Deploying with Apex

Transcript

1. Deploying with Apex David Blooman @dblooman

2. FundApps makes compliance simple for financial institutions

3. SERVERLESS

4. LAMBDA

5. DEPLOY FAST

6. DEPLOY EASILY

7. DEPLOY CONSISTENTLY

8. DEPLOY CONSISTENTLY

9. • Add new code • Update configuration • Package everything

   • Handle versioning

10. Works for an entire team

11. Plays nice with Continuous Integration

12. APEX

13. “Apex lets you build, deploy, and manage AWS Lambda functions

    with ease”

14. • Batteries included but optional • Environment variable population via

    command-line, file, or inline config • Multiple environments via project.ENV.json and function.ENV.json files

15. • Transparently generates a zip for your deploy • Ignore

    deploying files with .apexignore • Function rollback support
16. None

17. . |____functions | |____hello | | |____index.js |____project.json

18. { "name": "demo", "description": "demo for meetup", "memory": 128, "timeout":

    5, "role": "arn:aws:iam::00000000:role/lambda_function", "environment": {} } /project.json

19. { "name": "function1", "description": "demo for meetup", "memory": 256, "timeout":

    5, "role": "arn:aws:iam::00000000:role/lambda_function", "environment": {} } /function.json

20. . |____functions | |____hello | | |____index.js |____project.json

21. $ apex deploy

22. None
23. None

24. • Create zip file • Upload • Add configuration •

    Update ENV vars

25. No CloudFormation

26. At FundApps: Everything created in Terraform

27. resource "aws_lambda_function" "test_lambda" { filename = "lambda_function_payload.zip" function_name = "lambda_function_name"

    role = "${aws_iam_role.iam_for_lambda.arn}" handler = "exports.test" source_code_hash = "${base64sha256(file("function_payload.zip"))}" environment { variables = { foo = "bar" } } }

28. Apex updates the zip file and ENV variables

29. Why Terraform?

30. Infrastructure as an organism

31. Split infrastructure from the deployment

32. Diffs

33. Terraform + Apex

34. DEPLOY CONSISTENTLY

35. Continuous Integration

36. None

37. Security

38. Every Lambda has its own IAM role and policy

39. Only deploy through CI

40. Secrets and configuration

41. Consul

42. Single point of truth • Consul • KMS • Etcd

    • Zookeeper • S3 • Credstash • CI server

43. $ apex deploy -r eu-west-1 \ -s S3_BUCKET=$S3_BUCKET -s S3_REGION=$S3_REGION

    \ function_foo -e $environment -i $2 /deploy.sh

44. Don’t want to check in variables to git

45. ENV Vars are all encrypted in KMS now though, right?

46. Apex doesn’t handle encryption Its still a manual process

47. None
48. None

49. exports.handler = (event, context, callback) => { if (decrypted) {

    processEvent(event, context, callback); } else { const kms = new AWS.KMS({ region: 'eu-west-1' }); kms.decrypt({ CiphertextBlob: new Buffer(encrypted, 'base64') }, (err, data) => { if (err) { console.log('Decrypt error:', err); return callback(err); } decrypted = data.Plaintext.toString('ascii'); processEvent(event, context, callback); }); }

50. Value Axis 0ms 300ms 600ms 900ms 1200ms 1 2 3

    4 5 6 7 8 9 10 11 12 13 14 15 Node w/ KMS Node w/o KMS

51. 0ms 4.5ms 9ms 13.5ms 18ms 2 3 4 5 6

    7 8 9 10 11 12 13 14 15 Node w/ KMS Node w/o KMS

52. 0ms 500ms 1000ms 1500ms 2000ms 1 2 3 4 5

    6 7 8 9 10 Node w/ KMS Node w/o KMS Go w/ KMS Go w/o KMS

53. 0ms 75ms 150ms 225ms 300ms 2 3 4 5 6

    7 8 9 10 Node w/ KMS Node w/o KMS Go w/ KMS Go w/o KMS
54. None

55. We use Go, node.js and Python Apex supports Golang and

    Rust

56. Apex Serverless Gordon Golang, Nodejs, Python, Java, Rust Nodejs, Python,

    Java, C# Golang, Nodejs, Python, Java

57. Apex gives us flexibility

58. Deploying from EC2

59. None

60. Apex is for you if: Total control of your infra

    and lots of flexibility

61. Thank you

62. David Blooman @dblooman We’re hiring Software Engineers & Infrastructure Engineers

    fundapps.workable.com