Tweet
Tweet

Slide 1

Slide 1 text

Deploying with Apex David Blooman @dblooman

Slide 2

Slide 2 text

FundApps makes compliance simple for financial institutions

Slide 3

Slide 3 text

SERVERLESS

Slide 4

Slide 4 text

LAMBDA

Slide 5

Slide 5 text

DEPLOY FAST

Slide 6

Slide 6 text

DEPLOY EASILY

Slide 7

Slide 7 text

DEPLOY CONSISTENTLY

Slide 8

Slide 8 text

DEPLOY CONSISTENTLY

Slide 9

Slide 9 text

• Add new code • Update configuration • Package everything • Handle versioning

Slide 10

Slide 10 text

Works for an entire team

Slide 11

Slide 11 text

Plays nice with Continuous Integration

Slide 12

Slide 12 text

APEX

Slide 13

Slide 13 text

“Apex lets you build, deploy, and manage AWS Lambda functions with ease”

Slide 14

Slide 14 text

• Batteries included but optional • Environment variable population via command-line, file, or inline config • Multiple environments via project.ENV.json and function.ENV.json files

Slide 15

Slide 15 text

• Transparently generates a zip for your deploy • Ignore deploying files with .apexignore • Function rollback support

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

. |____functions | |____hello | | |____index.js |____project.json

Slide 18

Slide 18 text

{ "name": "demo", "description": "demo for meetup", "memory": 128, "timeout": 5, "role": "arn:aws:iam::00000000:role/lambda_function", "environment": {} } /project.json

Slide 19

Slide 19 text

{ "name": "function1", "description": "demo for meetup", "memory": 256, "timeout": 5, "role": "arn:aws:iam::00000000:role/lambda_function", "environment": {} } /function.json

Slide 20

Slide 20 text

. |____functions | |____hello | | |____index.js |____project.json

Slide 21

Slide 21 text

$ apex deploy

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

• Create zip file • Upload • Add configuration • Update ENV vars

Slide 25

Slide 25 text

No CloudFormation

Slide 26

Slide 26 text

At FundApps: Everything created in Terraform

Slide 27

Slide 27 text

resource "aws_lambda_function" "test_lambda" { filename = "lambda_function_payload.zip" function_name = "lambda_function_name" role = "${aws_iam_role.iam_for_lambda.arn}" handler = "exports.test" source_code_hash = "${base64sha256(file("function_payload.zip"))}" environment { variables = { foo = "bar" } } }

Slide 28

Slide 28 text

Apex updates the zip file and ENV variables

Slide 29

Slide 29 text

Why Terraform?

Slide 30

Slide 30 text

Infrastructure as an organism

Slide 31

Slide 31 text

Split infrastructure from the deployment

Slide 32

Slide 32 text

Diffs

Slide 33

Slide 33 text

Terraform + Apex

Slide 34

Slide 34 text

DEPLOY CONSISTENTLY

Slide 35

Slide 35 text

Continuous Integration

Slide 36

Slide 36 text

No content

Slide 37

Slide 37 text

Security

Slide 38

Slide 38 text

Every Lambda has its own IAM role and policy

Slide 39

Slide 39 text

Only deploy through CI

Slide 40

Slide 40 text

Secrets and configuration

Slide 41

Slide 41 text

Consul

Slide 42

Slide 42 text

Single point of truth • Consul • KMS • Etcd • Zookeeper • S3 • Credstash • CI server

Slide 43

Slide 43 text

$ apex deploy -r eu-west-1 \ -s S3_BUCKET=$S3_BUCKET -s S3_REGION=$S3_REGION \ function_foo -e $environment -i $2 /deploy.sh

Slide 44

Slide 44 text

Don’t want to check in variables to git

Slide 45

Slide 45 text

ENV Vars are all encrypted in KMS now though, right?

Slide 46

Slide 46 text

Apex doesn’t handle encryption Its still a manual process

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

No content

Slide 49

Slide 49 text

exports.handler = (event, context, callback) => { if (decrypted) { processEvent(event, context, callback); } else { const kms = new AWS.KMS({ region: 'eu-west-1' }); kms.decrypt({ CiphertextBlob: new Buffer(encrypted, 'base64') }, (err, data) => { if (err) { console.log('Decrypt error:', err); return callback(err); } decrypted = data.Plaintext.toString('ascii'); processEvent(event, context, callback); }); }

Slide 50

Slide 50 text

Value Axis 0ms 300ms 600ms 900ms 1200ms 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Node w/ KMS Node w/o KMS

Slide 51

Slide 51 text

0ms 4.5ms 9ms 13.5ms 18ms 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Node w/ KMS Node w/o KMS

Slide 52

Slide 52 text

0ms 500ms 1000ms 1500ms 2000ms 1 2 3 4 5 6 7 8 9 10 Node w/ KMS Node w/o KMS Go w/ KMS Go w/o KMS

Slide 53

Slide 53 text

0ms 75ms 150ms 225ms 300ms 2 3 4 5 6 7 8 9 10 Node w/ KMS Node w/o KMS Go w/ KMS Go w/o KMS

Slide 54

Slide 54 text

No content

Slide 55

Slide 55 text

We use Go, node.js and Python Apex supports Golang and Rust

Slide 56

Slide 56 text

Apex Serverless Gordon Golang, Nodejs, Python, Java, Rust Nodejs, Python, Java, C# Golang, Nodejs, Python, Java

Slide 57

Slide 57 text

Apex gives us flexibility

Slide 58

Slide 58 text

Deploying from EC2

Slide 59

Slide 59 text

No content

Slide 60

Slide 60 text

Apex is for you if: Total control of your infra and lots of flexibility

Slide 61

Slide 61 text

Thank you

Slide 62

Slide 62 text

David Blooman @dblooman We’re hiring Software Engineers & Infrastructure Engineers fundapps.workable.com