Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reliability, consistency, and confidence through immutability

Reliability, consistency, and confidence through immutability

Immutable infrastructure is a model in which no updates, security patches, or configuration changes happen in place on production systems. If any change is needed, a new version of the architecture is built and deployed. Since changes aren’t allowed in immutable infrastructure, you can be sure about the state of the deployed system. Immutable infrastructures are more consistent, reliable, and predictable, and they simplify many aspects of software development and operations by preventing common issues related to mutability. This session dives deep into this topic, and you learn why immutable infrastructure is an important concept in cloud architecture.

E6c942c0f8e6042fbd47fcd3c4113b90?s=128

Adrian Hornsby

December 02, 2020
Tweet

Transcript

  1. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Reliability, consistency, and confidence through immutability Adrian Hornsby Principal Developer Advocate Amazon Web Services A R C 3 0 3
  2. Immutable: not capable of or susceptible to change

  3. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Traditional infrastructures
  4. Uptime

  5. Instance User ssh

  6. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8

    Application v2.0 Upgrade process SSH repo update library upgrade stop application test & debug reboot test start application Instance 01234 Instance 01234 downtime Same instance/container ID User place server update
  7. VPC AWS Cloud Availability Zone 1 Auto Scaling group Availability

    Zone 2 Auto Scaling group NAT gateway NAT gateway Instance Instance Instance Instance Amazon EC2 Auto Scaling ssh > _ love syndrome 7 User Leads to configuration drifts, and more
  8. Beta Staging Production Code Build Package Configu- ration Test Deploy

    Mutable deployments pipelines Build Package Configu- ration Test Deploy Build Package Configu- ration Test Deploy
  9. #!/bin/bash yum update -y amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 yum

    install -y httpd mariadb-server systemctl start httpd systemctl enable httpd usermod -a -G apache ec2-user chown -R ec2-user:apache /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php Running commands on Linux instance at launch with user data and shell scripts
  10. >>> pip install -r requirements.txt >>> npm install >>> docker

    build
  11. https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

  12. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Immutable infrastructure
  13. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 Upgrade process Update routing

    Instance 123 Offline provisioning Update routing zero downtime 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Instance abc User Golden AMI Tests Deploy offline
  14. Beta Staging Production Code Immutable deployments Build Package Configu- ration

    Test Deploy > Git push
  15. http://chadfowler.com/2013/06/23/immutable-deployments.html

  16. Benefits of immutable deployment 1. Reduction in configuration drifts 2.

    Simplified deployments 3. Reliable atomic deployments 4. Safer deployments with fast rollback and recovery processes 5. Consistent testing and debugging environments 6. Increased scalability 7. Simplified toolchain 8. Increased security
  17. Security considerations Mutability is one of the most critical attack

    vectors for cyber crimes. DETECT. NUKE. REPLACE.
  18. Routing mechanism Users Old application version New application version Canary

    deployment
  19. Routing mechanism Users Old application version New application version Canary

    deployment • Internal teams vs. customers • Paying customers vs. non-paying customers • Geographic-based routing • Feature flags (FeatureToggle) • Random
  20. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Canary deployments on AWS
  21. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 1. Route 53 with weighted routing policy 2. Rolling Deployments for Auto Scaling Groups 3. Load balancer with weighted target groups 4. API Gateway release deployments 5. AWS Lambda alias traffic shifting [DEMO] Canary deployment on AWS
  22. 1. Route 53 with weighted routing policy Users Amazon Route

    53 Old application version New application version Elastic Load Balancing Compute Database Elastic Load Balancing Compute Database
  23. 1. Route 53 with weighted routing policy Old application version

    New application version Users Amazon Route 53 Elastic Load Balancing Compute Database 90 10 Elastic Load Balancing Compute Database DNS Propagation!
  24. 2. Rolling deployments for auto scaling groups https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f ASG with

    old version Users Amazon Route 53 Database Elastic Load Balancing ASG with new version App V2 App V1 App V1 App V1 Auto Scaling Groups https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/
  25. 3. Application load balancer and weighted target groups Target group

    with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10% https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/
  26. 3. Application load balancer and weighted target groups https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/ Target

    group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10%
  27. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%
  28. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%
  29. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway
  30. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway
  31. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. https://github.com/adhorn/aws-lambda- sam-application
  32. None
  33. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Well-Architected Framework The official best practices for Architecting in the AWS Cloud https://aws.amazon.com/architecture/well-architected Architecture resources AWS Architecture Center Official AWS repository for all Architecture resources https://aws.amazon.com/architecture AWS Solutions Library Vetted reference implementations and Well-Architected patterns https://aws.amazon.com/solutions/ AWS Well-Architected Labs Hands-on labs to help you learn, measure, and build using architectural best practices https://wellarchitectedlabs.com/
  34. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Adrian Hornsby Principal Developer Advocate Amazon Web Services https://medium.com/@adhorn
  35. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.