From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS

Slide 1

Slide 1 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. From self-managed to fully-managed: Migrate your Spring Cloud microservices to AWS Lefteris Karageorgiou Solutions Architect AWS Dennis Kieselhorst Principal Solutions Architect AWS

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Slide 7

Slide 7 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Microservices Architecture 7 Protocols Versioning Caching Throttling Authorization SSL certificates Web Application Firewall (WAF) Load balancing algos Health checks Scalability High Availability CPU/memory allocation Various runtimes OAuth2 JWT tokens Register/discover instances Central repository Rotate keys Trace requests

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Slide 12

Slide 12 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Serverless on AWS T A K E F U L L A D V A N T A G E O F T H E C L O U D T O M O D E R N I Z E A P P L I C A T I O N S A N D A C C E L E R A T E I N N O V A T I O N 12 No infrastructure provisioning, no management Automatic scaling Pay for value Highly available and secure

Slide 13

Slide 13 text

Slide 14

Slide 14 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon API Gateway Amazon API Gateway is a fully managed (serverless) service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Slide 15

Slide 15 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon API Gateway - Features Websites Services Public Endpoints on Amazon EC2 Mobile client API Gateway Cache Lambda Functions Any other AWS service All publicly accessible endpoints Capacity: 0.5GB – 237GB Amazon API Gateway REST/HTTP/WebSocket AWS WAF AWS Certificate Manager (ACM) Whitelist/blacklist IPs Protect against common web exploits (SQL injection, XSS) Provision SSL/TLS certificates for FREE Bring your own certificate 15

Slide 16

Slide 16 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon API Gateway - Stages / Throttling You can have multiple stages (dev, test, prod) for different versions of your API Rate 10.000 requests per second Burst 5.000 concurrent requests per second 16

Slide 17

Slide 17 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Cognito: Fully Managed Application Identity 17 Amazon Cognito Managed user directory Hosted UI Standard tokens Federation AWS credentials Amazon Cognito user pools Amazon Cognito identity pools

Slide 18

Slide 18 text

Slide 19

Slide 19 text

Slide 20

Slide 20 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. C H O O S E T H E O N E T H A T W O R K S T H E B E S T F O R Y O U R A P P L I C A T I O N 20 AWS Serverless Compute options Serverless Functions on AWS Lambda • Function as a service • Short-lived • Ideal for event-driven applications Serverless Containers on Amazon Elastic Container Service (ECS) with Fargate* • Container as a service • Long-running • Ideal for traditional web- based applications *Customers may also choose Amazon Elastic Kubernetes Service (EKS) on Fargate

Slide 21

Slide 21 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Differences in approaches Many customers run both. Container Services Compute-oriented More easily manage infrastructure Infrastructure consumption- based pricing Lambda Event-oriented Abstract away infrastructure Request-based pricing 22

Slide 22

Slide 22 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Serverless Functions on AWS Lambda 23 Event Changes in data state Requests to endpoints Changes in resource state Application code AWS Lambda function Framework

Slide 23

Slide 23 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Difference in request handling 24 Container Services Lambda 1 2 Request Request Running application 3 Request … Initialization 1 Initialization Execution Execution 2 Execution 3 Initialization 4 Execution Env #1 Env #2

Slide 24

Slide 24 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Re-platforming existing apps to AWS Lambda with AWS Serverless Java Container 25 Spring Framework Application code (@SpringBootApplication, @Controller) AWS Serverless Java Container Web app function Invocation event mapped to framework request Function result mapped from framework response Amazon API Gateway Spring Cloud Function Spring Boot

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

Slide 28

Slide 28 text

Slide 29

Slide 29 text

Slide 30

Slide 30 text

Slide 31

Slide 31 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Step Functions: Orchestrate Microservices 32 Drag-and-drop with Workflow Studio Translates to JSON (Amazon States Language) Ideal for Circuit Breaker pattern

Slide 32

Slide 32 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Circuit Breaker with Step Functions 33 Closed: Allows requests, monitors for failures. Open: Does not allow requests to the service. Half-open: Allows some requests to pass through to trial the recovering service.

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Slide 35

Slide 35 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure storage Fine-grained access control Automatic rotation Programmatic retrieval Audit and monitor usage Automatic replication Pay-as-you-go pricing What is AWS Secrets Manager? AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. 36

Slide 36

Slide 36 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. How AWS Secrets Manager works 37 AWS Secrets Manager AWS Lambda AWS Key Management Service Encrypted secrets Applications AWS CloudTrail Amazon CloudWatch Amazon RDS Amazon Redshift Amazon DocumentDB

Slide 37

Slide 37 text

Slide 38

Slide 38 text

Slide 39

Slide 39 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Observability patterns 1 2 3 4 Log Aggregation Performance Metrics Distributed Tracing Health Checks Centralized logging service that aggregates logs from all the microservices at one place. e.g : AWS CloudWatch Metrics services which gathers statistics about individual operations and provides reporting and alerting. e.g. Prometheus Traces the requests which spans multiple services to track if any errors. e.g. AWS X-Ray Each service needs an endpoint to check the health of the application and alerts when the backend logic is not working or connection to other service is down. e.g. Liveliness Probe

Slide 40

Slide 40 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Server Hardware Network/Storage Virtualization Layer Operating System Runtime / Middleware Application + Data Business VM / Container Traditional monitoring layers

Slide 41

Slide 41 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Server Hardware Network/Storage Virtualisation Layer Operating System Runtime / Middleware Application + Data Business VM / Container Serverless has you covered! Traditional monitoring layers

Slide 42

Slide 42 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Observability 43 Third-party Solutions Contributor Insights Application Insights Container Insights Lambda Insights Amazon OpenSearch Service Amazon Managed Service for Prometheus Amazon CloudWatch ServiceLens Amazon Managed Grafana Do it yourself (DIY) Insights & ML AWS Native Services Open Source Managed Services Observability Instrumentation Amazon CloudWatch agent AWS X-Ray agent AWS Distro for OpenTelemetry Internet Monitoring, Cross-Account Observability, CloudWatch Logs Data Protection, Synthetics, Application Performance Monitoring Logs Analysis Alerting Metrics Traces Dashboards Collectors and SDKs Amazon EKS, Amazon ECS, Amazon EC2, AWS Lambda, Amazon Cloud WAN, Amazon VPC, other sources Metrics Insights Fluent Bit

Slide 43

Slide 43 text

Slide 44

Slide 44 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Take aways • Managed Services and especially Serverless allow you to focus on what differentiates your business. • You may choose to partially keep self- managed if you need full control. • Alternative solutions (for e.g. API Gateway) are available from AWS partners (also via AWS Marketplace). • Take one step after another: Follow an iterative approach to minimize risk and avoid “Big Bangs” 45

Slide 45

Slide 45 text

Slide 46

Slide 46 text

© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Lefteris Karageorgiou lefkarag@amazon.com Dennis Kieselhorst dkieselh@amazon.de 47 Please complete the session survey on the Devoxx site