modes are complex • Common weaknesses: • Improper fallback settings when a subsystem is down • Retry storms (thundering herd) from improperly tuned timeouts
modes are complex • Common weaknesses : • Improper fallback settings when a subsystem is down • Retry storms (thundering herd) from improperly tuned timeouts • Cascading failures when a SPOF fails
modes are complex • Common weaknesses: • Improper fallback settings when a subsystem is down • Retry storms (thundering herd) from improperly tuned timeouts • Cascading failures when a SPOF fails • Improperly tuned connection pools
modes are complex • Common weaknesses: • Improper fallback settings when a subsystem is down • Retry storms (thundering herd) from improperly tuned timeouts • Cascading failures when a SPOF fails • Improperly tuned connection pools • Many more
time 2. Error rates (e.g. HTTP 500) 3. E-commerce app: completed orders 2. Inject failure into the system 3. Monitor changes in the steady state 4. Fix weaknesses
(S3, Dynamo etc) • You give AWS a snippet of code • AWS takes care of running it (“serverless”) • The piece of code is a “lambda function” • JS (Node), Python, Java
(S3, Dynamo etc) • You give AWS a snippet of code • AWS takes care of running it (“serverless”) • The piece of code is a “lambda function” • JS (Node), Python, Java • A (Node) process in a container running the snippet behind the scenes
(S3, Dynamo etc) • You give AWS a snippet of code • AWS takes care of running it (“serverless”) • The piece of code is a “lambda function” • JS (Node), Python, Java • A (Node) process in a container running the snippet behind the scenes • Basically CGI
(S3, Dynamo etc) • You give AWS a snippet of code • AWS takes care of running it (“serverless”) • The piece of code is a “lambda function” • JS (Node), Python, Java • A (Node) process in a container running the snippet behind the scenes • Basically CGI • 300s max execution, up to 100 concurrently
AWS environment • e.g. DIY dynamic DNS system for instances not behind an ELB • Also great for small one-off tasks • E.g. resizing images uploaded to S3
AWS environment • e.g. DIY dynamic DNS system for instances not behind an ELB • Also great for small one-off tasks • E.g. resizing images uploaded to S3 • People also building APIs with it
Memory-safe (Go) – no RCE • Whitelisted commands – no shell injections • Restrict access to within a VPC only • The worst that can happen? • Very experimental – not for production use yet