summit - amazon web services... · 2019-03-01 · no infrastructure provisioning, no management....
Post on 29-May-2020
3 Views
Preview:
TRANSCRIPT
S U M M I TB E R L I N
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Best Practices for Safe Deployments on AWS Lambda and Amazon API GatewayDanilo PocciaPrincipal Evangelist, ServerlessAWS
@danilop
S e s s i o n I D
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is serverless?
No infrastructure provisioning, no management
Automatic scaling
Pay for value Highly available and secure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
ListenIterate
Experiment
InnovationFlywheel
Experiments power the engine of rapid innovation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code
✓Make infrastructure
changes repeatable and predictable
✓Release infrastructure
changes using the same tools as code
changes
✓Replicate production
environment in a staging environment to
enable continuous testing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code
Declarative
I tell youwhat I need
I tell youwhat to do
Imperative
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code best practices
✓Infrastructure
and applicationin the same
source repository
For example:
AWS CloudFormationHashiCorp Terraform
✓Deployments
includeinfrastructure
updates
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code for serverless apps
For example:
AWS Serverless Application Model (SAM)Serverless Framework
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
SAM templateAWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.get
Runtime: nodejs8.10
CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref MyTable
Events:
GetResource:
Type: Api
Properties:
Path: /resource/{resourceId}
Method: get
MyTable:
Type: AWS::Serverless::SimpleTable
Just 20 lines to create:• Lambda function• IAM role• API Gateway• DynamoDB table
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
SAM CLI
https://github.com/awslabs/aws-sam-cli
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Nested apps to simplify solving recurring problems
StandardComponent
TweetSource:Type: AWS::Serverless::ApplicationProperties:
Location:ApplicationId: arn:aws:serverlessrepo:...SemanticVersion: 2.0.0
Parameters:TweetProcessorFunctionName: !Ref MyFunctionSearchText: '#serverless -filter:nativeretweets’
CustomBusiness
Logic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS Cloud Development Kit (CDK)
https://awslabs.github.io/aws-cdk
AWS CDK Toolkit+
AWS Construct Library+
@aws-cdk/aws-serverless
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is continuous delivery?
Source Build Pre-Test Deploy Post-
Test
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Serverless deployments
Code
StackPackage Deploy
Template
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Serverless deployments with a test environment
FeedbackLoop
ProductionStack
Deploy
Code
TestStack
Package Deploy
Template
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda deployments
Enable in your serverless application template
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
DeploymentPreference:
Type: Canary10Percent10Minutes
Alarms:
- !Ref ErrorsAlarm
Hooks:
PreTraffic: !Ref PreTrafficHook
Canary10Percent30MinutesCanary10Percent5MinutesCanary10Percent10MinutesCanary10Percent15Minutes
Linear10PercentEvery10MinutesLinear10PercentEvery1MinuteLinear10PercentEvery2MinutesLinear10PercentEvery3Minutes
AllAtOnce
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 Lambda function
code
100%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code100%
Run PreTraffic hook against v2 code before it receives traffic
v2 code0%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code90%
Wait for 10 minutes, roll back in case of alarm
v2 code10%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code0%
Run PostTraffic hook and complete deployment
v2 code100%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
API Gateway canary stage
API Gateway
Productionstage
v1 code
v2 code
99.5%
0.5%Canarystage
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
BUSINESS LOGIC
LIB B
Before
BUSINESS LOGIC
LIB A
LIB B
BUSINESS LOGIC
LIB A
LIB B
BUSINESS LOGIC
LIB A
LIB B
LIB A
UseLambda Layersfor shared code
that doesn’t change frequently
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
BUSINESS LOGIC
BUSINESS LOGIC
BUSINESS LOGIC
BUSINESS LOGIC
LIB A LIB B
UseLambda Layers
for shared code that doesn’t change
frequently
Focus on your business logic and speed up function
deployments
After
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Code reviews
1. Review infrastructure changes2. Understand architectural impact3. How effective is to exchange feedback?4. How effective is to review code history?5. Using pull requests?6. Is manual approval really required?7. Look for different perspectives (cross team)
X X
X X
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Project
Product
v1 v2 v3
Customerneeds
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Project
Product
Reachmilestone
Customervalue
Lifecyclecosts
Cost to reachmilestone
Backwardlooking
Forwardlooking
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
“The process becomes the proxy for the result you want. You stop looking at outcomes
and just make sure you’re doing the process right.”
Jeff Bezos2016 Letter to Shareholders
Resist proxies
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Feedback to business
Code
TestStack
Package Deploy
Template
FeedbackLoop
ProductionStack
Deploy
Business
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Feedback to business
FeedbackLoop
ProductionStack
Deploy
Code
TestStack
Package Deploy
Template
Business
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Product
Features
Defects
Risks
Debts
Product developmentBusiness
Customers
Security &Compliance
Developers &Architects
AvoidOverutilization
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Credit Offers API serverless architecture
Affiliates
www.capitalone.com/credit-cards/prequalify
AWS Cloud
Capital OneAPI Gateway
VPC
Lambda Function
Traces LogsProduction Support Command Center
COATCredit Offers API Team
Lambda Function
S3 Bucket
TTL
Third-Party API
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Credit Offers API CI/CD pipeline
Continuous Improvement, Continuous Delivery!
GitHub LGTM Bot Jenkins AWS SAM
S3 Bucket(Versioning)
Lambda Function
DeploymentType:dev: AllAtOnceqa: AllAtOnceqaw: AllAtOnceprod: Canary10Percent10Minutesprodw: Canary10Percent10Minutes
canary5xxGetProductsAlarm:Type: AWS::CloudFormation::AlarmProperties:AlarmActions:
- !FindInMap:- params- AdminSNSTopic- !Ref Environment
AlarmDescription: 500 error from product listing Lambda.
ComparisonOperator: GreatherThanOrEqualTothreshold
Period: 300Statistic: SumThreshold: 1EvaluationPeriod: 1
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Benefits from taking the API serverless
Performance gains
From the time the request is received by lambda to
the time to send the response back
70%
Cost savings
By removing EC2, ELB and RDS from our solution
90%
Increase in team velocity
Reduce investment in team’s time on DevOps and dedicate back to
feature development!
30%
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Danilo Poccia@danilop
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
top related