Evolutionary Serverless Architectures with Safe Deployments

Transcript

1. © 2019, Amazon Web Services, Inc. or its Affiliates. Danilo

   Poccia Principal Evangelist, Serverless @danilop danilop Evolutionary Serverless Architectures with Safe Deployments

2. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

   2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

3. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

   by Oskars Sylwan on Unsplash Focus on what you want to build, not the nuts & bolts required by the implementation of the solution

4. © 2019, Amazon Web Services, Inc. or its Affiliates. Development

   Equilibrium Unique Features to Build Comfort Zone of Known Issues

5. © 2019, Amazon Web Services, Inc. or its Affiliates. PhotoVogue

   Case Study “IT is no longer holding back the business. In fact, it’s helping us grow faster” — Marco Viganò, Digital CTO, Condé Nast Italia

6. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

   by Samuele Errico Piccarini on Unsplash

7. © 2019, Amazon Web Services, Inc. or its Affiliates. Gain

   Speed & Control Project Product

8. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

   2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. v1 v2 v3 Customer needs Project Product

9. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

   2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Project Product Reach milestone Customer value Lifecycle costs Cost to reach milestone Backward looking Forward looking

10. © 2019, Amazon Web Services, Inc. or its Affiliates. Features

    Defects Risks Debts Business Customers Security & Compliance Builders Avoid Overutilization Product

11. © 2019, Amazon Web Services, Inc. or its Affiliates. “An

    evolutionary architecture designs for incremental change in an architecture as a first principle.” — Rebecca Parsons, CTO, Neal Ford, Meme Wrangler, ThoughtWorks

12. © 2019, Amazon Web Services, Inc. or its Affiliates. “Incremental

    change should be your first requirement.” — Me

13. © 2019, Amazon Web Services, Inc. or its Affiliates. Product

    Target

14. © 2019, Amazon Web Services, Inc. or its Affiliates. Product

    New Features Refactoring Improve Security Improve Scalability Target ? ? This is an Optimization Problem…

15. © 2019, Amazon Web Services, Inc. or its Affiliates. Best

    Solution (Unknown) This is an Optimization Problem… Possible Solutions

16. © 2019, Amazon Web Services, Inc. or its Affiliates. Best

    Solution (Unknown) How to Explore the Space of All Possible Solutions? Possible Solutions

17. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Possible Solutions

18. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Fitness Function Possible Solutions

19. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Fitness Function Possible Solutions

20. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Fitness Function Candidate Solutions Possible Solutions

21. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Candidate Solutions Best Solution (Unknown) Fitness Function Generation Selection Possible Solutions

22. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by Eliecer Gallegos on Unsplash

23. © 2019, Amazon Web Services, Inc. or its Affiliates. +

    Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + …

24. © 2019, Amazon Web Services, Inc. or its Affiliates. +

    Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + … = My Fitness Function

25. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function Best Solution (Unknown) Should I go here? Current Architecture Or there? How good the current architecture is? How much would improve if … Functional Requirement Non-Functional Requirement

26. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function fitness time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5

27. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by G. Crescoli on Unsplash

28. © 2019, Amazon Web Services, Inc. or its Affiliates. …in

    Machine Learning: the Objective Function Objective Function Loss Regularization How predictive the model is on the data How complex the model is (to avoid overfitting) Objective is to minimize = +

29. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function & Complexity Fitness Function Fitness Regularization How good the architecture is How complex the architecture is Change sign to maximize = -

30. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Code Template Infrastructure as Code

31. © 2019, Amazon Web Services, Inc. or its Affiliates. AWS

    Serverless Application Model (SAM) AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetFunction: Type: AWS::Serverless::Function Properties: Handler: index.get Runtime: nodejs8.10 CodeUri: src/ Policies: - DynamoDBReadPolicy: TableName: !Ref MyTable Events: GetResource: Type: Api Properties: Path: /resource/{resourceId} Method: get MyTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway • DynamoDB table O pen Source

32. © 2019, Amazon Web Services, Inc. or its Affiliates. SAM

    CLI pip install --user aws-sam-cli sam init --name my-app --runtime python cd my-app/ sam local ... # generate-event/invoke/start-api/start-lambda sam validate # The SAM template sam build # Depending on the runtime sam package --s3-bucket my-packages-bucket \ --output-template-file packaged.yaml sam deploy --template-file packaged.yaml \ --stack-name my-stack-prod sam logs -n MyFunction --stack-name my-stack-prod -t # Tail sam publish # To the Serverless Application Repository O pen Source CodePipeline Use CloudFormation deployment actions with any SAM application Jenkins Use SAM CLI plugin

33. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Code Stack Package Deploy Template Feedback

34. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Stack Deploy

35. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Stack Deploy

36. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures – Safe Deployments All At Once Canary Deployment Linear Deployment Hooks Alarms PreTraffic Function PostTraffic Function Stack Deploy

37. © 2019, Amazon Web Services, Inc. or its Affiliates. Hooks

    Hooks Serverless Architectures – Safe Deployments PreTraffic Function PostTraffic Function

38. © 2019, Amazon Web Services, Inc. or its Affiliates. Hooks

    Computing Fitness with PreTraffic & PostTraffic Functions Update Product Dashboard PreTraffic Function PostTraffic Function Publish Fitness as Metric Analyze Architecture

39. © 2019, Amazon Web Services, Inc. or its Affiliates. Computing

    Fitness with PreTraffic & PostTraffic Functions Hooks List Stack Resources Check Non-Functional Requirements Config Rules Source Code Metrics Performance Metrics PreTraffic Function PostTraffic Function

40. © 2019, Amazon Web Services, Inc. or its Affiliates. Checking

    All Resources in a CloudFormation Stack Check Non-Functional Requirements ü check encryption at rest for all S3 buckets ü check versioning for all S3 buckets ü check encryption at rest for all DynamoDB tables ü check permissions for all S3 buckets ü check that S3 buckets accept HTTPS requests only ü check auto scaling / on-demand for all DynamoDB tables

41. © 2019, Amazon Web Services, Inc. or its Affiliates. Using

    AWS Config to Evaluate Rules Config Rules ü s3-bucket-logging-enabled ü s3-bucket-replication-enabled ü s3-bucket-versioning-enabled ü s3-bucket-public-write-prohibited ü s3-bucket-public-read-prohibited ü s3-bucket-ssl-requests-only ü s3-bucket-server-side-encryption-enabled ü dynamodb-autoscaling-enabled ü dynamodb-throughput-limit-check ü lambda-function-public-access-prohibited ü lambda-function-settings-check

42. © 2019, Amazon Web Services, Inc. or its Affiliates. fitness

    time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5 Product Dashboard Back End Latency Concurrent Users Sales Per Minute Your Top Business Metric Fitness Function Catalog Searches Per Minute

43. © 2019, Amazon Web Services, Inc. or its Affiliates. Safe

    deployments in SAM Resources: GetFunction: Type: AWS::Serverless::Function Properties: AutoPublishAlias: live DeploymentPreference: Type: Canary10Percent5Minutes Alarms: - !Ref ApiErrorsAlarm - !Ref ApiLatencyAlarm Hooks: PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PreTrafficLambdaFunction Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce Compute Fitness

44. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by Kea Mowat on Unsplash Speed & Control

45. © 2019, Amazon Web Services, Inc. or its Affiliates. Demo

46. © 2019, Amazon Web Services, Inc. or its Affiliates. https://github.com/danilop/evolutionary-serverless-architectures-with-safe-deployments

47. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

    2019, Amazon Web Services, Inc. or its Affiliates. Thank you! @danilop danilop