AWS Dev Day Kyiv 2019
Track: Backend & Architecture
Session: ""Architecting SaaS solutions on AWS""
Speaker: Oleksandr Mykhalchuk, Director of DevOps & Cloud Services at Softserve
Level: 300
Video: https://youtu.be/3lKoe-ts8Qs
AWS Dev Day is a free, full-day technical event where new developers will learn about some of the hottest topics in cloud computing, and experienced developers can dive deep on newer AWS services.
Provectus has organized AWS Dev Day Kyiv in close collaboration with Amazon Web Services: 800+ participants, 18 sessions, 3 tracks, a really AWSome Day!
Now, together with Zeo Alliance, we're building and nurturing AWS User Group Ukraine — join us on Facebook to stay updated about cloud technologies and AWS services: https://www.facebook.com/groups/AWSUserGroupUkraine
19. IDENTITY & ACCESS
On-Boarding
a Tenant Domain
Provisions
SSL
Certificate
New Tenant
On-Boarding
Identity
Broker
Tenant
Identity
Provider
Tenant
Management
Billing
Tenant
IAM Policy
20. THERE IS NO SILVER BULLET
• Outsource identity management
• Choose identity stores and protocols wisely
• Use identity brokers
• Keep User Data at minimum
• Avoid old or aging protocols (SAML 2.0)
• Automate role and policy provisioning
24. PROFILING & OPTIMIZING
• Data & Metrics are vital
• Look at “busy” tenants first
• Identify general patterns, profiles and trends
• Flexible Data Distribution (Sharding Manager, 2 Layer Sharding)
• Centralized Tenant Policies Management strategy
• Service Granularity helps
• Data Analytics is your best ally
25. BILLING & METERING
Metrics
Matter
Isolation models
define Cost-
tracking strategy
Knowing your
Cost-per-Tenant
early is crucial
Flexible Tier
models attached
to Tenant Policies
Managed Services
make it simpler
29. CHALLENGES THAT MANY OVERSEE
Data
Migration
Tenant
Onboarding
Automation
Data Evolution
Strategy
Database
Hot Spots
Scaling
Data Layer
30. PROJECT
A niche communication platform for a financial sector
that provides secure messaging, bots and integration
with other platforms.
• Each customer has own “Silo” under AWS Account
or VPC
• Lots of OPS thinking instead of DevOps
• No automatic Scalability
• Costs
33. DECISIONS MADE
Microservices
Mongo
MS SQL
Hadoop + Spark
Overall
Container Layer Tenant Isolation with ECS
SaaS Model BRIDGE /w shared Service and Persistence Layers
DynamoDB /w Shared Database(Table), Single Schema
RDS PostgreSQL /w Single Database(s), Multiple Schemas
EMR
Max out usage of Managed Services*
Legacy (Solr, Cache) ASG + HealthChecks
34. COST SAVING ON CHANGING DB ENGINE
Develop
Migrate
Operation
200
150
100
50
1 2 3 4 5+
8x db.r4.2xlarge Reserved 1 Y All Upfront
MS SQL Enterprise 53200 USD/month
PostgreSQL 6300 USD/month
Monthly savings 46900 USD/month
20
NET Gain 3 Years
$ 730k+
38. LESSONS LEARNED
• Rotate ECS instances weekly
• Automate Tenant Policy update process
• You should be able to “freeze” a separate microservice/stack version in
deployment without affecting the rest
• SignalFx, CloudWatch and ELK are your best friends
• Scaling Persistence Layer with non-cloud-native components is fun
• Complex CloudFormation Stack Updates is even more fun
• Deleting CloudFormation Stacks in the active PROD is the ultimate fun
39. THINGS I WOULD HAVE DONE
DIFFERENTLY NOW
More Serverless More Global
Lambda Aurora
Serverless
EKS DynamoDB
Global Tables
40. LAST WORDS
• Know your SaaS patterns
• Always start with the best model
• Make informed tradeoffs
• Data is your key to success