From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS

© 2024, Amazon Web Services, Inc. or its affiliates. All
rights reserved. From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS Lefteris Karageorgiou Solutions Architect AWS Dennis Kieselhorst Principal Solutions Architect AWS

rights reserved. Everything fails, all the time. Werner Vogels Amazon CTO 2

rights reserved. Monolith when we start 3

rights reserved. Monolith after a year 4

rights reserved. Monolith to Microservices 5

rights reserved. 6 Microservices Design Principles

rights reserved. Microservices Architecture 7 Protocols Versioning Caching Throttling Authorization SSL certificates Web Application Firewall (WAF) Load balancing algos Health checks Scalability High Availability CPU/memory allocation Various runtimes OAuth2 JWT tokens Register/discover instances Central repository Rotate keys Trace requests

rights reserved. Circuit Breaker Pattern 8

rights reserved. Spring Cloud Framework 9

rights reserved. 33 JVMs needed just for 3 microservices ! 10

rights reserved. 11 How do we focus only on the business logic?

rights reserved. Serverless on AWS T A K E F U L L A D V A N T A G E O F T H E C L O U D T O M O D E R N I Z E A P P L I C A T I O N S A N D A C C E L E R A T E I N N O V A T I O N 12 No infrastructure provisioning, no management Automatic scaling Pay for value Highly available and secure

rights reserved. Replacing API Gateway & Security 13

rights reserved. Amazon API Gateway Amazon API Gateway is a fully managed (serverless) service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

rights reserved. Amazon API Gateway - Features Websites Services Public Endpoints on Amazon EC2 Mobile client API Gateway Cache Lambda Functions Any other AWS service All publicly accessible endpoints Capacity: 0.5GB – 237GB Amazon API Gateway REST/HTTP/WebSocket AWS WAF AWS Certificate Manager (ACM) Whitelist/blacklist IPs Protect against common web exploits (SQL injection, XSS) Provision SSL/TLS certificates for FREE Bring your own certificate 15

rights reserved. Amazon API Gateway - Stages / Throttling You can have multiple stages (dev, test, prod) for different versions of your API Rate 10.000 requests per second Burst 5.000 concurrent requests per second 16

rights reserved. Amazon Cognito: Fully Managed Application Identity 17 Amazon Cognito Managed user directory Hosted UI Standard tokens Federation AWS credentials Amazon Cognito user pools Amazon Cognito identity pools

rights reserved. API Gateway + WAF + Cognito 18

rights reserved. Where to run our Spring Boot applications? 19

rights reserved. C H O O S E T H E O N E T H A T W O R K S T H E B E S T F O R Y O U R A P P L I C A T I O N 20 AWS Serverless Compute options Serverless Functions on AWS Lambda • Function as a service • Short-lived • Ideal for event-driven applications Serverless Containers on Amazon Elastic Container Service (ECS) with Fargate* • Container as a service • Long-running • Ideal for traditional web- based applications *Customers may also choose Amazon Elastic Kubernetes Service (EKS) on Fargate

rights reserved. Differences in approaches Many customers run both. Container Services Compute-oriented More easily manage infrastructure Infrastructure consumption- based pricing Lambda Event-oriented Abstract away infrastructure Request-based pricing 22

rights reserved. Serverless Functions on AWS Lambda 23 Event Changes in data state Requests to endpoints Changes in resource state Application code AWS Lambda function Framework

rights reserved. Difference in request handling 24 Container Services Lambda 1 2 Request Request Running application 3 Request … Initialization 1 Initialization Execution Execution 2 Execution 3 Initialization 4 Execution Env #1 Env #2

rights reserved. Re-platforming existing apps to AWS Lambda with AWS Serverless Java Container 25 Spring Framework Application code (@SpringBootApplication, @Controller) AWS Serverless Java Container Web app function Invocation event mapped to framework request Function result mapped from framework response Amazon API Gateway Spring Cloud Function Spring Boot

rights reserved. Result: Spring Boot running on Lambda 26

rights reserved. A separate load balancer is no longer needed… 27

rights reserved. What about service discovery? 28

rights reserved. AWS Cloud Map for Service Discovery 29

rights reserved. In our case AWS Cloud Map is not needed 30

rights reserved. Circuit Breaker? 31

rights reserved. AWS Step Functions: Orchestrate Microservices 32 Drag-and-drop with Workflow Studio Translates to JSON (Amazon States Language) Ideal for Circuit Breaker pattern

rights reserved. Circuit Breaker with Step Functions 33 Closed: Allows requests, monitors for failures. Open: Does not allow requests to the service. Half-open: Allows some requests to pass through to trial the recovering service.

rights reserved. Circuit Breaker with Step Functions 34

rights reserved. Externalized configurations? 35

rights reserved. Secure storage Fine-grained access control Automatic rotation Programmatic retrieval Audit and monitor usage Automatic replication Pay-as-you-go pricing What is AWS Secrets Manager? AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. 36

rights reserved. How AWS Secrets Manager works 37 AWS Secrets Manager AWS Lambda AWS Key Management Service Encrypted secrets Applications AWS CloudTrail Amazon CloudWatch Amazon RDS Amazon Redshift Amazon DocumentDB

rights reserved. Secrets moved to AWS Secrets Manager 38

rights reserved. Last but not least: Observability 39

rights reserved. Observability patterns 1 2 3 4 Log Aggregation Performance Metrics Distributed Tracing Health Checks Centralized logging service that aggregates logs from all the microservices at one place. e.g : AWS CloudWatch Metrics services which gathers statistics about individual operations and provides reporting and alerting. e.g. Prometheus Traces the requests which spans multiple services to track if any errors. e.g. AWS X-Ray Each service needs an endpoint to check the health of the application and alerts when the backend logic is not working or connection to other service is down. e.g. Liveliness Probe

rights reserved. Server Hardware Network/Storage Virtualization Layer Operating System Runtime / Middleware Application + Data Business VM / Container Traditional monitoring layers

rights reserved. Server Hardware Network/Storage Virtualisation Layer Operating System Runtime / Middleware Application + Data Business VM / Container Serverless has you covered! Traditional monitoring layers

rights reserved. AWS Observability 43 Third-party Solutions Contributor Insights Application Insights Container Insights Lambda Insights Amazon OpenSearch Service Amazon Managed Service for Prometheus Amazon CloudWatch ServiceLens Amazon Managed Grafana Do it yourself (DIY) Insights & ML AWS Native Services Open Source Managed Services Observability Instrumentation Amazon CloudWatch agent AWS X-Ray agent AWS Distro for OpenTelemetry Internet Monitoring, Cross-Account Observability, CloudWatch Logs Data Protection, Synthetics, Application Performance Monitoring Logs Analysis Alerting Metrics Traces Dashboards Collectors and SDKs Amazon EKS, Amazon ECS, Amazon EC2, AWS Lambda, Amazon Cloud WAN, Amazon VPC, other sources Metrics Insights Fluent Bit

rights reserved. Result 44

rights reserved. Take aways • Managed Services and especially Serverless allow you to focus on what differentiates your business. • You may choose to partially keep self- managed if you need full control. • Alternative solutions (for e.g. API Gateway) are available from AWS partners (also via AWS Marketplace). • Take one step after another: Follow an iterative approach to minimize risk and avoid “Big Bangs” 45

rights reserved. ServerlessLand.com

rights reserved. Thank you! Lefteris Karageorgiou [email protected] Dennis Kieselhorst [email protected] 47 Please complete the session survey on the Devoxx site

From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS

From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS

More Decks by Dennis Kieselhorst

Other Decks in Programming

Featured

Transcript