWS Services"), lambdaFunctions, apiGateway, s3Site, workflowHooks(connections, lambdaFunctions), false)

Provision go run main.go provision --s3Bucket MY_BUCKET

Inline ReactJS build

Deploy ~2 minutes

$ gocloc . ------------------------------------------------------------------------------- Language files blank comment code ------------------------------------------------------------------------------- HTML 2 5991 1707 58556 JSON 5 0 0 13196 JavaScript 9 320 557 813 Go 8 102 179 694 YAML 2 50 1 141 Markdown 15 23 0 66 Makefile 1 11 0 25 BASH 2 1 0 5 Sass 1 0 0 1 ------------------------------------------------------------------------------- TOTAL 45 6498 2444 73497 -------------------------------------------------------------------------------

h@ps://github.com/hha@o/gocloc

Statistics

Azure Machine Learning

Cosmos DB Cloud Functions

AWS Step Functions AWS Athena

Servicefull Landscape

Servicefull in Production

TAKEAWAYS

Loose coupling

Shifted operational responsibilities

Fine-grained access controls

More financial transparency

Incredibly rich landscape

Servicefull Merits

Come for the Resiliency

Stay for the Focus

Enjoy the View

36#WOCinTech

Build something Servicefull! Build something Awesome!

SERVICEFULL Using Serverless to Build Servicefull Applications

Matt Weagle Director of Infrastructure

ShiftLeft, Inc.

Get In Touch @mweagle �

https://www.linkedin.com/in/mweagle/ �

�Serverless Forum Slack, Gophers Slack

Matt Weagle

Discussion