Upgrade to Pro — share decks privately, control downloads, hide ads and more …

From self-managed to fully-managed: Migrate you...

From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS

Many organizations that have adopted microservice architectures built with Spring Cloud are now looking for ways to simplify operations, reduce costs, and allow developers to focus more on building applications. As such, these organizations are seeking to migrate Spring Cloud components to managed services on AWS. This presentation will demonstrate practical migration approaches for transitioning from technologies like Spring Cloud API Gateway, security tools, service discovery, circuit breakers, and others to their AWS equivalents such as Amazon API Gateway, Amazon Cognito, AWS Cloud Map, AWS Step Functions, and so on. The business logic can utilize AWS Lambda or AWS Fargate. The presenters will share best practices for migrating infrastructure, logging, monitoring frameworks, and application code to AWS.

Dennis Kieselhorst

April 19, 2024
Tweet

More Decks by Dennis Kieselhorst

Other Decks in Programming

Transcript

  1. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS Lefteris Karageorgiou Solutions Architect AWS Dennis Kieselhorst Principal Solutions Architect AWS
  2. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Everything fails, all the time. Werner Vogels Amazon CTO 2
  3. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Monolith when we start 3
  4. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Monolith after a year 4
  5. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Monolith to Microservices 5
  6. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 6 Microservices Design Principles
  7. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Microservices Architecture 7 Protocols Versioning Caching Throttling Authorization SSL certificates Web Application Firewall (WAF) Load balancing algos Health checks Scalability High Availability CPU/memory allocation Various runtimes OAuth2 JWT tokens Register/discover instances Central repository Rotate keys Trace requests
  8. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Circuit Breaker Pattern 8
  9. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Spring Cloud Framework 9
  10. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 33 JVMs needed just for 3 microservices ! 10
  11. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. 11 How do we focus only on the business logic?
  12. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Serverless on AWS T A K E F U L L A D V A N T A G E O F T H E C L O U D T O M O D E R N I Z E A P P L I C A T I O N S A N D A C C E L E R A T E I N N O V A T I O N 12 No infrastructure provisioning, no management Automatic scaling Pay for value Highly available and secure
  13. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Replacing API Gateway & Security 13
  14. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon API Gateway Amazon API Gateway is a fully managed (serverless) service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.
  15. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon API Gateway - Features Websites Services Public Endpoints on Amazon EC2 Mobile client API Gateway Cache Lambda Functions Any other AWS service All publicly accessible endpoints Capacity: 0.5GB – 237GB Amazon API Gateway REST/HTTP/WebSocket AWS WAF AWS Certificate Manager (ACM) Whitelist/blacklist IPs Protect against common web exploits (SQL injection, XSS) Provision SSL/TLS certificates for FREE Bring your own certificate 15
  16. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon API Gateway - Stages / Throttling You can have multiple stages (dev, test, prod) for different versions of your API Rate 10.000 requests per second Burst 5.000 concurrent requests per second 16
  17. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Cognito: Fully Managed Application Identity 17 Amazon Cognito Managed user directory Hosted UI Standard tokens Federation AWS credentials Amazon Cognito user pools Amazon Cognito identity pools
  18. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. API Gateway + WAF + Cognito 18
  19. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Where to run our Spring Boot applications? 19
  20. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. C H O O S E T H E O N E T H A T W O R K S T H E B E S T F O R Y O U R A P P L I C A T I O N 20 AWS Serverless Compute options Serverless Functions on AWS Lambda • Function as a service • Short-lived • Ideal for event-driven applications Serverless Containers on Amazon Elastic Container Service (ECS) with Fargate* • Container as a service • Long-running • Ideal for traditional web- based applications *Customers may also choose Amazon Elastic Kubernetes Service (EKS) on Fargate
  21. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Differences in approaches Many customers run both. Container Services Compute-oriented More easily manage infrastructure Infrastructure consumption- based pricing Lambda Event-oriented Abstract away infrastructure Request-based pricing 22
  22. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Serverless Functions on AWS Lambda 23 Event Changes in data state Requests to endpoints Changes in resource state Application code AWS Lambda function Framework
  23. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Difference in request handling 24 Container Services Lambda 1 2 Request Request Running application 3 Request … Initialization 1 Initialization Execution Execution 2 Execution 3 Initialization 4 Execution Env #1 Env #2
  24. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Re-platforming existing apps to AWS Lambda with AWS Serverless Java Container 25 Spring Framework Application code (@SpringBootApplication, @Controller) AWS Serverless Java Container Web app function Invocation event mapped to framework request Function result mapped from framework response Amazon API Gateway Spring Cloud Function Spring Boot
  25. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Result: Spring Boot running on Lambda 26
  26. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. A separate load balancer is no longer needed… 27
  27. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. What about service discovery? 28
  28. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Cloud Map for Service Discovery 29
  29. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. In our case AWS Cloud Map is not needed 30
  30. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Circuit Breaker? 31
  31. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Step Functions: Orchestrate Microservices 32 Drag-and-drop with Workflow Studio Translates to JSON (Amazon States Language) Ideal for Circuit Breaker pattern
  32. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Circuit Breaker with Step Functions 33 Closed: Allows requests, monitors for failures. Open: Does not allow requests to the service. Half-open: Allows some requests to pass through to trial the recovering service.
  33. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Circuit Breaker with Step Functions 34
  34. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Externalized configurations? 35
  35. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Secure storage Fine-grained access control Automatic rotation Programmatic retrieval Audit and monitor usage Automatic replication Pay-as-you-go pricing What is AWS Secrets Manager? AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. 36
  36. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. How AWS Secrets Manager works 37 AWS Secrets Manager AWS Lambda AWS Key Management Service Encrypted secrets Applications AWS CloudTrail Amazon CloudWatch Amazon RDS Amazon Redshift Amazon DocumentDB
  37. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Secrets moved to AWS Secrets Manager 38
  38. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Last but not least: Observability 39
  39. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Observability patterns 1 2 3 4 Log Aggregation Performance Metrics Distributed Tracing Health Checks Centralized logging service that aggregates logs from all the microservices at one place. e.g : AWS CloudWatch Metrics services which gathers statistics about individual operations and provides reporting and alerting. e.g. Prometheus Traces the requests which spans multiple services to track if any errors. e.g. AWS X-Ray Each service needs an endpoint to check the health of the application and alerts when the backend logic is not working or connection to other service is down. e.g. Liveliness Probe
  40. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Server Hardware Network/Storage Virtualization Layer Operating System Runtime / Middleware Application + Data Business VM / Container Traditional monitoring layers
  41. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Server Hardware Network/Storage Virtualisation Layer Operating System Runtime / Middleware Application + Data Business VM / Container Serverless has you covered! Traditional monitoring layers
  42. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Observability 43 Third-party Solutions Contributor Insights Application Insights Container Insights Lambda Insights Amazon OpenSearch Service Amazon Managed Service for Prometheus Amazon CloudWatch ServiceLens Amazon Managed Grafana Do it yourself (DIY) Insights & ML AWS Native Services Open Source Managed Services Observability Instrumentation Amazon CloudWatch agent AWS X-Ray agent AWS Distro for OpenTelemetry Internet Monitoring, Cross-Account Observability, CloudWatch Logs Data Protection, Synthetics, Application Performance Monitoring Logs Analysis Alerting Metrics Traces Dashboards Collectors and SDKs Amazon EKS, Amazon ECS, Amazon EC2, AWS Lambda, Amazon Cloud WAN, Amazon VPC, other sources Metrics Insights Fluent Bit
  43. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Take aways • Managed Services and especially Serverless allow you to focus on what differentiates your business. • You may choose to partially keep self- managed if you need full control. • Alternative solutions (for e.g. API Gateway) are available from AWS partners (also via AWS Marketplace). • Take one step after another: Follow an iterative approach to minimize risk and avoid “Big Bangs” 45
  44. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ServerlessLand.com
  45. © 2024, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Thank you! Lefteris Karageorgiou [email protected] Dennis Kieselhorst [email protected] 47 Please complete the session survey on the Devoxx site