Slide 1

Slide 1 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reliability, consistency, and confidence through immutability Adrian Hornsby Principal Developer Advocate Amazon Web Services A R C 3 0 3

Slide 2

Slide 2 text

Immutable: not capable of or susceptible to change

Slide 3

Slide 3 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional infrastructures

Slide 4

Slide 4 text

Uptime

Slide 5

Slide 5 text

Instance User ssh

Slide 6

Slide 6 text

4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Upgrade process SSH repo update library upgrade stop application test & debug reboot test start application Instance 01234 Instance 01234 downtime Same instance/container ID User place server update

Slide 7

Slide 7 text

VPC AWS Cloud Availability Zone 1 Auto Scaling group Availability Zone 2 Auto Scaling group NAT gateway NAT gateway Instance Instance Instance Instance Amazon EC2 Auto Scaling ssh > _ love syndrome 7 User Leads to configuration drifts, and more

Slide 8

Slide 8 text

Beta Staging Production Code Build Package Configu- ration Test Deploy Mutable deployments pipelines Build Package Configu- ration Test Deploy Build Package Configu- ration Test Deploy

Slide 9

Slide 9 text

#!/bin/bash yum update -y amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2 yum install -y httpd mariadb-server systemctl start httpd systemctl enable httpd usermod -a -G apache ec2-user chown -R ec2-user:apache /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} \; find /var/www -type f -exec chmod 0664 {} \; echo "" > /var/www/html/phpinfo.php Running commands on Linux instance at launch with user data and shell scripts

Slide 10

Slide 10 text

>>> pip install -r requirements.txt >>> npm install >>> docker build

Slide 11

Slide 11 text

https://medium.com/@mproberts/a-discussion-about-the-breaking-of-the-internet https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/

Slide 12

Slide 12 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Immutable infrastructure

Slide 13

Slide 13 text

4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 2.7.18 Application v1.62 Upgrade process Update routing Instance 123 Offline provisioning Update routing zero downtime 4.14.186-146.268.amzn2.x86_64 GNU/Linux Python 3.7.8 Application v2.0 Instance abc User Golden AMI Tests Deploy offline

Slide 14

Slide 14 text

Beta Staging Production Code Immutable deployments Build Package Configu- ration Test Deploy > Git push

Slide 15

Slide 15 text

http://chadfowler.com/2013/06/23/immutable-deployments.html

Slide 16

Slide 16 text

Benefits of immutable deployment 1. Reduction in configuration drifts 2. Simplified deployments 3. Reliable atomic deployments 4. Safer deployments with fast rollback and recovery processes 5. Consistent testing and debugging environments 6. Increased scalability 7. Simplified toolchain 8. Increased security

Slide 17

Slide 17 text

Security considerations Mutability is one of the most critical attack vectors for cyber crimes. DETECT. NUKE. REPLACE.

Slide 18

Slide 18 text

Routing mechanism Users Old application version New application version Canary deployment

Slide 19

Slide 19 text

Routing mechanism Users Old application version New application version Canary deployment • Internal teams vs. customers • Paying customers vs. non-paying customers • Geographic-based routing • Feature flags (FeatureToggle) • Random

Slide 20

Slide 20 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Canary deployments on AWS

Slide 21

Slide 21 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. Route 53 with weighted routing policy 2. Rolling Deployments for Auto Scaling Groups 3. Load balancer with weighted target groups 4. API Gateway release deployments 5. AWS Lambda alias traffic shifting [DEMO] Canary deployment on AWS

Slide 22

Slide 22 text

1. Route 53 with weighted routing policy Users Amazon Route 53 Old application version New application version Elastic Load Balancing Compute Database Elastic Load Balancing Compute Database

Slide 23

Slide 23 text

1. Route 53 with weighted routing policy Old application version New application version Users Amazon Route 53 Elastic Load Balancing Compute Database 90 10 Elastic Load Balancing Compute Database DNS Propagation!

Slide 24

Slide 24 text

2. Rolling deployments for auto scaling groups https://engineering.klarna.com/simple-canary-releases-in-aws-how-and-why-bf051a47fb3f ASG with old version Users Amazon Route 53 Database Elastic Load Balancing ASG with new version App V2 App V1 App V1 App V1 Auto Scaling Groups https://aws.amazon.com/blogs/aws/three-new-features-for-aws-cloudformation/

Slide 25

Slide 25 text

3. Application load balancer and weighted target groups Target group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10% https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/

Slide 26

Slide 26 text

3. Application load balancer and weighted target groups https://aws.amazon.com/blogs/aws/new-application-load-balancer-simplifies-deployment-with-weighted-target-groups/ Target group with old version Users Amazon Route 53 Compute Database Compute Elastic Load Balancing Target group with new version 90% 10%

Slide 27

Slide 27 text

4. API Gateway release deployments Users Amazon Route 53 Stage with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

Slide 28

Slide 28 text

4. API Gateway release deployments Users Amazon Route 53 Stage with old version AWS Lambda Database AWS Lambda Stage with new version Amazon API Gateway 90% 10%

Slide 29

Slide 29 text

5. AWS Lambda alias traffic shifting Users Amazon Route 53 Old version AWS Lambda Database New version Amazon API Gateway

Slide 30

Slide 30 text

5. AWS Lambda alias traffic shifting Users Amazon Route 53 Old version AWS Lambda Database New version Amazon API Gateway

Slide 31

Slide 31 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. https://github.com/adhorn/aws-lambda- sam-application

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Well-Architected Framework The official best practices for Architecting in the AWS Cloud https://aws.amazon.com/architecture/well-architected Architecture resources AWS Architecture Center Official AWS repository for all Architecture resources https://aws.amazon.com/architecture AWS Solutions Library Vetted reference implementations and Well-Architected patterns https://aws.amazon.com/solutions/ AWS Well-Architected Labs Hands-on labs to help you learn, measure, and build using architectural best practices https://wellarchitectedlabs.com/

Slide 34

Slide 34 text

Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adrian Hornsby Principal Developer Advocate Amazon Web Services https://medium.com/@adhorn

Slide 35

Slide 35 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.