$30 off During Our Annual Pro Sale. View Details »

Reliability, consistency, and confidence through immutability

Reliability, consistency, and confidence through immutability

Immutable infrastructure is a model in which no updates, security patches, or configuration changes happen in place on production systems. If any change is needed, a new version of the architecture is built and deployed. Since changes aren’t allowed in immutable infrastructure, you can be sure about the state of the deployed system. Immutable infrastructures are more consistent, reliable, and predictable, and they simplify many aspects of software development and operations by preventing common issues related to mutability. This session dives deep into this topic, and you learn why immutable infrastructure is an important concept in cloud architecture.

Adrian Hornsby

December 02, 2020
Tweet

More Decks by Adrian Hornsby

Other Decks in Programming

Transcript

  1. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Reliability, consistency, and
    confidence through immutability
    Adrian Hornsby
    Principal Developer Advocate
    Amazon Web Services
    A R C 3 0 3

    View Slide

  2. Immutable:
    not capable of or susceptible to change

    View Slide

  3. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Traditional infrastructures

    View Slide

  4. Uptime

    View Slide

  5. Instance
    User
    ssh

    View Slide

  6. 4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 2.7.18
    Application v1.62
    4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 3.7.8
    Application v2.0
    Upgrade process
    SSH
    repo update
    library upgrade
    stop application
    test & debug
    reboot
    test
    start application
    Instance 01234 Instance 01234
    downtime
    Same instance/container ID
    User
    place server update

    View Slide

  7. VPC
    AWS Cloud
    Availability Zone 1
    Auto Scaling group
    Availability Zone 2
    Auto Scaling group
    NAT gateway NAT gateway
    Instance Instance
    Instance Instance
    Amazon EC2 Auto
    Scaling
    ssh > _ love syndrome
    7
    User
    Leads to configuration
    drifts, and more

    View Slide

  8. Beta
    Staging
    Production
    Code
    Build Package
    Configu-
    ration
    Test Deploy
    Mutable deployments pipelines
    Build Package
    Configu-
    ration
    Test Deploy
    Build Package
    Configu-
    ration
    Test Deploy

    View Slide

  9. #!/bin/bash
    yum update -y
    amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
    yum install -y httpd mariadb-server
    systemctl start httpd
    systemctl enable httpd
    usermod -a -G apache ec2-user
    chown -R ec2-user:apache /var/www
    chmod 2775 /var/www
    find /var/www -type d -exec chmod 2775 {} \;
    find /var/www -type f -exec chmod 0664 {} \;
    echo "" > /var/www/html/phpinfo.php
    Running commands on Linux instance at launch with user data
    and shell scripts

    View Slide

  10. >>> pip install -r requirements.txt
    >>> npm install
    >>> docker build

    View Slide

  11. https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet
    https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

    View Slide

  12. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Immutable infrastructure

    View Slide

  13. 4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 2.7.18
    Application v1.62
    Upgrade process
    Update routing
    Instance 123
    Offline provisioning
    Update routing
    zero downtime
    4.14.186-146.268.amzn2.x86_64
    GNU/Linux
    Python 3.7.8
    Application v2.0
    Instance abc
    User
    Golden AMI
    Tests
    Deploy offline

    View Slide

  14. Beta
    Staging
    Production
    Code
    Immutable deployments
    Build Package
    Configu-
    ration
    Test Deploy
    > Git push

    View Slide

  15. http://chadfowler.com/2013/06/23/immutable-deployments.html

    View Slide

  16. Benefits of immutable deployment
    1. Reduction in configuration drifts
    2. Simplified deployments
    3. Reliable atomic deployments
    4. Safer deployments with fast rollback and recovery processes
    5. Consistent testing and debugging environments
    6. Increased scalability
    7. Simplified toolchain
    8. Increased security

    View Slide

  17. Security considerations
    Mutability is one of the most critical attack vectors
    for cyber crimes.
    DETECT. NUKE. REPLACE.

    View Slide

  18. Routing
    mechanism
    Users
    Old application
    version
    New application
    version
    Canary deployment

    View Slide

  19. Routing
    mechanism
    Users
    Old application
    version
    New application
    version
    Canary deployment
    • Internal teams vs. customers
    • Paying customers vs. non-paying customers
    • Geographic-based routing
    • Feature flags (FeatureToggle)
    • Random

    View Slide

  20. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Canary deployments
    on AWS

    View Slide

  21. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    1. Route 53 with weighted routing policy
    2. Rolling Deployments for Auto Scaling Groups
    3. Load balancer with weighted target groups
    4. API Gateway release deployments
    5. AWS Lambda alias traffic shifting [DEMO]
    Canary deployment on AWS

    View Slide

  22. 1. Route 53 with weighted routing policy
    Users Amazon
    Route 53
    Old application version
    New application version
    Elastic Load
    Balancing
    Compute Database
    Elastic Load
    Balancing
    Compute Database

    View Slide

  23. 1. Route 53 with weighted routing policy
    Old application version
    New application version
    Users
    Amazon
    Route 53
    Elastic Load
    Balancing
    Compute Database
    90
    10
    Elastic Load
    Balancing
    Compute Database
    DNS Propagation!

    View Slide

  24. 2. Rolling deployments for auto scaling groups
    https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f
    ASG with old version
    Users Amazon
    Route 53
    Database
    Elastic Load
    Balancing
    ASG with new version
    App V2
    App V1
    App V1
    App V1
    Auto Scaling
    Groups
    https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/

    View Slide

  25. 3. Application load balancer and weighted
    target groups
    Target group with old version
    Users Amazon
    Route 53
    Compute
    Database
    Compute
    Elastic Load
    Balancing
    Target group with new version
    90%
    10%
    https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/

    View Slide

  26. 3. Application load balancer and weighted
    target groups
    https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/
    Target group with old version
    Users Amazon
    Route 53
    Compute
    Database
    Compute
    Elastic Load
    Balancing
    Target group with new version
    90%
    10%

    View Slide

  27. 4. API Gateway release deployments
    Users Amazon
    Route 53
    Stage with old version
    AWS Lambda
    Database
    AWS Lambda
    Stage with new version
    Amazon API Gateway
    90%
    10%

    View Slide

  28. 4. API Gateway release deployments
    Users Amazon
    Route 53
    Stage with old version
    AWS Lambda
    Database
    AWS Lambda
    Stage with new version
    Amazon API Gateway
    90%
    10%

    View Slide

  29. 5. AWS Lambda alias traffic shifting
    Users Amazon
    Route 53
    Old version
    AWS Lambda Database
    New version
    Amazon API Gateway

    View Slide

  30. 5. AWS Lambda alias traffic shifting
    Users Amazon
    Route 53
    Old version
    AWS Lambda Database
    New version
    Amazon API Gateway

    View Slide

  31. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    https://github.com/adhorn/aws-lambda-
    sam-application

    View Slide

  32. View Slide

  33. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    AWS Well-Architected Framework
    The official best practices for Architecting in the AWS Cloud
    https://aws.amazon.com/architecture/well-architected
    Architecture resources
    AWS Architecture Center
    Official AWS repository for all Architecture resources
    https://aws.amazon.com/architecture
    AWS Solutions Library
    Vetted reference implementations and Well-Architected patterns
    https://aws.amazon.com/solutions/
    AWS Well-Architected Labs
    Hands-on labs to help you learn, measure, and build using architectural best practices
    https://wellarchitectedlabs.com/

    View Slide

  34. Thank you!
    © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Adrian Hornsby
    Principal Developer Advocate
    Amazon Web Services
    https://medium.com/@adhorn

    View Slide

  35. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide