book

Learning Serverless

Name: Learning Serverless
Author: Jason Katzer
ISBN: 9781492057017

by Jason Katzer

October 2020

Beginner

230 pages

6h 59m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
About This BookHow This Book Is OrganizedConventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
Introduction to Serverless
What Is Serverless?History of ServerlessThe Cloud Provider LandscapeReliability, Availability, Disaster RecoveryStrengths of ServerlessIncreased Scalability, Security, and ReliabilityYou Only Pay for What You UseSaving Time and Money on Managing ServersImproved Developer ProductivityDecreased Management ResponsibilitiesConvenient IntegrationsWeaknesses of ServerlessThe Cold (Start) WarCompute TimeVPC/Network IssuesApplication SizePotential to Be More ExpensiveVendor Lock-InComplex DebuggingWhen Does It Make Sense to Use Serverless?When Is Serverless Compute Not Right for You?Let’s Get Started
I. The Path to Production
1. Distributed Systems
What Is a Distributed System?Why Do We Want a Distributed System?The Harsh Realities of Distributed SystemsThe Physical WorldMissing MessagesUnreliable ClocksCascading FailuresUnexpected OrderingIdempotencyWhat Am I Responsible For?What Do You Need to Consider When Designing a Distributed System?Loose Coupling (or Decoupling)Fault ToleranceGenerating Unique (Primary) KeysPlanning for IdempotencyTwo-Phase ChangesFurther ReadingConclusion
2. Microservices
Why Do You Want to Use Microservices?Improved Developer VelocityIncreased Developer FreedomIssues with MicroservicesIncreased ComplexityProper DevOps Practices and Resources NeededChallenges with Local Development and TestingHow Do You Use Microservices Effectively?Consistent InterfacesLoosely CoupledHow Micro Is a Microservice?Choosing Between Monoliths and MicroservicesWhen Should You Use a Monolith?When Do You Want to Use Microservices?Conclusion
3. Serverless Architecture and Patterns
The Role of an ArchitectWhat Do You Need to Know to Be an Architect?Making DecisionsWhat Kinds of Decisions?Documenting Your DecisionsHow Do We Make Decisions?When Do We Make Decisions?Cloud Provider ComponentsStreamsQueuesBucketsComputeDatastoresIdentity ServiceAPI GatewaysGraphQLNetworkingState MachinesLoggingMonitoring and AlertingEvents from Your Cloud ProviderPeriodic InvocationsPatternsExample 1: Serverless MonolithExample 2: Incoming WebhookExample 3: Using Your Cloud Provider for User AuthenticationExample 4: Generic Background Task PatternExample 5: Streaming Extract, Transform, LoadExample 6: Create Your Own Polling IntegrationExample 7: Processing Files and ImagesExample 8: Migration Service PatternExample 9: Fanning OutConclusion
4. Interfaces
Interfaces: Some Assembly RequiredThe MessageThe ProtocolThe ContractServerless InterfacesAutomatic Retries and Dead Letter QueuesFinite Versus Infinite ScaleDesigning Your InterfacesMessages/PayloadsSessions and Users/AuthAvoid Unbounded RequestsInterface Versus ImplementationLines with LogicDesigning the Unhappy PathValidating InputFailuresStrategies for Integrating with Other ServicesTime-OutsRetriesExponential BackoffWebhooksEvaluating External ServicesRate LimitsConclusion
II. The Tools
5. The Serverless Framework
Why Use the Serverless Framework?When the Serverless Framework Isn’t for YouAWS Is the Only First-Class CitizenAWS CloudFormation Is Not PerfectRelying on Strangers for Your InfrastructureWhat to Know Before You StartYAMLNode.jsCloud Resources and PermissionsInfrastructure TemplatesProduction Secrets.gitignoreThe Components of a serverless.yml FileProviderEnvironmentFunctionsResourcesPackagePlug-InsCustomNamespacing for Sanity and SecurityUsing the serverless CommandInstalling ServerlessSetting Up Serverless with CredentialsPulling in Templates Using serverless installInspecting the Package of Our Sample Project (What’s Inside)DeploymentInvoking the Function, and Viewing LogsRollbacksDestroying the ServiceDeployment PackagesReal-World serverless.ymlSetting Environment VariablesModify PermissionsConclusion
6. Monitoring, Observability, and Alerting
What Is Monitoring?Why Do We Need Monitoring?How Does Monitoring Relate to Serverless?The On-Ramp to AutomationWhat Are My Options?Hosted SaaS OfferingsSelf-Hosted and Open SourceComponents of MonitoringMetricsCharts/GraphsDashboardsAlerts/AlarmsA Selection of Advanced PracticesHeartbeatsSmoke Testing and/or CanariesThe Most Important Metric in the WorldAvoiding Vendor Lock-InCleaning Up Metrics and Alerts over TimeConclusion

7. Logging
What Does It Mean to Log?Why Log?When to Rely on Logs Instead of MetricsWhat Should You Log?What Shouldn’t You Log?How Does Logging Work?Ensuring Your Logs ScaleStructured LoggingMore Effective Debugging with LogsSearching LogsException Logging (Sentry)Collecting Other LogsComplianceDistributed TracingEncrypting Logs for Privacy and ComplianceEncrypt Only the Values of Sensitive FieldsEncrypt the Entire Log StatementConclusion
8. Changes, Automation, and Deployment Pipelines
Dealing with ChangeThe Role of AutomationWhat Do We Automate?Getting Your Code Ready for ProductionInfrastructure as CodeDatabase Changes (Migrations)Configuration ManagementWhat Is a Pipeline?Decisions to Make Regarding Your PipelineCanaries and Blue/Green DeploymentsPipeline PermissionsWhy Do You Need a Pipeline?Key Phases of a Deployment PipelineStep 1. Enforce StandardsStep 2. Build and PackageStep 3. TestStep 4. Publish the ArtifactStep 5. Deploy to the Target EnvironmentStep 6. Validate DeploymentStep 7. Roll Back if Necessary (and Possible)Handling Pipeline FailuresConclusion
III. Concepts
9. Security, Permissions, and Privacy
Everyone Is Responsible, but You Are Especially ResponsiblePrepare to Be HackedUnderstanding Your Threats and Your AttackersDesign for SecurityLimit, Track, and Review All Secrets and AccessBe Ready to RollDefense in DepthLimit Blast RadiusTrust but VerifyValidate All User Input and Double-Check Those SettingsMonitoring Your System for AnomaliesTest Your SecuritySelect Dependencies Carefully and Keep Your Software Up to DatePrioritize Privacy for Your Data and Your Customers’ DataDon’t Mess with ProductionKeep Your Machine SecureKeep LearningConclusion
10. Quality, Testing, and Staging
The Role of Code QualityCode StyleLintingTestingWhat to Test and What Not to TestTypes of TestingCode CoveragePower Up Your TestingStagingConclusion
11. Planning for Failure
Introduction: Understand It, Even if You Don’t Manage ItIdentify RisksExercise: Finding Your Failure PointsBe PreparedMaking a RunbookPlanning for OutagesOn-Call/Escalation PlanMonitor Your Cloud ProviderKnow Your (Service) LimitsConclusion
12. Conclusion
Deciding among VendorsCommunityGather the Advice of OthersWhat to Do When You Get StuckTaking the Next Step in Your Career
Index

Content preview from Learning Serverless

Introduction to Serverless

To begin...To begin...How to start? I’m hungry. I should get coffee. Coffee would help me think. Maybe I should write something first, then reward myself with coffee. Coffee and a muffin. Okay, so I need to establish the themes. Maybe a banana-nut. That’s a good muffin.

Charlie Kaufman, Adaptation

What Is Serverless?

Serverless is the idea that you can run a server-based application without having to manage a server. If you have this text in front of you, there is a chance you are already familiar with serverless. But how do you explain it to others? Do you focus on what it is, a new way to run application code, or on what it isn’t, managing servers? Do you next tell people about all of its weaknesses or its strengths? If your path to success with serverless involves others, and it likely does, you might be worried about how to best sell its benefits without scaring anyone away in the process. You see, serverless is still in its early days and it’s on a path of continuous improvement. Some of its weaknesses are here to stay, but they are trade-offs to implementing the benefits and features that you are sure to love.

As the serverless community benefits from the rapid improvements of a cutting-edge technology, it can be a struggle to invent and adopt best practices. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492057000Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Learning Serverless

by Jason Katzer

Introduction to Serverless

Figure I-1. “Ancient Wisdom”, from the webcomic FaaS and Furious by Forrest Brazeal, 2019

What Is Serverless?

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.