Serverless Development on AWS

Serverless Development on AWS

by Sheen Brisals, Luke Hedger
Released January 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098141936

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

The adoption of serverless is on the rise, but until now, little guidance has been available for development teams that want to apply this technology on AWS. This definitive guide is packed with architectural, security, and data best practices and patterns for architects and engineers who want to build reliable enterprise-scale serverless solutions.

Sheen Brisals, an AWS Serverless Hero, and Luke Hedger, an AWS Community Builder, outline the serverless adoption requirements for an enterprise, examine the development tools your team needs, and explain in depth the nuances of testing event-driven and distributed serverless services. You'll gain practical guidance for keeping up with change and learn how to build serverless solutions with sustainability in mind.

  • Examine the serverless technology ecosystem and AWS services needed to develop serverless applications
  • Learn the approach and preparation required for a successful serverless adoption in an enterprise
  • Learn serverless architectures and implementation patterns
  • Design, develop, and test distributed serverless microservices on AWS cloud
  • Apply security best practices while building serverless solutions
  • Identify and adapt the implementation patterns for your particular use case
  • Incorporate the necessary measures for observable serverless applications
  • Implement sustainable serverless applications in the cloud

Publisher resources

View/Submit Errata

Table of contents

  1. Foreword
  2. Preface
    1. Who We Wrote This Book For
    2. Conventions Used in This Book
    3. Supplemental Material
    4. O’Reilly Online Learning
    5. How to Contact Us
    6. Acknowledgments
  3. 1. Introduction to Serverless on AWS
    1. The Road to Serverless
      1. From Mainframe Computing to the Modern Cloud
      2. The Influence of Running Everything as a Service
      3. Managed Versus Fully Managed Services
    2. The Characteristics of Serverless Technology
      1. Pay-per-Use
      2. Autoscaling and Scale to Zero
      3. High Availability
      4. Cold Start
    3. The Unique Benefits of Serverless
      1. Individuality and Granularity of Resources
      2. Ability to Optimize Services for Cost, Performance, and Sustainability
      3. Support for Deeper Security and Data Privacy Measures
      4. Incremental and Iterative Development
      5. Multiskilled, Diverse Engineering Teams
    4. The Parts of a Serverless Application and Its Ecosystem
    5. Why Is AWS a Great Platform for Serverless?
      1. The Popularity of Serverless Services from AWS
      2. The AWS Well-Architected Framework
      3. AWS Technical Support Plans
      4. AWS Developer Community Support
    6. Summary
    7. Interview with an Industry Expert
  4. 2. Enterprise Readiness for Serverless
    1. Preparing for “Thinking in Serverless”
      1. Creating a Serverless Mindset
      2. First Principles for Successful Serverless Adoption
      3. Assessing Workloads for Serverless Suitability
      4. How Do You Bring Serverless Awareness to Business Stakeholders?
      5. The Role of Organizational Culture
    2. Vendor Lock-in Demystified
      1. Why Is Vendor Lock-in Seen as So Critical?
      2. Is It Possible to Avoid Getting Locked In?
      3. Should You Be Worried About Vendor Lock-in in Serverless?
      4. Consider the Cloud Provider (AWS) as Your Partner, Not a Vendor
    3. Strategies for Migrating Legacy Applications to Serverless
      1. Lift-and-Shift
      2. All-at-Once Service Rewrite
      3. Phased Migration
      4. Comparing Migration Strategies
    4. Growing Serverless Talent
      1. Growing Versus Building
      2. Essential Ingredients for Growing a Serverless Team
      3. The Structure of a Multidisciplinary Serverless Team
    5. Summary
    6. Interview with an Industry Expert
  5. 3. Software Architecture for Building Serverless Microservices
    1. Popular Architectural Patterns
      1. Event-Driven Architecture
      2. Client/Server Architecture
      3. Layered Versus Tiered Architecture
      4. Hexagonal Architecture
    2. Characteristics of a Microservice
      1. Independently Deployable
      2. Represents Part of a Business Domain
      3. Single Purpose
      4. Well-Defined Communication Boundary
      5. Loosely Coupled
      6. Observable at a Granular Level
      7. Owned by a Single Team
    3. Microservice Communication Strategies
      1. Synchronous Communication
      2. Asynchronous Event-Driven Communication
    4. Breaking Down a Problem to Identify Its Parts
      1. Using a Set Piece Analogy to Identify the Parts
      2. Building Microservices to Serverless’s Strengths
    5. Event-Driven Architecture for Microservices Development
      1. Event-Driven Computing and Reactive Services
      2. Is My Microservice a Reactive Service?
      3. An Introduction to Amazon EventBridge
      4. Domain Events, Event Categories, and Types
      5. The Importance of Event Sourcing in Serverless Development
      6. EventStorming
    6. Summary
    7. Interview with an Industry Expert
  6. 4. Serverless and Security
    1. Security Can Be Simple
      1. Security Challenges
      2. Getting Started
      3. Combining the Zero Trust Security Model with Least Privilege Permissions
      4. The Power of AWS IAM
      5. The AWS Shared Responsibility Model
    2. Think Like a Hacker
      1. Meet the OWASP Top 10
      2. Serverless Threat Modeling
    3. Securing the Serverless Supply Chain
      1. Securing the Dependency Supply Chain
      2. Going Further with SLSA
      3. Lambda Code Signing
    4. Protecting Serverless APIs
      1. Securing REST APIs with Amazon Cognito
      2. Securing HTTP APIs
      3. Validating and Verifying API Requests
      4. Message Verification in Event-Driven Architectures
    5. Protecting Data
      1. Data Encryption Everywhere
      2. AWS KMS
    6. Security in Production
      1. Go-Live Security Checklist for Serverless Applications
      2. Maintaining Security in Production
      3. Detecting Sensitive Data Leaks
    7. Summary
    8. Interview with an Industry Expert
  7. 5. Serverless Implementation Patterns
    1. An Overview of Software Patterns
      1. What Is a Pattern?
      2. How Do Patterns Accelerate Serverless Development?
    2. Serverless Migration: The Strangler Fig Pattern
      1. Implementation Approaches
      2. Strangling Data Processing Flows
      3. Strangling API Routes to Backend Services
    3. Resilient Architecture: The Circuit Breaker Pattern
      1. Why Is the Circuit Breaker Pattern Relevant in Serverless?
      2. Core Concepts of Circuit Breaker Implementation
      3. Failing Faster When the Circuit Is Open
      4. Storing Requests When the Circuit Is Open and Replaying Them When Closed
    4. The Functionless Integration Pattern
      1. Use Cases for Functionless Integration
      2. Things to Be Aware of with Native Service Integrations
    5. The Event Triage Pattern
      1. What Is Event Triage?
      2. Implementation Details
      3. Frequently Asked Questions
    6. The Gatekeeper Event Bus Pattern
      1. The Need for a Gatekeeper Event Bus
      2. Implementation Approach
      3. Use Cases for the Gatekeeper Event Bus Pattern
      4. Things to Be Aware of with the Gatekeeper Event Bus Pattern
    7. Microservices Choreography
      1. Things to Be Aware of While Choreographing Services
    8. Service Orchestration
      1. What Do You Orchestrate?
      2. In-Service Orchestration
      3. Cross-Service Orchestration
      4. Distributed Orchestration
    9. Summary
    10. Interview with an Industry Expert
  8. 6. Implementing Serverless Applications
    1. Serverless Compute with AWS Lambda
      1. How to Write Lambda Functions
      2. Optimizing Lambda Functions
    2. Most of the Code You Write Will Be Infrastructure
      1. Infrastructure as Code
      2. Direct Service Integrations and Delegating to the Experts
    3. Production Is Just a Name
      1. Ship on Day 1, and Every Day After
      2. Boring Delivery Pipelines—Safety, Speed, and Predictability
    4. Documentation: Quality, Not Quantity
    5. Summary
    6. Interview with an Industry Expert
  9. 7. Testing Serverless Applications
    1. How Can Serverless Applications Be Tested?
      1. Why Serverless Requires a Novel Approach to Testing
      2. The Serverless Square of Balance: The Trade-off Between Delivery and Stability
      3. Serverless Failure Modes and Effects Analysis
    2. Designing a Serverless Test Strategy
      1. Identifying the Critical Paths
      2. Just Enough and Just-in-Time Testing
      3. Upholding Standards with a Definition of Done
    3. Hands-on Serverless Testing
      1. Event-Driven Testing
      2. Unit Testing Business Logic in Lambda Functions
      3. Contract Testing Integration Points
    4. Summary
    5. Interview with an Industry Expert
  10. 8. Operating Serverless
    1. Identifying the Units of Scale
    2. Promoting Serverless Observability
      1. Observing the Health of Critical Paths
      2. Metrics, Alarms, and Alerts
      3. Critical Health Dashboard
      4. Capability Alerting
      5. Event-Driven Logging
      6. Using Distributed Tracing to Understand the Whole System
    3. When Things Go Wrong
      1. Accepting Failure and Budgeting for Errors
      2. Everything Fails All the Time: Fault Tolerance and Recovery
      3. Debugging with the Core Analysis Loop
    4. Disaster Recovery
      1. Avoiding Single Points of Failure
      2. Understanding AWS Availability
      3. Multi-Account, Multi-Region: Is It Worth It?
    5. Summary
    6. Interview with an Industry Expert
  11. 9. Cost of Serverless Operation
    1. Understanding Serverless Cost Models
      1. Total Cost of Ownership in the Cloud
      2. Compute Costs
      3. Storage Costs
      4. Avoiding Serverless Cost Gotchas
    2. Serverless Cost Estimation
      1. How to Estimate Costs
      2. The More You Use, the Less You Spend
      3. How Much Can Be Done with the AWS Free Tier?
    3. Serverless Cost Monitoring Best Practices
      1. Creating Cost Awareness in a Serverless Team
      2. Monitoring Costs with Budget Alerts
      3. Reducing the Operational Cost of Serverless
    4. Summary
    5. Interview with an Industry Expert
  12. 10. Sustainability in Serverless
    1. So, What Is Sustainability?
      1. The Three Pillars of Sustainability
      2. The UN Sustainable Development Goals
    2. Why Is Sustainability Thinking Necessary in Serverless?
      1. The Three Elements of the Cloud
      2. The Serverless Sustainability Triangle
    3. Building Sustainable Serverless Applications
      1. How Do You Identify Unsustainable Serverless Applications?
      2. Characteristics of a Sustainable Application
    4. Development Processes and Practices That Promote Sustainability
      1. Follow Lean Development Principles and Reduce Resource Waste
      2. Start from a Simple Set of Requirements and Scale Fast
      3. Automate Everything Possible
      4. Rethink the Throwaway Prototypes of the Past
      5. Nurture Your Serverless Engineers
    5. Sustainability and the AWS Cloud
    6. Implementation Patterns and Best Practices for Sustainability
      1. User Behavior
      2. Software Architecture
      3. Data and Storage
      4. Development and Deployment
    7. Introducing Sustainability in Your Engineering Teams
      1. Sustainability in Technology: Awareness Day
      2. Sustainability Focus Areas for Your Team
      3. Sustainability Audit Checklist
    8. Summary
    9. Interview with an Industry Expert
  13. 11. Preparing for the Future with Serverless
    1. Emerging Trends in Serverless
      1. The Low-Code and Functionless Promise
      2. The Renaissance of Event-Driven Architecture
      3. Multicloud Orchestration
      4. Infrastructure from Code
      5. The Evolution and Influence of Generative AI
    2. Keeping Up with the Evolution of Serverless
      1. Challenges Facing Enterprise Teams
      2. Sustaining a Serverless Knowledge Pool
      3. Embracing Continuous Refactoring
    3. Playing the Long Game
      1. Establishing a Serverless Guild and Center of Excellence
      2. Becoming a Serverless Evangelist
      3. Joining a Serverless Community
    4. Summary
    5. Interview with an Industry Expert
  14. A. PostNL’s Serverless Journey
    1. Before Serverless
    2. The Reasons for the Change
    3. The Serverless Journey
      1. The Serverless Fit for Logistic Businesses
      2. Strong Foundations
      3. From Theory to Practice
      4. Freedom Within Guardrails
    4. The Outcome of Serverless Adoption
    5. What Were the Pain Points and Learnings?
    6. Five Pieces of Advice to New Serverless Adopters
      1. Start from Guiding Principles
      2. Automate Everything
      3. Embrace the Cloud for All It Has to Offer
      4. Comprehensively Analyze the Total Cost of Ownership
      5. Never Stop Learning
    7. About the Contributor
  15. B. Taco Bell’s Serverless Journey
    1. Before Serverless
    2. The Reasons for the Change
    3. The Serverless Journey
      1. Initial Preparations
      2. Architecture and Patterns
      3. Development Process and Team Structure
    4. The Outcome of Serverless Adoption
    5. What Were the Pain Points and Learnings?
    6. Five Pieces of Advice to New Serverless Adopters
      1. Join the Serverless Community
      2. Embrace an Iterative Mindset of “Good Enough”
      3. Avoid Big Bang Migrations
      4. Embrace Simple Over Complex
      5. Go Serverless-First!
    7. About the Contributors
  16. C. Templates and Worksheets
    1. Solution Design Document Template
      1. Overview
      2. Revision History
      3. Requirements
      4. Logical Design
      5. Architecture
      6. Design Details
      7. Data Modeling
      8. Security and Threat Analysis
      9. Cost Estimation
      10. Sustainability Measures
      11. Observability and Monitoring
      12. Trade-offs
      13. Appendix
    2. Security and Threat Modeling Template
      1. Description
      2. Architecture
      3. Data Flow Diagram
      4. Assets
      5. Attackers
      6. Exclusions
      7. Requirements
      8. Threats
      9. Actions
      10. Residual Risks
      11. Appendix
    3. Failure Modes and Effects Analysis Worksheet
      1. Failure Modes and Effects Analysis Worksheet
      2. Failure Modes and Effects Analysis Probability Rating
      3. Failure Modes and Effects Analysis Severity Rating
      4. Failure Modes and Effects Analysis Detection Rating
  17. Index
  18. About the Authors

Product information

  • Title: Serverless Development on AWS
  • Author(s): Sheen Brisals, Luke Hedger
  • Release date: January 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098141936