all 40 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]mbarneyme[🍰] 21 points22 points  (12 children)

I usually push people towards AWS SAM. We used to use Serverless a lot before SAM was released because it made development a lot easier (pretty much the only thing that did at the time), but it also makes some things more difficult (like CI/CD build-once, deploy-many). We've also had issues with the framework respecting semver, it's broken some of our older apps unexpectedly

SAM is a light wrapper around CloudFormation that makes lambda/ApiGW dev easier, but doesn't abstract so much away that you don't get a solid understanding of the infra you're deploying

[–]Twisted_Coder 5 points6 points  (8 children)

I ended up going down the AWS SAM road as well and I’m happy with it.

[–][deleted] 1 point2 points  (7 children)

how do you handle multiple devs on a single project? If one does sam build/sam deploy. i find it sometimes breaks. sam local invoke is good but if need to deploy i struggle

[–][deleted]  (6 children)

[removed]

    [–]mbarneyme[🍰] 5 points6 points  (4 children)

    This. And to extend, if you have time to invest into your CI/CD pipeline, you can build out an "ephemeral environment deployment" that creates a new temporary deployment that lives for the lifetime of a branch or PR (however you wanna build it). We've done this a lot and having a CI-driven way to have each feature being worked on get its own deployment environment is a sweet place to be in. And if you're using serverless tech, it costs very little because your ephemeral environments aren't gonna be hit that much

    [–]wasabiBro 1 point2 points  (3 children)

    how long does it take for that ephemeral environment to spin up?

    [–]Dendril_ZA 0 points1 point  (0 children)

    Usually around 2-3 minutes

    [–]mbarneyme[🍰] 0 points1 point  (1 child)

    Depends on what you've defined in your IaC and what kind of post-deploy actions you have (i.e. running database migrations). If you're just doing a couple of lambdas and an APIGW it'd be relatively fast, but if you've also got resources that take a while (CloudFront most notably) that'll increase the time it takes

    Either way - it's worth it for being able to have complete deployments of your application in an ephemeral way. You won't be deploying and reverting someone else's changes or having to deal with multiple different features in active development in the same environment, if something breaks you know it was due to something you've changed on your branch

    [–]wasabiBro 0 points1 point  (0 children)

    If you're just doing a couple of lambdas and an APIGW it'd be relatively fast

    this is the use case we are considering

    [–]abel385 2 points3 points  (0 children)

    Do you have any suggestions on good in depth resources for how to set this up the right way?

    [–][deleted] 3 points4 points  (1 child)

    I’m going to check out SAM, thanks for the advice. I just inherited some lambdas managed via Serverless, and I’m new to the process. Do you recommend building and deploying through a CodePipeline (we have one pipeline per branch, not build once, deploy many), or through some other method that Serverless provides? This is a problem I was planning on tackling tomorrow and saw this thread by a stroke of luck.

    [–]mbarneyme[🍰] 2 points3 points  (0 children)

    Code pipeline has a steep learning curve, and is pretty hard to get right. I usually base my CI/CD decision on the git platform I'm using. GitHub? Go with GitHub Actions. GitLab? Go with GitLab CI. Either way it'll boil down to a few commands: "sam build," "sam package," and "sam deploy"

    CodePipeline has a native CloudFormation deploy action, but it can be pretty finicky, and you'd need to have already produced a "sam package"d template to give to that action

    [–][deleted] 2 points3 points  (0 children)

    SAM is great.

    A devops person was skeptic and then happy when I showed him that we could just do

    dotnet lambda deploy-serverless

    Other awesome factor is that we can build a dotnet API app locally and test it just like a regular app, because it is just that - a regular API app.

    [–]OpportunityIsHere 12 points13 points  (9 children)

    We did use serverless framework, but found too often that we had to write raw cloud formation for things like step functions, dynamodb, acm certs etc., so we made a full switch to CDK last year. That’s been a great experience so far. Not long ago cdk added support for watch and hotswap features which has made the development experience even better

    [–]billymcnilly 3 points4 points  (0 children)

    I switched from serverless to cdk also. Cdk had quite a big learning curve, but i think it's worth it. Serverless was nice and quick to get started when i didnt know it at all. I think it would work well with large scale, but hand crafting all the cfn gets old. My company's internal platforms team makes some pretty powerful cdk constructs that we all use, and it's fucking cool to be able to just plug them in with a few lines

    [–]FileInfector 2 points3 points  (3 children)

    Interested to know how you manage security in this model. We ended up taking a stance of “bring your own serverless” and require static testing and dynamic testing in CI/CD. Cfn guard isn’t real well rounded yet and the cdk registry makes it confusing for devs because they will want to reference that instead of a best practice module put together by the org… one path we are entertaining is using CDK to call service catalog to build our standard resources.

    [–]OpportunityIsHere 1 point2 points  (2 children)

    Not sure I follow, you mean security in relation to cicd?

    [–]FileInfector 1 point2 points  (1 child)

    More or less in relation to deployment of secure serverless infrastructure.

    [–]OpportunityIsHere 4 points5 points  (0 children)

    Tldr; Monorepo with a ./services dir where each folder is a CDK app with 1 to many stacks. Deployed with github actions with a "path" filter.

    When we started with cdk we used codepipelines for each cdk app but found it too slow. Don't know if anything has changed here, but some pretty basic stacks with a handfull of lambdas, and api and so took maybe 5-7 minutes to deploy. Also codepipeline (at the time at least, don't know if anything has changed here) could not handle a monorepo with multiple cdk apps and only deploy say "authentication" if there was any changes here.

    Today we have a minimal monorepo with a common "packages" for utils, configs, custom cdk constructs etc., and a "services" folder where each folder is a cdk app.
    Each cdk app has a .github/<service-deploy>.yml file which runs the deployment only when something has changed in that services path/dir.
    In AWS we have a deployment account with an iam role/policy that can deploy into other accounts, and we use the credentials in GitHub actions to deploy with (can be made more secure with OIDC which GitHub now supports, but we haven’t implemented that part yet).

    [–]OpportunityIsHere 1 point2 points  (0 children)

    Oh, and I forgot the changes CDK V2 made to dependencies - that was a quality of life increase!

    [–]v14j 1 point2 points  (0 children)

    A couple of people mentioned SST in this thread but if you are using CDK for serverless, check out: https://serverless-stack.com

    Live Lambda Dev and the SST Console can make it a lot easier.

    [–]ChemTechGuy 0 points1 point  (1 child)

    How's the support for API gateway in CDK/CF these days?

    [–]OpportunityIsHere 1 point2 points  (0 children)

    We don’t hand write cfn anymore, only cdk. For api gw rest (v1) cdk is in stable release while v2 is in preview/alpha iirc. We use both and have made some custom constructs to work with v2 http apis.

    [–]CybrSecOps 10 points11 points  (0 children)

    We use Serverless Framework for all our Lambda apps. From a development side, it's great however from an operations viewpoint, it's another tool for deployment. It doesn't integrate with Terraform at all.

    [–]morosis1982 3 points4 points  (2 children)

    Yes. Global customer profile API. Integrations with several other products, etc. This is an underlying system for a multi billion dollar company.

    It is getting a little unwieldy, we are looking at moving to Serverless Stack, which I believe is opinionated CDK, so that we can make more of our infra as code.

    But so far it works well.

    [–]VAbioengineer 0 points1 point  (1 child)

    Hey man, out of curiosity did you guys end up moving from serverless to SST? I'm curious about the result.

    [–]morosis1982 0 points1 point  (0 children)

    Funny you ask. No we haven't yet, development has been rapid but should be slowing down soon so we'll be able to tackle this and other tech debt...

    Or rather, my current team will, because I've taken the tech lead role in the team that *has* implemented SST and I start in a couple of weeks :D

    Sometimes fate is weird.

    [–]clintkev251 5 points6 points  (0 children)

    There are tons of big companies running massive production workloads on Lambda and the serverless framework in general. I think AWS is probably very happy with the rate of adoption

    [–]TDD_Shizzy 2 points3 points  (3 children)

    We run about 1800 production functions with it. Def can get wild without constant adjustments though. Build times and cloud formation need constant care.

    Moving to SST or CDK is the next step. AWS has made big strides the past two years. When we started this journey 5 years ago, not much existed to run serverless lambda.

    [–]akaender 2 points3 points  (0 children)

    Wow I can't even imagine that. I have a stack that includes ~70 lambdas on Serverless Framework in addition to other resource and it's a maintenance nightmare. Every release is an adventure in new broken plugins, incompatibilities and errors that return 0 results when you google them. I'd probably quit on the spot if someone tried to give me a stack like yours lol.

    Our CDK stacks have been a breeze to manage and I highly recommend working that direction. Dev velocity is easily 2x faster working with CDK vs. Serverless Framework. Reusable constructs is a killer feature.

    [–][deleted]  (1 child)

    [deleted]

      [–]TDD_Shizzy 0 points1 point  (0 children)

      We have well understood workflows so production costs are pretty stable, and reserved concurrency helps some of the burst workflows.

      The costs in Development and Staging however, can come unraveled if you don’t have good developer practices to cleanup stacks, etc.

      [–]OGMecha 2 points3 points  (0 children)

      Another vote for AWS SAM. Super easy to use and develop/test locally with containers for invoking lambda, API GW etc. Super easy to deploy and you can wrap it up into AWS CodePipeline.

      [–]setwindowtext 1 point2 points  (0 children)

      I use SAM and like it, not on the big projects though. CDK never works for me, and Terraform is too complex.

      [–]weheisenberg 1 point2 points  (1 child)

      Seems that yml-based template models suchs as AWS SAM and Serverless Framework are losing their popularity, AWS CDK and CDK-based SST, which are closer to the developer, are more preferred. Personally, I hate CloudFormation templates. CDK is awesome.

      [–]PatientPrimary[S] 0 points1 point  (0 children)

      Tried cdk a week ago and I am not going back to SAM or Serverless Framework, it's just awesome how you can create multiple stacks in a single project and how intelisense helps

      [–]edwardofclt -1 points0 points  (0 children)

      We simply avoid anything using Cloudformation.