© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reliability, consistency, and confidence through immutability Adrian Hornsby Principal Developer Advocate Amazon Web Services A R C 3 0 3

Immutable: not capable of or susceptible to change

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional infrastructures

Uptime

Instance User ssh

4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Upgrade process SSH repo update library upgrade stop application test & debug reboot test start application Instance 01234 Instance 01234 downtime Same instance/container ID User place server update

VPC AWS Cloud Availability Zone 1 Auto Scaling group Availability Zone 2 Auto Scaling group NAT gateway NAT gateway Instance Instance Instance Instance Amazon EC2 Auto Scaling ssh > _ love syndrome 7 User Leads to configuration drifts, and more

Beta Staging Production Code Build Package Configu- ration Test Deploy Mutable deployments pipelines Build Package Configu- ration Test Deploy Build Package Configu- ration Test Deploy

#!/bin/bash yum update -y amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 yum install -y httpd mariadb-server systemctl start httpd systemctl enable httpd usermod -a -G apache ec2-user chown -R ec2-user:apache /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; echo "" > /var/www/html/phpinfo.php Running commands on Linux instance at launch with user data and shell scripts

>>> pip install -r requirements.txt >>> npm install >>> docker build

https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Immutable infrastructure

4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 Upgrade process Update routing Instance 123 Offline provisioning Update routing zero downtime 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Instance abc User Golden AMI Tests Deploy offline

Beta Staging Production Code Immutable deployments Build Package Configu- ration Test Deploy > Git push

http://chadfowler.com/2013/06/23/immutable-deployments.html

Benefits of immutable deployment 1. Reduction in configuration drifts 2. Simplified deployments 3. Reliable atomic deployments 4. Safer deployments with fast rollback and recovery processes 5. Consistent testing and debugging environments 6. Increased scalability 7. Simplified toolchain 8. Increased security

Security considerations Mutability is one of the most critical attack vectors for cyber crimes. DETECT. NUKE. REPLACE.

Routing mechanism Users Old application version New application version Canary deployment

Routing mechanism Users Old application version New application version Canary deployment • Internal teams vs. customers • Paying customers vs. non-paying customers • Geographic-based routing • Feature flags (FeatureToggle) • Random

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Canary deployments on AWS

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Route 53 with weighted routing policy 2. Rolling Deployments for Auto Scaling Groups 3. Load balancer with weighted target groups 4. API Gateway release deployments 5. AWS Lambda alias traffic shifting [DEMO] Canary deployment on AWS

1. Route 53 with weighted routing policy Users Amazon Route 53 Old application version New application version Elastic Load Balancing Compute Database Elastic Load Balancing Compute Database

1. Route 53 with weighted routing policy Old application version New application version Users Amazon Route 53 Elastic Load Balancing Compute Database 90 10 Elastic Load Balancing Compute Database DNS Propagation!

2. Rolling deployments for auto scaling groups https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f ASG with old version Users Amazon Route 53 Database Elastic Load Balancing ASG with new version App V2 App V1 App V1 App V1 Auto Scaling Groups https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/

3. Application load balancer and weighted target groups Target group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10% https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/

3. Application load balancer and weighted target groups https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/ Target group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10%

4. API Gateway release deployments Users Amazon Route 53 Stage with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

4. API Gateway release deployments Users Amazon Route 53 Stage with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

5. AWS Lambda alias traffic shifting Users Amazon Route 53 Old version AWS Lambda Database New version Amazon API Gateway

5. AWS Lambda alias traffic shifting Users Amazon Route 53 Old version AWS Lambda Database New version Amazon API Gateway

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. https://github.com/adhorn/aws-lambda- sam-application

No content

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Well-Architected Framework The official best practices for Architecting in the AWS Cloud https://aws.amazon.com/architecture/well-architected Architecture resources AWS Architecture Center Official AWS repository for all Architecture resources https://aws.amazon.com/architecture AWS Solutions Library Vetted reference implementations and Well-Architected patterns https://aws.amazon.com/solutions/ AWS Well-Architected Labs Hands-on labs to help you learn, measure, and build using architectural best practices https://wellarchitectedlabs.com/

Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adrian Hornsby Principal Developer Advocate Amazon Web Services https://medium.com/@adhorn

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.