Serverless computing, or more simply Serverless, is ranked the 2nd Most Loved Platform in the Stack Overflow Developer Survey Result 2018, with more than 100,000 developers participated globally. Based on the CNCF Serverless Cloud Native Landscape 2018, the major Serverless — Hosted Platforms providers have a total market capitalization value of $3.01T.
It is clear that Serverless is not only gaining more popularity among the developers, it is also getting more commercial adoptions, growth and support from the industry.
Figure 1. CNCF Serverless Cloud Native Landscape 2018
Function Compute is Alibaba Cloud's hosted service for Serverless. It is a fully managed, event-driven elastic compute service which allows users to run the code without provisioning or managing servers.
This article aims to discuss and share about some of the hands-on best practices and their justifications on working with Alibaba Cloud Function Compute from a developer's perspective. Some of the best practices are common best practices which could also be applicable to other serverless compute service providers while some are only specific for Alibaba Cloud platform.
For anyone who is interested to try out Alibaba Cloud Function Compute and the recommended best practices, they should have the following pre-requisites.
Serverless Framework is the most commonly used open-source serverless framework for deploying serverless infrastructure. Key benefits include:
Allow users to build, package, test and deploy the same serverless service and function(s) in the same behaviour for all serverless cloud providers which are supported by the Serverless Framework. Users no longer have to rely on provider specific SDKs which makes migration to other providers difficult and time-consuming.
Extensible with Reusable or Custom Plugins
Serverless Framework Plugins allows the users to extend or overwrite the framework core functionalities. Community contributed plugins repository is available for public use and contributions.
Support serverless functions written in NodeJS, Python, Java, Go, C# or Scala.
Strong Enterprise & Community Support
Serverless Framework supports most of the major serverless cloud providers, provides solid documentations, examples and contributions from the global serverless community
Note: At the time of writing, Alibaba Cloud is still not one of the Serverless Infrastructure Providers officially supported by the Serverless Framework yet. However, Alibaba Cloud has already provided examples on how to use the Serverless Framework and also the Serverless Alibaba Cloud Function Compute Plugin for deploying serverless infrastructure to Alibaba Cloud Function Compute.
Access Key is a credential type issued by Alibaba Cloud for users to authenticate with API calls. Regardless of using either the Serverless Framework or Alibaba Cloud Function Compute SDKs, the user must provide the Access Key ID and Access Key Secret for authentication purpose.
It is important to highlight that Alibaba Cloud has published the Alibaba Cloud Account Security Best Practices which strongly recommends to avoid creating any Access Key for the root user account.
You are strongly recommended to create a separate API user account, or RAM (Resource Access Management) user account to work for Function Compute or other services in Alibaba Cloud.
Figure 2. Example RAM User for Function Compute in Alibaba Cloud RAM Console
To learn more, user can refer to the RAM Best Practices by Alibaba Cloud in the aspect of logon verification, account authorization and permission assignment.
It has always been the most fundamental and important security best practice to comply with the Principle of Least Privilege for all user accounts in any system.
For the RAM user or user group for creating and managing Alibaba Cloud Function Compute, the recommended least-privilege authorization policies are as follows:
Figure 3. Recommended Minimum Authorization Privileges Granted for Function Compute Full Access
If the user or user group only requires Read-Only access to Function Compute, the recommended least-privilege authorization policy is as follows:
If the user or user group only requires Invocation access to Function Compute e.g. to invoke serverless functions, the recommended least-privilege authorization policy is as follows:
Alibaba Cloud ActionTrail service records and stores the operational history of all user activities. It is very useful for troubleshooting as well as compliance and auditing purpose. Action Trail supports filtering by user name, event type as well as time range for efficient search.
The figure below is showing a list of events and the issues encountered by the example Function Computer API user during the development and experimental process which used the Serverless Framework CLI to build and deploy a new serverless service and function to Alibaba Cloud Function Compute.
Figure 4. Example of using ActionTrail for Troubleshooting
Typically, long-running functions would also consume more memory. The pricing of Alibaba Cloud Function Compute as well as most other serverless cloud providers is dependent on the execution duration and execution memory allocation size.
It is definitely more cost effective to write efficient serverless functions. Hence, the rule of thumb is that, whenever possible, refactor the large functions into smaller functions to optimize the execution duration.
Separation of concerns and loose coupling are the most important concepts to keep in mind for writing testable code. Writing testable functions ensure that your functions are able to be covered by automated unit tests and integration tests.
For example, isolate the core business logic from the function's entry point handler.
It is not only important but critical to design your functions to have the ability to handle exceptions gracefully and have some logic or framework to log the activities and error details for troubleshooting and function enhancement purposes.
In Alibaba Cloud, users can take advantage of the CloudMonitor service which provides robust real-time cloud monitoring solution for all resources, including Function Compute. Users can monitor the status metrics for Function Compute such as:
User can also create new alarm rules and notification methods so that they can get real-time notifications whenever certain alarming issues occur for incident response and management team to take the necessary actions as soon as possible.
This will help to reduce the amount of time taken for the package to be downloaded and unpacked ahead of invocation, which in turn reduce the run-time overhead.
Remove unnecessary dependencies packages especially those for development and testing only packages as they are not needed for run-time in the production environment.
This article is also published on Medium: https://medium.com/@juvchan/best-practices-for-working-with-alibaba-cloud-function-compute-917e102dfd95
Alibaba Clouder - November 25, 2019
Alibaba Clouder - September 9, 2020
Alibaba Clouder - November 20, 2018
Alibaba Clouder - March 5, 2021
Alibaba Cloud New Products - November 10, 2020
Alibaba Clouder - November 13, 2018
An online computing service that offers elastic and secure virtual cloud servers to cater all your cloud hosting needs.Learn More
An all-in-one solution for deploying applications, building websites and blogs, and running web programs, starting from $3.50/month.Learn More
More Posts by Alibaba Clouder