Amazon API Gateway and AWS Lambda provide a new way of building applications by removing servers from the picture. But what does the removal of servers mean to tasks like deployment, monitoring, and debugging? How should you set up blue-green deployments or set alarms? Come learn all this and more, including ways to use AWS services and tools like AWS CodePipeline, AWS CloudFormation, and Amazon CloudWatch to manage your serverless applications at high quality. We will also demonstrate how you can implement a Continuous Integration and Continuous Delivery pipeline for a serverless application within minutes using AWS CodeStar. Learn More: https://aws.amazon.com/government-education/
Application Lifecycle Management in a Serverless World | AWS Public Sector Summit 2017
1. Š 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Xiang Shen
Sr. Solutions Architect, Amazon Web Services
June 14, 2017
Application Lifecycle Management in
a Serverless World
2. No servers to provision
or manage
Scales with usage
Never pay for idle Availability and fault
tolerance built in
Serverless meansâŚ
3. Common use cases
Web
Applications
⢠Static
websites
⢠Complex web
apps
⢠Packages for
Flask and
Express
Data
Processing
⢠Real time
⢠MapReduce
⢠Batch
Chatbots
⢠Powering
chatbot logic
Backends
⢠Apps &
services
⢠Mobile
⢠IoT
</></>
Amazon
Alexa
⢠Powering
voice-enabled
apps
⢠Alexa Skills
Kit
IT
Automation
⢠Policy engines
⢠Extending
AWS services
⢠Infrastructure
management
5. Amazon S3 Amazon
DynamoDB
Amazon
Kinesis
AWS
CloudFormation
AWS CloudTrail Amazon
CloudWatch
Amazon
Cognito
Amazon SNSAmazon
SES
Cron events
DATA STORES ENDPOINTS
DEVELOPMENT AND MANAGEMENT TOOLS EVENT/MESSAGE SERVICES
Example event sources that trigger AWS Lambda
⌠and a few more with more on the way!
AWS
CodeCommit
Amazon
API Gateway
Amazon
Alexa
AWS IoT AWS Step
Functions
6. Understanding âCI & CDâ
Source Build Test Production
Continuous integration
Continuous delivery
Continuous deployment
7. CI/CD for serverless applications
There are a number of different paradigms we need to take
into account when doing CI&CD for serverless applications:
⢠Lambda functions are a unit of deployment
⢠Weâll typically have multiple Lambda functions per
application
⢠Each function will have an event trigger
⢠Could be shared or unique to each function
⢠A serverless application is typically a combination of
AWS Lambda + other AWS services
8. CI/CD for serverless applications
Weâll want to deliver our serverless application via a
traditional development pipeline:
⢠Pipeline initiated after code is committed to a repository
⢠Built, tested, and verified at the code level exactly once
⢠Aim for single artifact per deploy
⢠Integration tested at functional and end-to-end levels
⢠Deployed to independent environments for each stage of this
process
⢠Allow for those independent environments to be deployed exactly
the same way across infrastructure + application
9. An example of services for building serverless
applications:
Best practice: Manage these AWS resources with
âInfrastructure as Codeâ practices/tools!
Amazon
API Gateway
AWS Step
Functions
Amazon S3 Amazon
DynamoDB
Amazon
Kinesis
AWS
Lambda
Amazon SNS
10. Create templates of your infrastructure
CloudFormation provisions AWS resources
based on dependency needs
Version control/replicate/update templates like
code
Integrates with development, CI/CD,
management tools
JSON and YAML supported
AWS CloudFormation
15. SAM template
AWSTemplateFormatVersion: '2010-09-09â
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells CloudFormation that this is a
SAM template it needs to âtransformâ
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with 5
Read & Write units
21. SAM template capabilities
⢠Can mix in other non-SAM CloudFormation
resources in the same template
⢠Examples: Amazon S3, Amazon Kinesis, AWS Step
Functions
⢠Supports use of parameters, mappings,
outputs, etc.
⢠Supports intrinsic functions
⢠Can use ImportValue
(exceptions for RestApiId, Policies, StageName attributes)
⢠YAML or JSON
22. AWS commands â Package & Deploy
Package
â˘Creates a deployment package (.zip file)
â˘Uploads deployment package to an Amazon S3 bucket
â˘Adds a CodeUri property with S3 URI
Deploy
â˘Calls CloudFormation âCreateChangeSetâ API
â˘Calls CloudFormation âExecuteChangeSetâ API
23. Configure multiple environments
Good developers know they need different environments for building,
testing, and running their applications!
Why?
⢠Avoid overlapping usage of resources
⢠Safely test new code without impacting your customers
⢠Safely test infrastructure changes
How?
⢠AWS account strategies
⢠Using infrastructure as code tools
⢠Using variables unique to each environment
⢠Automating application delivery/testing
24. Two popular AWS account strategies:
Same account, different stacks:
+ Easier management of
resources
+ Easier visibility via
management/monitoring tools
- Can be harder to create
permission/access separation
Better for smaller teams/individuals
Configure multiple environments
Multiple accounts:
+ Assured separation of permissions
and access
+ Resource limits per account to
control usage
- Overhead of managing multiple
accounts and controls between them
Better for larger teams/companies
Check out AWS Organizations
25. Template File
Defining Stack
Source
Control
Dev
Test
Prod
Use the version
control system of
your choice to
store and track
changes to this
template
Build out multiple
environments, such
as for development,
test, production and
even DR using the
same template,
even across
accounts
Many environments from one template
27. Building a deployment package
Node.js & Python
⢠.zip file consisting of
your code and any
dependencies
⢠Use npm/pip to
install libraries
⢠All dependencies
must be at root level
Java
⢠Either .zip file with all
code/dependencies,
or standalone .jar
⢠Use Maven / Eclipse
IDE plugins
⢠Compiled class &
resource files at root
level, required jars in
/lib directory
C# (.NET Core)
⢠Either .zip file with all
code/dependencies,
or a standalone .dll
⢠Use NuGet /
VisualStudio plugins
⢠All assemblies (.dll)
at root level
28. Fully managed build service that compiles source code,
runs tests, and produces software packages
Scales continuously and processes multiple builds
concurrently
You can provide custom build environments suited to your
needs via Docker images
Only pay by the minute for the compute resources you
use
Launched with AWS CodePipeline and Jenkins integration
New: Can be used as a âTestâ action in CodePipeline
AWS CodeBuild
30. version: 0.1
environment_variables:
plaintext:
"INPUT_FILE": "saml.yamlâ
"S3_BUCKET": ""
phases:
install:
commands:
- npm install
pre_build:
commands:
- eslint *.js
build:
commands:
- npm test
post_build:
commands:
- aws cloudformation package --template $INPUT_FILE --s3-
bucket $S3_BUCKET --output-template post-saml.yaml
artifacts:
type: zip
files:
- post-saml.yaml
- beta.json
⢠Variables to be used by phases of
build
⢠Examples for what you can do in
the phases of a build:
⢠You can install packages or run
commands to prepare your
environment in âinstallâ.
⢠Run syntax checking,
commands in âpre_buildâ.
⢠Execute your build
tool/command in âbuildâ
⢠Test your app further or ship a
container image to a repository
in post_build
⢠Create and store an artifact in S3
buildspec.yml Example
31. Establish our testing/validation model
We want to make sure our code:
⢠Is without syntax issues
⢠Meets company standards for format
⢠compiles
⢠Is sufficiently tested at the code level via unit tests
We want to make sure our serverless service:
⢠Functions as it is supposed to in relation to other components
⢠Has appropriate mechanisms to handle failures up or down stream
We want to make sure our entire application/infrastructure:
⢠Functions end to end
⢠Follows security best practices
⢠Handles scaling demands
32. Testing tools
Code inspection/test coverage:
⢠Landscape - https://landscape.io/ (only for Python)
⢠CodeClimate - https://codeclimate.com/
⢠Coveralls.io - https://coveralls.io/
Mocking/stubbing tools:
⢠https://github.com/atlassian/localstack - âA fully functional local AWS cloud stack. Develop and test
your cloud apps offline!â
⢠Includes:
⢠https://github.com/spulec/moto - boto mock tool
⢠https://github.com/mhart/dynalite - DynamoDB testing tool
⢠https://github.com/mhart/kinesalite - Amazon Kinesis testing tool
⢠more!
API Interface/UI testing:
⢠Runscope - https://www.runscope.com/ - API Monitoring/Testing
⢠Ghost Inspector - https://ghostinspector.com/ - Web interface testing
33. Continuous delivery service for fast and
reliable application updates
Model and visualize your software release
process
Builds, tests, and deploys your code every time
there is a code change
Integrates with third-party tools and AWS
AWS CodePipeline
34. Delivery via AWS CodePipeline
Pipeline flow:
1. Commit your code to a source code repository
2. Package/test in AWS CodeBuild
3. Use CloudFormation actions in AWS CodePipeline
to create or update stacks via SAM templates
Optional: Make use of ChangeSets
4. Make use of specific stage/environment parameter
files to pass in AWS Lambda variables
5. Test our application between stages/environments
Optional: Make use of manual approvals
35. Source
Source
CodeCommit
MyApplication
An example minimal pipeline:
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWS Lambda
This pipeline:
⢠Five stages
⢠Builds code artifact
⢠Three deployed to âenvironmentsâ
⢠Uses CloudFormation to deploy
artifact and other AWS resources
⢠Has Lambda custom actions for
running my own testing functions
⢠Integrates with a third-party
tool/service
⢠Has a manual approval before
deploying to production
37. Introducing: AWS CodeStar
Quickly develop, build, and deploy applications on AWS
Start developing on AWS in minutes
Work across your team, securely
Manage software delivery easily
Choose from a variety of project templates
38. CloudWatch Metrics
⢠Default (free) metrics:
⢠Invocations
⢠Duration
⢠Throttles
⢠Errors
⢠Create custom metrics for
health and status tracking
Metrics and logs
CloudWatch Logs
⢠Every invocation generates
START, END and REPORT
entries to CW Logs
⢠Emit your own log entries
⢠Use third-party tools for
aggregation and visualization
39. AWS X-Ray + AWS Lambda
⢠Collects data about requests that your application serves
⢠Provides diagnostic tools
⢠Visibility into the AWS Lambda service
⢠Breakdown of your functionâs performance
42. AWS X-Ray + AWS Lambda
⢠Service map â identify where your errors or latency
problems are coming from
⢠Trace view â zoom in to determine the root cause