AWS DevDay Cologne - CI/CD for modern applications

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
C O L O G N E
CI/CD for ModernApplications
Cobus Bernard
SeniorTechnical Evangelist
AmazonWeb Services
M A D 1
23.10.19
@cobusbernard
In/cobusbernard
cobusbernard

Development transformation atAmazon: 2001–2002
monolithic application +
teams
2001
Lesson learned: decompose for agility
2002
microservices
+ 2 pizza teams

Full ownership
Full accountability
“DevOps”
Focused innovation
Two-pizzateams

Monolithdevelopment lifecycle
monitorreleasetestbuild
developers
delivery pipelines
services

Microservicedevelopment lifecycle
???
developers
delivery pipelines
services

Microservicedevelopment lifecycle
developers services
delivery pipelines

ListenIterate
Experiment
Innovation
Flywheel
Experiments power theengine of rapid innovation

Whatchangesdoyouneedtomaketoadoptthesebestpractices?
Serverless
No provisioning/management
Automatic scaling
Pay for value billing
Availability and resiliency
Microservices
Componentization
Business capabilities
Products not projects
Infrastructure automation
DevOps
Cultural philosophies
Cross-disciplinary teams
CI/CD
Automation tools
DEV OPS
Architectural
patterns
Operational
Model
Software
Delivery

Whatis serverless?
No infrastructure provisioning,
no management
Automatic scaling
Pay for value Highly available and secure

Comparison of operational responsibility
AWS Lambda
Serverless functions
AWS Fargate
Serverless containers
ECS/EKS
Container-management as a service
EC2
Infrastructure-as-a-Service
More opinionated
Less opinionated
AWS manages Customer manages
• Data source integrations
• Physical hardware, software, networking,
and facilities
• Provisioning
• Application code
• Container orchestration, provisioning
• Cluster scaling
• Physical hardware, host OS/kernel,
networking, and facilities
• Security config and updates, network config,
management tasks
• Container orchestration control plane
• Physical hardware software,
• Work clusters
firewall, management tasks
• Physical hardware software,
• Scaling
management tasks
• Provisioning, managing scaling and
patching of servers

Approaches tomodern applicationdevelopment
• Simplify environment management
• Reduce the impact of code changes
• Automate operations
• Accelerate the delivery of new, high-quality services
• Gain insight across resources and applications
• Protect customers and the business

Approaches tomodern applicationdevelopment
• Simplify environment management with serverless technologies
• Reduce the impact of code changes with microservice architectures
• Automate operations by modeling applications & infrastructure as code
• Accelerate the delivery of new, high-quality services with CI/CD
• Gain insight across resources and applications by enabling observability
• Protect customers and the business with end-to-end security & compliance

Releaseprocess stages
Source Build Test Production

Releaseprocess stages
• Integration tests
with other systems
• Load testing
• UI tests
• Security testing
• Check-in source
code such as .java
files
• Peer review new
code
• Compile code
• Unit tests
• Style checkers
• Create container
images and
function
deployment
packages
• Deployment to
production
environments
• Monitor code in
production to
quickly detect
errors

Pillarsof releasingmodern applications

Infrastructure
as code

Infrastructure ascode
Declarative
I tell you
what I need
I tell you
what to do
Imperative

Infrastructure ascode goals
1. Make infrastructure changes repeatable and predictable
2. Release infrastructure changes using the same tools as code changes
3. Replicate production environment in a staging environment to enable
continuous testing

Releaseinfrastructure-as-code
“Master”
branch
Prepare
template
Create & execute
change set
Create & execute
change set

Model function environments withAWS
ServerlessApplication Model (SAM)
• Open source framework for building serverless
applications on AWS
• Shorthand syntax to express functions, APIs,
databases, and event source mappings
• Transforms and expands SAM syntax into AWS
CloudFormation syntax on deployment
• Supports all AWS CloudFormation resource types
https://aws.amazon.com/serverless/sam/

SAMtemplate
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.get
Runtime: nodejs8.10
CodeUri: src/
Policies:
- DynamoDBReadPolicy:
TableName: !Ref MyTable
Events:
GetResource:
Type: Api
Properties:
Path: /resource/{resourceId}
Method: get
MyTable:
Type: AWS::Serverless::SimpleTable
Just 20 lines to create:
• Lambda function
• IAM role
• API Gateway
• DynamoDB table

UseSAMCLIto packageand deploySAMtemplates
pip install --user aws-sam-cli
sam logs
sam validate
sam local
sam init
sam build
sam package
sam deploy
sam publish
New

Model container environments withAWS
Cloud Development Kit(CDK)
• Open source framework to define cloud infrastructure
• JavaScript, TypeScript, and Python, (Java, and C# in
developer preview)
• Provides library of higher-level resource types
(“construct” classes) that have AWS best practices built
in by default
• Provisions resources with CloudFormation
• Supports all CloudFormation resource types
AWS
CDK
https://awslabs.github.io/aws-cdk

CDKtemplate
import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');
class BonjourFargate extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecs.LoadBalancedFargateService(
this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});
}
}
const app = new cdk.App();
new BonjourFargate(app, 'Bonjour');
app.run();

import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');
class BonjourFargate extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecs.LoadBalancedFargateService(
this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});
}
}
const app = new cdk.App();
new BonjourFargate(app, 'Bonjour');
app.run();
CDKtemplate

UseCDKCLItosynthesizeand deployCDKtemplates
npm install -g aws-cdk
cdk init app --language typescript
cdk synth
cdk diff
cdk deploy
Cdk destroy

Continuous
integration

Continuous integration goals

Continuous integration goals
1. Automatically kick off a new release when new code is checked in
2. Build and test code in a consistent, repeatable environment
3. Continually have an artifact ready for deployment
4. Continually close feedback loop when build fails

AWSCodePipeline
• Continuous delivery service for fast and reliable
application updates
• Model and visualize your software release process
• Builds, tests, and deploys your code every time
there is a code change
• Integrates with third-party tools and AWS

AWSCodePipeline:Supported sources
Pick branch
AWS CodeCommit
GitHub
Pick object or folder
Amazon S3
Pick Docker tag
Amazon ECR
Automatically kick off release and pull latest source code

AWSCodePipeline: ECRsource action
Source code:
“master” branch
ECR repository:
“release” tag

AWSCodePipeline:Supported triggers
Automatically kick off release
Amazon CloudWatch Events
• Scheduled (nightly release)
• AWS Health events (Fargate
platform retirement)
Available in CloudWatch Events
console, API, SDK, CLI, and AWS
CloudFormation
Webhooks
• DockerHub
• Quay
• Artifactory
Available in CodePipelineAPI,
SDK, CLI, and CloudFormation

AWSCodeBuild
• Fully managed build service that compiles source
code, runs tests, and produces software packages
• Scales continuously and processes multiple builds
concurrently
• No build servers to manage
• Pay by the minute, only for the compute resources
you use
• Monitor builds through CloudWatch Events

AWSCodeBuild
• Each build runs in a new Docker container for a
consistent, immutable environment
• Docker and AWS CLI are installed in every official
CodeBuild image
• Provide custom build environments suited to your
needs through the use of Docker images

AWSCodeBuild: Lambda buildspec
version: 0.2
phases:
build:
commands:
- npm ci
- npm test
- >
aws cloudformation package
--template-file template.yaml
--output-template packaged.yaml
--s3-bucket $BUCKET
artifacts:
type: zip
files:
- packaged.yaml

AWSCodeBuild: Lambda buildspec usingSAMCLI
version: 0.2
phases:
install:
commands:
- pip install --upgrade awscli aws-sam-cli
build:
commands:
- sam build
- sam package --s3-bucket $BUCKET --output-template-file packaged.yaml
artifacts:
type: zip
files:
- packaged.yaml

AWSCodeBuild: Docker buildspec
version: 0.2
phases:
build:
commands:
- $(aws ecr get-login --no-include-email)
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $ECR_REPO:$IMAGE_TAG
- docker push $ECR_REPO:$IMAGE_TAG

Continuous
deployment

Continuous deployment goals

Continuous deployment goals
1. Automatically deploy new changes to staging environments for testing
2. Deploy to production safely without impacting customers
3. Deliver to customers faster: Increase deployment frequency, and reduce
change lead time and change failure rate

AWSCodeDeploy
• Automates code deployments to any instance and
Lambda
• Handles the complexity of updating your
applications
• Avoid downtime during application deployment
• Roll back automatically if failure detected
• Deploy to Amazon EC2, Lambda, or on-premises
servers

CodeDeploy-Lambda deployments
• Shifts traffic using Lambda function weighted aliases
• Choose canary (“shift 10% of traffic for 10 minutes, then shift rest”) or
linear (“shift 10% more traffic every 10 minutes”)
• Validation “hooks” enable testing at each stage of the deployment
• Fast rollback in seconds if case of hook failure or CloudWatch alarms
• Monitor deployment status and history via console, API, Amazon Simple
Notification Service (Amazon SNS) notifications, and CloudWatch Events

CodeDeploy – Lambda deployments
Enable in your serverless application template
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
DeploymentPreference:
Type: Canary10Percent10Minutes
Alarms:
- !Ref ErrorsAlarm
Hooks:
PreTraffic: !Ref PreTrafficHook
Canary10Percent30Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
AllAtOnce

CodeDeploy – Lambda canary deployment
API
Gateway
Lambda
function
weighted
alias “live”
v1 Lambda
function
code
100%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code100%
Run PreTraffic hook against v2 code before it receives traffic
v2 code0%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code90%
Wait for 10 minutes, roll back in case of alarm
v2 code10%

API
Gateway
Lambda
function
weighted
alias “live”
v1 code0%
Run PostTraffic hook and complete deployment
v2 code100%

CodeDeploy-ECS blue-green deployments
• Provisions “green” tasks, then flips traffic at the load
balancer
• Validation “hooks” enable testing at each stage of
the deployment
• Fast rollback to “blue” tasks in seconds if case of
hook failure or CloudWatch alarms
• Monitor deployment status and history via console,
API, Amazon SNS notifications, and CloudWatch
Events
• Use “CodeDeploy-ECS” deploy action in
CodePipeline or “aws ecs deploy” command in
Jenkins

CodeDeploy-ECS appspec
version: 1.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
- TaskDefinition: "my_task_definition:8"
LoadBalancerInfos:
- ContainerName: "SampleApp"
ContainerPort: 80
Hooks:
- BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstalltion"
- AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation"
- AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift"
- BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift"
- AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"

CodeDeploy-ECS blue-green deployment
100%
Prod
traffic

Target group
2
100%
Prod
traffic
Test traffic listener
(port 9000)

Green tasks:
v2 code
100%
Prod
traffic
Provision green tasks

100%
Test
traffic
100%
Prod
traffic
Run hook against test endpoint before green tasks receive prod traffic

100%
Prod
traffic
Flip traffic to green tasks, rollback in case of alarm
0% Prod
traffic

100%
Prod
traffic
Drain blue tasks
100%
Prod
traffic

CapitalOne–CreditOffersAPICI/CDpipeline
Continuous Improvement, Continuous Delivery!
GitHub LGTM Bot Jenkins AWS SAM
DeploymentType:
dev: AllAtOnce
qa: AllAtOnce
qaw: AllAtOnce
prod: Canary10Percent10Minutes
prodw: Canary10Percent10Minutes
canary5xxGetProductsAlarm:
Type: AWS::CloudFormation::Alarm
Properties:
AlarmActions:
- !FindInMap:
- params
- AdminSNSTopic
- !Ref Environment
AlarmDescription: 500 error from product
listing Lambda.
ComparisonOperator:
GreatherThanOrEqualTothreshold
Period: 300
Statistic: Sum
Threshold: 1
EvaluationPeriod: 1
AWS
CodeDeploy
S3 Bucket
(Versioning)
Lambda
function

CapitalOne–BenefitsfromtakingtheAPIserverless
Performance gains
From the time the request
is received by lambda to
the time to send the
response back
70%
Cost savings
By removing EC2, ELB
and RDS from our solution
90%
Increase in team velocity
Reduce investment in team’s time
on DevOps and dedicate back to
feature development!
30%

C O L O G N E
https://github.com/cobusbernard/aws-containers-for-beginners

Takeaways
1. Manage your infrastructure as code
2. Frequently build and integrate your code to get a first feedback
3. Continuously release in production using canary releases with monitoring
and automated rollbacks
4. Use canary releases to get both technical and business feedback

Thank you!
Cobus Bernard
SeniorTechnical Evangelist
Amazon Web Services
C O L O G N E
@cobusbernard
In/cobusbernard
cobusbernard

AWS DevDay Cologne - CI/CD for modern applications

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS DevDay Cologne - CI/CD for modern applications

Similar to AWS DevDay Cologne - CI/CD for modern applications (20)

More from Cobus Bernard

More from Cobus Bernard (20)

Recently uploaded

Recently uploaded (20)

AWS DevDay Cologne - CI/CD for modern applications

Editor's Notes