Best Practices for Working with Alibaba Cloud Function Compute
By Juv Chan, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
Serverless computing, or more simply Serverless, is ranked the 2nd Most Loved Platform in the Stack Overflow Developer Survey Result 2018, with more than 100,000 developers participated globally. Based on the CNCF Serverless Cloud Native Landscape 2018, the major Serverless — Hosted Platforms providers have a total market capitalization value of $3.01T.
It is clear that Serverless is not only gaining more popularity among the developers, it is also getting more commercial adoptions, growth and support from the industry.
Figure 1. CNCF Serverless Cloud Native Landscape 2018
What Is Alibaba Cloud Function Compute?
Function Compute is Alibaba Cloud’s hosted service for Serverless. It is a fully managed, event-driven elastic compute service which allows users to run the code without provisioning or managing servers.
This article aims to discuss and share about some of the hands-on best practices and their justifications on working with Alibaba Cloud Function Compute from a developer’s perspective. Some of the best practices are common best practices which could also be applicable to other serverless compute service providers while some are only specific for Alibaba Cloud platform.
Prerequisites
For anyone who is interested to try out Alibaba Cloud Function Compute and the recommended best practices, they should have the following pre-requisites.
- An Alibaba Cloud User Account. If you don’t have one already, register now and get $300-$1200 worth in Free Trial.
- Activate Function Compute in the Alibaba Cloud Console
- Activate Resource Access Management (RAM) in the Alibaba Cloud Console
- Activate Object Storage Service (OSS) in the Alibaba Cloud Console
- Activate Log Service in the Alibaba Cloud Console
- Activate ActionTrail in the Alibaba Cloud Console
- Install Node.js. You are recommended to get the LTS version.
Best Practices
1. Use Serverless Framework for Deploying Serverless Functions to Function Compute
Serverless Framework is the most commonly used open-source serverless framework for deploying serverless infrastructure. Key benefits include:
Provider Agnostic
Allow users to build, package, test and deploy the same serverless service and function(s) in the same behaviour for all serverless cloud providers which are supported by the Serverless Framework. Users no longer have to rely on provider specific SDKs which makes migration to other providers difficult and time-consuming.
Extensible with Reusable or Custom Plugins
Serverless Framework Plugins allows the users to extend or overwrite the framework core functionalities. Community contributed plugins repository is available for public use and contributions.
Multi-lingual
Support serverless functions written in NodeJS, Python, Java, Go, C# or Scala.
Strong Enterprise & Community Support
Serverless Framework supports most of the major serverless cloud providers, provides solid documentations, examples and contributions from the global serverless community
Note: At the time of writing, Alibaba Cloud is still not one of the Serverless Infrastructure Providers officially supported by the Serverless Framework yet. However, Alibaba Cloud has already provided examples on how to use the Serverless Framework and also the Serverless Alibaba Cloud Function Compute Plugin for deploying serverless infrastructure to Alibaba Cloud Function Compute.
2. Avoid Using Access Key from Root User Account for Function Compute API Calls
Access Key is a credential type issued by Alibaba Cloud for users to authenticate with API calls. Regardless of using either the Serverless Framework or Alibaba Cloud Function Compute SDKs, the user must provide the Access Key ID and Access Key Secret for authentication purpose.
It is important to highlight that Alibaba Cloud has published the Alibaba Cloud Account Security Best Practices which strongly recommends to avoid creating any Access Key for the root user account.
3. Create an API User Account for Function Compute API Calls
You are strongly recommended to create a separate API user account, or RAM (Resource Access Management) user account to work for Function Compute or other services in Alibaba Cloud.
Figure 2. Example RAM User for Function Compute in Alibaba Cloud RAM Console
To learn more, user can refer to the RAM Best Practices by Alibaba Cloud in the aspect of logon verification, account authorization and permission assignment.
4. Apply the Principle of Least Privilege for Function Compute API User Account
It has always been the most fundamental and important security best practice to comply with the Principle of Least Privilege for all user accounts in any system.
For the RAM user or user group for creating and managing Alibaba Cloud Function Compute, the recommended least-privilege authorization policies are as follows:
- AliyunFCFullAccess
- AliyunRAMFullAccess
- AliyunLogFullAccess
- AliyunOSSFullAccess
Figure 3. Recommended Minimum Authorization Privileges Granted for Function Compute Full Access
If the user or user group only requires Read-Only access to Function Compute, the recommended least-privilege authorization policy is as follows:
- AliyunFCReadOnlyAccess
If the user or user group only requires Invocation access to Function Compute e.g. to invoke serverless functions, the recommended least-privilege authorization policy is as follows:
- AliyunFCInvocationAccess
5. Make Use of ActionTrail Service for Troubleshooting
Alibaba Cloud ActionTrail service records and stores the operational history of all user activities. It is very useful for troubleshooting as well as compliance and auditing purpose. Action Trail supports filtering by user name, event type as well as time range for efficient search.
The figure below is showing a list of events and the issues encountered by the example Function Computer API user during the development and experimental process which used the Serverless Framework CLI to build and deploy a new serverless service and function to Alibaba Cloud Function Compute.
Figure 4. Example of using ActionTrail for Troubleshooting
6. Avoid Writing Long-Running Functions
Typically, long-running functions would also consume more memory. The pricing of Alibaba Cloud Function Compute as well as most other serverless cloud providers is dependent on the execution duration and execution memory allocation size.
It is definitely more cost effective to write efficient serverless functions. Hence, the rule of thumb is that, whenever possible, refactor the large functions into smaller functions to optimize the execution duration.
7. Write Testable Functions
Separation of concerns and loose coupling are the most important concepts to keep in mind for writing testable code. Writing testable functions ensure that your functions are able to be covered by automated unit tests and integration tests.
For example, isolate the core business logic from the function’s entry point handler.
8. Exception Handling and Logging
It is not only important but critical to design your functions to have the ability to handle exceptions gracefully and have some logic or framework to log the activities and error details for troubleshooting and function enhancement purposes.
9. Use CloudMonitor to Monitor Function Compute Functions Metrics and Setup Alerts
In Alibaba Cloud, users can take advantage of the CloudMonitor service which provides robust real-time cloud monitoring solution for all resources, including Function Compute. Users can monitor the status metrics for Function Compute such as:
- Total Invocations
- Average Duration (millisecond)
- Function Errors
- Function Errors Rate (%)
- Max Memory Usage (MB)
- Billable Invocations
- Billable Invocations Rate (%)
- Throttles
- Throttles Rate (%)
- Client Errors
- Client Errors Rate (%)
- Server Errors
- Server Errors Rate (%)
User can also create new alarm rules and notification methods so that they can get real-time notifications whenever certain alarming issues occur for incident response and management team to take the necessary actions as soon as possible.
10. Minimize Deployment Package Size
This will help to reduce the amount of time taken for the package to be downloaded and unpacked ahead of invocation, which in turn reduce the run-time overhead.
Remove unnecessary dependencies packages especially those for development and testing only packages as they are not needed for run-time in the production environment.
This article is also published on Medium: https://medium.com/@juvchan/best-practices-for-working-with-alibaba-cloud-function-compute-917e102dfd95
Reference: