Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

CI/CD for Modern Applications

2.184 visualizaciones

Publicado el

How can you accelerate the delivery of new, high-quality services? How can you be able to experiment and get feedback quickly from your customers? To get the most out of the agility afforded by serverless and containers, it is essential to build CI/CD pipelines that help teams iterate on code and quickly release features. In this talk, we demonstrate how developers can build effective CI/CD release workflows to manage their serverless or containerized deployments on AWS. We cover infrastructure-as-code (IaC) application models, such as AWS Serverless Application Model (AWS SAM) and new imperative IaC tools. We also demonstrate how to set up CI/CD release pipelines with AWS CodePipeline and AWS CodeBuild, and we show you how to automate safer deployments with AWS CodeDeploy.

CI/CD for Modern Applications

  1. 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Danilo Poccia, Principal Evangelist, Serverless @danilop CI/CD for Modern Applications
  2. 2. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Development transformation atAmazon: 2001–2002 monolithic application + teams 2001 Lesson learned: decompose for agility 2002 microservices + 2 pizza teams
  3. 3. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Full ownership Full accountability “DevOps” Focused innovation Two-pizza teams
  4. 4. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Monolith development lifecycle monitorreleasetestbuild developers delivery pipelines services
  5. 5. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Microservice development lifecycle ??? developers delivery pipelines services
  6. 6. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Microservice development lifecycle developers services monitorreleasetestbuild delivery pipelines monitorreleasetestbuild monitorreleasetestbuild monitorreleasetestbuild monitorreleasetestbuild monitorreleasetestbuild
  7. 7. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. ListenIterate Experiment Innovation Flywheel Experiments power the engine of rapid innovation
  8. 8. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. What changes doyouneed tomaketoadopt thesebest practices? Serverless No provisioning/management Automatic scaling Pay for value billing Availability and resiliency Microservices Componentization Business capabilities Products not projects Infrastructureautomation DevOps Cultural philosophies Cross-disciplinary teams CI/CD Automation tools DEV OPS Architectural patterns Operational Model Software Delivery
  9. 9. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Approaches to modern application development • Simplifyenvironment management • Reduce the impact of code changes • Automate operations • Accelerate the delivery of new, high-qualityservices • Gain insight across resources and applications • Protect customers and the business
  10. 10. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Approaches to modern application development • Simplifyenvironment managementwith serverless technologies • Reduce the impact of code changes with microservice architectures • Automate operations by modeling applications& infrastructure as code • Accelerate the delivery of new, high-qualityservices withCI/CD • Gain insight across resources and applicationsby enabling observability • Protect customers and the business with end-to-end security & compliance
  11. 11. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Approaches to modern application development • Simplifyenvironment managementwith serverless technologies • Reduce the impact of code changes with microservice architectures • Automate operations by modeling applications& infrastructure as code • Accelerate the delivery of new, high-qualityservices withCI/CD • Gain insight across resources and applicationsby enablingobservability • Protect customers and the business with end-to-end security & compliance
  12. 12. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Approaches to modern application development Serverless containers Long-running Abstracts the OS Fully managed orchestration Fully managed cluster scaling Serverless functions Event-driven Many language runtimes Data source integrations No server management
  13. 13. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Approaches to modern application development • Simplifyenvironment managementwith serverless technologies • Reduce the impact of code changes with microservice architectures • Automate operations by modeling applications& infrastructure as code • Accelerate the delivery of new, high-qualityservices withCI/CD • Gain insight across resources and applicationsby enablingobservability • Protect customers and the business with end-to-end security & compliance
  14. 14. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Release process stages Source Build Test Production
  15. 15. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Release process stages Source Build Test Production
  16. 16. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Release process stages Source Build Test Production
  17. 17. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Release process stages Source Build Test Production • Integration tests with other systems • Load testing • UI tests • Security testing • Check-in source code such as .java files • Peer review new code • Compile code • Unit tests • Style checkers • Create container images and function deployment packages • Deployment to production environments • Monitor code in production to quickly detect errors
  18. 18. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications
  19. 19. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Infrastructure as code
  20. 20. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Infrastructure as code Declarative I tell you what I need I tell you what to do Imperative
  21. 21. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Infrastructure as code goals 1. Make infrastructure changes repeatable and predictable 2. Release infrastructure changes using the same tools as code changes 3. Replicate production environmentin a staging environment to enable continuous testing
  22. 22. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Release infrastructure-as-code “Master” branch Prepare template Create & execute change set Create & execute change set
  23. 23. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Model function environments withAWS Serverless Application Model (SAM) • Open source framework for building serverless applications on AWS • Shorthand syntax to express functions,APIs, databases, and event source mappings • Transforms and expands SAM syntax into AWS CloudFormation syntax on deployment • Supports all AWS CloudFormation resource types https://aws.amazon.com/serverless/sam/
  24. 24. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: GetFunction: Type: AWS::Serverless::Function Properties: Handler: index.get Runtime: nodejs8.10 CodeUri: src/ Policies: - DynamoDBReadPolicy: TableName: !Ref MyTable Events: GetResource: Type: Api Properties: Path: /resource/{resourceId} Method: get MyTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway • DynamoDB table
  25. 25. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. UseSAMCLI to package and deploy SAM templates pip install --user aws-sam-cli sam logs sam validate sam local sam init sam build sam package sam deploy sam publish New
  26. 26. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. SAMCLI sample workflow sam init --name my-function --runtime python cd my-function/ sam build sam package --s3-bucket my-packages-bucket --output-template-file packaged.yaml sam deploy --template-file packaged.yaml --stack-name my-function-prod sam publish # To the AWS Serverless Application Repository
  27. 27. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. TweetSource: Type: AWS::Serverless::Application Properties: Location: ApplicationId: arn:aws:serverlessrepo:... SemanticVersion: 2.0.0 Parameters: TweetProcessorFunctionName: !Ref MyFunction SearchText: '#serverless -filter:nativeretweets' Nested apps to simplify solving recurring problems Standard Component Custom Business Logic Polling schedule (CloudWatch Events rule) trigger TwitterProcessor SearchCheckpoint TwitterSearchPoller Twitter Search API
  28. 28. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Model container environments withAWS Cloud Development Kit (CDK) Developer Preview • Open source framework to define cloud infrastructure in TypeScript, Java, C#, … • Provides library of higher-level resource types (“construct” classes) that have AWS best practices built in by default, packaged as npm modules • Provisions resources with CloudFormation • Supports all CloudFormation resource types AWS CDK https://awslabs.github.io/aws-cdk
  29. 29. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  30. 30. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run(); CDK template
  31. 31. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  32. 32. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CDK template applets: MyHelloWorldService: type: @aws-cdk/aws-ecs:LoadBalancedFargateServiceApplet properties: image: 'amazon/amazon-ecs-sample’ $ cdk --app ./my-applet.yaml deploy
  33. 33. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Model pipelines withAWSCDK • Minimize copy-and-paste by using object-oriented language • Define microservice pipeline “shape” in one class, then re-use it across many pipelines • CDK includes many high-level constructs for modeling a CodePipeline pipeline, including automatically configuring IAM role policies
  34. 34. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CDK pipelines:Construct export class MyMicroservicePipeline extends cdk.Construct { constructor(parent: cdk.Construct, name: string, props: MyMicroservicePipelineProps) { super(parent, name); const pipeline = new codepipeline.Pipeline(this, 'Pipeline', { pipelineName: props.serviceName, }); const githubAccessToken = new cdk.SecretParameter(this, 'GitHubToken', { ssmParameter: 'GitHubToken' }); new codepipeline.GitHubSourceAction(this, 'GitHubSource', { stage: pipeline.addStage('Source'), owner: 'myorg', repo: props.serviceName, oauthToken: githubAccessToken.value }); …
  35. 35. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CDK pipelines: Stack import cdk = require('@aws-cdk/cdk'); import { MyMicroservicePipeline } from './pipeline'; class MyMicroservicePipelinesStack extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); new MyMicroservicePipeline(this, 'Pipeline1', { 'serviceName': 'Microservice1' }); new MyMicroservicePipeline(this, 'Pipeline2', { 'serviceName': 'Microservice2' }); new MyMicroservicePipeline(this, 'Pipeline3', { 'serviceName': 'Microservice3' }); new MyMicroservicePipeline(this, 'Pipeline4', { 'serviceName': 'Microservice4' }); } } const app = new cdk.App(); new MyMicroservicePipelinesStack(app, 'MyMicroservicePipelines'); app.run();
  36. 36. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. UseCDKCLI to synthesize and deployCDK templates npm install -g aws-cdk cdk init app --language typescript cdk synth cdk deploy
  37. 37. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Infrastructure as code
  38. 38. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications
  39. 39. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Continuou s integration
  40. 40. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous integration goals Source Build Test Production
  41. 41. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous integration goals 1. Automaticallykick off a new release when new code is checked in 2. Build and test code in a consistent, repeatable environment 3. Continuallyhave an artifact ready for deployment 4. Continuallyclose feedback loop when build fails
  42. 42. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodePipeline • Continuous delivery service for fast and reliable application updates • Model and visualize your software release process • Builds, tests, and deploys your code every time there is a code change • Integrates with third-party tools and AWS
  43. 43. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodePipeline: Supported sources Pick branch AWSCodeCommit GitHub Pick object or folder AmazonS3 Pick Docker tag Amazon ECR Automaticallykick off release and pull latest source code
  44. 44. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodePipeline: ECR source action Source code: “master” branch ECR repository: “release” tag
  45. 45. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodePipeline: Supported triggers Automaticallykick off release Amazon CloudWatch Events • Scheduled (nightlyrelease) • AWS Health events (Fargate platform retirement) Available inCloudWatch Events console,API, SDK,CLI, andAWS CloudFormation Webhooks • DockerHub • Quay • Artifactory Available inCodePipelineAPI, SDK,CLI, andCloudFormation
  46. 46. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeBuild • Fully managed build service that compiles source code, runs tests, and produces software packages • Scales continuously and processes multiple builds concurrently • No build servers to manage • Pay by the minute, only for the compute resources you use • Monitor builds through CloudWatch Events
  47. 47. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeBuild • Each build runs in a new Docker container for a consistent, immutable environment • Docker and AWS CLI are installed in every official CodeBuild image • Provide custom build environments suited to your needs through the use of Docker images
  48. 48. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeBuild: Lambda buildspec version: 0.2 phases: build: commands: - npm ci - npm test - > aws cloudformation package --template-file template.yaml --output-template packaged.yaml --s3-bucket $BUCKET artifacts: type: zip files: - packaged.yaml
  49. 49. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeBuild: Lambda buildspec using SAMCLI version: 0.2 phases: install: commands: - pip install --upgrade awscli aws-sam-cli build: commands: - sam build - sam package --s3-bucket $BUCKET --output-template-file packaged.yaml artifacts: type: zip files: - packaged.yaml
  50. 50. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeBuild: Docker buildspec version: 0.2 phases: build: commands: - $(aws ecr get-login --no-include-email) - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG . - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REPO:$IMAGE_TAG - docker push $ECR_REPO:$IMAGE_TAG
  51. 51. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous integration goals 1. Automaticallykick off a new release when new code is checked in 2. Build and test code in a consistent, repeatable environment 3. Continuallyhave an artifact ready for deployment 4. Continuallyclose feedback loop when build fails
  52. 52. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Continuou s integration
  53. 53. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications
  54. 54. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Continuous deployment
  55. 55. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous deployment goals Source Build Test Production
  56. 56. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous deployment goals 1. Automaticallydeploy new changes to staging environments for testing 2. Deploy to production safely without impactingcustomers 3. Deliver to customers faster: Increase deploymentfrequency, and reduce change lead time and change failure rate
  57. 57. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. AWSCodeDeploy • Automates code deployments for containers and serverless • Handles the complexity of updating your applications • Avoid downtime during application deployment • Roll back automatically if failure detected • Deploy to Amazon EC2, ECR, Lambda, or on- premises servers
  58. 58. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda deployments • Shifts traffic using Lambda function weighted aliases • Choose canary (“shift 10% of traffic for 10 minutes, then shift rest”) or linear (“shift 10% more traffic every 10 minutes”) • Validation “hooks” enable testing at each stage of the deployment • Fast rollback in seconds if case of hook failure or CloudWatch alarms • Monitor deployment status and history via console,API, Amazon Simple Notification Service (Amazon SNS) notifications, and CloudWatch Events
  59. 59. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda deployments Enable in your serverless application template Resources: GetFunction: Type: AWS::Serverless::Function Properties: DeploymentPreference: Type: Canary10Percent10Minutes Alarms: - !Ref ErrorsAlarm Hooks: PreTraffic: !Ref PreTrafficHook Canary10Percent30Minutes Canary10Percent5Minutes Canary10Percent10Minutes Canary10Percent15Minutes Linear10PercentEvery10Minutes Linear10PercentEvery1Minute Linear10PercentEvery2Minutes Linear10PercentEvery3Minutes AllAtOnce
  60. 60. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda canary deployment API Gateway Lambda function weighted alias “live” v1 Lambda function code 100%
  61. 61. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda canary deployment API Gateway Lambda function weighted alias “live” v1 code100% Run PreTraffic hook against v2 code before it receives traffic v2 code0%
  62. 62. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda canary deployment API Gateway Lambda function weighted alias “live” v1 code90% Wait for 10 minutes, roll back in case of alarm v2 code10%
  63. 63. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy – Lambda canary deployment API Gateway Lambda function weighted alias “live” v1 code0% Run PostTraffic hook and complete deployment v2 code100%
  64. 64. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. API Gateway canary stage API Gateway Production stage v1 code v2 code 99.5% 0.5% Canary stage
  65. 65. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. BUSINESS LOGIC LIB B Before BUSINESS LOGIC LIB A LIB B BUSINESS LOGIC LIB A LIB B BUSINESS LOGIC LIB A LIB B LIB A Use Lambda Layers for shared code that doesn’t change frequently
  66. 66. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. BUSINESS LOGIC BUSINESS LOGIC BUSINESS LOGIC BUSINESS LOGIC LIB A LIB B Use Lambda Layers for shared code that doesn’t change frequently Focus on your business logic and speed up function deployments After
  67. 67. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployments • Provisions “green” tasks, then flips traffic at the load balancer • Validation “hooks” enable testing at each stage of the deployment • Fast rollback to “blue” tasks in seconds if case of hook failure or CloudWatch alarms • Monitor deployment status and history via console, API, Amazon SNS notifications, and CloudWatch Events • Use “CodeDeploy-ECS” deploy action in CodePipeline or “aws ecs deploy” command in Jenkins
  68. 68. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS appspec version: 1.0 Resources: - TargetService: Type: AWS::ECS::Service Properties: - TaskDefinition: "my_task_definition:8" LoadBalancerInfos: - ContainerName: "SampleApp" ContainerPort: 80 Hooks: - BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstallation" - AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation" - AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift" - BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift" - AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"
  69. 69. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic
  70. 70. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment Target group 2 100% Prod traffic Test traffic listener (port 9000)
  71. 71. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment Green tasks: v2 code 100% Prod traffic Provision green tasks
  72. 72. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment 100% Test traffic 100% Prod traffic Run hook against test endpoint before green tasks receive prod traffic
  73. 73. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Flip traffic to green tasks, rollback in case of alarm 0% Prod traffic
  74. 74. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Drain blue tasks
  75. 75. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments • Docker tags are resolved when each container starts, not just during deployments • Deploying “latest” or “prod” can result in untested code in production after a scale-out event • Use unique “immutable” tags for deployments
  76. 76. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments
  77. 77. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Build pushes new “latest” image Image: sha256@22222... (“latest”)
  78. 78. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“latest”)
  79. 79. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Deploy using immutable tags { "name": "sample-app", "image": "amazon/amazon-ecs- sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d" } { "name": "sample-app", "image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0" } SHA256 Digest Build ID
  80. 80. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Compute immutable tags during build SHA256 Digest export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG Example Result: amazon/amazon-ecs-sample@sha256:3e39d933b... Build ID export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'` Example Result: build-b2085490-359f-4eaf-8970-6d1e26c354f0
  81. 81. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments
  82. 82. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Build pushes new image tagged with new build ID Image: sha256@22222... (“build-22222”)
  83. 83. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“build-22222”)
  84. 84. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Container image tagging for deployments Image: “build-22222” tag Deployment updates service’s task definition, replacing tasks Image: sha256@22222... (“build-22222”)
  85. 85. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Continuous deployment goals 1. Automaticallydeploy new changes to staging environments for testing 2. Deploy to production safely without impactingcustomers 3. Deliver to customers faster: Increase deploymentfrequency, and reduce change lead time and change failure rate
  86. 86. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications Continuous deployment
  87. 87. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Pillars ofreleasing modern applications
  88. 88. Case study
  89. 89. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CapitalOne–Credit OffersAPIserverless architecture Affiliates www.capitalone.com/ credit-cards/prequalify AWS Cloud Capital One API Gateway VPC Lambda Function Traces Logs Production Support Command Center COAT Credit Offers API Team Lambda Function S3 Bucket TTL Third-Party API
  90. 90. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CapitalOne–Credit OffersAPICI/CD pipeline Continuous Improvement, Continuous Delivery! GitHub LGTM Bot Jenkins AWS SAM S3 Bucket (Versioning) Lambda Function DeploymentType: dev: AllAtOnce qa: AllAtOnce qaw: AllAtOnce prod: Canary10Percent10Minutes prodw: Canary10Percent10Minutes canary5xxGetProductsAlarm: Type: AWS::CloudFormation::Alarm Properties: AlarmActions: - !FindInMap: - params - AdminSNSTopic - !Ref Environment AlarmDescription: 500 error from product listing Lambda. ComparisonOperator: GreatherThanOrEqualTothreshold Period: 300 Statistic: Sum Threshold: 1 EvaluationPeriod: 1
  91. 91. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. CapitalOne–Benefits from taking theAPIserverless Performance gains From the time the request is received by lambda to the time to send the response back 70% Cost savings By removing EC2, ELB and RDS from our solution 90% Increase in team velocity Reduce investment in team’s time on DevOps and dedicate back to feature development! 30%
  92. 92. Demo
  93. 93. © 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved. Takeaways 1. Manage your infrastructure as code 2. Frequently build and integrate your code to get a first feedback 3. Continuously release in production using canary releases with monitoring and automated rollbacks 4. Use canary releases to get both technical and business feedback
  94. 94. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Danilo Poccia, Principal Evangelist, Serverless @danilop Thank you!
  95. 95. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Simplify your frontend apps with serverless backend in the cloud Sébastien Stormacq, Developer Advocate { "name": "Sébastien Stormacq", "role": "Developer Advocate", "company": "Amazon Web Services”, "twitter": "@sebsto”, “github” : "sebsto" }
  96. 96. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. A typicalday in developer life
  97. 97. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. We need an app to let our customers update preference settings – our competitors just launched the same thing, so I need it fast. I don’t want to pay a lot for it, especially when no one is using it. But remember that we’re growing, so make sure it scales great and is easy to manage and operate. And you’re on your own – sorry! A typicalday in developer life
  98. 98. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. We need an app to let our customers update preference settings – our competitors just launched the same thing, so I need it fast. I don’t want to pay a lot for it, especially when no one is using it. But remember that we’re growing, so make sure it scales great and is easy to manage and operate. And you’re on your own – sorry! A typicalday in developer life No problem, I will use a cloud-based & serverless backend.
  99. 99. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved.
  100. 100. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Serverless means
  101. 101. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Serverless means No Server to Provision or Manage Scale with Usage Availability and Fault Tolerance Built-in Pay for value
  102. 102. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Serverless acrossthestack Database AccessCompute Developer Workflow
  103. 103. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Whatobstaclesdevelopersarefacing?
  104. 104. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. 165+services TECHNICAL & BUSINESS SUPPORT Support Professional Services Optimization Guidance Partner Ecosystem Training & Certification Solutions Management Account Management Security & Billing Reports Personalized Dashboard MARKETPLACE Business Apps Business Intelligence DevOps Tools Security Networking StorageDatabases IoT Rules Engine Device Shadows Device SDKs Device Gateway Registry Local Compute MIGRATION Schema Conversion Exabyte-Scale Data Migration Application Migration Database Migration Server Migration HYBRID Integrated Networking Data Integration Integrated Identity & Access Integrated Resource & Deployment Management Integrated Devices & Edge Systems ML / IA Custom Model Training & Hosting Conversational Chatbots Image & Scene Recognition Facial Recognition & Analysis Deep Learning (Apache MXNet, TensorFlow, & others) Text to Speech Facial Search ENTERPRISE Virtual Desktops App Streaming Sharing & Collaboration Corporate Email Communications Contact Center MOBILE API Gateway Single Integrated Console Identity Sync Mobile Analytics Mobile App Testing Targeted Push Notifications DEV/OPS One-click App Deployment DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates Build and Test Analyze and Debug Patching ANALYTICS Data Warehousing Business Intelligence Elasticsearch Hadoop/Spark Data Pipelines Streaming Data Collection ETL Streaming Data Analysis Interactive SQL Queries APP SERVICES Queuing & Notifications Workflow Email Transcoding Search INFRA Regions Availability Zones Points of Presence CORE SERVICES Compute VMs, Auto-scaling, Load Balancing, Containers, Virtual Private Servers, Batch Computing, Cloud Functions, Elastic GPUs, Edge Computing Storage Object, Blocks, File, Archivals, Import/Export, Exabyte-scale data transfer CDN Databases Relational, NoSQL, Caching, Migration, PostgreSQL compatible Networking VPC, DX, DNS SECURITY & COMPLIANCE Identity Management Key Management & Storage Monitoring & Logs Configuration Compliance Web Application Firewall Assessment & Reporting Resource & Usage Auditing Access Control Account Grouping DDOS Protection MANAGEMENT TOOLS Monitoring Manage Resources Resource Templates Configuration Tracking Server Management Service Catalogue
  105. 105. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Manylinesof boiler platecode
  106. 106. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. IntroducingAWSAmplify
  107. 107. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Amplify– aCLIto ProvisionServices $ amplify add auth $ amplify add storage $ amplify add api $ amplify push Add an Amazon Cognito User Pool Create and secure an Amazon S3 bucket Add an AWSAppSync or API Gateway Deploy via AWS CloudFormation
  108. 108. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Amplify–ASet ofOpen-SourceLibraries
  109. 109. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Let’senricha React webapp
  110. 110. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Initialiseamplify $ amplify init $ amplify push
  111. 111. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. #1 Addauthentication
  112. 112. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Provision theservice $ amplify add auth $ amplify push
  113. 113. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. ModifyourApp import Amplify from 'aws-amplify’; import { withAuthenticator } from 'aws-amplify-react’; // 'aws-amplify-react-native'; import awsmobile from './aws-exports’; Amplify.configure(awsmobile); … export default withAuthenticator(App);
  114. 114. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Demo
  115. 115. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. $amplifyadd auth&& amplifypush AWS Cloud Clients AWS Cognito User Pool Accounts Multi Factor Authentication Signup & Signin
  116. 116. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. #2 AddanAPI
  117. 117. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. https://2018.stateofjs.com/data-layer/overview
  118. 118. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. query GetNote { getNote(id: ”1”) { id value } } mutation CreateNote { createNote(value: “My first note”) { id value } } subscription OnCreateNote { onCreateNote { id value } } GraphQL,a query languageforAPIs type Note { id: ID! value: String! }
  119. 119. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. AppSync, a runtimeto execute the query query GetPost { getPosts(id: ”1”) { id title comments { content } author { name } } } query GetPost { getPosts(id: ”1”) { id title comments { content } author { name } } } Amazon EC2 { "data" : { "posts" : [ { "id" : 1, "title" : "Introduction to GraphQL", "comments" : [ { "content" : "I want GraphQL for my next App!" } ], "author" : { "name" : "Sébastien Stormacq" } } ] } } Amazon DynamoDB AWS Lambda
  120. 120. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Provision theAPI $ amplify add api $ amplify push
  121. 121. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. $amplifyadd api $ amplify add api ? Please select from one of the below mentioned services GraphQL ? Provide API name: amplifynotes ? Choose an authorization type for the API Amazon Cognito User Pool Using service: Cognito, provided by: awscloudformation The current configured provider is Amazon Cognito. ? Do you want to use the default authentication and security configuration? Yes, use the default configuration. Successfully added auth resource ? Do you have an annotated GraphQL schema? No ? Do you want a guided schema creation? true ? What best describes your project: Objects with fine-grained access control (e.g., a project management app with owner-based authorization) ? Do you want to edit the schema now? Yes Please edit the file in your editor: /<path>/amplify/backend/api/amplifynotes/schema.graphql ? Press enter to continue
  122. 122. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. A basicschema type Note { id: ID! note: String! }
  123. 123. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Transformers(akaannotations) type Note @model @auth(rules: [{allow: owner}]){ id: ID! note: String! }
  124. 124. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Demo
  125. 125. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. $amplifyadd api&@model AWS Cloud Clients AWS AppSync Amazon DynamoDB Table Schemas Resolvers Data Sources type Query { getNote(...): Note listNotes(...): Note } type Mutation { createNote(...): Note updateNote(...): Note deleteNote(...): Note } type Subscription { onCreateNote (...): Note onUpdateNote (...): Note onDeleteNotet(...): Note } type Note { id: ID! value: String } queries mutations getNote listNotes updateNote deleteNote createNote Note Table Datasource IAM Role ARN Note Role ARN
  126. 126. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. #3 addsearchcapabilities
  127. 127. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. UpdateGraphQLTransformer type Note @model @auth(rules: [{allow: owner}]) @searchable { id: ID! note: String! }
  128. 128. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Provision theservice $ amplify push
  129. 129. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Demo
  130. 130. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. @searchable AWS Cloud Clients AWS AppSync Amazon DynamoDB Table Schemas Resolvers Data Sources queries mutations getNote listNotes updateNote deleteNote createNote Note Table Datasource IAM Role ARN Note Role ARN type Query { getNote(...): Note listNotes(...): Note } type Mutation { createNote(...): Note updateNote(...): Note deleteNote(...): Note } type Subscription { onCreateNote (...): Note onUpdateNote (...): Note onDeleteNotet(...): Note } type Note { id: ID! value: String }
  131. 131. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. @searchable AWS Cloud Clients AWS AppSync Document Index Amazon ElasticSearch Schemas Resolvers Data Sources type Query { getNote(...): Note listNotes(...): Note searchNotes(...): [Note] } type Mutation { createNote(...): Note updateNote(...): Note deleteNote(...): Note } type Subscription { onCreateNote (...): Note onUpdateNote (...): Note onDeleteNotet(...): Note } type Note { id: ID! value: String } queries mutations getNote listNotes updateNote deleteNote createNote ElasticSearch Datasource IAM Role ARN ES Domain ARN Streaming Lambda Note Table Datasource IAM Role ARN Note Role ARN searchNotes Amazon DynamoDB Table
  132. 132. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. #4 deploytheapp
  133. 133. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Provision theservice $ amplify add hosting $ amplify publish
  134. 134. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. amplifyaddhosting $ amplify add hosting ? Select the environment setup: DEV (S3 only with HTTP) ? hosting bucket name my_hosting_bucket ? index doc for the website index.html ? error doc for the website index.html
  135. 135. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Demo
  136. 136. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. amplifypublish (dev) AWS Cloud Clients Amazon Cloudfront Amazon S3 Bucket serving static web content Edge Locations
  137. 137. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. amplifypublish (prod) AWS Cloud Clients Amazon Cloudfront Amazon S3 Bucket serving static web content Edge Locations
  138. 138. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. AdvancedTopics
  139. 139. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Amplifyblack belt tips ฀ $ amplify checkout ENV $ amplify add ENV
  140. 140. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Amplifyblack belt tips ฀
  141. 141. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Amplifyblack belt tips ฀
  142. 142. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. Whatdid wejustdo ? We created a front end web app backed by cloud services • User Sign-in, Sign-up (Amazon Cognito) • CRUD GraphQL API (AWS AppSync + Amazon DynamoDB) • Search API (Amazon ElasticSearch) • Hosting (Amazon S3, Amazon CloudFront) https://github.com/sebsto/amplify-react-workshop
  143. 143. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. TakeAway
  144. 144. © 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you Sébastien Stormacq, Developer Advocate { "name": "Sébastien Stormacq", "role": "Developer Advocate", "company": "Amazon Web Services”, "twitter": "@sebsto”, “github” : "sebsto" }
  145. 145. © 2018, Amazon Web Serv ices, Inc. or its Af f iliates. All rights reserv ed. AWS Builders’ Day London MAD4 - Breaking the Monolith: road to containerizing/serverless your app Paul Armstrong - Principal Solutions Architect
  146. 146. Breaking Down the Monolith
  147. 147. The monolith “…asingle-tiered software application inwhichtheuser interface and data access code arecombined into asingle program from a single platform. Amonolithic application isself-contained, and independent from other computing applications.” -Wikipedia
  148. 148. Monolith = ”traditional applications” • Pros: • At first… • Simple • No over-engineering • In-process latencies • Single code base • Resource efficient at small scale • Cons: • Modularity is hard to enforce as app grows • Can only scale up! • All or nothing deployment • Long release cycles • Slow to react to customer demand
  149. 149. Monolith development lifecycle Build Test Release Developers Monolith Delivery Process
  150. 150. How or why should I migrate my monolith?
  151. 151. Common migration strategies There is no one size fits all approach to migrating your applications
  152. 152. Methodical migration process Evaluat e Plan Design Migrate Optimize • Discovery • Migration patterns • Well Architected • Tool selection • Test planning • Cutover • Migration workloads • Migration tools • Validation & cutover • Operation • Optimizati on • Migration Readiness Assessment • On-boarding • Planning and SOW • Portfolio discovery • Requirements collection • Landing Zone • People - skills and organization • Business case, TCO Visualize the cloud adoption effort from planning to operating on AWS
  153. 153. Portfolio discovery Goals: • Determine resource allocation in the AWS environment • Develop a prioritized backlog of applications to feed migration • Assess project migration costs and run costs Evaluat e Discove r & Plan Design Migrate Optimize
  154. 154. Questions & challenges on the migration journey • Where to start? • What to break out? • Dependencies? • Works as expected? • Users happy? • Does it scale? • Does it perform? • How to automate? • Works as expected? • Users happy? • How to optimize? Does it perform? • How to automate? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? From On-Premises Monolith Via Containerized Services To Functions & Cloud Service
  155. 155. Containers as part of my migration strategy?
  156. 156. Accelerate Development Easier Adoption Faster Iteration Unified Experience Container Platforms Container Benefits
  157. 157. Where do I start?
  158. 158. Discovery – Portfolio Data Gathering • Storage • Type • Capacity • Utilization • . . . • Server • Physical/virtu al • OS version • CPU, RAM, Disk • type, utilization • . . . • Network • Device type • Firewall rule • Network connection • . . . • Application • Owners, criticality • Characteris tics • Stack • Infrastruct ure • . . .
  159. 159. Analysis … What Should We Look For? • Completeness and usability • If additional discoveryis needed,determine the actions needed to complete discovery. • Apps, Servers, Connections • No. of apps and servers • Application and server dependencies • Performance metrics • Allocate and right-size target resources • Service naming, tagging • Identify patterns • Group servers and applications
  160. 160. Asset Inventories CMBD Tribal Knowledge SLA/OLA App Configuration Data Performance Information Architecture Outcomes Applications Infrastructure Performance Portfolio Discovery & Analysis Outcomes Resource Model Application backlog Cost Model AWS Application Discovery Service Disconnected and Incomplete Data Gathering Data and Organizing “Discovery & Planning”
  161. 161. Getting toknow themonolith architecture ? ? ? ? ? ? ? ? ? ? ? Service Endpoints Service Flow Depending Services
  162. 162. Learnings Through Discovery /review /finish /config /payment Backend Service X DB A Q 1 Endpoints + Throughput Dependencies& Call Patterns Flow & CPU Consumption
  163. 163. Next: Where to break the monolith? /review /finish /config /payment Backend Service X DB A Q 1 ? ? ? ? ? ? ? ? ? ? Entry Points? Entry Points?
  164. 164. Refactoring – break the monolith Tightly coupled! Shall we really distribute/extract? ExampleCorpBackendW ebser... com.Dynatrace.exampleCorp ...
  165. 165. The 12 factor application
  166. 166. The 12 factor application I. Codebase One codebasetrackedin revision control,many deploys II. Dependencies Explicitly declareand isolate dependencies III. Config Store config in the environment IV. Backing services Treatbacking services asattached resources V. Build, release,run Strictly separate build and run stages VI. Processes Executethe app as one or more stateless processes VII. Port binding Exportservices via portbinding VIII. Concurrency Scale out via the processmodel IX. Disposability Maximize robustnesswith fast startup and graceful shutdown X. Dev/prod parity Keep development,staging,and productionas similar as possible XI. Logs Treatlogs as eventstreams XII. Admin processes Run admin/managementtasks as one-offprocesses
  167. 167. Amazon ECS and Fargate
  168. 168. RUNNING A SINGLE CONTAINER
  169. 169. EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task RUNNING CONTAINERS
  170. 170. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration ClusterManager Placement Engine
  171. 171. ECS AMI Docker agent ECS agent ECSTaskECSTask ECSTaskECSTask EC2 Instance
  172. 172. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance Scheduling and Orchestration ClusterManager Placement Engine
  173. 173. “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10
  174. 174. I. CodebaseOne codebase tracked in revision control, many deploys
  175. 175. Deployed VersionCode Version Control
  176. 176. Staging / QA Production Dev #1 Dev #2
  177. 177. II. DependenciesExplicitly declare and isolate dependencies
  178. 178. Dependencies Binaries Code Application Bundle
  179. 179. Dependency Declaration: Node.js npm install yarn install package.json
  180. 180. Dependency Declaration: Python pip install requirements.txt
  181. 181. Dependencies Dependencies Binaries Code
  182. 182. Dependency Declaration & Isolation: Docker docker build Dockerfile
  183. 183. Development Production docker run
  184. 184. III. ConfigStore config in the environment
  185. 185. Development Configuratio n Production Configuration Development Production
  186. 186. Development Production Same container deployed to both environments. Configuration is part of the environment on the host.
  187. 187. At runtime the container gets config from the environment.
  188. 188. Application code pulls from the environment Environment is customized when docker runs a container
  189. 189. IV. Backing servicesTreat backing services as attached resources
  190. 190. Amazon S3 PostgreSQLapp1 Host app2 3rd party service Treat local services just like remote third party ones
  191. 191. PostgreSQ L app1 app2 Load balancer Use CNAMES for maximum flexibility and easy reconfiguration postgres.mycompany.c om app2.mycompany.co m
  192. 192. Easily create and maintain custom maps of your applications Before Version 2 After Version 2
  193. 193. V. Build, release, runStrictly separate build and run stages
  194. 194. Dependencies Binaries Code Build
  195. 195. Release Config ReleaseBuild Artifact + = Tagged image stored in ECR
  196. 196. Amazon Elastic Container Service Confi g
  197. 197. Run Task Definition Release v1 Task Definition Release v2
  198. 198. VI. ProcessesExecute the app as one or more stateless processes
  199. 199. Stateful container stores state in local disk or local memory. Workload ends up tied to a specific host that has state data. eu-west-1b Container 1 Disk eu-west-1ceu-west-1a
  200. 200. Stateful data Use services: • Amazon RDS • Amazon DynamoDB • Amazon ElasticCache • Amazon ElasticSearch • Amazon S3 • ……
  201. 201. VII. Port bindingExport services via port binding
  202. 202. Port 32456 Port 32457 Port 32458
  203. 203. Port 32768 Port 33487 Port 32192 Port 32794 Port 32781 Match: /api/users* Match: /api/auth*
  204. 204. VIII. ConcurrencyScale out via the process model
  205. 205. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINERS AT SCALE W ITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine
  206. 206. Scaling Instance Container 1 Instance Instance Instance Instance Instance + Container 1 Container 1 Container 1 Container 1 Container 1
  207. 207. IX. DisposabilityMaximize robustness with fast startup and graceful shutdown
  208. 208. Responsive Graceful Shutdown Fast Launch
  209. 209. Fast Launch Minimize the startup time of processes: • Scale up faster in response to spikes • Ability to move processes to another host as needed • Replace crashed processes faster
  210. 210. Responsive, Graceful Shutdown Should respond to SIGTERM by shutting down gracefully
  211. 211. X. Dev/prod parityKeep development, staging, and production as similar as possible
  212. 212. Staging / QA Production Dev #1 Dev #2
  213. 213. Local Application Remote Staging / QA Production Dev #1 Dev #2
  214. 214. XI. LogsTreat logs as event streams
  215. 215. Containerized code writes to stdout Docker connects container’s stdout to a log driver
  216. 216. CLOUDWATCH LOGS CONFIGURATION • Use the awslogs driver to send stdout from your application to Cloudwatch logs • Create a log group in Cloudwatch • Configure the log driver in your task definition • Remember to add permissions via the Task Execution Role { "family": " scorekeep", ... "containerDefinitions ": [ { "name":“scorekeep-frontend", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/frontend“}} }, { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]} Task Definition
  217. 217. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or Cloudwatch Console
  218. 218. XII. Admin processesRun admin/management tasks as one-off processes
  219. 219. Admin / management processes are inevitable: • Migrate database • Repair some broken data • Once a week move database records older than X to cold storage • Every day email a report to this person
  220. 220. Tools for containers
  221. 221. Building Blocks for Containerized 12 Factor apps AWS Elastic Beanstalk Amazon SQS Compute AWSX-Ray DeveloperTools AWS CodeBuild AWS CodePipeline AWS Cloud9 AWS Fargate Amazon ECS Application Integration Amazon SNS Amazon MQ Logging & Monitoring Amazon CloudWatch AWS CloudTrail Amazon DynamoDB AmazonS3 Storage & Database Amazon ElastiCache Amazon RDSAmazon ECR Amazon EKS AmazonAPI Gateway Networking & API Proxy Elastic Load Balancing Amazon Route 53 AWSStep Functions
  222. 222. Thank you!

×