Mastering Serverless: Platform Engineering Blueprints for Success

Serverless architectures have revolutionized cloud development by minimizing infrastructure management, enhancing scalability, and accelerating application time-to-market. However, these advantages come with organizational challenges such as security, observability, testing, and governance as it builds more services.

Over the past four years, CyberArk, a leading identity security SaaS provider, has successfully scaled its serverless operations. Starting with a core team of ten developers, we have expanded to hundreds while upholding high-quality and best-practice standards. The adoption of self-service serverless blueprints facilitated this expansion.
Serverless blueprints are essential tools platform engineering teams provide to foster the adoption of serverless technology. They streamline the setup and configuration process, integrating testing, Infrastructure as Code (IaC) best practices, and enhanced security and observability into serverless services. Despite these benefits, adopting these blueprints can encounter organizational hurdles. Challenges include developers' resistance, user experience issues, inadequate automation, and insufficient documentation.

In this session, you will learn what constitutes a practical serverless blueprint and use examples from the "AWS Lambda handler cookbook" open-source blueprint. In addition, you will discover strategies to broaden blueprints' acceptance across your organization.

In this session I will provide my experience as an architect in the platform engineering division at CyberArk and an AWS serverless hero.
I will use examples from my open source serverless template which is the open source version of the blueprint we use at CyberArk:
https://github.com/ran-isenberg/aws-lambda-handler-cookbook which has over 450 github starts, 200 clones per month and thousands of views.
People can use the cookbook as a starting point for a serveless blueprint in their organizations.

Accelerating SaaS Service Delivery: From 18 Weeks to 3 Hours with Serverless Automation

How would you like to reduce the time to create a new SaaS service from 18 weeks to just 3 hours? At CyberArk, we achieved this by building a self-service serverless automation.

Getting a SaaS service to production requires observability, security, tenant isolation, CI/CD, a customer-facing UI, and integration with your SaaS controller domain or other SaaS services across different AWS accounts.
By developing self-service automation and microservice blueprints, we reduced our time to market by 18 weeks, creating a fully functional "Hello World" SaaS service with all necessary capabilities.

In this session, you will learn the ingredients of a production-ready "Hello World" SaaS service and how to create serverless automation that drastically accelerates the time to market using AWS Lambda, SNS, Step Function, Service Catalog, and other AWS services.

How One Open-Source Code Contribution Changed My Career

On October 2nd, 2020, my first pull request to an open-source project was merged.
Little did I know that it would lead to my promotion to System Architect and that I'd talk about it at the AWS TLV Summit in Israel.

In this talk, I share my journey in the open-source world and how it improved my engineering skills, led to my promotion at work, and introduced new opportunities in public speaking, podcast appearances, and blog writing.
I will discuss soft skills and behaviors that allowed me to advance my career and share tips and tricks for new code contributions while keeping a work-life balance so you can start your journey.

How CyberArk Reduces Cognitive Load with Platform Engineering

In this talk, you will learn of CyberArk's platform engineering group's journey over four years, from its initial humble start to its internal recognition as the company's golden path for new Serverless applications.
The talk presents the group's primary goal: to help developers focus on what matters most - the business domain- and also explains the challenges it faced and how it tackled them.

AWS Lambda Event Validation — from Zero to Hero

Handling Lambda event inputs in AWS is an art by itself. Lack of documentation in addition to lack of similarity between different AWS services, makes input validation harder than it should be.

As a good engineer, you should always strive to validate your input. In that case, any lambda that you write is required to parse its’ input event dictionary and validate it.
Failing to do that properly can cause unhandled exceptions, unexpected errors, costly lambda retries and potential production downtime.

In this talk I will show how to properly validate & parse your input in a safe and simple manner, no matter what AWS service you use.

I will share my solution, a Python based event parser which I donated to an AWS backed repository: “AWS Lambda Powertools”. This repository has over 900 stars on Github and has been downloaded over 500k times in the past year and is considered to be THE repo which sets the standards for AWS Lambda best practices.

Do you want to reduce expenses and errors in your lambdas? Come and learn how to use the AWS Lambda Powertools Parser utility which I donated to AWS.

Effortless Serverless Development with AWS Lambda Cookbook

Building a Serverless SaaS application is a challenging task.
Do you want to avoid the complexity and cognitive load of developing Serverless applications?
Look no further than "AWS Lambda Cookbook," the Serverless service template that streamlines serverless development and boosts developer velocity.
The template project provides a fully deployable service (with AWS CDK), a CI/CD pipeline, 100% test coverage, and an AWS Lambda handler that contains all the best practices.

In this talk, we'll explore how 'AWS Lambda Cookbook' simplifies the development process, reduces the cognitive load on developers, and ultimately leads to faster, more efficient development.
Whether you are new to serverless computing or are already using it in your development environment, this talk will provide valuable insights and practical tips for streamlining your serverless development workflow.

How CyberArk Built Tenant Management Service for Their SaaS Offering

Multi-tenant software-as-a-service (SaaS) applications can contain many services maintained by different teams based on various technologies. A tenant is the most fundamental construct of a SaaS environment. CyberArk's customers that sign up to use CyberArk's SaaS applications represent tenants in the system.
A Tenant management service manages the tenant's provisioning and life cycle. Tenant management is usually one of the first services SaaS providers build for their SaaS control plane, as the tenant onboarding experience must be simple and fast.

In this talk, you will learn how CyberArk built a simple, cost-effective, scalable tenant management service.
The tenant management service's primary responsibility is adding new tenants and provisioning multiple CyberArk products to the tenants according to the customer's subscription.
In addition, the service manages the life cycle of the tenant and its products, from licenses and configurations to customer notifications (e.g., welcome email) and tenant deletion.

Based on this AWS article: https://aws.amazon.com/blogs/apn/how-cyberark-built-tenant-management-service-for-its-saas-offering/

Cloud Platform Engineering - Supercharge Your Development

Building a SaaS application is not an easy task.
When organizations create Saas offerings, several teams handle the research and development. However, the teams face similar challenges regarding cloud infrastructure capabilities. How do you deploy to the cloud? How do you handle logging? Observability? Security best practices? Tenant isolation?

Each SaaS application requires the same set of cloud infrastructure features and capabilities that make it production-ready. These features are unrelated to a specific business domain.
More often than none, these cloud infrastructure capabilities are developed concurrently by different teams as they continue their journey to a production-ready service. This may lead to multiple solutions, perhaps even another technological stack, all within the same organization, resulting in organizational waste.

What if I told you, you could reduce this waste and turn it into a catalysator of innovation, organizational knowledge sharing, and development acceleration?

As an architect in the cloud platform engineering group, in this talk, I’ll share our journey over the last three years, discuss what we do, how we reduce the organizational waste (and turn it around), the challenges we face, and how we solved them.

AWS Lambda Best Practices: Resilient Input Validation

Developers tend to focus on implementing the AWS Lambda handler business logic and pay less attention to the validity of the 'event' input parameter.
Their algorithm is simple: extract the business logic payload from the input and process it. Easy.
However, this overly optimistic behavior can lead to crashes, undefined behaviors, bugs, and even security issues.

Join this session to learn the importance of input validation in the cloud, the pitfalls it prevents, and how to overcome the inherent challenges and complexity you encounter when developing AWS Lambda functions.
You will learn how to process your event input in a safe and resilient manner so you can focus on the things that matter the most, your business logic.

AWS CDK - Best Practices From The Trenches

AWS CDK revolutionized the way we create resources in the cloud. It enables developers to write infrastructure as code and feel at home.

However, AWS CDK is such a flexible and powerful tool that it's easy to make mistakes. And some mistakes can be very costly.

In this talk, I'll present my take on AWS CDK best practices, gathered from almost three years of development stages to production with CDK.
I'll cover topics such as:
1. Project Structure and stack guidelines
2. Constructs guidelines
3. CI/CD guidelines
4. Resiliency & security guidelines
5. General development tips

Level Up Your CI/CD With Smart AWS Feature Flags

Feature flags can improve your CI/CD process by enabling capabilities otherwise not possible, thus making them an enabler of DevOps and a crucial part of continuous integration.
Partial rollouts, A/B testing, and the ability to quickly change a configuration without redeploying code are advantages you gain by using features flags.
However, that requires a flexible and easy-to-use feature flags implementation.

In this talk, I present the added value of using feature flags as part of your CI/CD process and showcase a feature flags rule-based open-source SDK I contributed to AWS Lambda Powertools that leverages AWS AppConfig.

Join the session and discover how you can level up your AWS CI/CD today.

Our Saas Journey with CDK

At CyberArk, we’ve started working on a new Saas project some months ago.
After some research, we decided to use CDK as our chosen AWS deployment tool of choice.
In this short talk we’ll describe why we chose CDK, what problems it solved for us, and share some of the insights we gained during the journey.

We feel that we have transformed from CDK rookies to CDK pros over a short period.
CDK has helped us to decrease development time dramatically since we started using it.
We can now focus more on implementing business logic while the infrastructure’s code and deployment have become minor technical issues which we solve with CDK.