Evolutionary Serverless Architectures with Safe Deployments

Transcript

1. © 2019, Amazon Web Services, Inc. or its Affiliates.
   Danilo Poccia
   Principal Evangelist, Serverless
   @danilop
   danilop
   Evolutionary Serverless Architectures
   with Safe Deployments
   

   View Slide

2. © 2019, Amazon Web Services, Inc. or its Affiliates.
   © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
   

   View Slide

3. © 2019, Amazon Web Services, Inc. or its Affiliates.
   Photo by Oskars Sylwan on Unsplash
   Focus on what you want to build,
   not the nuts & bolts required
   by the implementation of the solution
   

   View Slide

4. © 2019, Amazon Web Services, Inc. or its Affiliates.
   Development Equilibrium
   Unique Features
   to Build
   Comfort Zone
   of Known Issues
   

   View Slide

5. © 2019, Amazon Web Services, Inc. or its Affiliates.
   PhotoVogue Case Study
   “IT is no longer holding back the business.
   In fact, it’s helping us grow faster”
   — Marco Viganò, Digital CTO, Condé Nast Italia
   

   View Slide

6. © 2019, Amazon Web Services, Inc. or its Affiliates.
   Photo by Samuele Errico Piccarini on Unsplash
   

   View Slide

7. © 2019, Amazon Web Services, Inc. or its Affiliates.
   Gain Speed & Control
   Project Product
   

   View Slide

8. © 2019, Amazon Web Services, Inc. or its Affiliates.
   © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
   v1 v2 v3
   Customer
   needs
   Project
   Product
   

   View Slide

9. © 2019, Amazon Web Services, Inc. or its Affiliates.
   © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
   Project
   Product
   Reach
   milestone
   Customer
   value
   Lifecycle
   costs
   Cost to reach
   milestone
   Backward
   looking
   Forward
   looking
   

   View Slide

10. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Features
    Defects
    Risks
    Debts
    Business
    Customers
    Security &
    Compliance
    Builders
    Avoid
    Overutilization
    Product
    

    View Slide

11. © 2019, Amazon Web Services, Inc. or its Affiliates.
    “An evolutionary architecture designs
    for incremental change in an architecture
    as a first principle.”
    — Rebecca Parsons, CTO,
    Neal Ford, Meme Wrangler,
    ThoughtWorks
    

    View Slide

12. © 2019, Amazon Web Services, Inc. or its Affiliates.
    “Incremental change should be
    your first requirement.”
    — Me
    

    View Slide

13. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Product Target
    

    View Slide

14. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Product
    New Features
    Refactoring
    Improve Security
    Improve Scalability
    Target
    ?
    ?
    This is an Optimization Problem…
    

    View Slide

15. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Best Solution
    (Unknown)
    This is an Optimization Problem…
    Possible Solutions
    

    View Slide

16. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Best Solution
    (Unknown)
    How to Explore the Space of All Possible Solutions?
    Possible Solutions
    

    View Slide

17. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Evolutionary Algorithms
    Best Solution
    (Unknown)
    Candidate
    Solutions
    Possible Solutions
    

    View Slide

18. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Evolutionary Algorithms
    Best Solution
    (Unknown)
    Candidate
    Solutions
    Fitness
    Function
    Possible Solutions
    

    View Slide

19. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Evolutionary Algorithms
    Best Solution
    (Unknown)
    Candidate
    Solutions
    Fitness
    Function
    Possible Solutions
    

    View Slide

20. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Evolutionary Algorithms
    Best Solution
    (Unknown)
    Fitness
    Function
    Candidate
    Solutions
    Possible Solutions
    

    View Slide

21. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Evolutionary Algorithms
    Candidate
    Solutions
    Best Solution
    (Unknown)
    Fitness
    Function
    Generation
    Selection
    Possible Solutions
    

    View Slide

22. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Photo by Eliecer Gallegos on Unsplash
    

    View Slide

23. © 2019, Amazon Web Services, Inc. or its Affiliates.
    + Source Code Metrics
    + Tests Coverage
    + Performance Metrics
    + Encryption Checks
    + Credential Rotation Checks
    + …
    

    View Slide

24. © 2019, Amazon Web Services, Inc. or its Affiliates.
    + Source Code Metrics
    + Tests Coverage
    + Performance Metrics
    + Encryption Checks
    + Credential Rotation Checks
    + …
    = My Fitness Function
    

    View Slide

25. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Fitness Function
    Best Solution
    (Unknown)
    Should I go here?
    Current
    Architecture
    Or there?
    How good the current
    architecture is?
    How much would
    improve if …
    Functional
    Requirement
    Non-Functional
    Requirement
    

    View Slide

26. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Fitness Function
    fitness
    time
    Improved
    Scalability
    Encryption
    In Transit
    Increased
    Availability
    Encryption
    At Rest
    First
    Release
    v1 v2 v3 v4 v5
    

    View Slide

27. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Photo by G. Crescoli on Unsplash
    

    View Slide

28. © 2019, Amazon Web Services, Inc. or its Affiliates.
    …in Machine Learning: the Objective Function
    Objective
    Function
    Loss Regularization
    How predictive
    the model is
    on the data
    How complex
    the model is
    (to avoid overfitting)
    Objective
    is to minimize
    = +
    

    View Slide

29. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Fitness Function & Complexity
    Fitness
    Function
    Fitness Regularization
    How good
    the architecture is
    How complex
    the architecture is
    Change sign
    to maximize
    = -
    

    View Slide

30. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Serverless Architectures
    Code
    Template Infrastructure as Code
    

    View Slide

31. © 2019, Amazon Web Services, Inc. or its Affiliates.
    AWS Serverless Application Model (SAM)
    AWSTemplateFormatVersion: '2010-09-09’
    Transform: AWS::Serverless-2016-10-31
    Resources:
    GetFunction:
    Type: AWS::Serverless::Function
    Properties:
    Handler: index.get
    Runtime: nodejs8.10
    CodeUri: src/
    Policies:
    - DynamoDBReadPolicy:
    TableName: !Ref MyTable
    Events:
    GetResource:
    Type: Api
    Properties:
    Path: /resource/{resourceId}
    Method: get
    MyTable:
    Type: AWS::Serverless::SimpleTable
    Just 20 lines to create:
    • Lambda function
    • IAM role
    • API Gateway
    • DynamoDB table
    O
    pen
    Source
    

    View Slide

32. © 2019, Amazon Web Services, Inc. or its Affiliates.
    SAM CLI
    pip install --user aws-sam-cli
    sam init --name my-app --runtime python
    cd my-app/
    sam local ... # generate-event/invoke/start-api/start-lambda
    sam validate # The SAM template
    sam build # Depending on the runtime
    sam package --s3-bucket my-packages-bucket \
    --output-template-file packaged.yaml
    sam deploy --template-file packaged.yaml \
    --stack-name my-stack-prod
    sam logs -n MyFunction --stack-name my-stack-prod -t # Tail
    sam publish # To the Serverless Application Repository
    O
    pen
    Source
    CodePipeline
    Use
    CloudFormation
    deployment
    actions with any
    SAM application
    Jenkins
    Use SAM CLI
    plugin
    

    View Slide

33. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Serverless Architectures
    Code
    Stack
    Package Deploy
    Template
    Feedback
    

    View Slide

34. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Serverless Architectures
    Stack
    Deploy
    

    View Slide

35. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Serverless Architectures
    Stack
    Deploy
    

    View Slide

36. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Serverless Architectures – Safe Deployments
    All At Once
    Canary Deployment
    Linear Deployment
    Hooks
    Alarms
    PreTraffic Function
    PostTraffic Function
    Stack
    Deploy
    

    View Slide

37. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Hooks
    Hooks
    Serverless Architectures – Safe Deployments
    PreTraffic Function
    PostTraffic Function
    

    View Slide

38. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Hooks
    Computing Fitness with PreTraffic & PostTraffic Functions
    Update Product Dashboard
    PreTraffic Function
    PostTraffic Function
    Publish Fitness as Metric
    Analyze Architecture
    

    View Slide

39. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Computing Fitness with PreTraffic & PostTraffic Functions
    Hooks
    List Stack Resources
    Check Non-Functional Requirements
    Config Rules
    Source Code Metrics
    Performance Metrics
    PreTraffic Function
    PostTraffic Function
    

    View Slide

40. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Checking All Resources in a CloudFormation Stack
    Check Non-Functional Requirements
    ü check encryption at rest for all S3 buckets
    ü check versioning for all S3 buckets
    ü check encryption at rest for all DynamoDB tables
    ü check permissions for all S3 buckets
    ü check that S3 buckets accept HTTPS requests only
    ü check auto scaling / on-demand for all DynamoDB tables
    

    View Slide

41. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Using AWS Config to Evaluate Rules
    Config Rules
    ü s3-bucket-logging-enabled
    ü s3-bucket-replication-enabled
    ü s3-bucket-versioning-enabled
    ü s3-bucket-public-write-prohibited
    ü s3-bucket-public-read-prohibited
    ü s3-bucket-ssl-requests-only
    ü s3-bucket-server-side-encryption-enabled
    ü dynamodb-autoscaling-enabled
    ü dynamodb-throughput-limit-check
    ü lambda-function-public-access-prohibited
    ü lambda-function-settings-check
    

    View Slide

42. © 2019, Amazon Web Services, Inc. or its Affiliates.
    fitness
    time
    Improved
    Scalability
    Encryption
    In Transit
    Increased
    Availability
    Encryption
    At Rest
    First
    Release
    v1 v2 v3 v4 v5
    Product Dashboard
    Back End
    Latency
    Concurrent
    Users
    Sales
    Per Minute
    Your Top
    Business Metric
    Fitness
    Function
    Catalog
    Searches
    Per Minute
    

    View Slide

43. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Safe deployments in SAM
    Resources:
    GetFunction:
    Type: AWS::Serverless::Function
    Properties:
    AutoPublishAlias: live
    DeploymentPreference:
    Type: Canary10Percent5Minutes
    Alarms:
    - !Ref ApiErrorsAlarm
    - !Ref ApiLatencyAlarm
    Hooks:
    PreTraffic: !Ref PreTrafficLambdaFunction
    PostTraffic: !Ref PreTrafficLambdaFunction
    Canary10Percent30Minutes
    Canary10Percent5Minutes
    Canary10Percent10Minutes
    Canary10Percent15Minutes
    Linear10PercentEvery10Minutes
    Linear10PercentEvery1Minute
    Linear10PercentEvery2Minutes
    Linear10PercentEvery3Minutes
    AllAtOnce
    Compute Fitness
    

    View Slide

44. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Photo by Kea Mowat on Unsplash
    Speed & Control
    

    View Slide

45. © 2019, Amazon Web Services, Inc. or its Affiliates.
    Demo
    

    View Slide

46. © 2019, Amazon Web Services, Inc. or its Affiliates.
    https://github.com/danilop/evolutionary-serverless-architectures-with-safe-deployments
    

    View Slide

47. © 2019, Amazon Web Services, Inc. or its Affiliates.
    © 2019, Amazon Web Services, Inc. or its Affiliates.
    Thank you!
    @danilop
    danilop
    

    View Slide