Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reliability, consistency, and confidence through immutability

Reliability, consistency, and confidence through immutability

Immutable infrastructure is a model in which no updates, security patches, or configuration changes happen in place on production systems. If any change is needed, a new version of the architecture is built and deployed. Since changes aren’t allowed in immutable infrastructure, you can be sure about the state of the deployed system. Immutable infrastructures are more consistent, reliable, and predictable, and they simplify many aspects of software development and operations by preventing common issues related to mutability. This session dives deep into this topic, and you learn why immutable infrastructure is an important concept in cloud architecture.

Adrian Hornsby

December 02, 2020
Tweet

More Decks by Adrian Hornsby

Other Decks in Programming

Transcript

  1. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Reliability, consistency, and confidence through immutability Adrian Hornsby Principal Developer Advocate Amazon Web Services A R C 3 0 3
  2. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Traditional infrastructures
  3. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8

    Application v2.0 Upgrade process SSH repo update library upgrade stop application test & debug reboot test start application Instance 01234 Instance 01234 downtime Same instance/container ID User place server update
  4. VPC AWS Cloud Availability Zone 1 Auto Scaling group Availability

    Zone 2 Auto Scaling group NAT gateway NAT gateway Instance Instance Instance Instance Amazon EC2 Auto Scaling ssh > _ love syndrome 7 User Leads to configuration drifts, and more
  5. Beta Staging Production Code Build Package Configu- ration Test Deploy

    Mutable deployments pipelines Build Package Configu- ration Test Deploy Build Package Configu- ration Test Deploy
  6. #!/bin/bash yum update -y amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 yum

    install -y httpd mariadb-server systemctl start httpd systemctl enable httpd usermod -a -G apache ec2-user chown -R ec2-user:apache /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php Running commands on Linux instance at launch with user data and shell scripts
  7. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Immutable infrastructure
  8. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 Upgrade process Update routing

    Instance 123 Offline provisioning Update routing zero downtime 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Instance abc User Golden AMI Tests Deploy offline
  9. Benefits of immutable deployment 1. Reduction in configuration drifts 2.

    Simplified deployments 3. Reliable atomic deployments 4. Safer deployments with fast rollback and recovery processes 5. Consistent testing and debugging environments 6. Increased scalability 7. Simplified toolchain 8. Increased security
  10. Security considerations Mutability is one of the most critical attack

    vectors for cyber crimes. DETECT. NUKE. REPLACE.
  11. Routing mechanism Users Old application version New application version Canary

    deployment • Internal teams vs. customers • Paying customers vs. non-paying customers • Geographic-based routing • Feature flags (FeatureToggle) • Random
  12. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Canary deployments on AWS
  13. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 1. Route 53 with weighted routing policy 2. Rolling Deployments for Auto Scaling Groups 3. Load balancer with weighted target groups 4. API Gateway release deployments 5. AWS Lambda alias traffic shifting [DEMO] Canary deployment on AWS
  14. 1. Route 53 with weighted routing policy Users Amazon Route

    53 Old application version New application version Elastic Load Balancing Compute Database Elastic Load Balancing Compute Database
  15. 1. Route 53 with weighted routing policy Old application version

    New application version Users Amazon Route 53 Elastic Load Balancing Compute Database 90 10 Elastic Load Balancing Compute Database DNS Propagation!
  16. 2. Rolling deployments for auto scaling groups https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f ASG with

    old version Users Amazon Route 53 Database Elastic Load Balancing ASG with new version App V2 App V1 App V1 App V1 Auto Scaling Groups https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/
  17. 3. Application load balancer and weighted target groups Target group

    with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10% https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/
  18. 3. Application load balancer and weighted target groups https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/ Target

    group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10%
  19. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%
  20. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%
  21. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway
  22. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway
  23. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. https://github.com/adhorn/aws-lambda- sam-application
  24. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Well-Architected Framework The official best practices for Architecting in the AWS Cloud https://aws.amazon.com/architecture/well-architected Architecture resources AWS Architecture Center Official AWS repository for all Architecture resources https://aws.amazon.com/architecture AWS Solutions Library Vetted reference implementations and Well-Architected patterns https://aws.amazon.com/solutions/ AWS Well-Architected Labs Hands-on labs to help you learn, measure, and build using architectural best practices https://wellarchitectedlabs.com/
  25. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Adrian Hornsby Principal Developer Advocate Amazon Web Services https://medium.com/@adhorn