Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Evolutionary Serverless Architectures with Safe...

Evolutionary Serverless Architectures with Safe Deployments

Serverless Days, Helsinki, April 25th, 2019

Evolutionary architectures and safe deployments, with strategies such as canary or linear releases, can reduce the duration of the feedback loop and improve development agility!

Danilo Poccia

April 25, 2019
Tweet

More Decks by Danilo Poccia

Other Decks in Programming

Transcript

  1. © 2019, Amazon Web Services, Inc. or its Affiliates. Danilo

    Poccia Principal Evangelist, Serverless @danilop danilop Evolutionary Serverless Architectures with Safe Deployments
  2. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

    2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  3. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by Oskars Sylwan on Unsplash Focus on what you want to build, not the nuts & bolts required by the implementation of the solution
  4. © 2019, Amazon Web Services, Inc. or its Affiliates. Development

    Equilibrium Unique Features to Build Comfort Zone of Known Issues
  5. © 2019, Amazon Web Services, Inc. or its Affiliates. PhotoVogue

    Case Study “IT is no longer holding back the business. In fact, it’s helping us grow faster” — Marco Viganò, Digital CTO, Condé Nast Italia
  6. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by Samuele Errico Piccarini on Unsplash
  7. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

    2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. v1 v2 v3 Customer needs Project Product
  8. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

    2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Project Product Reach milestone Customer value Lifecycle costs Cost to reach milestone Backward looking Forward looking
  9. © 2019, Amazon Web Services, Inc. or its Affiliates. Features

    Defects Risks Debts Business Customers Security & Compliance Builders Avoid Overutilization Product
  10. © 2019, Amazon Web Services, Inc. or its Affiliates. “An

    evolutionary architecture designs for incremental change in an architecture as a first principle.” — Rebecca Parsons, CTO, Neal Ford, Meme Wrangler, ThoughtWorks
  11. © 2019, Amazon Web Services, Inc. or its Affiliates. “Incremental

    change should be your first requirement.” — Me
  12. © 2019, Amazon Web Services, Inc. or its Affiliates. Product

    New Features Refactoring Improve Security Improve Scalability Target ? ? This is an Optimization Problem…
  13. © 2019, Amazon Web Services, Inc. or its Affiliates. Best

    Solution (Unknown) This is an Optimization Problem… Possible Solutions
  14. © 2019, Amazon Web Services, Inc. or its Affiliates. Best

    Solution (Unknown) How to Explore the Space of All Possible Solutions? Possible Solutions
  15. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Possible Solutions
  16. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Fitness Function Possible Solutions
  17. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Candidate Solutions Fitness Function Possible Solutions
  18. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Best Solution (Unknown) Fitness Function Candidate Solutions Possible Solutions
  19. © 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary

    Algorithms Candidate Solutions Best Solution (Unknown) Fitness Function Generation Selection Possible Solutions
  20. © 2019, Amazon Web Services, Inc. or its Affiliates. +

    Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + …
  21. © 2019, Amazon Web Services, Inc. or its Affiliates. +

    Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + … = My Fitness Function
  22. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function Best Solution (Unknown) Should I go here? Current Architecture Or there? How good the current architecture is? How much would improve if … Functional Requirement Non-Functional Requirement
  23. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function fitness time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5
  24. © 2019, Amazon Web Services, Inc. or its Affiliates. …in

    Machine Learning: the Objective Function Objective Function Loss Regularization How predictive the model is on the data How complex the model is (to avoid overfitting) Objective is to minimize = +
  25. © 2019, Amazon Web Services, Inc. or its Affiliates. Fitness

    Function & Complexity Fitness Function Fitness Regularization How good the architecture is How complex the architecture is Change sign to maximize = -
  26. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Code Template Infrastructure as Code
  27. © 2019, Amazon Web Services, Inc. or its Affiliates. AWS

    Serverless Application Model (SAM) AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetFunction: Type: AWS::Serverless::Function Properties: Handler: index.get Runtime: nodejs8.10 CodeUri: src/ Policies: - DynamoDBReadPolicy: TableName: !Ref MyTable Events: GetResource: Type: Api Properties: Path: /resource/{resourceId} Method: get MyTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway • DynamoDB table O pen Source
  28. © 2019, Amazon Web Services, Inc. or its Affiliates. SAM

    CLI pip install --user aws-sam-cli sam init --name my-app --runtime python cd my-app/ sam local ... # generate-event/invoke/start-api/start-lambda sam validate # The SAM template sam build # Depending on the runtime sam package --s3-bucket my-packages-bucket \ --output-template-file packaged.yaml sam deploy --template-file packaged.yaml \ --stack-name my-stack-prod sam logs -n MyFunction --stack-name my-stack-prod -t # Tail sam publish # To the Serverless Application Repository O pen Source CodePipeline Use CloudFormation deployment actions with any SAM application Jenkins Use SAM CLI plugin
  29. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures Code Stack Package Deploy Template Feedback
  30. © 2019, Amazon Web Services, Inc. or its Affiliates. Serverless

    Architectures – Safe Deployments All At Once Canary Deployment Linear Deployment Hooks Alarms PreTraffic Function PostTraffic Function Stack Deploy
  31. © 2019, Amazon Web Services, Inc. or its Affiliates. Hooks

    Hooks Serverless Architectures – Safe Deployments PreTraffic Function PostTraffic Function
  32. © 2019, Amazon Web Services, Inc. or its Affiliates. Hooks

    Computing Fitness with PreTraffic & PostTraffic Functions Update Product Dashboard PreTraffic Function PostTraffic Function Publish Fitness as Metric Analyze Architecture
  33. © 2019, Amazon Web Services, Inc. or its Affiliates. Computing

    Fitness with PreTraffic & PostTraffic Functions Hooks List Stack Resources Check Non-Functional Requirements Config Rules Source Code Metrics Performance Metrics PreTraffic Function PostTraffic Function
  34. © 2019, Amazon Web Services, Inc. or its Affiliates. Checking

    All Resources in a CloudFormation Stack Check Non-Functional Requirements ü check encryption at rest for all S3 buckets ü check versioning for all S3 buckets ü check encryption at rest for all DynamoDB tables ü check permissions for all S3 buckets ü check that S3 buckets accept HTTPS requests only ü check auto scaling / on-demand for all DynamoDB tables
  35. © 2019, Amazon Web Services, Inc. or its Affiliates. Using

    AWS Config to Evaluate Rules Config Rules ü s3-bucket-logging-enabled ü s3-bucket-replication-enabled ü s3-bucket-versioning-enabled ü s3-bucket-public-write-prohibited ü s3-bucket-public-read-prohibited ü s3-bucket-ssl-requests-only ü s3-bucket-server-side-encryption-enabled ü dynamodb-autoscaling-enabled ü dynamodb-throughput-limit-check ü lambda-function-public-access-prohibited ü lambda-function-settings-check
  36. © 2019, Amazon Web Services, Inc. or its Affiliates. fitness

    time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5 Product Dashboard Back End Latency Concurrent Users Sales Per Minute Your Top Business Metric Fitness Function Catalog Searches Per Minute
  37. © 2019, Amazon Web Services, Inc. or its Affiliates. Safe

    deployments in SAM Resources: GetFunction: Type: AWS::Serverless::Function Properties: AutoPublishAlias: live DeploymentPreference: Type: Canary10Percent5Minutes Alarms: - !Ref ApiErrorsAlarm - !Ref ApiLatencyAlarm Hooks: PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PreTrafficLambdaFunction Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce Compute Fitness
  38. © 2019, Amazon Web Services, Inc. or its Affiliates. Photo

    by Kea Mowat on Unsplash Speed & Control
  39. © 2019, Amazon Web Services, Inc. or its Affiliates. ©

    2019, Amazon Web Services, Inc. or its Affiliates. Thank you! @danilop danilop