Scaling Serverless with Platform Engineering: A Blueprint for Success

Introduction

• Presentation focused on scaling serverless engineering in organizations, not just scaling serverless infrastructure
• Transitioning from a traditional application development and infrastructure model to a serverless-first approach introduces new challenges around autonomy, standardization, and governance

The Traditional Model

• Separation between application development and infrastructure teams
• Developers request infrastructure changes through a ticketing system
• As organizations scale, the infrastructure team becomes a bottleneck

Shifting to Serverless

• Serverless reduces infrastructure management, but introduces new challenges
• Developers want autonomy over serverless resources, while operations teams want standardization
• Need to find the right balance between developer autonomy and organizational standardization

Platform Engineering Approach

• Platform engineering provides a structured way to enable developer autonomy while maintaining organizational standards
• Key components:

  Infrastructure as Code (IaC) Frameworks

  • Choose IaC tools like Terraform, CDK, CloudFormation, etc.
  • Standardize on one or more frameworks across the organization

  CI/CD Tooling

  • Standardize the CI/CD pipeline and tooling

  Governance Tools

  • Implement proactive and detective controls to enforce policies

  Artifact Repository

  • Provide a centralized location for reusable infrastructure and application components

Catalog of Vetted Infrastructure Modules

• Platform team creates a catalog of reusable, vetted infrastructure modules (Terraform modules, CDK constructs, etc.)
• Modules encapsulate best practices, reusability, and composability
• Examples:

  Baseline Lambda Function

  • Standardizes default runtime, logging configuration, etc.

  Periodic Lambda Function

  • Includes EventBridge schedule, logging, etc.

  SQS with Dead-Letter Queue

  • Includes SQS queue, dead-letter queue, and associated configurations

Architectural Blueprints

• Building on the modular infrastructure components, the platform team can create architectural blueprints
• Blueprints are pre-defined, versioned, and documented patterns that teams can reuse
• Example: Synchronous API with Database
  • Includes API Gateway, Lambda functions, DynamoDB, and associated configurations
  • Embeds best practices for observability, security, governance, etc.

Proactive and Detective Controls

• Developers have flexibility to customize within defined boundaries
• Proactive controls: Validate changes during development to ensure compliance with organizational standards
• Detective controls: Validate changes during CI/CD to catch any violations
• Tools like Checkov, CDK Nag, Sentinel, etc. can be used to implement these controls

Real-World Implementation at Cyberark

• Cyberark is a global leader in identity and access management, with over 1,000 developers
• Cyberark's platform engineering team has grown from 15 to over 100 engineers
• Key achievements:
  • Streamlined tech stack to AWS serverless and Python
  • Unified observability, security, governance, and developer experience
  • Reduced new service creation time from 5 months to 3 hours (99% improvement)
  • Saved years of development time and millions of dollars

Best Practices

• Don't try to solve everything at once, focus on high-impact problems first
• Make blueprints and modules customizable to fit different use cases
• Invest in documentation and education to ensure adoption
• Build with your customers (internal engineering teams) from the start

Additional Resources

• Serverless Land (https://serverlessland.com/) - Provides templates, blueprints, and tutorials
• Weekly office hours on YouTube and Twitch