Reliability, consistency, and confidence through immutability

Transcript

1. © 2020, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Reliability, consistency, and confidence through immutability Adrian Hornsby Principal Developer Advocate Amazon Web Services A R C 3 0 3

2. Immutable: not capable of or susceptible to change

3. © 2020, Amazon Web Services, Inc. or its affiliates. All

   rights reserved. Traditional infrastructures

4. Uptime

5. Instance User ssh

6. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8

   Application v2.0 Upgrade process SSH repo update library upgrade stop application test & debug reboot test start application Instance 01234 Instance 01234 downtime Same instance/container ID User place server update

7. VPC AWS Cloud Availability Zone 1 Auto Scaling group Availability

   Zone 2 Auto Scaling group NAT gateway NAT gateway Instance Instance Instance Instance Amazon EC2 Auto Scaling ssh > _ love syndrome 7 User Leads to configuration drifts, and more

8. Beta Staging Production Code Build Package Configu- ration Test Deploy

   Mutable deployments pipelines Build Package Configu- ration Test Deploy Build Package Configu- ration Test Deploy

9. #!/bin/bash yum update -y amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 yum

   install -y httpd mariadb-server systemctl start httpd systemctl enable httpd usermod -a -G apache ec2-user chown -R ec2-user:apache /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php Running commands on Linux instance at launch with user data and shell scripts

10. >>> pip install -r requirements.txt >>> npm install >>> docker

    build

11. https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

12. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Immutable infrastructure

13. 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 Upgrade process Update routing

    Instance 123 Offline provisioning Update routing zero downtime 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Instance abc User Golden AMI Tests Deploy offline

14. Beta Staging Production Code Immutable deployments Build Package Configu- ration

    Test Deploy > Git push

15. http://chadfowler.com/2013/06/23/immutable-deployments.html

16. Benefits of immutable deployment 1. Reduction in configuration drifts 2.

    Simplified deployments 3. Reliable atomic deployments 4. Safer deployments with fast rollback and recovery processes 5. Consistent testing and debugging environments 6. Increased scalability 7. Simplified toolchain 8. Increased security

17. Security considerations Mutability is one of the most critical attack

    vectors for cyber crimes. DETECT. NUKE. REPLACE.

18. Routing mechanism Users Old application version New application version Canary

    deployment

19. Routing mechanism Users Old application version New application version Canary

    deployment • Internal teams vs. customers • Paying customers vs. non-paying customers • Geographic-based routing • Feature flags (FeatureToggle) • Random

20. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Canary deployments on AWS

21. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 1. Route 53 with weighted routing policy 2. Rolling Deployments for Auto Scaling Groups 3. Load balancer with weighted target groups 4. API Gateway release deployments 5. AWS Lambda alias traffic shifting [DEMO] Canary deployment on AWS

22. 1. Route 53 with weighted routing policy Users Amazon Route

    53 Old application version New application version Elastic Load Balancing Compute Database Elastic Load Balancing Compute Database

23. 1. Route 53 with weighted routing policy Old application version

    New application version Users Amazon Route 53 Elastic Load Balancing Compute Database 90 10 Elastic Load Balancing Compute Database DNS Propagation!

24. 2. Rolling deployments for auto scaling groups https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f ASG with

    old version Users Amazon Route 53 Database Elastic Load Balancing ASG with new version App V2 App V1 App V1 App V1 Auto Scaling Groups https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/

25. 3. Application load balancer and weighted target groups Target group

    with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10% https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/

26. 3. Application load balancer and weighted target groups https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/ Target

    group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10%

27. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

28. 4. API Gateway release deployments Users Amazon Route 53 Stage

    with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

29. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway

30. 5. AWS Lambda alias traffic shifting Users Amazon Route 53

    Old version AWS Lambda Database New version Amazon API Gateway

31. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. https://github.com/adhorn/aws-lambda- sam-application
32. None

33. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Well-Architected Framework The official best practices for Architecting in the AWS Cloud https://aws.amazon.com/architecture/well-architected Architecture resources AWS Architecture Center Official AWS repository for all Architecture resources https://aws.amazon.com/architecture AWS Solutions Library Vetted reference implementations and Well-Architected patterns https://aws.amazon.com/solutions/ AWS Well-Architected Labs Hands-on labs to help you learn, measure, and build using architectural best practices https://wellarchitectedlabs.com/

34. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Adrian Hornsby Principal Developer Advocate Amazon Web Services https://medium.com/@adhorn

35. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.