Foreword
Preface
Who We Wrote This Book For
Conventions Used in This Book
Supplemental Material
O’Reilly Online Learning
How to Contact Us
Acknowledgments
1. Introduction to Serverless on AWS
The Road to Serverless
From Mainframe Computing to the Modern Cloud
The emergence of networking
The beginning of virtualization
The first glimpse of Amazon Web Services
Cloud deployment models
The Influence of Running Everything as a Service
Infrastructure as a service (IaaS)
Platform as a service (PaaS)
Software as a Service (SaaS)
Database as a service (DBaaS)
Function as a service (FaaS)
Managed Versus Fully Managed Services
The Characteristics of Serverless Technology
Pay-per-Use
Autoscaling and Scale to Zero
High Availability
Cold Start
The Unique Benefits of Serverless
Individuality and Granularity of Resources
Ability to Optimize Services for Cost, Performance, and Sustainability
Serverless enables deeper optimization
Storage optimization
Support for Deeper Security and Data Privacy Measures
Permissions at a function level
Granular permissions at the record level
Incremental and Iterative Development
Multiskilled, Diverse Engineering Teams
Influence of DevOps culture
Your evolution as a serverless engineer
The Parts of a Serverless Application and Its Ecosystem
Why Is AWS a Great Platform for Serverless?
The Popularity of Serverless Services from AWS
The AWS Well-Architected Framework
AWS Technical Support Plans
AWS Developer Community Support
Summary
Interview with an Industry Expert
2. Enterprise Readiness for Serverless
Preparing for “Thinking in Serverless”
Creating a Serverless Mindset
Aligning your thought process to serverless
The essentials of serverless thinking
Habits to offboard from a legacy mindset
First Principles for Successful Serverless Adoption
Serverless is not a silver bullet
Domain-first
Team-first
API-first
Microservices-first
Event driven–first
Serverless-first
Assessing Workloads for Serverless Suitability
Understanding the performance measures of distributed serverless applications
Assessing for cost-effectiveness
How Do You Bring Serverless Awareness to Business Stakeholders?
Speak a common language, and avoid serverless language
Invite stakeholders to team showcases
Map technology reasons to business gains
Highlight the serverless cost benefits
Discuss the convenience of serverless as a technology
Talk about serverless success stories
The Role of Organizational Culture
The two camps of serverless adoption
The magic quadrant for serverless adoption
Vendor Lock-in Demystified
Why Is Vendor Lock-in Seen as So Critical?
Is It Possible to Avoid Getting Locked In?
Should You Be Worried About Vendor Lock-in in Serverless?
Consider the Cloud Provider (AWS) as Your Partner, Not a Vendor
Strategies for Migrating Legacy Applications to Serverless
Lift-and-Shift
Suitability
Migration considerations
All-at-Once Service Rewrite
Workload suitability
Migration risks
Phased Migration
Organizational suitability
Migration considerations
Comparing Migration Strategies
Growing Serverless Talent
Growing Versus Building
Essential Ingredients for Growing a Serverless Team
Conducive team environment
Passionate pilot engineers
A serverless enabler to guide the team
Training and a knowledge base
Celebrating the growth of your team
The Structure of a Multidisciplinary Serverless Team
Responsibilities of a serverless engineer
Frequently asked questions about serverless teams
Summary
Interview with an Industry Expert
3. Software Architecture for Building Serverless Microservices
Popular Architectural Patterns
Event-Driven Architecture
Events
Event producers
Event consumers
Event carriers
How relevant is event-driven architecture to serverless?
Client/Server Architecture
Two-tier client/server architecture
Three-tier client/server architecture
How relevant is client/server architecture to serverless?
Layered Versus Tiered Architecture
Layered architecture
Tiered architecture
How relevant are layered and tiered architectures to serverless?
Hexagonal Architecture
How suitable is hexagonal architecture for serverless?
Characteristics of a Microservice
Independently Deployable
Represents Part of a Business Domain
Single Purpose
Well-Defined Communication Boundary
Loosely Coupled
Observable at a Granular Level
Owned by a Single Team
Microservice Communication Strategies
Synchronous Communication
Simple request/response
Request with an acknowledgment response
Request with an acknowledgment and client polling
Synchronous request/response with an asynchronous webhook notification
Asynchronous Event-Driven Communication
Breaking Down a Problem to Identify Its Parts
Using a Set Piece Analogy to Identify the Parts
What is a set piece?
Applying set piece thinking in serverless development
Customer rewards system vision
Identification of the set pieces
Bringing the set pieces together
The individuality of set pieces
Completing the vision of the rewards system
Techniques to identify set pieces
Incorporating a new set piece
Building Microservices to Serverless’s Strengths
The size of a serverless microservice is not measured by the number of Lambda functions
The infrastructure definition of your serverless microservice is as important as the business logic code
The more granularity, the deeper the observability
Event-Driven Architecture for Microservices Development
Event-Driven Computing and Reactive Services
Is My Microservice a Reactive Service?
An Introduction to Amazon EventBridge
Event buses in Amazon EventBridge
Event routing rules
Event archiving and replay
Event schema registry
EventBridge Scheduler
EventBridge Pipes
Domain Events, Event Categories, and Types
How do you represent an event?
Event categories in serverless development
Differentiating event categories from event types
Domain events
Operational events
AWS events
Internal events
Transformed events
Event producers and event publishing best practices
Event consumers and event consumption best practices
The Importance of Event Sourcing in Serverless Development
Uses for event sourcing
Architectural considerations for event sourcing
Dedicated microservice for event sourcing
Event store per bounded context
Application-level event store
Centralized event sourcing cloud account
EventStorming
What is EventStorming?
The importance of EventStorming in serverless development
Summary
Interview with an Industry Expert
4. Serverless and Security
Security Can Be Simple
Security Challenges
Getting Started
Combining the Zero Trust Security Model with Least Privilege Permissions
Zero trust architecture
Zero trust and serverless
The principle of least privilege
The Power of AWS IAM
Lambda execution roles
IAM guardrails
The AWS Shared Responsibility Model
Think Like a Hacker
Meet the OWASP Top 10
Serverless Threat Modeling
Introduction to threat modeling
STRIDE
A process for threat modeling
Securing the Serverless Supply Chain
Securing the Dependency Supply Chain
Think before you install
Scan packages for vulnerabilities
Automate dependency upgrades
Runtime updates
Going Further with SLSA
Lambda Code Signing
Protecting Serverless APIs
Securing REST APIs with Amazon Cognito
Amazon Cognito
Cognito and API Gateway
Securing HTTP APIs
JWT authorizers
Lambda authorizers
Validating and Verifying API Requests
API Gateway request protection
API Gateway request validation
Message Verification in Event-Driven Architectures
Verifying messages between consumers and producers
Encrypted and verifiable messages with JSON Web Tokens
Built-in message verification for SNS
Protecting Data
Data Encryption Everywhere
What is encryption?
Encryption in transit
Encryption at rest
AWS KMS
Security in Production
Go-Live Security Checklist for Serverless Applications
Maintaining Security in Production
Security monitoring with CloudTrail
Continuous security checks with Security Hub
Vulnerability scanning with Amazon Inspector
Detecting Sensitive Data Leaks
Mitigating sensitive data leaks
Managed sensitive data detection
Amazon Macie
Summary
Interview with an Industry Expert
5. Serverless Implementation Patterns
An Overview of Software Patterns
What Is a Pattern?
How Do Patterns Accelerate Serverless Development?
Patterns are there, to be discovered
Serverless patterns are guides, not silver bullets
Serverless Migration: The Strangler Fig Pattern
Implementation Approaches
Strangling Data Processing Flows
Strangling API Routes to Backend Services
API gateway as the façade layer
Backend for Frontend as the façade layer
Resilient Architecture: The Circuit Breaker Pattern
Why Is the Circuit Breaker Pattern Relevant in Serverless?
Core Concepts of Circuit Breaker Implementation
A simple status-checking function
A dedicated event-driven status-checking service
Failing Faster When the Circuit Is Open
Storing Requests When the Circuit Is Open and Replaying Them When Closed
Using a dedicated SQS queue for storage and replay
Using DynamoDB to store the requests and fetch them to replay
Using EventBridge’s archive and replay feature
The Functionless Integration Pattern
Use Cases for Functionless Integration
Common AWS service integrations
Sequence number generation using DynamoDB
Invoking external HTTP APIs
Things to Be Aware of with Native Service Integrations
The Event Triage Pattern
What Is Event Triage?
Implementation Details
Frequently Asked Questions
The Gatekeeper Event Bus Pattern
The Need for a Gatekeeper Event Bus
Implementation Approach
Use Cases for the Gatekeeper Event Bus Pattern
Things to Be Aware of with the Gatekeeper Event Bus Pattern
Microservices Choreography
Things to Be Aware of While Choreographing Services
Service Orchestration
What Do You Orchestrate?
In-Service Orchestration
Cross-Service Orchestration
Distributed Orchestration
Coordinating the distribution with choreography
Generating and sending task tokens
Things to be aware of while using callbacks with a task token
Summary
Interview with an Industry Expert
6. Implementing Serverless Applications
Serverless Compute with AWS Lambda
How to Write Lambda Functions
Structure your codebase for serverless
Apply the single-responsibility principle
Stay in a single file
Orchestrate complex business logic with workflows
Use Lambda Powertools
Minimize deploy-time dependencies
Optimizing Lambda Functions
Managing cold starts
Optimizing function initialization
Optimizing compute performance
Analyzing performance
Most of the Code You Write Will Be Infrastructure
Infrastructure as Code
AWS CloudFormation
Robust cloud infrastructure
Environments and stages
Direct Service Integrations and Delegating to the Experts
Benefits of managed services
Functions calling functions
Function or functionless?
Production Is Just a Name
Ship on Day 1, and Every Day After
The case for continuous serverless delivery
Adopting continuous serverless delivery
Deployment is not the same as release
Boring Delivery Pipelines—Safety, Speed, and Predictability
Continuous integration
The perfect pipeline
Documentation: Quality, Not Quantity
Summary
Interview with an Industry Expert
7. Testing Serverless Applications
How Can Serverless Applications Be Tested?
Why Serverless Requires a Novel Approach to Testing
The Serverless Square of Balance: The Trade-off Between Delivery and Stability
Move fast and make things
Balancing test coverage with observability and recovery
Serverless Failure Modes and Effects Analysis
What can go wrong?
Failure Modes and Effects Analysis worksheet
Designing a Serverless Test Strategy
Identifying the Critical Paths
Critical paths
Noncritical paths
Is it a critical path?
Just Enough and Just-in-Time Testing
Just enough testing
Just-in-time testing
Environments
Upholding Standards with a Definition of Done
Hands-on Serverless Testing
Event-Driven Testing
Business logic, integration points, and data contracts
Integration points testing checklist
Unit Testing Business Logic in Lambda Functions
Mocking
Static analysis
Contract Testing Integration Points
Testing integration configuration
Testing integration permissions
Testing integration payloads
Summary
Interview with an Industry Expert
8. Operating Serverless
Identifying the Units of Scale
Promoting Serverless Observability
Observing the Health of Critical Paths
Metrics, Alarms, and Alerts
Critical Health Dashboard
Capability Alerting
Service level objectives
Decoupling what from why
Event-Driven Logging
Using Distributed Tracing to Understand the Whole System
Prefer traces to logs
AWS X-Ray
Instrumentation
Annotation
When Things Go Wrong
Accepting Failure and Budgeting for Errors
Everything Fails All the Time: Fault Tolerance and Recovery
Debugging with the Core Analysis Loop
Disaster Recovery
Avoiding Single Points of Failure
Understanding AWS Availability
Multi-Account, Multi-Region: Is It Worth It?
Summary
Interview with an Industry Expert
9. Cost of Serverless Operation
Understanding Serverless Cost Models
Total Cost of Ownership in the Cloud
Compute Costs
AWS Lambda pricing
AWS Step Functions pricing
Storage Costs
Amazon S3 pricing
Amazon DynamoDB pricing
Avoiding Serverless Cost Gotchas
Serverless Cost Estimation
How to Estimate Costs
The More You Use, the Less You Spend
How Much Can Be Done with the AWS Free Tier?
Serverless Cost Monitoring Best Practices
Creating Cost Awareness in a Serverless Team
Cost-driven design
You build it, you pay for it
Billing analysis
Monitoring Costs with Budget Alerts
Reducing the Operational Cost of Serverless
Summary
Interview with an Industry Expert
10. Sustainability in Serverless
So, What Is Sustainability?
The Three Pillars of Sustainability
The UN Sustainable Development Goals
Why Is Sustainability Thinking Necessary in Serverless?
The Three Elements of the Cloud
The Serverless Sustainability Triangle
Building Sustainable Serverless Applications
How Do You Identify Unsustainable Serverless Applications?
Characteristics of a Sustainable Application
Modularity
Extensibility
Observability
Development Processes and Practices That Promote Sustainability
Follow Lean Development Principles and Reduce Resource Waste
Start from a Simple Set of Requirements and Scale Fast
Automate Everything Possible
Rethink the Throwaway Prototypes of the Past
Nurture Your Serverless Engineers
Sustainability and the AWS Cloud
Implementation Patterns and Best Practices for Sustainability
User Behavior
Understanding consumer demand
Planning for high-traffic events
Taking services closer to the customers
Software Architecture
Prefer reactive and event-driven microservices
Optimize data queries to fetch just the required data
Use queues to buffer requests and smooth workloads
Employ throttling with usage quotas to control traffic flow
Delete unused services and resources
Run batch jobs during a low energy consumption period
Data and Storage
Propagating data retention requests
Data lifecycle
Sustainability patterns for data and storage
Select a suitable data store for your data and access patterns
Classification of data and tagging
Removal of unwanted data
Data transition policies and use of apt storage
Reducing high-volume data movements
Development and Deployment
Introducing Sustainability in Your Engineering Teams
Sustainability in Technology: Awareness Day
Sustainability Focus Areas for Your Team
Sustainability Audit Checklist
Summary
Interview with an Industry Expert
11. Preparing for the Future with Serverless
Emerging Trends in Serverless
The Low-Code and Functionless Promise
The Renaissance of Event-Driven Architecture
The role of event-driven architecture in the data economy
The acceptance of eventual consistency in modern systems
Event-driven architecture fuels functionless and low-code integrations
Connecting diverse systems and technology stacks
Multicloud Orchestration
Infrastructure from Code
Motivations to use IfC
Drawbacks of IfC
The Evolution and Influence of Generative AI
Keeping Up with the Evolution of Serverless
Challenges Facing Enterprise Teams
Sustaining a Serverless Knowledge Pool
Embracing Continuous Refactoring
Why is serverless refactoring different?
Introducing serverless refactoring in your organization
Playing the Long Game
Establishing a Serverless Guild and Center of Excellence
Becoming a Serverless Evangelist
Joining a Serverless Community
Summary
Interview with an Industry Expert
A. Appendix A: PostNL’s Serverless Journey
B. Appendix B: Taco Bell’s Serverless Journey
C. Appendix C: Templates and Worksheets
Index