Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Re-architecting a Consumer Banking
Application f...
5
The Challenge
• How fast can we go
using AWS?
• What changes do we
need to make to go
that fast consistently?
• How do w...
6
Problem
Massive
Scalability
Waves of user onboarding
Minimum of 10,000 concurrent
users per second
Spikes
7
Solution
Lambda + API
Gateway
Use Lambda for request processing
Use API Gateway to process API requests
Allocate enough ...
8
The Application
Millions of Banking
ConsumersMassive Scalability
Zero Downtime
Deployments
Frequent
Deployments
100% Upt...
9
Ease of Use
Problem
Millions of Bank
Consumers
Development
Legal Compliance
10
JavaScript
Solution
Single Page
Application
User Experience
Deployment
Fast
11
Problem
Bank Level
Security
Secure Content
Logging
Configuration Management
Regulated Data
Data Obfuscation
Compliance
12
Solution
Cloud Native
Services + Splunk
Secure Content
Logging
Configuration Management
Regulated Data
Data Obfuscation...
13
Sub 500ms Latency
Problem
Need Crazy Fast
Performance
Heavy Load
14
CloudFront
Solution
Lambda, CloudFront,
ElastiCache
NodeJS
Lambda
ElastiCache
Results
15
Initial Deployment
Initial
Deploy
20 Hours!
16
Daily Deployments
Problem
Frequent
Deployments
Automated Tests
Automated Promotion
Zero Downtime
Continuous Delivery
Tr...
17
Solution
Pipeline as Code,
Automated Promotion
Daily Deployments
Automated Tests
Automated Promotion
Zero Downtime
Cont...
18
Account vs Application Infrastructure Pipelines
Global
Region 1
Region 2
Account
Account
Global
Account
Regional
Accoun...
19
Account vs Application Infrastructure Pipelines
Global
Region 1
Region 2
Account Application
App
Sec
App
Code
App
Code
...
20
Canary
Deploys - UI Us-east-1
Us-east-2
CloudFront distribution
CookieCookie
AWS Cloud
InternetUser
request
Primary Can...
21
Canary Deploys - API
Canary version of the
Lambda function is installed
Routing
Config.
AWS Cloud
New (Canary) Version
...
22
Canary Deploys – API – 1%
Routing
Config.
AWS Cloud
New (Canary) Version
Release (Current) Version
1%
CloudWatch Loggin...
23
Canary Deploys – API – 100%
Routing
Config.
AWS Cloud
New (Canary) Version
Release (Current) Version
CloudWatch Logging...
24
Canary Deploy – API - Finished
Routing
Config.
AWS Cloud
New (Canary ) Version
Release (Current) Version
CloudWatch Log...
25
Continuous Improvement
Initial Deploy
Added Dev, QE, Staging
Environments
Added 2 way Canary
Deploys
Experienced outage...
26
Problem
100% Uptime
Availability
Business Recovery
Dependent Services
Security
Performance
27
Solution
Multi-Region
Active/Active
Availability + Performance
Business Recovery +
Dependent Services
Security
API Gate...
28
Multi-Region Active/Active
CloudFront Lambda Edge Logic - UI
app.org.com
Request
from Florida
ui.geo.app.org.com
app-ui...
29
Continuous Improvement
Initial Deploy
Added 2 way
Canary Deploys
Experienced outage
in us-east-1 due to
SSM
Deployed Mu...
ui.geo.app.org.com
app.ui.us.east-1-s3.amazonaws.com
app.ui.us.east-2-s3.amazonaws.com
api.geo.app.com
API Gateway Custom ...
31
The Unexpected
Long canary deployments
AWS region outage
API Security
Candid Partners Proprietary & Confidential 32
Incorporating the Learnings
33
Can a Bank Win a Race? Just as good as any Unicorn
How fast can we go using AWS? Rapid prototyping in hours using
appro...
Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Chris Lofton Aaron Bawcom
Aaron.Bawco...
Candid Partners - Architecting a Banking App with Serverless Technology - AWS reInvent 2018 SRV220
Upcoming SlideShare
Loading in …5
×

Candid Partners - Architecting a Banking App with Serverless Technology - AWS reInvent 2018 SRV220

257 views

Published on

Candid Partners' presentation from a breakout session at AWS re:Invent 2018 on Architecting a Banking Application with Serverless Technology.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Candid Partners - Architecting a Banking App with Serverless Technology - AWS reInvent 2018 SRV220

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Re-architecting a Consumer Banking Application for Better Scale and Reliability Chris Lofton SVP, Cloud Program SunTrust Bank 23094 Aaron Bawcom Chief Architect Candid Partners
  2. 2. 5 The Challenge • How fast can we go using AWS? • What changes do we need to make to go that fast consistently? • How do we make sure our security requirements are met? • How far can we push the technical limits? Can a Bank Win a Race? • How can we demonstrate success early in cloud journey? • How much can we simplify the development process? • How do we decrease TAS and increase GSD? • What’s the lowest cost we can operate?
  3. 3. 6 Problem Massive Scalability Waves of user onboarding Minimum of 10,000 concurrent users per second Spikes
  4. 4. 7 Solution Lambda + API Gateway Use Lambda for request processing Use API Gateway to process API requests Allocate enough IP space to satisfy Lambda ENI attachment to VPC Use NodeJS for language
  5. 5. 8 The Application Millions of Banking ConsumersMassive Scalability Zero Downtime Deployments Frequent Deployments 100% Uptime Bank Level Security Crazy Fast Performance
  6. 6. 9 Ease of Use Problem Millions of Bank Consumers Development Legal Compliance
  7. 7. 10 JavaScript Solution Single Page Application User Experience Deployment Fast
  8. 8. 11 Problem Bank Level Security Secure Content Logging Configuration Management Regulated Data Data Obfuscation Compliance
  9. 9. 12 Solution Cloud Native Services + Splunk Secure Content Logging Configuration Management Regulated Data Data Obfuscation Compliance CloudFront, API Gateway, S3, WAF, Advanced Shield, Certificate Manager CloudTrail, CloudWatch, Kinesis, VPC CodeCommit Proprietary Hashing Custom Development Config, Lambda, GuardDuty
  10. 10. 13 Sub 500ms Latency Problem Need Crazy Fast Performance Heavy Load
  11. 11. 14 CloudFront Solution Lambda, CloudFront, ElastiCache NodeJS Lambda ElastiCache Results
  12. 12. 15 Initial Deployment Initial Deploy 20 Hours!
  13. 13. 16 Daily Deployments Problem Frequent Deployments Automated Tests Automated Promotion Zero Downtime Continuous Delivery Traceability
  14. 14. 17 Solution Pipeline as Code, Automated Promotion Daily Deployments Automated Tests Automated Promotion Zero Downtime Continuous Delivery Traceability Go-CD BlazeMeter, BrowserStack, NodeJS, CloudWatch Go-CD CloudFront, Lambda Edge Go-CD Go-CD, CloudTrail, CodeCommit
  15. 15. 18 Account vs Application Infrastructure Pipelines Global Region 1 Region 2 Account Account Global Account Regional Account Regional
  16. 16. 19 Account vs Application Infrastructure Pipelines Global Region 1 Region 2 Account Application App Sec App Code App Code App Global App Ops App Ops Account Global Account Regional Account Regional
  17. 17. 20 Canary Deploys - UI Us-east-1 Us-east-2 CloudFront distribution CookieCookie AWS Cloud InternetUser request Primary Canary Primary Canary Go-CD
  18. 18. 21 Canary Deploys - API Canary version of the Lambda function is installed Routing Config. AWS Cloud New (Canary) Version Release (Current) Version Go-CD
  19. 19. 22 Canary Deploys – API – 1% Routing Config. AWS Cloud New (Canary) Version Release (Current) Version 1% CloudWatch Logging Process logs to determine success 99% Routing Configuration is updated 99% / 1% split Go-CD
  20. 20. 23 Canary Deploys – API – 100% Routing Config. AWS Cloud New (Canary) Version Release (Current) Version CloudWatch Logging Process logs to determine success 100% Routing Configuration is updated 0% / 100% split Go-CD
  21. 21. 24 Canary Deploy – API - Finished Routing Config. AWS Cloud New (Canary ) Version Release (Current) Version CloudWatch Logging Process logs to determine success 100% Canary Alias becomes Release Routing Configuration is updated 100% Release Go-CD
  22. 22. 25 Continuous Improvement Initial Deploy Added Dev, QE, Staging Environments Added 2 way Canary Deploys Experienced outage in us- east-1 due to SSM 2 Weeks
  23. 23. 26 Problem 100% Uptime Availability Business Recovery Dependent Services Security Performance
  24. 24. 27 Solution Multi-Region Active/Active Availability + Performance Business Recovery + Dependent Services Security API Gateway, S3 JS, CloudFront, Route53 API Gateway, CloudFront, S3, Route53
  25. 25. 28 Multi-Region Active/Active CloudFront Lambda Edge Logic - UI app.org.com Request from Florida ui.geo.app.org.com app-ui-us-east-1.s3.amazonaws.com Geographic Latency Records Fail Over Alias Records app.org.com Origin Request Lambda@Edge NodeJS DNS CNAME Lookup for ui.geo.app.org.com API Gateway (Regional) IAM Secured Method Request + VTL to Zero Out Content CF S3 Request Bucket: app-ui Region: us-east-1 Origin Access Identity Secured S3 Request 1 2 app-ui-us-east-2.s3.amazonaws.com
  26. 26. 29 Continuous Improvement Initial Deploy Added 2 way Canary Deploys Experienced outage in us-east-1 due to SSM Deployed Multi Region Support us-east-2 full region outage 2 way canary deploys 1 way canary deploys Redis cluster outage Cost Optimized 24 weeks of weekly releases • Zero downtime due to deploys! • No service interruptions after adding multi region! 5 Weeks
  27. 27. ui.geo.app.org.com app.ui.us.east-1-s3.amazonaws.com app.ui.us.east-2-s3.amazonaws.com api.geo.app.com API Gateway Custom Target Domain name API Gateway Custom Target Domain name Amazon S3 Origin access identity Service Lambda Service Lambda API us.east.1 us.east.2 api.geo.app.org.com api.geo.app.org.com AWS Cloud Role Amazon S3 Role
  28. 28. 31 The Unexpected Long canary deployments AWS region outage API Security
  29. 29. Candid Partners Proprietary & Confidential 32 Incorporating the Learnings
  30. 30. 33 Can a Bank Win a Race? Just as good as any Unicorn How fast can we go using AWS? Rapid prototyping in hours using appropriately secured sandbox accounts What changes do we need to make to go that fast consistently? Change the release process to allow for same-day deployments based off of automated testing and security checks How do we make sure our security requirements are met? Make the pipeline a security control. Implement compliance Policies as Code. How far can we push the technical limits? Innovate Infrastructure as Code compliance policies change the physics of the release process How can we demonstrate success early in cloud journey? Re-architect a smaller application to Serverless to demonstrate success How much can we simplify the development process? A lot! All application components are serverless eliminating the need to manage, maintain, and upgrade servers How do we decrease TAS and increase GSD? Embed empowered team members and require accountability What’s the lowest cost we can operate? Thousands of dollars per month
  31. 31. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Chris Lofton Aaron Bawcom Aaron.Bawcom@CandidPartners.com

×