Reliability, consistency, and confidence through immutability

Transcript

1. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Reliability, consistency, and
   confidence through immutability
   Adrian Hornsby
   Principal Developer Advocate
   Amazon Web Services
   A R C 3 0 3
   

   View Slide

2. Immutable:
   not capable of or susceptible to change
   

   View Slide

3. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Traditional infrastructures
   

   View Slide

4. Uptime
   

   View Slide

5. Instance
   User
   ssh
   

   View Slide

6. 4.14.186-146.268.amzn2.x86_64
   GNU/Linux
   Python 2.7.18
   Application v1.62
   4.14.186-146.268.amzn2.x86_64
   GNU/Linux
   Python 3.7.8
   Application v2.0
   Upgrade process
   SSH
   repo update
   library upgrade
   stop application
   test & debug
   reboot
   test
   start application
   Instance 01234 Instance 01234
   downtime
   Same instance/container ID
   User
   place server update
   

   View Slide

7. VPC
   AWS Cloud
   Availability Zone 1
   Auto Scaling group
   Availability Zone 2
   Auto Scaling group
   NAT gateway NAT gateway
   Instance Instance
   Instance Instance
   Amazon EC2 Auto
   Scaling
   ssh > _ love syndrome
   7
   User
   Leads to configuration
   drifts, and more
   

   View Slide

8. Beta
   Staging
   Production
   Code
   Build Package
   Configu-
   ration
   Test Deploy
   Mutable deployments pipelines
   Build Package
   Configu-
   ration
   Test Deploy
   Build Package
   Configu-
   ration
   Test Deploy
   

   View Slide

9. #!/bin/bash
   yum update -y
   amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
   yum install -y httpd mariadb-server
   systemctl start httpd
   systemctl enable httpd
   usermod -a -G apache ec2-user
   chown -R ec2-user:apache /var/www
   chmod 2775 /var/www
   find /var/www -type d -exec chmod 2775 {} \;
   find /var/www -type f -exec chmod 0664 {} \;
   echo "" > /var/www/html/phpinfo.php
   Running commands on Linux instance at launch with user data
   and shell scripts
   

   View Slide

10. >>> pip install -r requirements.txt
    >>> npm install
    >>> docker build
    

    View Slide

11. https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet
    https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/
    

    View Slide

12. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Immutable infrastructure
    

    View Slide

13. 4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 2.7.18
    Application v1.62
    Upgrade process
    Update routing
    Instance 123
    Offline provisioning
    Update routing
    zero downtime
    4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 3.7.8
    Application v2.0
    Instance abc
    User
    Golden AMI
    Tests
    Deploy offline
    

    View Slide

14. Beta
    Staging
    Production
    Code
    Immutable deployments
    Build Package
    Configu-
    ration
    Test Deploy
    > Git push
    

    View Slide

15. http://chadfowler.com/2013/06/23/immutable-deployments.html
    

    View Slide

16. Benefits of immutable deployment
    1. Reduction in configuration drifts
    2. Simplified deployments
    3. Reliable atomic deployments
    4. Safer deployments with fast rollback and recovery processes
    5. Consistent testing and debugging environments
    6. Increased scalability
    7. Simplified toolchain
    8. Increased security
    

    View Slide

17. Security considerations
    Mutability is one of the most critical attack vectors
    for cyber crimes.
    DETECT. NUKE. REPLACE.
    

    View Slide

18. Routing
    mechanism
    Users
    Old application
    version
    New application
    version
    Canary deployment
    

    View Slide

19. Routing
    mechanism
    Users
    Old application
    version
    New application
    version
    Canary deployment
    • Internal teams vs. customers
    • Paying customers vs. non-paying customers
    • Geographic-based routing
    • Feature flags (FeatureToggle)
    • Random
    

    View Slide

20. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Canary deployments
    on AWS
    

    View Slide

21. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    1. Route 53 with weighted routing policy
    2. Rolling Deployments for Auto Scaling Groups
    3. Load balancer with weighted target groups
    4. API Gateway release deployments
    5. AWS Lambda alias traffic shifting [DEMO]
    Canary deployment on AWS
    

    View Slide

22. 1. Route 53 with weighted routing policy
    Users Amazon
    Route 53
    Old application version
    New application version
    Elastic Load
    Balancing
    Compute Database
    Elastic Load
    Balancing
    Compute Database
    

    View Slide

23. 1. Route 53 with weighted routing policy
    Old application version
    New application version
    Users
    Amazon
    Route 53
    Elastic Load
    Balancing
    Compute Database
    90
    10
    Elastic Load
    Balancing
    Compute Database
    DNS Propagation!
    

    View Slide

24. 2. Rolling deployments for auto scaling groups
    https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f
    ASG with old version
    Users Amazon
    Route 53
    Database
    Elastic Load
    Balancing
    ASG with new version
    App V2
    App V1
    App V1
    App V1
    Auto Scaling
    Groups
    https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/
    

    View Slide

25. 3. Application load balancer and weighted
    target groups
    Target group with old version
    Users Amazon
    Route 53
    Compute
    Database
    Compute
    Elastic Load
    Balancing
    Target group with new version
    90%
    10%
    https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/
    

    View Slide

26. 3. Application load balancer and weighted
    target groups
    https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/
    Target group with old version
    Users Amazon
    Route 53
    Compute
    Database
    Compute
    Elastic Load
    Balancing
    Target group with new version
    90%
    10%
    

    View Slide

27. 4. API Gateway release deployments
    Users Amazon
    Route 53
    Stage with old version
    AWS Lambda
    Database
    AWS Lambda
    Stage with new version
    Amazon API Gateway
    90%
    10%
    

    View Slide

28. 4. API Gateway release deployments
    Users Amazon
    Route 53
    Stage with old version
    AWS Lambda
    Database
    AWS Lambda
    Stage with new version
    Amazon API Gateway
    90%
    10%
    

    View Slide

29. 5. AWS Lambda alias traffic shifting
    Users Amazon
    Route 53
    Old version
    AWS Lambda Database
    New version
    Amazon API Gateway
    

    View Slide

30. 5. AWS Lambda alias traffic shifting
    Users Amazon
    Route 53
    Old version
    AWS Lambda Database
    New version
    Amazon API Gateway
    

    View Slide

31. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    https://github.com/adhorn/aws-lambda-
    sam-application
    

    View Slide

32. View Slide

33. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS Well-Architected Framework
    The official best practices for Architecting in the AWS Cloud
    https://aws.amazon.com/architecture/well-architected
    Architecture resources
    AWS Architecture Center
    Official AWS repository for all Architecture resources
    https://aws.amazon.com/architecture
    AWS Solutions Library
    Vetted reference implementations and Well-Architected patterns
    https://aws.amazon.com/solutions/
    AWS Well-Architected Labs
    Hands-on labs to help you learn, measure, and build using architectural best practices
    https://wellarchitectedlabs.com/
    

    View Slide

34. Thank you!
    © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Adrian Hornsby
    Principal Developer Advocate
    Amazon Web Services
    https://medium.com/@adhorn
    

    View Slide

35. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide