Software Architecture Patterns for Serverless Systems

B18464_13
Software Architecture Patterns for Serverless Systems, Second Edition: Architecting for innovation with event-driven microservices and micro frontends
1 Architecting for Innovation
Join our book community on Discord
Defining serverless
Continuously delivering business value
By the skin of our teeth
Through high-velocity teamwork
Dissecting lead time
Risk mitigation
Decision making
Software Development Life Cycle methodology
Hardware provisioning
Software deployment
Software structure
Testing and confidence
Dependencies and inter-team communication
Dissecting integration styles
Batch integration
Spaghetti integration
Real-time integration
Enterprise application integration
Shared database
Service-oriented architecture
Microservices
Enabling autonomous teams with autonomous services
Autonomous services – creating bulkheads
Event-first – valuing facts
Serverless-first – creating knowledge
Data life cycle – fighting data gravity
Micro frontends – equalizing tiers
Observability – optimizing everything
Organic evolution – embracing change
Summary
2 Defining Boundaries and Letting Go
Join our book community on Discord
Learning the hard way
Building on proven concepts
Domain-driven design
SOLID principles
Hexagonal architecture
Thinking about events first
Start with event storming
Focus on verbs instead of nouns
Treat events as facts instead of ephemeral messages
Treat events as contracts instead of notifications
Invert responsibility, react and evolve
Connected by an event hub
Dividing a system into autonomous subsystems
By actor
By business unit
By business capability
By data life cycle
By legacy system
Creating subsystem bulkheads
Separate cloud accounts
External domain events
Dissecting an autonomous subsystem
Context diagram
Micro frontend
Event hub
Autonomous service patterns
Dissecting an autonomous service
Repository
CI/CD pipeline and GitOps
Tests
Stack
Persistence
Trilateral API
Functions
Micro-app
Shared libraries
Governing without impeding
Providing automation and cross-cutting concerns
Promoting a culture of robustness
Harnessing the 4 key team metrics
Summary
3 Taming the Presentation Tier
Join our book community on Discord
Zigzagging through time
Client-side versus server-side rendering
Build-time versus runtime rendering
Web versus mobile
Breaking up the frontend monolith
By subsystem
By user activity
By device type
By version
Dissecting micro frontends
The main app
Micro-app
Micro-app activation
Mount points
Manifest deployer
Inter-application communication
Designing for offline-first
Transparency
Local cache
Live updates
Summary
6 A Best Friend for the Frontend
Join our book community on Discord
Focusing on user activities
A BFF service is responsible for a single user activity
A BFF service is owned by the frontend team
A BFF service is decoupled, autonomous, and resilient
Dissecting the Backend for Frontend (BFF) pattern
Datastore
API Gateway
Query and command functions
Listener function
Trigger function
Dissecting function-level nano architecture
Models
Connectors
Handlers
Choosing between REST and GraphQL
REST
GraphQL
Implementing different kinds of BFF services
CRUD BFF services
List-of-values (LOV) BFF services
Task BFF services
Search BFF services
Action BFF services
Dashboard BFF services
Reporting BFF services
Archive BFF services
Summary
7 Bridging Intersystem Gaps
Join our book community on Discord
Creating an anti-corruption layer
Macro-level ports and adapters
Substitution principle
External bulkhead
Dissecting the External Service Gateway pattern
Connectivity
Semantic transformation
Action versus reaction
Egress
Ingress
Packaging
Separate cloud accounts
Integrating with third-party systems
Egress – API call
Ingress – webhook
Asynchronous request response
Synchronous ESG / BFF Hybrid
Integrating with other subsystems
Egress – upstream subsystem
Ingress – downstream subsystem
Integrating across cloud providers
Integrating with legacy systems
Ingress – Change Data Capture
Egress – direct SQL
Egress – circuit breaker
Ingress – relay
Providing an Open API and SPI
Ingress API – event
Ingress API – command
Egress SPI – webhook
Egress API – query
Tackling common data challenges
Idempotence
Enriching data
Latching and cross-referencing
Slow data resync
Summary
8 Reacting to Events with More Events
Join our book community on Discord
Promoting inter-service collaboration
Choreography's pros and cons
Dissecting the Control Service pattern
collect
correlate
collate
evaluate
emit
expire
Orchestrating business processes
Entry and exit events
Parallel execution
Employing the Saga pattern
Compensating transactions
Abort events
Calculating event-sourcing snapshots
What is ACID 2.0?
Snapshot events
Implementing CEP logic
Decision tables
Missing events
Leveraging ML for control flow
Models
Predictions
Summary
9 Securing Autonomous Subsystems in Depth
Join our book community on Discord
Shared responsibility model
Securing cloud accounts
Account-as-code
Identity access management
Securing CI/CD pipelines
Pipeline permissions
Deployment service permissions
Permission boundaries
Securing the perimeter
Global/Edge infrastructure
Encryption in transit
Federated identity
Securing the frontend
OpenID Connect
Conditional rendering
Protected routes
Passing the JWT to BFF services
Securing BFF services
JWT authorizer
JWT assertion
JWT filter
Last modified by
Least privilege
Redacting sensitive data
Envelope encryption
Crypto trashing
Securing ESG services
Securing shared secrets
Using API keys
Auditing continuously
Build-time and run-time auditing
Change event audit
Summary
11 Running in Multiple Regions
Join our book community on Discord
Justifying multi-regional deployment
It's too risky not to
It doesn't cost too much
It's in the best interest of our users
Preparing for regional failover
Offline-first
Protracted eventual consistency
Checking regional health
Traditional health checks
Regional health checks
Choosing a regional topology
Primary / Hot-Secondary
Active / Active
Configuring regional routing
Content Delivery Network (CDN)
API Gateway
CDN plus API Gateway
Global bus
Replicating across regions
Change event vs domain event replication
Multi-master replication
Round-robin replication
Dissecting regional failover
Query failover
Command failover
Trigger failure points
Listener failure points
Addressing intersystem differences
External global endpoints
Legacy regional endpoints
Implementing multi-regional cron jobs
Job records and events
Replication and idempotence
Summary
12 Optimizing Observability
Join our book community on Discord
Failing forward fast
Turning observability inside out
Leveraging FinOps
Cost is a metric
Dissecting monthly cloud cost
Worth-based development
Collecting resource metrics
The USE method
Capacity and concurrency limits
Throttling, iterator age and queue depth
Errors and fault events
Tracking system events
Alerting on work metrics
The RED method
BFF service metrics
Domain event metrics
Anomaly detections
Observing real user activity
RUM
Synthetics
Tuning continuously
Function memory allocation
Cold starts
Timeouts and retries
Cache-control
Summary
13 Don't Delay, Start Experimenting
Join our book community on Discord
Gaining trust and changing culture
Establishing a vision
Building momentum
Constructing an architectural runway
Seed and split
Funding products, not projects
Architecture-driven
Team capacity-driven
Dissecting the Strangler pattern
Event-first migration
Micro frontend – headless mode
Retirement
Addressing event-first concerns
System of record versus source of truth
Duplicate data is good
Avoid false reuse
Poly everything
Polyglot programming
Polyglot persistence
Polycloud
Summary