AWS Summit Benelux, Amsterdam, April 17th, 2019
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCI/CD on AWSDanilo PocciaPrincipal Evangelist, ServerlessAWS@danilopFlynn BundyConsultant, DevOpsAWS@bundyfx
View Slide
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TListenIterateExperimentInnovationFlywheelExperiments power the engine of rapid innovation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TRelease process stagesSource Build Test Production
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TPillars of releasing modern applications
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TPillars of releasing modern applicationsInfrastructureas code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TInfrastructure as code goals1. Make infrastructure changes repeatable and predictable2. Release infrastructure changes using the same tools as code changes3. Replicate production environment in a staging environment to enablecontinuous testing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TRelease infrastructure-as-code with AWS CloudFormation“Master”branchPreparetemplateCreate & executechange setCreate & executechange set
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TModel function environments with AWSServerless Application Model (SAM)• Open source framework for building serverlessapplications on AWS• Shorthand syntax to express functions, APIs,databases, and event source mappings• Transforms and expands SAM syntax into AWSCloudFormation syntax on deployment• Supports all AWS CloudFormation resource typeshttps://aws.amazon.com/serverless/sam/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TModel container environments with AWSCloud Development Kit (CDK)DeveloperPreview• Open source framework to define cloudinfrastructure in TypeScript, Java, C#, …• Provides library of higher-level resource types(“construct” classes) that have AWS best practicesbuilt in by default, packaged as npm modules• Provisions resources with CloudFormation• Supports all CloudFormation resource typesAWSCDKhttps://awslabs.github.io/aws-cdk
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS Cloud Development Kit (CDK)npm install -g aws-cdkcdk init app --language typescriptcdk synthcdk deploycdk diffcdk destroyCodePipelineUse CloudFormationdeployment actions withany synthesized CDKapplicationJenkinsUse CDK CLIDeveloperPreviewTypeScriptC#F#JavaPython…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCDK templateimport ec2 = require('@aws-cdk/aws-ec2');import ecs = require('@aws-cdk/aws-ecs');import cdk = require('@aws-cdk/cdk');class BonjourFargate extends cdk.Stack {constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {super(parent, name, props);const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });const cluster = new ecs.Cluster(this, 'Cluster', { vpc });new ecs.LoadBalancedFargateService(this, "FargateService", {cluster,image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),});}}const app = new cdk.App();new BonjourFargate(app, 'Bonjour');app.run();
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I Timport ec2 = require('@aws-cdk/aws-ec2');import ecs = require('@aws-cdk/aws-ecs');import cdk = require('@aws-cdk/cdk');class BonjourFargate extends cdk.Stack {constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {super(parent, name, props);const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });const cluster = new ecs.Cluster(this, 'Cluster', { vpc });new ecs.LoadBalancedFargateService(this, "FargateService", {cluster,image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),});}}const app = new cdk.App();new BonjourFargate(app, 'Bonjour');app.run();CDK template
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TModel pipelines with AWS CDK• Minimize copy-and-paste by using object-oriented language• Define microservice pipeline “shape” in one class, then re-use it acrossmany pipelines• CDK includes many high-level constructs for modeling a CodePipelinepipeline, including automatically configuring IAM role policies
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCDK pipelines: Constructexport class MyMicroservicePipeline extends cdk.Construct {constructor(parent: cdk.Construct, name: string, props: MyMicroservicePipelineProps) {super(parent, name);const pipeline = new codepipeline.Pipeline(this, 'Pipeline', {pipelineName: props.serviceName,});const githubAccessToken = new cdk.SecretParameter(this, 'GitHubToken',{ ssmParameter: 'GitHubToken' });new codepipeline.GitHubSourceAction(this, 'GitHubSource', {stage: pipeline.addStage('Source'),owner: 'myorg',repo: props.serviceName,oauthToken: githubAccessToken.value});…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCDK pipelines: Stackimport cdk = require('@aws-cdk/cdk');import { MyMicroservicePipeline } from './pipeline';class MyMicroservicePipelinesStack extends cdk.Stack {constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {super(parent, name, props);new MyMicroservicePipeline(this, 'Pipeline1', { 'serviceName': 'Microservice1' });new MyMicroservicePipeline(this, 'Pipeline2', { 'serviceName': 'Microservice2' });new MyMicroservicePipeline(this, 'Pipeline3', { 'serviceName': 'Microservice3' });new MyMicroservicePipeline(this, 'Pipeline4', { 'serviceName': 'Microservice4' });}}const app = new cdk.App();new MyMicroservicePipelinesStack(app, 'MyMicroservicePipelines');app.run();
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TPillars of releasing modern applicationsContinuousintegration
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TContinuous integration goalsSource Build Test Production
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TContinuous integration goals1. Automatically kick off a new release when new code is checked in2. Build and test code in a consistent, repeatable environment3. Continually have an artifact ready for deployment4. Continually close feedback loop when build fails
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodePipeline• Continuous delivery service for fast and reliableapplication updates• Model and visualize your software release process• Builds, tests, and deploys your code every timethere is a code change• Integrates with third-party tools and AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodePipeline: Supported sourcesPick branchAWS CodeCommitGitHubPick object or folderAmazon S3Pick Docker tagAmazon ECRAutomatically kick off release and pull latest source code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodePipeline: ECR source actionSource code:“master” branchECR repository:“release” tag
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodePipeline: Supported triggersAutomatically kick off releaseAmazon CloudWatch Events• Scheduled (nightly release)• AWS Health events (Fargateplatform retirement)Available in CloudWatch Eventsconsole, API, SDK, CLI, and AWSCloudFormationWebhooks• DockerHub• Quay• ArtifactoryAvailable in CodePipeline API,SDK, CLI, and CloudFormation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeBuild• Fully managed build service that compiles sourcecode, runs tests, and produces software packages• Scales continuously and processes multiple buildsconcurrently• No build servers to manage• Pay by the minute, only for the computeresources you use• Monitor builds through CloudWatch Events
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeBuild• Each build runs in a new Docker container for aconsistent, immutable environment• Docker and AWS CLI are installed in every officialCodeBuild image• Provide custom build environments suited toyour needs through the use of Docker images
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeBuild: Lambda buildspecversion: 0.2phases:build:commands:- npm ci- npm test- >aws cloudformation package--template-file template.yaml--output-template packaged.yaml--s3-bucket $BUCKETartifacts:type: zipfiles:- packaged.yaml
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeBuild: Lambda buildspec using SAM CLIversion: 0.2phases:install:commands:- pip install --upgrade awscli aws-sam-clibuild:commands:- sam build- sam package --s3-bucket $BUCKET --output-template-file packaged.yamlartifacts:type: zipfiles:- packaged.yaml
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeBuild: Docker buildspecversion: 0.2phases:build:commands:- $(aws ecr get-login --no-include-email)- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REPO:$IMAGE_TAG- docker push $ECR_REPO:$IMAGE_TAG
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TPillars of releasing modern applicationsContinuousdeployment
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TContinuous deployment goalsSource Build Test Production
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TContinuous deployment goals1. Automatically deploy new changes to staging environments for testing2. Deploy to production safely without impacting customers3. Deliver to customers faster: Increase deployment frequency,and reduce change lead time and change failure rate
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAWS CodeDeploy• Automates code deployments to any instanceand Lambda• Handles the complexity of updating yourapplications• Avoid downtime during application deployment• Roll back automatically if failure detected• Deploy to Amazon EC2, Lambda, ECS, or on-premises servers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy – Lambda deployments in SAM templatesResources:GetFunction:Type: AWS::Serverless::FunctionProperties:AutoPublishAlias: liveDeploymentPreference:Type: Canary10Percent10MinutesAlarms:- !Ref ErrorsAlarm- !Ref LatencyAlarmHooks:PreTraffic: !Ref PreTrafficHookFunctionPostTraffic: !Ref PostTrafficHookFunctionCanary10Percent30MinutesCanary10Percent5MinutesCanary10Percent10MinutesCanary10Percent15MinutesLinear10PercentEvery10MinutesLinear10PercentEvery1MinuteLinear10PercentEvery2MinutesLinear10PercentEvery3MinutesAllAtOnce
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy – Lambda canary deploymentAPIGatewayLambdafunctionweightedalias “live”v1 Lambdafunctioncode100%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy – Lambda canary deploymentAPIGatewayLambdafunctionweightedalias “live”v1 code100%Run PreTraffic hook against v2 code before it receives trafficv2 code0%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy – Lambda canary deploymentAPIGatewayLambdafunctionweightedalias “live”v1 code90%Wait for 10 minutes, roll back in case of alarmv2 code10%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy – Lambda canary deploymentAPIGatewayLambdafunctionweightedalias “live”v1 code0%Run PostTraffic hook and complete deploymentv2 code100%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TAPI Gateway canary stageAPIGatewayProductionstagev1 codev2 code99.5%0.5%Canarystage
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deployments• Provisions “green” tasks, then flips traffic at theload balancer• Validation “hooks” enable testing at each stage ofthe deployment• Fast rollback to “blue” tasks in seconds if case ofhook failure or CloudWatch alarms• Monitor deployment status and history viaconsole, API, Amazon SNS notifications, andCloudWatch Events• Use “CodeDeploy-ECS” deploy action inCodePipeline or “aws ecs deploy” command inJenkins
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS appspecversion: 1.0Resources:- TargetService:Type: AWS::ECS::ServiceProperties:- TaskDefinition: "my_task_definition:8"LoadBalancerInfos:- ContainerName: "SampleApp"ContainerPort: 80Hooks:- BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstalltion"- AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation"- AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift"- BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift"- AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deployment100%Prodtraffic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deploymentTargetgroup 2100%ProdtrafficTest traffic listener(port 9000)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deploymentGreen tasks:v2 code100%ProdtrafficProvision green tasks
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deployment100%ProdtrafficRun hook against test endpoint before green tasks receive prod traffic0%Prodtraffic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deploymentFlip traffic to green tasks, rollback in case of alarm0%Prodtraffic100%Prodtraffic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCodeDeploy-ECS blue-green deployment100%ProdtrafficDrain blue tasks
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCapital One – Credit Offers API serverless architectureAffiliateswww.capitalone.com/credit-cards/prequalifyAWS CloudCapital OneAPI GatewayVPCLambdaFunctionTraces LogsProduction SupportCommand CenterCOATCredit Offers API TeamLambdaFunctionS3 BucketTTLThird-PartyAPI
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCapital One – Credit Offers API CI/CD pipelineContinuous Improvement, Continuous Delivery!GitHub LGTM Bot Jenkins AWS SAMS3 Bucket(Versioning)LambdaFunctionDeploymentType:dev: AllAtOnceqa: AllAtOnceqaw: AllAtOnceprod: Canary10Percent10Minutesprodw: Canary10Percent10Minutescanary5xxGetProductsAlarm:Type: AWS::CloudFormation::AlarmProperties:AlarmActions:- !FindInMap:- params- AdminSNSTopic- !Ref EnvironmentAlarmDescription: 500 error from productlisting Lambda.ComparisonOperator:GreatherThanOrEqualTothresholdPeriod: 300Statistic: SumThreshold: 1EvaluationPeriod: 1
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TCapital One – Benefits from taking the API serverlessPerformance gainsFrom the time the requestis received by lambda tothe time to send theresponse back70%Cost savingsBy removing EC2, ELB andRDS from our solution90%Increase in team velocityReduce investment in team’s timeon DevOps and dedicate back tofeature development!30%
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TTakeaways1. Manage your infrastructure as code2. Frequently build and integrate your code to get a first feedback3. Continuously release in production using canary releases withmonitoring and automated rollbacks4. Use canary releases to get both technical and business feedback
Thank you!S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.Danilo Poccia@danilopFlynn Bundy@bundyfx