© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. C I T Y N A M E

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modern Application Design with Containers Marek Kuczynski Sr Solutions Architect - startups Amazon Web Services marekq

The 12 factor application Use declarative formats for setup automation, to minimize time and cost for new developers joining the project; Have a clean contract with the underlying operating system, offering maximum portability between execution environments; Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration; Minimize divergence between development and production, enabling continuous deployment for maximum agility; And can scale up without significant changes to tooling, architecture, or development practices.

The 12 factor application I. Codebase One codebase tracked in revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Maximize robustness with fast startup and graceful shutdown X. Dev/prod parity Keep development, staging, and production as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes https://12factor.net/

You know what’s great for a 12 factor app?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon ECS and Fargate

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING A SINGLE CONTAINER

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task RUNNING CONTAINERS

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent ECSTask ECSTask ECSTask ECSTask EC2 Instance

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance Scheduling and Orchestration Cluster Manager Placement Engine

“Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. What about Kubernetes?

Elastic Kubernetes Service (EKS) on AWS EKS Key Tenants • Enterprise Class Platform to run production-grade workloads • Native and upstream Kubernetes experience • Seamless integrations with AWS services • Actively contributes to the Kubernetes Community

Containers on AWS: various launch options ECS EKS EC2 Fargate EC2 Fargate (to be released this year) 1. Choose your orchestration tool 2. Choose your launch type

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS container services landscape Management Deployment, scheduling, scaling, & management of containerized applications Hosting Where the containers run Amazon Elastic Container Service Amazon Elastic Container Service for Kubernetes Amazon EC2 AWS Fargate Image registry Container image repository Amazon Elastic Container Registry

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. I. Codebase One codebase tracked in revision control, many deploys

Deployed Version Code Version Control

Staging / QA Production Dev #1 Dev #2

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. II. Dependencies Explicitly declare and isolate dependencies

Dependencies Binaries Code Application Bundle

Dependency Declaration: Node.js npm install yarn install package.json

Dependency Declaration: Python pip install requirements.txt

Dependencies Dependencies Binaries Code

Dependency Declaration & Isolation: Docker docker build Dockerfile

Development Production docker run

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. III. Config Store config in the environment

Development Configuration Production Configuration Development Production

Development Production Same container deployed to both environments. Configuration is part of the environment on the host.

At runtime the container gets config from the environment.

Application code pulls from the environment Environment is customized when docker runs a container

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IV. Backing services Treat backing services as attached resources

Amazon S3 PostgreSQL app1 Host app2 3rd party service Treat local services just like remote third party ones

PostgreSQL app1 app2 Load balancer Use CNAMES for maximum flexibility and easy reconfiguration postgres.mycompany.com app2.mycompany.com

Easily create and maintain custom maps of your applications Before Version 2 After Version 2

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. V. Build, release, run Strictly separate build and run stages

Dependencies Binaries Code Build

Release Config Release Build Artifact + = Tagged image stored in ECR

Amazon Elastic Container Service Config

Run Task Definition Release v1 Task Definition Release v2

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VI. Processes Execute the app as one or more stateless processes

Stateful container stores state in local disk or local memory. Workload ends up tied to a specific host that has state data. eu-west-1b Container 1 Disk eu-west-1c -west-1a

Stateful data Use services: • Amazon RDS • Elasticache • S3 • SQS • SES • ……

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VII. Port binding Export services via port binding

Port 32456 Port 32457 Port 32458

Port 32768 Port 33487 Port 32192 Port 32794 Port 32781 Match: /api/users* Match: /api/auth*

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VIII. Concurrency Scale out via the process model

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine

Scaling Instance Container 1 Instance Instance Instance Instance Instance + Container 1 Container 1 Container 1 Container 1 Container 1

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IX. Disposability Maximize robustness with fast startup and graceful shutdown

Responsive Graceful Shutdown Fast Launch

Fast Launch Minimize the startup time of processes: • Scale up faster in response to spikes • Ability to move processes to another host as needed • Replace crashed processes faster

Responsive, Graceful Shutdown Should respond to SIGTERM by shutting down gracefully

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. X. Dev/prod parity Keep development, staging, and production as similar as possible

Staging / QA Production Dev #1 Dev #2

Local Application Remote Staging / QA Production Dev #1 Dev #2

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. XI. Logs Treat logs as event streams

Containerized code writes to stdout Docker connects container’s stdout to a log driver

CLOUDWATCH LOGS CONFIGURATION • Use the awslogs driver to send stdout from your application to Cloudwatch logs • Create a log group in Cloudwatch • Configure the log driver in your task definition • Remember to add permissions via the Task Execution Role { "family": "scorekeep", ... "containerDefinitions": [ { "name":“scorekeep-frontend", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/frontend“}} }, { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]} Task Definition

CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or Cloudwatch Console

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. XII. Admin processes Run admin/management tasks as one-off processes

Admin / management processes are inevitable: • Migrate database • Repair some broken data • Once a week move database records older than X to cold storage • Every day email a report to this person

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tools for containers

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo

Building Blocks for Containerized 12 Factor apps AWS Elastic Beanstalk Amazon SQS Compute AWS X-Ray Developer Tools AWS CodeBuild AWS CodePipeline AWS Cloud9 AWS Fargate Amazon ECS Application Integration Amazon SNS Amazon MQ Logging & Monitoring Amazon CloudWatch AWS CloudTrail Amazon DynamoDB Amazon S3 Storage & Database Amazon ElastiCache Amazon RDS Amazon ECR Amazon EKS Amazon API Gateway Networking & API Proxy Elastic Load Balancing Amazon Route 53 AWS Step Functions

Public container roadmap for ECS/ECR/EKS https://github.com/aws/containers-roadmap/projects/1

Well architected framework https://aws.amazon.com/architecture/well-architected/

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Marek Kuczynski marekq