CI/CD for Modern Applications

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Danilo Poccia, Principal Evangelist, Serverless
@danilop
CI/CD for Modern Applications

© 2019,Amazon Web Services,Inc. or its affiliates.All rights reserved.
Development transformation atAmazon: 2001–2002
monolithic application +
teams
2001
Lesson learned: decompose for agility
2002
microservices
+ 2 pizza teams

Full ownership
Full accountability
“DevOps”
Focused innovation
Two-pizza teams

Monolith development lifecycle
monitorreleasetestbuild
developers
delivery pipelines
services

Microservice development lifecycle
???
developers
delivery pipelines
services

Microservice development lifecycle
developers services
delivery pipelines

ListenIterate
Experiment
Innovation
Flywheel
Experiments power the engine of rapid innovation

What changes doyouneed tomaketoadopt thesebest practices?
Serverless
No provisioning/management
Automatic scaling
Pay for value billing
Availability and resiliency
Microservices
Componentization
Business capabilities
Products not projects
Infrastructureautomation
DevOps
Cultural philosophies
Cross-disciplinary teams
CI/CD
Automation tools
DEV OPS
Architectural
patterns
Operational
Model
Software
Delivery

Approaches to modern application development
• Simplifyenvironment management
• Reduce the impact of code changes
• Automate operations
• Accelerate the delivery of new, high-qualityservices
• Gain insight across resources and applications
• Protect customers and the business

• Simplifyenvironment managementwith serverless technologies
• Reduce the impact of code changes with microservice architectures
• Automate operations by modeling applications& infrastructure as code
• Accelerate the delivery of new, high-qualityservices withCI/CD
• Gain insight across resources and applicationsby enabling observability
• Protect customers and the business with end-to-end security & compliance

• Simplifyenvironment managementwith serverless technologies
• Reduce the impact of code changes with microservice architectures
• Automate operations by modeling applications& infrastructure as code
• Accelerate the delivery of new, high-qualityservices withCI/CD
• Gain insight across resources and applicationsby enablingobservability
• Protect customers and the business with end-to-end security & compliance

Serverless containers
Long-running
Abstracts the OS
Fully managed orchestration
Fully managed cluster scaling
Serverless functions
Event-driven
Many language runtimes
Data source integrations
No server management

Release process stages
Source Build Test Production

Release process stages
• Integration tests
with other systems
• Load testing
• UI tests
• Security testing
• Check-in source
code such as .java
files
• Peer review new
code
• Compile code
• Unit tests
• Style checkers
• Create container
images and
function
deployment
packages
• Deployment to
production
environments
• Monitor code in
production to
quickly detect
errors

Pillars ofreleasing modern applications

Infrastructure
as code

Infrastructure as code
Declarative
I tell you
what I need
I tell you
what to do
Imperative

Infrastructure as code goals
1. Make infrastructure changes repeatable and predictable
2. Release infrastructure changes using the same tools as code changes
3. Replicate production environmentin a staging environment to enable
continuous testing

Release infrastructure-as-code
“Master”
branch
Prepare
template
Create & execute
change set
Create & execute
change set

Model function environments withAWS
Serverless Application Model (SAM)
• Open source framework for building serverless
applications on AWS
• Shorthand syntax to express functions,APIs,
databases, and event source mappings
• Transforms and expands SAM syntax into AWS
CloudFormation syntax on deployment
• Supports all AWS CloudFormation resource types
https://aws.amazon.com/serverless/sam/

SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.get
Runtime: nodejs8.10
CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref MyTable
Events:
GetResource:
Type: Api
Properties:
Path: /resource/{resourceId}
Method: get
MyTable:
Type: AWS::Serverless::SimpleTable
Just 20 lines to create:
• Lambda function
• IAM role
• API Gateway
• DynamoDB table

UseSAMCLI to package and deploy SAM templates
pip install --user aws-sam-cli
sam logs
sam validate
sam local
sam init
sam build
sam package
sam deploy
sam publish
New

SAMCLI sample workflow
sam init --name my-function --runtime python
cd my-function/
sam build
sam package --s3-bucket my-packages-bucket
--output-template-file packaged.yaml
sam deploy --template-file packaged.yaml
--stack-name my-function-prod
sam publish # To the AWS Serverless Application Repository

TweetSource:
Type: AWS::Serverless::Application
Properties:
Location:
ApplicationId: arn:aws:serverlessrepo:...
SemanticVersion: 2.0.0
Parameters:
TweetProcessorFunctionName: !Ref MyFunction
SearchText: '#serverless -filter:nativeretweets'
Nested apps to simplify solving recurring problems
Standard
Component
Custom
Business
Logic
Polling schedule
(CloudWatch
Events rule)
trigger
TwitterProcessor
SearchCheckpoint
TwitterSearchPoller
Twitter
Search API

Model container environments withAWS
Cloud Development Kit (CDK)
Developer
Preview
• Open source framework to define cloud
infrastructure in TypeScript, Java, C#, …
• Provides library of higher-level resource types
(“construct” classes) that have AWS best practices
built in by default, packaged as npm modules
• Provisions resources with CloudFormation
• Supports all CloudFormation resource types
AWS
CDK
https://awslabs.github.io/aws-cdk

CDK template
import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');
class BonjourFargate extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecs.LoadBalancedFargateService(
this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});
}
}
const app = new cdk.App();
new BonjourFargate(app, 'Bonjour');
app.run();

import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
class BonjourFargate extends cdk.Stack {
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecs.LoadBalancedFargateService(
this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});
}
}
new BonjourFargate(app, 'Bonjour');
app.run();
CDK template

CDK template
applets:
MyHelloWorldService:
type: @aws-cdk/aws-ecs:LoadBalancedFargateServiceApplet
properties:
image: 'amazon/amazon-ecs-sample’
$ cdk --app ./my-applet.yaml deploy

Model pipelines withAWSCDK
• Minimize copy-and-paste by using object-oriented language
• Define microservice pipeline “shape” in one class, then re-use it across
many pipelines
• CDK includes many high-level constructs for modeling a CodePipeline
pipeline, including automatically configuring IAM role policies

CDK pipelines:Construct
export class MyMicroservicePipeline extends cdk.Construct {
constructor(parent: cdk.Construct, name: string, props: MyMicroservicePipelineProps) {
super(parent, name);
const pipeline = new codepipeline.Pipeline(this, 'Pipeline', {
pipelineName: props.serviceName,
});
const githubAccessToken = new cdk.SecretParameter(this, 'GitHubToken',
{ ssmParameter: 'GitHubToken' });
new codepipeline.GitHubSourceAction(this, 'GitHubSource', {
stage: pipeline.addStage('Source'),
owner: 'myorg',
repo: props.serviceName,
oauthToken: githubAccessToken.value
});
…

CDK pipelines: Stack
import { MyMicroservicePipeline } from './pipeline';
class MyMicroservicePipelinesStack extends cdk.Stack {
new MyMicroservicePipeline(this, 'Pipeline1', { 'serviceName': 'Microservice1' });
}
}
new MyMicroservicePipelinesStack(app, 'MyMicroservicePipelines');
app.run();

UseCDKCLI to synthesize and deployCDK templates
npm install -g aws-cdk
cdk init app --language typescript
cdk synth
cdk deploy

Continuou
s
integration

Continuous integration goals

Continuous integration goals
1. Automaticallykick off a new release when new code is checked in
2. Build and test code in a consistent, repeatable environment
3. Continuallyhave an artifact ready for deployment
4. Continuallyclose feedback loop when build fails

AWSCodePipeline
• Continuous delivery service for fast and reliable
application updates
• Model and visualize your software release process
• Builds, tests, and deploys your code every time
there is a code change
• Integrates with third-party tools and AWS

AWSCodePipeline: Supported sources
Pick branch
AWSCodeCommit
GitHub
Pick object or folder
AmazonS3
Pick Docker tag
Amazon ECR
Automaticallykick off release and pull latest source code

AWSCodePipeline: ECR source action
Source code:
“master” branch
ECR repository:
“release” tag

AWSCodePipeline: Supported triggers
Automaticallykick off release
Amazon CloudWatch Events
• Scheduled (nightlyrelease)
• AWS Health events (Fargate
platform retirement)
Available inCloudWatch Events
console,API, SDK,CLI, andAWS
CloudFormation
Webhooks
• DockerHub
• Quay
• Artifactory
Available inCodePipelineAPI,
SDK,CLI, andCloudFormation

AWSCodeBuild
• Fully managed build service that compiles source
code, runs tests, and produces software packages
• Scales continuously and processes multiple builds
concurrently
• No build servers to manage
• Pay by the minute, only for the compute resources
you use
• Monitor builds through CloudWatch Events

AWSCodeBuild
• Each build runs in a new Docker container for a
consistent, immutable environment
• Docker and AWS CLI are installed in every official
CodeBuild image
• Provide custom build environments suited to your
needs through the use of Docker images

AWSCodeBuild: Lambda buildspec
version: 0.2
phases:
build:
commands:
- npm ci
- npm test
- >
aws cloudformation package
--template-file template.yaml
--output-template packaged.yaml
--s3-bucket $BUCKET
artifacts:
type: zip
files:
- packaged.yaml

AWSCodeBuild: Lambda buildspec using SAMCLI
version: 0.2
phases:
install:
commands:
- pip install --upgrade awscli aws-sam-cli
build:
commands:
- sam build
- sam package --s3-bucket $BUCKET --output-template-file packaged.yaml
artifacts:
type: zip
files:
- packaged.yaml

AWSCodeBuild: Docker buildspec
version: 0.2
phases:
build:
commands:
- $(aws ecr get-login --no-include-email)
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REPO:$IMAGE_TAG
- docker push $ECR_REPO:$IMAGE_TAG

Continuous
deployment

Continuous deployment goals

1. Automaticallydeploy new changes to staging environments for testing
2. Deploy to production safely without impactingcustomers
3. Deliver to customers faster: Increase deploymentfrequency,
and reduce change lead time and change failure rate

AWSCodeDeploy
• Automates code deployments for containers and
serverless
• Handles the complexity of updating your
applications
• Avoid downtime during application deployment
• Roll back automatically if failure detected
• Deploy to Amazon EC2, ECR, Lambda, or on-
premises servers

CodeDeploy – Lambda deployments
• Shifts traffic using Lambda function weighted aliases
• Choose canary (“shift 10% of traffic for 10 minutes, then shift rest”)
or linear (“shift 10% more traffic every 10 minutes”)
• Validation “hooks” enable testing at each stage of the deployment
• Fast rollback in seconds if case of hook failure or CloudWatch alarms
• Monitor deployment status and history via console,API, Amazon Simple
Notification Service (Amazon SNS) notifications, and CloudWatch Events

CodeDeploy – Lambda deployments
Enable in your serverless application template
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
DeploymentPreference:
Type: Canary10Percent10Minutes
Alarms:
- !Ref ErrorsAlarm
Hooks:
PreTraffic: !Ref PreTrafficHook
Canary10Percent30Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
AllAtOnce

CodeDeploy – Lambda canary deployment
API
Gateway
Lambda
function
weighted
alias “live”
v1 Lambda
function
code
100%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code100%
Run PreTraffic hook against v2 code before it receives traffic
v2 code0%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code90%
Wait for 10 minutes, roll back in case of alarm
v2 code10%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code0%
Run PostTraffic hook and complete deployment
v2 code100%

API Gateway canary stage
API
Gateway
Production
stage
v1 code
v2 code
99.5%
0.5%
Canary
stage

BUSINESS
LOGIC
LIB
B
Before
BUSINESS
LOGIC
LIB
A
LIB
B
BUSINESS
LOGIC
LIB
A
LIB
B
BUSINESS
LOGIC
LIB
A
LIB
B
LIB
A
Use
Lambda Layers
for shared code that
doesn’t change
frequently

BUSINESS
LOGIC
BUSINESS
LOGIC
BUSINESS
LOGIC
BUSINESS
LOGIC
LIB A LIB B
Use
Lambda Layers
for shared code that
doesn’t change
frequently
Focus on your
business logic and
speed up function
deployments
After

CodeDeploy-ECS blue-green deployments
• Provisions “green” tasks, then flips traffic at the load
balancer
• Validation “hooks” enable testing at each stage of
the deployment
• Fast rollback to “blue” tasks in seconds if case of
hook failure or CloudWatch alarms
• Monitor deployment status and history via console,
API, Amazon SNS notifications, and CloudWatch
Events
• Use “CodeDeploy-ECS” deploy action in
CodePipeline or “aws ecs deploy” command in
Jenkins

CodeDeploy-ECS appspec
version: 1.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
- TaskDefinition: "my_task_definition:8"
LoadBalancerInfos:
- ContainerName: "SampleApp"
ContainerPort: 80
Hooks:
- BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstallation"
- AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation"
- AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift"
- BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift"
- AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"

CodeDeploy-ECS blue-green deployment
100%
Prod
traffic

Target group
2
100%
Prod
traffic
Test traffic listener
(port 9000)

Green tasks:
v2 code
100%
Prod
traffic
Provision green tasks

100%
Test
traffic
100%
Prod
traffic
Run hook against test endpoint before green tasks receive prod traffic

100%
Prod
traffic
Flip traffic to green tasks, rollback in case of alarm
0% Prod
traffic

100%
Prod
traffic
Drain blue tasks

Container image tagging for deployments
• Docker tags are resolved when each container starts, not just during
deployments
• Deploying “latest” or “prod” can result in untested code in production after
a scale-out event
• Use unique “immutable” tags for deployments

Build pushes new “latest” image
Image: sha256@22222... (“latest”)

Service scales up, launching new tasks
Image: sha256@22222... (“latest”)

Deploy using immutable tags
{
"name": "sample-app",
"image": "amazon/amazon-ecs-
sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d"
}
{
"name": "sample-app",
"image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0"
}
SHA256 Digest
Build ID

Compute immutable tags during build
SHA256 Digest
export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG
Example Result:
amazon/amazon-ecs-sample@sha256:3e39d933b...
Build ID
export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'`
Example Result:
build-b2085490-359f-4eaf-8970-6d1e26c354f0

Build pushes new image tagged with new build ID
Image: sha256@22222... (“build-22222”)

Service scales up, launching new tasks
Image: sha256@22222... (“build-22222”)

Image: “build-22222” tag
Deployment updates service’s task definition, replacing tasks
Image: sha256@22222... (“build-22222”)

1. Automaticallydeploy new changes to staging environments
for testing
2. Deploy to production safely without impactingcustomers
3. Deliver to customers faster: Increase deploymentfrequency,
and reduce change lead time and change failure rate

CapitalOne–Credit OffersAPIserverless architecture
Affiliates
www.capitalone.com/
credit-cards/prequalify
AWS Cloud
Capital One
API Gateway
VPC
Lambda
Function
Traces Logs
Production Support
Command Center
COAT
Credit Offers API Team
Lambda
Function
S3 Bucket
TTL
Third-Party
API

CapitalOne–Credit OffersAPICI/CD pipeline
Continuous Improvement, Continuous Delivery!
GitHub LGTM Bot Jenkins AWS SAM
S3 Bucket
(Versioning)
Lambda
Function
DeploymentType:
dev: AllAtOnce
qa: AllAtOnce
qaw: AllAtOnce
prod: Canary10Percent10Minutes
prodw: Canary10Percent10Minutes
canary5xxGetProductsAlarm:
Type: AWS::CloudFormation::Alarm
Properties:
AlarmActions:
- !FindInMap:
- params
- AdminSNSTopic
- !Ref Environment
AlarmDescription: 500 error from product
listing Lambda.
ComparisonOperator:
GreatherThanOrEqualTothreshold
Period: 300
Statistic: Sum
Threshold: 1
EvaluationPeriod: 1

CapitalOne–Benefits from taking theAPIserverless
Performance gains
From the time the request
is received by lambda to
the time to send the
response back
70%
Cost savings
By removing EC2, ELB
and RDS from our solution
90%
Increase in team velocity
Reduce investment in team’s time
on DevOps and dedicate back to
feature development!
30%

Takeaways
1. Manage your infrastructure as code
2. Frequently build and integrate your code to get a first feedback
3. Continuously release in production using canary releases with monitoring
and automated rollbacks
4. Use canary releases to get both technical and business feedback

Danilo Poccia, Principal Evangelist, Serverless
@danilop
Thank you!

© 2019, AmazonWeb Services, Inc. or itsaffiliates. All rightsreserved.
Simplify your frontend apps
with serverless backend in the cloud
Sébastien Stormacq, Developer Advocate
{
"name": "Sébastien Stormacq",
"role": "Developer Advocate",
"company": "Amazon Web Services”,
"twitter": "@sebsto”,
“github” : "sebsto"
}

A typicalday in developer life

We need an app to let our customers update preference
settings – our competitors just launched the same thing, so I
need it fast. I don’t want to pay a lot for it, especially when no
one is using it. But remember that we’re growing, so make sure
it scales great and is easy to manage and operate. And
you’re on your own – sorry!

We need an app to let our customers update preference
settings – our competitors just launched the same thing, so I
need it fast. I don’t want to pay a lot for it, especially when no
one is using it. But remember that we’re growing, so make sure
it scales great and is easy to manage and operate. And
you’re on your own – sorry!
No problem, I will use
a cloud-based &
serverless backend.

Serverless means

Serverless means
No Server to Provision or Manage Scale with Usage
Availability and Fault Tolerance Built-in Pay for value

Serverless acrossthestack
Database
AccessCompute
Developer Workflow

Whatobstaclesdevelopersarefacing?

165+services
TECHNICAL & BUSINESS SUPPORT
Support Professional
Services
Optimization
Guidance
Partner
Ecosystem
Training &
Certification Solutions Management
Account
Management
Security & Billing
Reports
Personalized
Dashboard
MARKETPLACE
Business Apps
Business
Intelligence
DevOps Tools Security Networking StorageDatabases
IoT
Rules Engine
Device Shadows
Device SDKs
Device Gateway
Registry
Local Compute
MIGRATION
Schema
Conversion
Exabyte-Scale
Data Migration
Application
Migration
Database
Migration
Server Migration
HYBRID
Integrated
Networking
Data Integration
Integrated Identity &
Access
Integrated Resource &
Deployment Management
Integrated Devices
& Edge Systems
ML / IA
Custom Model
Training & Hosting
Conversational
Chatbots
Image & Scene
Recognition
Facial Recognition
& Analysis
Deep Learning
(Apache MXNet,
TensorFlow, &
others)
Text to Speech
Facial Search
ENTERPRISE
Virtual Desktops
App Streaming
Sharing &
Collaboration
Corporate Email
Communications
Contact Center
MOBILE
API Gateway
Single Integrated
Console
Identity
Sync
Mobile Analytics
Mobile App
Testing
Targeted Push
Notifications
DEV/OPS
One-click App
Deployment
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource Templates
Build and Test
Analyze and Debug
Patching
ANALYTICS
Data Warehousing
Business Intelligence
Elasticsearch
Hadoop/Spark
Data Pipelines
Streaming Data
Collection
ETL
Streaming Data
Analysis
Interactive SQL
Queries
APP SERVICES
Queuing & Notifications
Workflow
Email
Transcoding
Search
INFRA
Regions
Availability
Zones
Points of
Presence
CORE SERVICES
Compute
VMs, Auto-scaling,
Load Balancing,
Containers, Virtual
Private Servers,
Batch Computing,
Cloud Functions,
Elastic GPUs, Edge
Computing
Storage
Object, Blocks,
File, Archivals,
Import/Export,
Exabyte-scale data
transfer
CDN
Databases
Relational,
NoSQL, Caching,
Migration,
PostgreSQL
compatible
Networking
VPC, DX, DNS
SECURITY & COMPLIANCE
Identity
Management
Key Management
& Storage
Monitoring
& Logs
Configuration
Compliance
Web Application
Firewall
Assessment
& Reporting
Resource &
Usage Auditing
Access
Control
Account
Grouping
DDOS Protection
MANAGEMENT TOOLS
Monitoring
Manage
Resources
Resource
Templates
Configuration
Tracking
Server
Management
Service
Catalogue

Manylinesof boiler platecode

IntroducingAWSAmplify

Amplify– aCLIto ProvisionServices
$ amplify add auth
$ amplify add storage
$ amplify add api
$ amplify push
Add an Amazon Cognito User Pool
Create and secure an Amazon S3 bucket
Add an AWSAppSync or API Gateway
Deploy via AWS CloudFormation

Amplify–ASet ofOpen-SourceLibraries

Let’senricha React webapp

Initialiseamplify
$ amplify init
$ amplify push

#1 Addauthentication

Provision theservice
$ amplify add auth
$ amplify push

ModifyourApp
import Amplify from 'aws-amplify’;
import { withAuthenticator } from 'aws-amplify-react’;
// 'aws-amplify-react-native';
import awsmobile from './aws-exports’;
Amplify.configure(awsmobile);
…
export default withAuthenticator(App);

Demo

$amplifyadd auth&& amplifypush
AWS Cloud
Clients
AWS Cognito User Pool
Accounts
Multi Factor
Authentication
Signup & Signin

#2 AddanAPI

https://2018.stateofjs.com/data-layer/overview

query GetNote {
getNote(id: ”1”) {
id
value
}
}
mutation CreateNote {
createNote(value: “My first note”) {
id
value
}
}
subscription OnCreateNote {
onCreateNote {
id
value
}
}
GraphQL,a query languageforAPIs
type Note {
id: ID!
value: String!
}

AppSync, a runtimeto execute the query
query GetPost {
getPosts(id: ”1”) {
id
title
comments {
content
}
author {
name
}
}
}
query GetPost {
getPosts(id: ”1”) {
id
title
comments {
content
}
author {
name
}
}
}
Amazon
EC2
{
"data" : {
"posts" : [
{
"id" : 1,
"title" : "Introduction to GraphQL",
"comments" : [
{
"content" : "I want GraphQL for my next App!"
}
],
"author" : {
"name" : "Sébastien Stormacq"
}
}
]
}
}
Amazon
DynamoDB
AWS
Lambda

Provision theAPI
$ amplify add api
$ amplify push

$amplifyadd api
$ amplify add api
? Please select from one of the below mentioned services GraphQL
? Provide API name: amplifynotes
? Choose an authorization type for the API Amazon Cognito User Pool
Using service: Cognito, provided by: awscloudformation
The current configured provider is Amazon Cognito.
? Do you want to use the default authentication and security configuration?
Yes, use the default configuration.
Successfully added auth resource
? Do you have an annotated GraphQL schema? No
? Do you want a guided schema creation? true
? What best describes your project: Objects with fine-grained access control
(e.g., a project management app with owner-based authorization)
? Do you want to edit the schema now? Yes
Please edit the file in your editor:
/<path>/amplify/backend/api/amplifynotes/schema.graphql
? Press enter to continue

A basicschema
type Note {
id: ID!
note: String!
}

Transformers(akaannotations)
type Note
@model @auth(rules: [{allow: owner}]){
id: ID!
note: String!
}

$amplifyadd api&@model
AWS Cloud
Clients
AWS AppSync Amazon DynamoDB
Table
Schemas Resolvers Data Sources
type Query {
getNote(...): Note
listNotes(...): Note
}
type Mutation {
createNote(...): Note
updateNote(...): Note
deleteNote(...): Note
}
type Subscription {
onCreateNote (...): Note
onUpdateNote (...): Note
onDeleteNotet(...): Note
}
type Note {
id: ID!
value: String
}
queries
mutations
getNote
listNotes
updateNote
deleteNote
createNote
Note Table
Datasource
IAM Role
ARN
Note Role
ARN

#3 addsearchcapabilities

UpdateGraphQLTransformer
type Note
@model @auth(rules: [{allow: owner}])
@searchable {
id: ID!
note: String!
}

$ amplify push

@searchable
AWS Cloud
Clients
AWS AppSync Amazon DynamoDB
Table
queries
mutations
getNote
listNotes
updateNote
deleteNote
createNote
Note Table
Datasource
IAM Role
ARN
Note Role
ARN
type Query {
getNote(...): Note
}
type Mutation {
}
type Subscription {
}
type Note {
id: ID!
value: String
}

@searchable
AWS Cloud
Clients
AWS AppSync
Document Index
Amazon ElasticSearch
type Query {
getNote(...): Note
searchNotes(...): [Note]
}
type Mutation {
}
type Subscription {
}
type Note {
id: ID!
value: String
}
queries
mutations
getNote
listNotes
updateNote
deleteNote
createNote
ElasticSearch
Datasource
IAM Role
ARN
ES
Domain
ARN
Streaming
Lambda
Note Table
Datasource
IAM Role
ARN
Note Role
ARN
searchNotes
Amazon DynamoDB
Table

#4 deploytheapp

$ amplify add hosting
$ amplify publish

amplifyaddhosting
$ amplify add hosting
? Select the environment setup: DEV (S3 only with HTTP)
? hosting bucket name my_hosting_bucket
? index doc for the website index.html
? error doc for the website index.html

amplifypublish (dev)
AWS Cloud
Clients
Amazon Cloudfront Amazon S3
Bucket serving
static web content
Edge Locations

amplifypublish (prod)
AWS Cloud
Clients
Amazon Cloudfront Amazon S3
Bucket serving
static web content
Edge Locations

AdvancedTopics

Amplifyblack belt tips
฀
$ amplify checkout ENV
$ amplify add ENV

Amplifyblack belt tips
฀

Whatdid wejustdo ?
We created a front end web app backed by cloud services
• User Sign-in, Sign-up (Amazon Cognito)
• CRUD GraphQL API (AWS AppSync + Amazon DynamoDB)
• Search API (Amazon ElasticSearch)
• Hosting (Amazon S3, Amazon CloudFront)
https://github.com/sebsto/amplify-react-workshop

TakeAway

Thank you
Sébastien Stormacq, Developer Advocate
{
"name": "Sébastien Stormacq",
"role": "Developer Advocate",
"company": "Amazon Web Services”,
"twitter": "@sebsto”,
“github” : "sebsto"
}

© 2018, Amazon Web Serv ices, Inc. or its Af f iliates. All rights reserv ed.
AWS Builders’ Day London
MAD4 - Breaking the Monolith: road to
containerizing/serverless your app
Paul Armstrong - Principal Solutions Architect

The monolith
“…asingle-tiered software application inwhichtheuser interface
and data access code arecombined into asingle program from a
single platform. Amonolithic application isself-contained, and
independent from other computing applications.”
-Wikipedia

Monolith = ”traditional applications”
• Pros:
• At first…
• Simple
• No over-engineering
• In-process latencies
• Single code base
• Resource efficient at small
scale
• Cons:
• Modularity is hard to enforce
as app grows
• Can only scale up!
• All or nothing deployment
• Long release cycles
• Slow to react to customer
demand

Monolith development lifecycle
Build Test Release
Developers
Monolith
Delivery Process

How or why should I migrate
my monolith?

Common migration strategies
There is no one size fits all approach to migrating your
applications

Methodical migration process
Evaluat
e
Plan Design Migrate Optimize
• Discovery
• Migration
patterns
• Well
Architected
• Tool
selection
• Test
planning
• Cutover
• Migration
workloads
• Migration
tools
• Validation &
cutover
• Operation
• Optimizati
on
• Migration
Readiness
Assessment
• On-boarding
• Planning and
SOW
• Portfolio
discovery
• Requirements
collection
• Landing Zone
• People -
skills and
organization
• Business
case, TCO
Visualize the cloud adoption effort from planning to operating on AWS

Portfolio discovery
Goals:
• Determine resource allocation in the AWS environment
• Develop a prioritized backlog of applications to feed migration
• Assess project migration costs and run costs
Evaluat
e
Discove
r &
Plan
Design Migrate Optimize

Questions & challenges on the migration journey
• Where to start?
• What to break out?
• Dependencies?
• Works as expected?
• Users happy?
• Does it scale?
• Does it perform?
• How to automate?
• Works as expected?
• Users happy?
• How to optimize?
Does it perform?
• How to automate?
?
? ?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
? ?
?
?
?
? ? ?
?
?
?
?
From
On-Premises Monolith
Via
Containerized Services
To
Functions & Cloud Service

Containers as part of my
migration strategy?

Accelerate
Development
Easier
Adoption
Faster
Iteration
Unified
Experience
Container Platforms
Container Benefits

Discovery – Portfolio Data Gathering
• Storage
• Type
• Capacity
• Utilization
• . . .
• Server
• Physical/virtu
al
• OS version
• CPU, RAM, Disk
• type,
utilization
• . . .
• Network
• Device type
• Firewall rule
• Network
connection
• . . .
• Application
• Owners,
criticality
• Characteris
tics
• Stack
• Infrastruct
ure
• . . .

Analysis … What Should We Look For?
• Completeness and usability
• If additional discoveryis needed,determine the actions needed to complete discovery.
• Apps, Servers,
Connections
• No. of apps and
servers
• Application and
server dependencies
• Performance
metrics
• Allocate and
right-size
target resources
• Service naming,
tagging
• Identify patterns
• Group servers and
applications

Asset
Inventories
CMBD
Tribal
Knowledge
SLA/OLA
App
Configuration
Data
Performance
Information
Architecture
Outcomes
Applications
Infrastructure
Performance
Portfolio Discovery & Analysis
Outcomes
Resource Model
Application backlog
Cost Model
AWS Application
Discovery Service
Disconnected and
Incomplete Data
Gathering Data and
Organizing
“Discovery & Planning”

Getting toknow themonolith architecture
?
?
?
?
?
?
?
?
?
?
?
Service
Endpoints
Service Flow
Depending
Services

Learnings Through Discovery
/review
/finish
/config
/payment
Backend
Service X
DB A
Q 1
Endpoints +
Throughput
Dependencies&
Call Patterns
Flow & CPU
Consumption

Next: Where to break the monolith?
/review
/finish
/config
/payment
Backend
Service X
DB A
Q 1
?
?
?
?
?
?
?
?
?
?
Entry Points? Entry Points?

Refactoring – break the monolith
Tightly coupled! Shall we really distribute/extract?
ExampleCorpBackendW ebser...
com.Dynatrace.exampleCorp ...

The 12 factor application
I. Codebase
One codebasetrackedin revision control,many
deploys
II. Dependencies
Explicitly declareand isolate dependencies
III. Config
Store config in the environment
IV. Backing services
Treatbacking services asattached resources
V. Build, release,run
Strictly separate build and run stages
VI. Processes
Executethe app as one or more stateless
processes
VII. Port binding
Exportservices via portbinding
VIII. Concurrency
Scale out via the processmodel
IX. Disposability
Maximize robustnesswith fast startup and graceful
shutdown
X. Dev/prod parity
Keep development,staging,and productionas
similar as possible
XI. Logs
Treatlogs as eventstreams
XII. Admin processes
Run admin/managementtasks as one-offprocesses

EC2 Instance
TaskTask
Task Task
EC2 Instance
TaskTask
Task Task
EC2 Instance
TaskTask
Task Task
EC2 Instance
TaskTask
Task Task
EC2 Instance
TaskTask
Task Task
RUNNING CONTAINERS

RUNNING CONTAINERS AT SCALE WITH ECS
Availability Zone #1 Availability Zone #2 Availability Zone #3
Scheduling and Orchestration
ClusterManager Placement Engine

ECS
AMI
Docker
agent
ECS
agent
ECSTaskECSTask
ECSTaskECSTask
EC2 Instance

ECS
AMI
Docker
agent
ECS
agent
EC2 Instance
ECS
AMI
Docker
agent
ECS
agent
EC2 Instance
ECS
AMI
Docker
agent
ECS
agent
EC2 Instance
ClusterManager Placement Engine

“Just launch 10 copies of
my container distributed
across three availability
zones and connect them to
this load balancer”
X 10

I. CodebaseOne codebase tracked in revision control, many deploys

Deployed VersionCode Version Control

Staging / QA
Production
Dev #1
Dev #2

II. DependenciesExplicitly declare and isolate dependencies

Dependencies
Binaries
Code
Application
Bundle

Dependency Declaration: Node.js
npm install
yarn install
package.json

Dependency Declaration: Python
pip install
requirements.txt

Dependencies
Dependencies
Binaries
Code

Dependency Declaration & Isolation: Docker
docker build
Dockerfile

Development
Production
docker run

III. ConfigStore config in the environment

Development
Configuratio
n
Production
Configuration
Development
Production

Development
Production
Same container deployed to both environments.
Configuration is part of the environment on the host.

At runtime the container gets config from the
environment.

Application code pulls from the
environment
Environment is customized when docker runs a container

IV. Backing servicesTreat backing services as attached resources

Amazon
S3
PostgreSQLapp1
Host
app2 3rd party
service
Treat local services just like
remote third party ones

PostgreSQ
L
app1
app2
Load
balancer
Use CNAMES for maximum
flexibility and easy reconfiguration
postgres.mycompany.c
om
app2.mycompany.co
m

Easily create and maintain custom maps of your applications
Before
Version 2
After
Version 2

V. Build, release, runStrictly separate build and run stages

Dependencies
Binaries
Code
Build

Release
Config ReleaseBuild Artifact
+ =
Tagged image stored in ECR

Amazon Elastic Container Service
Confi
g

Run
Task
Definition
Release v1
Task Definition
Release v2

VI. ProcessesExecute the app as one or more stateless processes

Stateful container stores state in local disk
or local memory. Workload ends up tied to a
specific host that has state data.
eu-west-1b
Container 1
Disk
eu-west-1ceu-west-1a

Stateful data
Use services:
• Amazon RDS
• Amazon DynamoDB
• Amazon ElasticCache
• Amazon ElasticSearch
• Amazon S3
• ……

VII. Port bindingExport services via port binding

Port 32456
Port 32457
Port 32458

Port
32768
Port
33487
Port
32192
Port
32794
Port
32781
Match:
/api/users*
Match:
/api/auth*

VIII. ConcurrencyScale out via the process model

© 2018, Amazon Web Services, Inc. or its Affiliates. All
rights reserved.
RUNNING CONTAINERS AT SCALE W ITH
ECS
Availability Zone
#1
Availability Zone
#2
Availability Zone
#3
Cluster Manager Placement Engine

Scaling
Instance
Container 1
Instance Instance Instance Instance Instance
+
Container 1
Container 1
Container 1
Container 1
Container 1

IX. DisposabilityMaximize robustness with fast startup and graceful shutdown

Responsive Graceful
Shutdown
Fast Launch

Fast Launch
Minimize the startup time of processes:
• Scale up faster in response to spikes
• Ability to move processes to another host as needed
• Replace crashed processes faster

Responsive, Graceful Shutdown
Should respond to SIGTERM by shutting down gracefully

X. Dev/prod parityKeep development, staging, and production as similar as possible

Local Application Remote
Staging / QA
Production
Dev #1
Dev #2

XI. LogsTreat logs as event streams

Containerized code writes to
stdout
Docker connects container’s stdout to a log driver

CLOUDWATCH LOGS CONFIGURATION
• Use the awslogs driver to
send stdout from your
application to Cloudwatch
logs
• Create a log group in
Cloudwatch
• Configure the log driver
in your task definition
• Remember to add
permissions via the Task
Execution Role
{
"family": " scorekeep",
...
"containerDefinitions ": [
{
"name":“scorekeep-frontend",
...
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "scorekeep",
"awslogs-region": “us-east-1",
"awslogs-stream-prefix": "scorekeep/frontend“}}
},
{
"name":“scorekeep-api",
...
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "scorekeep",
"awslogs-region": “us-east-1",
"awslogs-stream-prefix": "scorekeep/api"}}
}
]}
Task Definition

CLOUDWATCH LOGS
Logs Tab in
the Task
Detail Page
View logs in the ECS or Cloudwatch Console

XII. Admin processesRun admin/management tasks as one-off processes

Admin / management processes are
inevitable:
• Migrate database
• Repair some broken data
• Once a week move database
records older than X to cold
storage
• Every day email a report to
this person

Building Blocks for Containerized 12 Factor
apps
AWS Elastic
Beanstalk
Amazon
SQS
Compute
AWSX-Ray
DeveloperTools
AWS
CodeBuild
AWS
CodePipeline
AWS
Cloud9
AWS
Fargate
Amazon
ECS
Application Integration
Amazon
SNS
Amazon MQ
Logging & Monitoring
Amazon
CloudWatch
AWS
CloudTrail
Amazon
DynamoDB
AmazonS3
Storage & Database
Amazon ElastiCache Amazon RDSAmazon
ECR
Amazon
EKS
AmazonAPI
Gateway
Networking & API Proxy
Elastic Load
Balancing
Amazon
Route 53
AWSStep
Functions

CI/CD for Modern Applications

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CI/CD for Modern Applications

Similar to CI/CD for Modern Applications (20)

More from Amazon Web Services

More from Amazon Web Services (20)

CI/CD for Modern Applications