By adopting a [[Serverless MOC|Serverless]] architecture for a greenfield application, the engineering-related tasks (and associated skillsets) required to build and operate the application decreases compared to those using a server-based cloud architecture. A consequence of this is that certain job roles may not be needed on a project team, at least on a full-time basis. Tasks that were previously performed by [[DevOps Engineer]]s or [[Systems Engineers]] are now either: - no longer applicable, as they are completely outsourced to the cloud provider; or: - involve less time or are lower risk to implement due to particular cloud provider features. This is good news for [[Application Developers]] as it removes gatekeepers and allows them to develop more independently. However, this benefit does not come for free as [[Infrastructure-as-Code is the linchpin practice for successful serverless teams]] to learn. --- ## References - [Concerns that go away in a serverless world](https://serverlessfirst.com/concerns-that-serverless-takes-away/) by Me: - ## Server Provisioning and Scaling - Configure AMIs for your VM instances with specific OS version and any required application software - Set up a VPC and subnets using best-practice security settings - Configure security groups and identify what ports need to be open on each instance - Create launch configurations and auto scaling groups for each EC2 instance type - Configure load balancers and associated health checks - Set up internet gateways - Configure route tables - Configure VPC peering - Configure RDS cluster with appropriate storage and instance size - Regularly observe load-related metrics and modify scaling limits or instance resource allocation accordingly - Repeat most of above steps for each environment (dev, test, staging, production) - ## Application Development & Maintenance - Define your container environment (Dockerfile) - Configure your container orchestration cluster (ECS, Kubernetes, etc) - Configure the pods/services/task definitions within your cluster - Debug container inter-connectivity/service discovery issues - Write script to deploy build artifact (Docker image, zip file) to EC2 instance - Regularly update base Docker image with latest patches (e.g. to Node.js Python / Java or whatever language your app uses) - ## Server Maintenance - Set up a secure VPN/SSH bastion instance (and keep it patched) - Manage VPN/SSH access to different servers for authorised engineers - Manage regular patching of all VM instances (either manually via SSH or automated via script/Systems Manager) - Be available to promptly deploy emergency patches (e.g. heartbleed) - Set up alerts to be notified about emergency patches - Set up monitoring to watch for low disk space - Manually expand a volume when it’s out of space - Handle SSL certificate renewal and deployment (if installing keys directly to instances and not just to load balancers where it’s managed by AWS) - Repeat most of above steps for each environment (dev, test, staging, production) - ## Cost Control - Pay for an EC2/RDS/ElastiCache instance when it’s not in use - Over-provision instances to handle occasional sudden traffic spikes - Write cron jobs to spin down dev/test environment instances at evenings and weekends