![Page 1: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/1.jpg)
S U M M I TB E R L I N
![Page 2: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/2.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Best Practices for Safe Deployments on AWS Lambda and Amazon API GatewayDanilo PocciaPrincipal Evangelist, ServerlessAWS
@danilop
S e s s i o n I D
![Page 3: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/3.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is serverless?
No infrastructure provisioning, no management
Automatic scaling
Pay for value Highly available and secure
![Page 4: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/4.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
ListenIterate
Experiment
InnovationFlywheel
Experiments power the engine of rapid innovation
![Page 5: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/5.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code
✓Make infrastructure
changes repeatable and predictable
✓Release infrastructure
changes using the same tools as code
changes
✓Replicate production
environment in a staging environment to
enable continuous testing
![Page 6: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/6.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code
Declarative
I tell youwhat I need
I tell youwhat to do
Imperative
![Page 7: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/7.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code best practices
✓Infrastructure
and applicationin the same
source repository
For example:
AWS CloudFormationHashiCorp Terraform
✓Deployments
includeinfrastructure
updates
![Page 8: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/8.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Infrastructure as code for serverless apps
For example:
AWS Serverless Application Model (SAM)Serverless Framework
![Page 9: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/9.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
SAM templateAWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.get
Runtime: nodejs8.10
CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref MyTable
Events:
GetResource:
Type: Api
Properties:
Path: /resource/{resourceId}
Method: get
MyTable:
Type: AWS::Serverless::SimpleTable
Just 20 lines to create:• Lambda function• IAM role• API Gateway• DynamoDB table
![Page 10: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/10.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
SAM CLI
https://github.com/awslabs/aws-sam-cli
![Page 11: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/11.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Nested apps to simplify solving recurring problems
StandardComponent
TweetSource:Type: AWS::Serverless::ApplicationProperties:
Location:ApplicationId: arn:aws:serverlessrepo:...SemanticVersion: 2.0.0
Parameters:TweetProcessorFunctionName: !Ref MyFunctionSearchText: '#serverless -filter:nativeretweets’
CustomBusiness
Logic
![Page 12: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/12.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS Cloud Development Kit (CDK)
https://awslabs.github.io/aws-cdk
AWS CDK Toolkit+
AWS Construct Library+
@aws-cdk/aws-serverless
![Page 13: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/13.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What is continuous delivery?
Source Build Pre-Test Deploy Post-
Test
![Page 14: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/14.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Serverless deployments
Code
StackPackage Deploy
Template
![Page 15: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/15.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Serverless deployments with a test environment
FeedbackLoop
ProductionStack
Deploy
Code
TestStack
Package Deploy
Template
![Page 16: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/16.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda deployments
Enable in your serverless application template
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
DeploymentPreference:
Type: Canary10Percent10Minutes
Alarms:
- !Ref ErrorsAlarm
Hooks:
PreTraffic: !Ref PreTrafficHook
Canary10Percent30MinutesCanary10Percent5MinutesCanary10Percent10MinutesCanary10Percent15Minutes
Linear10PercentEvery10MinutesLinear10PercentEvery1MinuteLinear10PercentEvery2MinutesLinear10PercentEvery3Minutes
AllAtOnce
![Page 17: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/17.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 Lambda function
code
100%
![Page 18: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/18.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code100%
Run PreTraffic hook against v2 code before it receives traffic
v2 code0%
![Page 19: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/19.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code90%
Wait for 10 minutes, roll back in case of alarm
v2 code10%
![Page 20: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/20.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy – Lambda canary deployment
API Gateway
Lambda function weighted alias “live”
v1 code0%
Run PostTraffic hook and complete deployment
v2 code100%
![Page 21: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/21.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
API Gateway canary stage
API Gateway
Productionstage
v1 code
v2 code
99.5%
0.5%Canarystage
![Page 22: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/22.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
BUSINESS LOGIC
LIB B
Before
BUSINESS LOGIC
LIB A
LIB B
BUSINESS LOGIC
LIB A
LIB B
BUSINESS LOGIC
LIB A
LIB B
LIB A
UseLambda Layersfor shared code
that doesn’t change frequently
![Page 23: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/23.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
BUSINESS LOGIC
BUSINESS LOGIC
BUSINESS LOGIC
BUSINESS LOGIC
LIB A LIB B
UseLambda Layers
for shared code that doesn’t change
frequently
Focus on your business logic and speed up function
deployments
After
![Page 24: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/24.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Code reviews
1. Review infrastructure changes2. Understand architectural impact3. How effective is to exchange feedback?4. How effective is to review code history?5. Using pull requests?6. Is manual approval really required?7. Look for different perspectives (cross team)
X X
X X
![Page 25: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/25.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Project
Product
v1 v2 v3
Customerneeds
![Page 26: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/26.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Project
Product
Reachmilestone
Customervalue
Lifecyclecosts
Cost to reachmilestone
Backwardlooking
Forwardlooking
![Page 27: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/27.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
“The process becomes the proxy for the result you want. You stop looking at outcomes
and just make sure you’re doing the process right.”
Jeff Bezos2016 Letter to Shareholders
Resist proxies
![Page 28: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/28.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Feedback to business
Code
TestStack
Package Deploy
Template
FeedbackLoop
ProductionStack
Deploy
Business
![Page 29: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/29.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Feedback to business
FeedbackLoop
ProductionStack
Deploy
Code
TestStack
Package Deploy
Template
Business
![Page 30: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/30.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Product
Features
Defects
Risks
Debts
Product developmentBusiness
Customers
Security &Compliance
Developers &Architects
AvoidOverutilization
![Page 31: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/31.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Credit Offers API serverless architecture
Affiliates
www.capitalone.com/credit-cards/prequalify
AWS Cloud
Capital OneAPI Gateway
VPC
Lambda Function
Traces LogsProduction Support Command Center
COATCredit Offers API Team
Lambda Function
S3 Bucket
TTL
Third-Party API
![Page 32: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/32.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Credit Offers API CI/CD pipeline
Continuous Improvement, Continuous Delivery!
GitHub LGTM Bot Jenkins AWS SAM
S3 Bucket(Versioning)
Lambda Function
DeploymentType:dev: AllAtOnceqa: AllAtOnceqaw: AllAtOnceprod: Canary10Percent10Minutesprodw: Canary10Percent10Minutes
canary5xxGetProductsAlarm:Type: AWS::CloudFormation::AlarmProperties:AlarmActions:
- !FindInMap:- params- AdminSNSTopic- !Ref Environment
AlarmDescription: 500 error from product listing Lambda.
ComparisonOperator: GreatherThanOrEqualTothreshold
Period: 300Statistic: SumThreshold: 1EvaluationPeriod: 1
![Page 33: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/33.jpg)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Capital One – Benefits from taking the API serverless
Performance gains
From the time the request is received by lambda to
the time to send the response back
70%
Cost savings
By removing EC2, ELB and RDS from our solution
90%
Increase in team velocity
Reduce investment in team’s time on DevOps and dedicate back to
feature development!
30%
![Page 34: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/34.jpg)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
![Page 35: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/35.jpg)
Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Danilo Poccia@danilop
![Page 36: SUMMIT - Amazon Web Services... · 2019-03-01 · No infrastructure provisioning, no management. Automatic scaling. Pay for value. Highly available and secure](https://reader036.vdocument.in/reader036/viewer/2022062917/5ed70e5a62136e72fb7bc0ac/html5/thumbnails/36.jpg)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.