Learning Serverless

Book description

Whether your company is considering serverless computing or has already made the decision to adopt this model, this practical book is for you. Author Jason Katzer shows early- and mid-career developers what's required to build and ship maintainable and scalable services using this model.

With this book, you'll learn how to build a modern production system in the cloud, viewed through the lens of serverless computing. You'll discover how serverless can free you from the tedious task of setting up and maintaining systems in production. You'll also explore new ways to level up your career and design, develop, and deploy with confidence.

In three parts, this book includes:

  • The Path to Production: Examine the ins and outs of distributed systems, microservices, interfaces, and serverless architecture and patterns
  • The Tools: Dive into monitoring, observability and alerting, logging, pipelines, automation, and deployment
  • Concepts: Learn how to design security and privacy, how to manage quality through testing and staging, and how to plan for failure

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. About This Book
    2. How This Book Is Organized
    3. Conventions Used in This Book
    4. O’Reilly Online Learning
    5. How to Contact Us
    6. Acknowledgments
  2. Introduction to Serverless
    1. What Is Serverless?
      1. History of Serverless
      2. The Cloud Provider Landscape
      3. Reliability, Availability, Disaster Recovery
    2. Strengths of Serverless
      1. Increased Scalability, Security, and Reliability
      2. You Only Pay for What You Use
      3. Saving Time and Money on Managing Servers
      4. Improved Developer Productivity
      5. Decreased Management Responsibilities
      6. Convenient Integrations
    3. Weaknesses of Serverless
      1. The Cold (Start) War
      2. Compute Time
      3. VPC/Network Issues
      4. Application Size
      5. Potential to Be More Expensive
      6. Vendor Lock-In
      7. Complex Debugging
    4. When Does It Make Sense to Use Serverless?
    5. When Is Serverless Compute Not Right for You?
    6. Let’s Get Started
  3. I. The Path to Production
  4. 1. Distributed Systems
    1. What Is a Distributed System?
    2. Why Do We Want a Distributed System?
    3. The Harsh Realities of Distributed Systems
      1. The Physical World
      2. Missing Messages
      3. Unreliable Clocks
      4. Cascading Failures
      5. Unexpected Ordering
      6. Idempotency
    4. What Am I Responsible For?
    5. What Do You Need to Consider When Designing a Distributed System?
      1. Loose Coupling (or Decoupling)
      2. Fault Tolerance
      3. Generating Unique (Primary) Keys
      4. Planning for Idempotency
      5. Two-Phase Changes
    6. Further Reading
    7. Conclusion
  5. 2. Microservices
    1. Why Do You Want to Use Microservices?
      1. Improved Developer Velocity
      2. Increased Developer Freedom
    2. Issues with Microservices
      1. Increased Complexity
      2. Proper DevOps Practices and Resources Needed
      3. Challenges with Local Development and Testing
    3. How Do You Use Microservices Effectively?
      1. Consistent Interfaces
      2. Loosely Coupled
    4. How Micro Is a Microservice?
    5. Choosing Between Monoliths and Microservices
      1. When Should You Use a Monolith?
      2. When Do You Want to Use Microservices?
    6. Conclusion
  6. 3. Serverless Architecture and Patterns
    1. The Role of an Architect
    2. What Do You Need to Know to Be an Architect?
    3. Making Decisions
      1. What Kinds of Decisions?
      2. Documenting Your Decisions
      3. How Do We Make Decisions?
      4. When Do We Make Decisions?
    4. Cloud Provider Components
      1. Streams
      2. Queues
      3. Buckets
      4. Compute
      5. Datastores
      6. Identity Service
      7. API Gateways
      8. GraphQL
      9. Networking
      10. State Machines
      11. Logging
      12. Monitoring and Alerting
    5. Events from Your Cloud Provider
      1. Periodic Invocations
    6. Patterns
      1. Example 1: Serverless Monolith
      2. Example 2: Incoming Webhook
      3. Example 3: Using Your Cloud Provider for User Authentication
      4. Example 4: Generic Background Task Pattern
      5. Example 5: Streaming Extract, Transform, Load
      6. Example 6: Create Your Own Polling Integration
      7. Example 7: Processing Files and Images
      8. Example 8: Migration Service Pattern
      9. Example 9: Fanning Out
    7. Conclusion
  7. 4. Interfaces
    1. Interfaces: Some Assembly Required
      1. The Message
      2. The Protocol
      3. The Contract
    2. Serverless Interfaces
      1. Automatic Retries and Dead Letter Queues
      2. Finite Versus Infinite Scale
    3. Designing Your Interfaces
      1. Messages/Payloads
      2. Sessions and Users/Auth
      3. Avoid Unbounded Requests
      4. Interface Versus Implementation
      5. Lines with Logic
    4. Designing the Unhappy Path
      1. Validating Input
      2. Failures
    5. Strategies for Integrating with Other Services
      1. Time-Outs
      2. Retries
      3. Exponential Backoff
      4. Webhooks
      5. Evaluating External Services
      6. Rate Limits
    6. Conclusion
  8. II. The Tools
  9. 5. The Serverless Framework
    1. Why Use the Serverless Framework?
    2. When the Serverless Framework Isn’t for You
      1. AWS Is the Only First-Class Citizen
      2. AWS CloudFormation Is Not Perfect
      3. Relying on Strangers for Your Infrastructure
    3. What to Know Before You Start
      1. YAML
      2. Node.js
      3. Cloud Resources and Permissions
      4. Infrastructure Templates
      5. Production Secrets
      6. .gitignore
    4. The Components of a serverless.yml File
      1. Provider
      2. Environment
      3. Functions
      4. Resources
      5. Package
      6. Plug-Ins
      7. Custom
      8. Namespacing for Sanity and Security
    5. Using the serverless Command
      1. Installing Serverless
      2. Setting Up Serverless with Credentials
      3. Pulling in Templates Using serverless install
      4. Inspecting the Package of Our Sample Project (What’s Inside)
      5. Deployment
      6. Invoking the Function, and Viewing Logs
      7. Rollbacks
      8. Destroying the Service
      9. Deployment Packages
    6. Real-World serverless.yml
      1. Setting Environment Variables
      2. Modify Permissions
    7. Conclusion
  10. 6. Monitoring, Observability, and Alerting
    1. What Is Monitoring?
      1. Why Do We Need Monitoring?
      2. How Does Monitoring Relate to Serverless?
      3. The On-Ramp to Automation
    2. What Are My Options?
      1. Hosted SaaS Offerings
      2. Self-Hosted and Open Source
    3. Components of Monitoring
      1. Metrics
      2. Charts/Graphs
      3. Dashboards
      4. Alerts/Alarms
    4. A Selection of Advanced Practices
      1. Heartbeats
      2. Smoke Testing and/or Canaries
      3. The Most Important Metric in the World
      4. Avoiding Vendor Lock-In
      5. Cleaning Up Metrics and Alerts over Time
    5. Conclusion
  11. 7. Logging
    1. What Does It Mean to Log?
    2. Why Log?
    3. When to Rely on Logs Instead of Metrics
    4. What Should You Log?
    5. What Shouldn’t You Log?
    6. How Does Logging Work?
      1. Ensuring Your Logs Scale
      2. Structured Logging
      3. More Effective Debugging with Logs
      4. Searching Logs
      5. Exception Logging (Sentry)
    7. Collecting Other Logs
    8. Compliance
    9. Distributed Tracing
    10. Encrypting Logs for Privacy and Compliance
      1. Encrypt Only the Values of Sensitive Fields
      2. Encrypt the Entire Log Statement
    11. Conclusion
  12. 8. Changes, Automation, and Deployment Pipelines
    1. Dealing with Change
    2. The Role of Automation
      1. What Do We Automate?
    3. Getting Your Code Ready for Production
    4. Infrastructure as Code
    5. Database Changes (Migrations)
    6. Configuration Management
    7. What Is a Pipeline?
    8. Decisions to Make Regarding Your Pipeline
    9. Canaries and Blue/Green Deployments
      1. Pipeline Permissions
    10. Why Do You Need a Pipeline?
    11. Key Phases of a Deployment Pipeline
      1. Step 1. Enforce Standards
      2. Step 2. Build and Package
      3. Step 3. Test
      4. Step 4. Publish the Artifact
      5. Step 5. Deploy to the Target Environment
      6. Step 6. Validate Deployment
      7. Step 7. Roll Back if Necessary (and Possible)
    12. Handling Pipeline Failures
    13. Conclusion
  13. III. Concepts
  14. 9. Security, Permissions, and Privacy
    1. Everyone Is Responsible, but You Are Especially Responsible
    2. Prepare to Be Hacked
      1. Understanding Your Threats and Your Attackers
      2. Design for Security
    3. Limit, Track, and Review All Secrets and Access
    4. Be Ready to Roll
      1. Defense in Depth
      2. Limit Blast Radius
      3. Trust but Verify
    5. Validate All User Input and Double-Check Those Settings
      1. Monitoring Your System for Anomalies
      2. Test Your Security
      3. Select Dependencies Carefully and Keep Your Software Up to Date
      4. Prioritize Privacy for Your Data and Your Customers’ Data
      5. Don’t Mess with Production
    6. Keep Your Machine Secure
    7. Keep Learning
    8. Conclusion
  15. 10. Quality, Testing, and Staging
    1. The Role of Code Quality
      1. Code Style
      2. Linting
    2. Testing
      1. What to Test and What Not to Test
      2. Types of Testing
      3. Code Coverage
      4. Power Up Your Testing
    3. Staging
    4. Conclusion
  16. 11. Planning for Failure
    1. Introduction: Understand It, Even if You Don’t Manage It
    2. Identify Risks
      1. Exercise: Finding Your Failure Points
    3. Be Prepared
    4. Making a Runbook
    5. Planning for Outages
      1. On-Call/Escalation Plan
    6. Monitor Your Cloud Provider
    7. Know Your (Service) Limits
    8. Conclusion
  17. 12. Conclusion
    1. Deciding among Vendors
    2. Community
    3. Gather the Advice of Others
    4. What to Do When You Get Stuck
    5. Taking the Next Step in Your Career
  18. Index

Product information

  • Title: Learning Serverless
  • Author(s): Jason Katzer
  • Release date: November 2020
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492057017