How to win the AWS Lambda deployment war

Transcript

1. H O W T O W I N T H

   E A W S L A M B D A D E P L O Y M E N T WA R GlueCon, May 2016 César López-Natarén
 MindTouch Inc

2. L E T ’ S D E P L O

   Y T O P R O D U C T I O N ! S T R E S S T E S T I N G I S O V E R ,

3. AW S K I N E S I S AW

   S L A M B D A

4. D E P L O Y M E N T

   P R O C E S S

5. A W S L A M B D A D

   E P L O Y M E N T O U T O F T H E B O X

6. H O W D O W E F I X

   T H I S ?

7. C O R E R E Q U I R

   E M E N T S D E P L O Y M E N T P R O C E S S Automated Version Controlled Multi Environment

8. D E P L O Y M E N T

   P R O C E S S A C T U A L

9. Reduce a problem to its most fundamental definition and solve

   that. F I R S T P R I N C I P L E
10. None

11. T O P O L O G Y E X

    A M P L E

12. C O D E & C O N F I

    G U R AT I O N 1 app: 2 delimeter: "\t" 3 4 resources: 5 source: 6 type: s3 7 name: events-archive 8 event-source: 9 event-type: s3:ObjectCreated:Put 10 11 sqsQueue: 12 type: sqs 13 name: nexus-events2csv 14 allow: 15 - sqs:GetQueueUrl 16 - sqs:SendMessage 17 - sqs:SendMessageBatch 1 sqs = boto3.resource('sqs') 2 3 with open('./config.json', 'r') as file: 4 config = json.loads(file.read()) 5 queue_name = config['sqsQueue'] 6 sqs_queue = sqs.get_queue_by_name(QueueName=queue_name) 7 8 sqs_resp = sqs_queue.send_message(MessageBody=body, MessageAttributes={ 9 'QueueName': { 'StringValue': queue_name, 'datatype': 'String' }, 10 'QueueRegion': { 'StringValue': region, 'DataType': 'String' } 11 })

13. D E P L O Y M E N T

    & C O N F I G U R AT I O N G E N E R AT I O N 1 { 2 "delimiter": “\t", 3 "sqsQueue": "production-nexus-events2csv" 4 } 1 lambda deploy -r us-west-2 archive_notifier src_path config_path production

14. I N N E R W O R K I

    N G S M I N D T O U C H L A M B D A - O P S

15. T O P O L O G Y E X

    A M P L E

16. T O P O L O G Y F U

    L LY D E P L O Y E D

17. I N N E R W O R K I

    N G S • Function creation • Event source mapping • Permissions • Deployment resource resolution • Function configuration via JSON • Enables logging

18. G O O D B Y E C F T

    E M P L AT E 1 { 2 "Resources": { 3 "MindtouchDsproductionEventsArchiveS3LambdaInvokePermission": { 4 "Properties": { 5 "Action": "lambda:InvokeFunction", 6 "FunctionName": { 7 "Ref": "s32SQS" 8 }, 9 "Principal": "s3.amazonaws.com", 10 "SourceArn": { 11 "Fn::Join": [ 12 ":", 13 [ 14 "arn:aws:s3", 15 ":", 16 "mindtouch-dsproduction-events-archive" 17 ] 18 ] 19 } 20 }, 21 "Type": "AWS::Lambda::Permission" 22 }, 23 "s32SQS": { 24 "Properties": { 25 "Code": { 26 "S3Bucket": "mindtouch-lambda-ops-cfn-template-devstack", 27 "S3Key": "dsproduction/s32SQS-1463074195.zip" 28 }, 29 "Handler": "s32SQS.lambda_handler", 30 "Role": { 31 "Fn::GetAtt": [ 32 "s32SQSExecutionRole", 33 "Arn" 34 ] 35 }, 36 "Runtime": "python2.7" 37 }, 38 "Type": "AWS::Lambda::Function" 39 }, 40 "s32SQSExecutionRole": { 41 "Properties": { 42 "AssumeRolePolicyDocument": { 43 "Statement": [ 44 { 45 "Action": [ 46 "sts:AssumeRole" 47 ], 48 "Effect": "Allow", 49 "Principal": { 50 "Service": [ 51 "lambda.amazonaws.com" 52 ] 53 } 54 } 55 ] 56 }, 57 "Policies": [ 58 { 59 "PolicyDocument": { 60 "Statement": [ 61 { 62 "Action": [ 63 "s3:ListBucket" 64 ], 65 "Effect": "Allow", 66 "Resource": { 67 "Fn::Join": [ 68 ":", 69 [ 70 "arn:aws:s3", 71 ":", 72 "mindtouch-dsproduction-events-archive/*" 73 ] 74 ] 75 } 76 } 77 ] 78 }, 79 "PolicyName": "MindtouchdsproductioneventsarchiveS3AccessPolicy" 80 }, 81 { 82 "PolicyDocument": { 83 "Statement": [ 84 { 85 "Action": [ 86 "sqs:GetQueueUrl", 87 "sqs:SendMessage", 88 "sqs:SendMessageBatch" 89 ], 90 "Effect": "Allow", 91 "Resource": [ 92 { 93 "Fn::Join": [ 94 ":", 95 [ 96 "arn:aws", 97 "sqs", 98 { 99 "Ref": "AWS::Region" 100 }, 101 { 102 "Ref": "AWS::AccountId" 103 }, 104 "dsproduction-nexus-events2csv" 105 ] 106 ] 107 } 108 ] 109 } 110 ] 111 }, 112 "PolicyName": "DsproductionNexusEvents2CsvSqsAccessPolicy" 113 }, 114 { 115 "PolicyDocument": { 116 "Statement": [ 117 { 118 "Action": [ 119 "logs:CreateLogGroup", 120 "logs:CreateLogStream", 121 "logs:PutLogEvents" 122 ], 123 "Effect": "Allow", 124 "Resource": [ 125 "arn:aws:logs:*:*:*" 126 ] 127 } 128 ] 129 }, 130 "PolicyName": "Logs" 131 } 132 ] 133 }, 134 "Type": "AWS::IAM::Role" 135 } 136 } 137 }

19. D E P L O Y M E N T

    P R O C E S S R E V I S I T E D

20. 3 T H I N G S W E L

    E A R N E D A C K N O W L E D G E 
 C H A L L E N G E S C O R E 
 R E Q U I R E M E N T S D E S I G N P H I L O S O P H Y

21. R E M A R K S C L O

    S I N G Changing industry Lambda-Ops Principles Future