Evolutionary Serverless Architectures with Safe Deployments

© 2019, Amazon Web Services, Inc. or its Affiliates. Danilo
Poccia Principal Evangelist, Serverless @danilop danilop Evolutionary Serverless Architectures with Safe Deployments

© 2019, Amazon Web Services, Inc. or its Affiliates. Photo
by Oskars Sylwan on Unsplash Focus on what you want to build, not the nuts & bolts required by the implementation of the solution

© 2019, Amazon Web Services, Inc. or its Affiliates. Development
Equilibrium Unique Features to Build Comfort Zone of Known Issues

© 2019, Amazon Web Services, Inc. or its Affiliates. PhotoVogue
Case Study “IT is no longer holding back the business. In fact, it’s helping us grow faster” — Marco Viganò, Digital CTO, Condé Nast Italia

by Samuele Errico Piccarini on Unsplash

© 2019, Amazon Web Services, Inc. or its Affiliates. Gain
Speed & Control Project Product

© 2019, Amazon Web Services, Inc. or its Affiliates. Features
Defects Risks Debts Business Customers Security & Compliance Builders Avoid Overutilization Product

© 2019, Amazon Web Services, Inc. or its Affiliates. “An
evolutionary architecture designs for incremental change in an architecture as a first principle.” — Rebecca Parsons, CTO, Neal Ford, Meme Wrangler, ThoughtWorks

© 2019, Amazon Web Services, Inc. or its Affiliates. “Incremental
change should be your first requirement.” — Me

© 2019, Amazon Web Services, Inc. or its Affiliates. Product
Target

© 2019, Amazon Web Services, Inc. or its Affiliates. Product
New Features Refactoring Improve Security Improve Scalability Target ? ? This is an Optimization Problem…

© 2019, Amazon Web Services, Inc. or its Affiliates. Best
Solution (Unknown) This is an Optimization Problem… Possible Solutions

© 2019, Amazon Web Services, Inc. or its Affiliates. Best
Solution (Unknown) How to Explore the Space of All Possible Solutions? Possible Solutions

© 2019, Amazon Web Services, Inc. or its Affiliates. Evolutionary
Algorithms Best Solution (Unknown) Candidate Solutions Possible Solutions

Algorithms Best Solution (Unknown) Candidate Solutions Fitness Function Possible Solutions

Algorithms Best Solution (Unknown) Fitness Function Candidate Solutions Possible Solutions

Algorithms Candidate Solutions Best Solution (Unknown) Fitness Function Generation Selection Possible Solutions

by Eliecer Gallegos on Unsplash

© 2019, Amazon Web Services, Inc. or its Affiliates. +
Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + …

© 2019, Amazon Web Services, Inc. or its Affiliates. +
Source Code Metrics + Tests Coverage + Performance Metrics + Encryption Checks + Credential Rotation Checks + … = My Fitness Function

© 2019, Amazon Web Services, Inc. or its Affiliates. Fitness
Function Best Solution (Unknown) Should I go here? Current Architecture Or there? How good the current architecture is? How much would improve if … Functional Requirement Non-Functional Requirement

Function fitness time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5

by G. Crescoli on Unsplash

© 2019, Amazon Web Services, Inc. or its Affiliates. Objective
Function (Machine Learning) Objective Function Loss Regularization How predictive the model is on the data How complex the model is (to avoid overfitting) Objective is to minimize = +

Function & Complexity Fitness Function Fitness Regularization How good the architecture is How complex the architecture is Change sign to maximize = -

© 2019, Amazon Web Services, Inc. or its Affiliates. Serverless
Architectures Code Template Infrastructure as Code

© 2019, Amazon Web Services, Inc. or its Affiliates. AWS
Serverless Application Model (SAM) AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetFunction: Type: AWS::Serverless::Function Properties: Handler: index.get Runtime: nodejs8.10 CodeUri: src/ Policies: - DynamoDBReadPolicy: TableName: !Ref MyTable Events: GetResource: Type: Api Properties: Path: /resource/{resourceId} Method: get MyTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway • DynamoDB table O pen Source

© 2019, Amazon Web Services, Inc. or its Affiliates. SAM
CLI sam init --name my-function --runtime python cd my-function/ sam build sam package --s3-bucket my-packages-bucket \ --output-template-file packaged.yaml sam deploy --template-file packaged.yaml \ --stack-name my-function-prod sam publish # To the AWS Serverless Application Repository O pen Source

Architectures Code Stack Package Deploy Template Feedback

Architectures Stack Deploy

Architectures – Safe Deployments All At Once Canary Deployment Linear Deployment Hooks Alarms PreTraffic Function PostTraffic Function Stack Deploy

© 2019, Amazon Web Services, Inc. or its Affiliates. Hooks
Hooks Serverless Architectures – Safe Deployments PreTraffic Function PostTraffic Function

© 2019, Amazon Web Services, Inc. or its Affiliates. PreTraffic
& PostTraffic Functions Hooks List Stack Resources Check Non-Functional Requirements Config Rules Source Code Metrics Performance Metrics PreTraffic Function PostTraffic Function

& PostTraffic Functions Check Non-Functional Requirements ü check encryption at rest for all S3 buckets ü check versioning for all S3 buckets ü check encryption at rest for all DynamoDB tables ü check permissions for all S3 buckets ü check that S3 buckets accept HTTPS requests only ü check auto scaling / on-demand for all DynamoDB tables

& PostTraffic Functions Config Rules ü s3-bucket-logging-enabled ü s3-bucket-replication-enabled ü s3-bucket-versioning-enabled ü s3-bucket-public-write-prohibited ü s3-bucket-public-read-prohibited ü s3-bucket-ssl-requests-only ü s3-bucket-server-side-encryption-enabled ü dynamodb-autoscaling-enabled ü dynamodb-throughput-limit-check ü lambda-function-public-access-prohibited ü lambda-function-settings-check

© 2019, Amazon Web Services, Inc. or its Affiliates. Hooks
PreTraffic & PostTraffic Functions Update Product Dashboard PreTraffic Function PostTraffic Function Publish Fitness as Metric Analyze Architecture

© 2019, Amazon Web Services, Inc. or its Affiliates. fitness
time Improved Scalability Encryption In Transit Increased Availability Encryption At Rest First Release v1 v2 v3 v4 v5 Product Dashboard Back End Latency Concurrent Users Sales Per Minute Your Top Business Metric Fitness Function Catalog Searches Per Minute

© 2019, Amazon Web Services, Inc. or its Affiliates. Safe
deployments in SAM Resources: GetFunction: Type: AWS::Serverless::Function Properties: AutoPublishAlias: live DeploymentPreference: Type: Canary10Percent5Minutes Alarms: - !Ref ApiErrorsAlarm - !Ref ApiLatencyAlarm Hooks: PreTraffic: !Ref PreTrafficLambdaFunction PostTraffic: !Ref PreTrafficLambdaFunction Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce

by Kea Mowat on Unsplash Speed & Control

2019, Amazon Web Services, Inc. or its Affiliates. Thank you! @danilop danilop

Evolutionary Serverless Architectures with Safe...

Evolutionary Serverless Architectures with Safe Deployments

More Decks by Danilo Poccia

Other Decks in Programming

Featured

Transcript