02 aws dev-dayth_developingoverview_5oct17
TRANSCRIPT
v
Amazon Web ServicesKitisak SriprasertSolution Architect
AWS Developing Overview
vv
Distributed
Small&Agile
Automation
Autonomous
Intelligent
vAgenda
Monoliths to Microservices
Core Principles of Microservices
Approaches for Building Microservices Applications on AWS
v
Monoliths to Microservices
v
~11.6sMeantimebetween
deployments(weekday)
~5,708Maxnumberofdeployments
inasinglehour
~10,000Meannumberofhosts
simultaneouslyreceivingadeployment
~30,000Maxnumberofhosts
simultaneouslyreceivingadeployment
DEPLOYMENTSAT
AMAZON.COM
v
“The Monolith”
v
Challenges with monolithic software
Long
Build/Test/Release
Cycles
(whobrokethebuild?)
Operations
isanightmare
(moduleXisfailing,
who’stheowner?)
Difficultto
scale
Newreleases
takemonths
Longtimetoadd
newfeatures
Architectureis
hardtomaintain
andevolve
Lackofinnovation
Frustratedcustomers
Lackofagility
v
Challenges with monolithic software
Long
Build/Test/Release
Cycles
(whobrokethebuild?)
Operations
isanightmare
(moduleXisfailing,
who’stheowner?)
Difficultto
scale
Newreleases
takemonths
Longtimetoadd
newfeatures
Architectureis
hardtomaintain
andevolve
Lackofinnovation
Frustratedcustomers
Lackofagility
v
Challenges with monolithic software
Long
Build/Test/Release
Cycles
(whobrokethebuild?)
Operations
isanightmare
(moduleXisfailing,
who’stheowner?)
Difficultto
scale
Newreleases
takemonths
Longtimetoadd
newfeatures
Architectureis
hardtomaintain
andevolve
Lackofinnovation
Frustratedcustomers
Lackofagility
v
“20080219BonMorningDSC_0022B”bySunphol Sorakul .Noalterationsotherthancropping.https://www.flickr.com/photos/83424882@N00/3483881705/ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
Monolith development lifecycle
releasetestbuild
deliverypipeline
app
(akathe“monolith”)developers
PhotobySageRoss.Noalterationsotherthancropping.https://www.flickr.com/photos/ragesoss/2931770125/ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
“IMG_1760”byRobertCouse-Baker.Noalterationsotherthancropping.https://www.flickr.com/photos/29233640@N07/14859431605/ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
v
v
“service-orientedarchitecturecomposed ofloosely coupled elementsthat havebounded contexts”
AdrianCockcroft(VP,CloudArchitectureStrategyatAWS)
v
Servicescommunicatewitheachotheroverthenetwork
“service-orientedarchitecturecomposed ofloosely coupled elementsthat havebounded contexts”
AdrianCockcroft(VP,CloudArchitectureStrategyatAWS)
v
“service-orientedarchitecturecomposed ofloosely coupled elementsthat havebounded contexts”
AdrianCockcroft(VP,CloudArchitectureStrategyatAWS)
You canupdatetheservicesindependently;updatingoneservicedoesn’trequirechanginganyotherservices.
v
“service-orientedarchitecturecomposed ofloosely coupled elementsthat havebounded contexts”
AdrianCockcroft(VP,CloudArchitectureStrategyatAWS)
Self-contained;youcanupdatethecodewithoutknowinganythingabouttheinternalsofothermicroservices
v
“Tools”byTonyWalmsley:Noalterationsotherthancropping.https://www.flickr.com/photos/twalmsley/6825340663/ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
“Do one thing, and do it well”
v
Anatomy of a Micro-service
v
DataStore(eg,RDS,DynamoDB
ElastiCache,ElasticSearch)
Anatomy of a Micro-service
v
Application/Logic(code,libraries,etc)
Anatomy of a Micro-service
DataStore(eg,RDS,DynamoDB
ElastiCache,ElasticSearch)
v
Application/Logic(code,libraries,etc)
Anatomy of a Micro-service
DataStore(eg,RDS,DynamoDB
ElastiCache,ElasticSearch)
PublicAPI
POST/micro-serviceGET/micro-service
v
AvoidSoftwareCoupling
v
Drivers
micro-service
Payments
micro-service Location
micro-service
Ordering
micro-service
Restaurant
micro-service
Ecosystem of microservices
v
v
v
= 50 million deployments a year
Thousands of teams× Microservice architecture
× Continuousdelivery
× Multipleenvironments
(5708 per hour, or every 0.63 second)
v
v
v
Principles of Microservices(6 principles)
v
Principle1
Micro-servicesonlyrelyoneachother’spublicAPI
“Contracts”byNobMouse.Noalterationsotherthancropping.https://www.flickr.com/photos/nobmouse/4052848608/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
Micro-serviceA Micro-serviceB
publicAPI publicAPI
Principle1: Microservicesonlyrelyoneachother’spublicAPI
DynamoDB
v
Micro-serviceA Micro-serviceB
publicAPI publicAPI
Principle1: Microservicesonlyrelyoneachother’spublicAPI
(HideYourData)
DynamoDB
v
Micro-serviceA Micro-serviceB
publicAPI publicAPI
Principle1: Microservicesonlyrelyoneachother’spublicAPI
(HideYourData)
Nope!
DynamoDB
v
Micro-serviceA Micro-serviceB
publicAPI publicAPI
Principle1: Microservicesonlyrelyoneachother’spublicAPI
(HideYourData)
DynamoDB
v
Micro-serviceA
publicAPI
Principle1: Microservicesonlyrelyoneachother’spublicAPI
(EvolveAPIinbackward-compatibleway…anddocument!)
storeRestaurant (id,name,cuisine)Version1.0.0
v
Micro-serviceA
publicAPI
Principle1: Microservices onlyrelyoneachother’spublicAPI
(EvolveAPIinbackward-compatibleway…anddocument!)
storeRestaurant (id,name,cuisine)Version1.0.0
storeRestaurant (id,name,cuisine)storeRestaurant (id,name,arbitrary_metadata)addReview (restaurantId,rating,comments)
Version1.1.0
v
Micro-serviceA
publicAPI
Principle1: Microservices onlyrelyoneachother’spublicAPI
(EvolveAPIinbackward-compatibleway…anddocument!)
storeRestaurant (id,name,cuisine)Version1.0.0
storeRestaurant (id,name,cuisine)storeRestaurant (id,name,arbitrary_metadata)addReview (restaurantId,rating,comments)
Version1.1.0
storeRestaurant (id,name,arbitrary_metadata)addReview (restaurantId,rating,comments)
Version2.0.0
v
Principle2
Usetherighttoolforthejob
“Tools#2”byJuanPabloOlmo.Noalterationsotherthancropping.https://www.flickr.com/photos/juanpol/1562101472/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
Principle2:Usetherighttoolforthejob
(Embracepolyglotpersistence)
Micro-serviceA Micro-serviceB
publicAPI publicAPI
DynamoDB
v
Principle2:Usetherighttoolforthejob
(Embracepolyglotpersistence)
Micro-serviceA Micro-serviceB
publicAPI publicAPI
DynamoDB
AmazonElasticsearchService
v
Principle2:Usetherighttoolforthejob
(Embracepolyglotpersistence)
Micro-serviceA Micro-serviceB
publicAPI publicAPI
AmazonElasticsearchService
RDSAurora
v
Principle2:Usetherighttoolforthejob
(Embracepolyglotprogrammingframework)
Micro-serviceA Micro-serviceB
publicAPI publicAPI
AmazonElasticsearchService
RDSAurora
v
Principle2:Usetherighttoolforthejob
(Embracepolyglotprogrammingframework)
Micro-serviceA Micro-serviceB
publicAPI publicAPIAmazonElasticsearchService
RDSAurora
v
Principle3
SecureYourServices
“security”byDaveBleasdale.Noalterationsotherthancropping.https://www.flickr.com/photos/sidelong/3878741556/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
2007 2008 2009 2010 2011 2012 2013 2014 2015
48 6182
159
280
516
722
AWSinnovatesconstantly
>90% drivenbycustomersneeds
SecurityisourNo.1priority
v
v
All customers benefit from the same securityCertified by independent experts• SOC 1 (SSAE 16 & ISAE 3402) Type II• SOC 2 Type II and public SOC 3 report• ISO 27001• ISO 9001• PCIDSSLevel1- ServiceProvider• ISO 27017 (security of the cloud)• ISO 27018 (personal data)
Compute Storage Database Network
AWS Global Infrastructure Regions
Availability Zones CloudFront edge
locations
AWS Foundation Services
v
AWSFoundationServices
Compute Storage Database Networking
AWSGlobal
Infrastructure Regions
AvailabilityZones
EdgeLocations
Optional– Opaquedata:1’sand0’s(intransit/atrest)
Platform&ApplicationsManagement
Customercontent
Custom
ers
Shared Security Model: Infrastructure ServicesSuch as Amazon EC2, Amazon EBS, and Amazon VPC
Managedby
Managedby
Client-SideDataencryption&DataIntegrityAuthentication
NetworkTrafficProtectionEncryption/Integrity/Identity
AWSIA
MCustomerIA
M
OperatingSystem,Network&FirewallConfiguration
Server-SideEncryptionFireSystemand/orData
v
AWSFoundationServices
Compute Storage Database Networking
AWSGlobal
Infrastructure Regions
AvailabilityZones
EdgeLocations
Optional– Opaquedata:1’sand0’s(intransit/atrest)
Fire
wall
Config
uratio
n
Platform&ApplicationsManagement
OperatingSystem,NetworkConfiguration
Customercontent
Custom
ers
Shared Security Model: Container ServicesSuch as Amazon RDS, Amazon EMR and AWS Elastic Beanstalk
Managedby
Managedby
Client-SideDataencryption&DataIntegrityAuthentication
NetworkTrafficProtectionEncryption/Integrity/Identity
AWSIA
MCustomerIA
M
v
AWSFoundationServices
Compute Storage Database Networking
AWSGlobal
Infrastructure Regions
AvailabilityZones
EdgeLocations
Platform&ApplicationsManagement
OperatingSystem,Network&FirewallConfiguration
Customercontent
Custom
ers
Shared Security Model: Abstracted ServicesSuch as Amazon S3 and Amazon DynamoDB Managedby
Managedby
Optional– OpaqueData:1’sand0’s
(inflight/atrest)DataProtectionbythePlatform
ProtectionofDataatRest
NetworkTrafficProtectionbythePlatformProtectionofDataatinTransit
Client-SideDataEncryption&DataIntegrityAuthentication
AWSIA
MCustomer
IAM
v
Principle3:SecureYourServices
• Defense-in-depth
• Networklevel(e.g.VPC,SecurityGroups,TLS)• Server/container-level• App-level• IAMpolicies• IAMrolesonECStasks• CloudTrail logs
• Authentication&Authorization
• Client-to-service,aswellasservice-to-service• IAM-basedAuthentication
• Secretsmanagement
• ParameterStore• S3bucketpolicies+KMS+IAM• Open-sourcetools(e.g.Vault,Keywhiz)
Amazon
EC2Container
Service(ECS)
v
Principle3:SecureYourServices
• Defense-in-depth
• Networklevel(e.g.VPC,SecurityGroups,TLS)• Server/container-level• App-level• IAMpolicies
• Gateway (“Frontdoor”)
• APIThrottling
• Stage-levelandMethod-levelthrottling
• Authentication&Authorization
• Client-to-service,aswellasservice-to-service• AWSCognito:userpools,federatedidentities• APIGateway:customLambdaauthorizers• IAM-basedAuthentication• Token-basedauth (JWTtokens,OAuth 2.0)
• Secretsmanagement
• S3bucketpolicies+KMS+IAM• Open-sourcetools(e.g.Vault,Keywhiz)
APIGateway
v
Principle4
Beagoodcitizenwithintheecosystem
“LamingtonNationalPark,rainforest”byJussarian.Noalterationsotherthancropping.https://www.flickr.com/photos/kerr_at_large/87771074/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
HeySally,weneedtocallyourmicro-servicetofetch
restaurantsdetails.
SurePaul.WhichAPIsyouneedtocall?OnceIknow
betteryourusecasesI’llgiveyoupermissiontoregister
yourserviceasaclientonourservice’sdirectoryentry.
Micro-serviceA Micro-serviceB
publicAPI publicAPI
Principle4:Beagoodcitizenwithintheecosystem
v
Principle4:Beagoodcitizenwithintheecosystem
(HaveclearSLAs)
RestaurantMicro-service
15TPS100TPS5TPS20TPS
Beforeweletyoucallourmicro-servicewe
needtounderstandyourusecase,expectedload(TPS)andaccepted
latency
v
…andmany,manyothers!
Distributedmonitoringandtracing
• “IstheservicemeetingitsSLA?”• “Whichserviceswereinvolvedinarequest?”• “Howdiddownstreamdependenciesperform?”
Sharedmetrics
• e.g.servicedependency,request/responsetime
Distributedtracing
• AWSX-Ray• 3rd party:Zipkin,OpenTracing
User-experiencemetrics
• Statuscodes,latency,errorcounts,timetofirstbyte
Principle4:Beagoodcitizenwithintheecosystem(Distributedmonitoring,loggingandtracing)
v
AWSX-Ray
Distributedtracingservicethatenablesdeveloperstoanalyzethebehavioroftheirapplications
v
AWSX-Raytracesrequestsmadetoyourapplication
X-Rayservice
X-Raycombinesthedata
gatheredfromeachserviceintosingularunitscalledtraces
Viewtheservicemaptoseetracedatasuchas
latencies,HTTPstatuses,andmetadataforeachservice
Drillintotheserviceshowing
unusualbehaviorto
identifytherootissue
X-Raycollectsdataabouttherequestfromeachofthe
underlyingapplicationsservicesitpassesthrough
v
Principle5
Morethanjust
technologytransformation
“rowingontheriverinBedford”byMatthewHunt.Noalterationsotherthancropping.https://www.flickr.com/photos/mattphotos/19189529/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
vv
“Anyorganizationthatdesignsasystemwillinevitablyproduceadesignwhosestructureisacopyoftheorganization’scommunicationstructure.”
MelvinE.Conway,1967
Conway’sLaw
v
Silo’d functional teams à silo’d application architectures
ImagefromMartinFowler’sarticleonmicroservices,athttp://martinfowler.com/articles/microservices.html
Noalterationsotherthancropping.Permissiontoreproduce:http://martinfowler.com/faq.html
v
Cross functional teams à self-contained services
ImagefromMartinFowler’sarticleonmicroservices,athttp://martinfowler.com/articles/microservices.html
Noalterationsotherthancropping.Permissiontoreproduce:http://martinfowler.com/faq.html
vFullownership
Fullaccountability
Alignedincentives
“DevOps”
Non-pizzaimagefromMartinFowler’sarticleonmicroservices,athttp://martinfowler.com/articles/microservices.html
Noalterationsotherthancropping.Permissiontoreproduce:http://martinfowler.com/faq.html
Cross functional teams à self-contained services(“Two-pizza teams” at Amazon)
v
Principle6
AutomateEverything
“Robot”byRobinZebrowski.Noalterationsotherthancropping.https://www.flickr.com/photos/firepile/438134733/
ImageusedwithpermissionsunderCreativeCommonslicense2.0,AttributionGenericLicense(https://creativecommons.org/licenses/by/2.0/)
v
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
v
releasetestbuild
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
v
releasetestbuild
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
releasetestbuild
v
releasetestbuild
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
releasetestbuild
releasetestbuild
v
releasetestbuild
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
releasetestbuild
releasetestbuild
releasetestbuild
v
releasetestbuild
releasetestbuild
Focused agile teams
2-pizzateam deliverypipeline service
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
v
Principle 6: Automate everything
AWSCodeCommit AWSCodePipeline AWSCodeDeploy
ELBAuto
ScalingEC2 LambdaECS
DynamoDBRDS ElastiCache
SQS SWF SESSNS
APIGatewayCloudWatch CloudTrail
Kinesis
Elastic
Beanstalk
v
Principles of Microservices
1.RelyonlyonthepublicAPI� Hideyourdata� DocumentyourAPIs� Defineaversioningstrategy
2.Usetherighttoolforthejob� Containerjourney?(useECS)� Polyglotpersistence(datalayer)� Polyglotframeworks(applayer)
3.Secureyourservices� Defense-in-depth� Authentication/authorization
6.Automateeverything� AdoptDevOps
4.Beagoodcitizenwithintheecosystem� HaveSLAs� Distributedmonitoring,logging,tracing
5.Morethanjusttechnologytransformation� Embraceorganizationalchange� Favorsmallfocuseddev teams
v
Benefits of microservices
Rapid
Build/Test/Release
Cycles
Clearownershipand
accountability
Easiertoscale
eachindividual
micro-service
v
Benefits of microservices
Rapid
Build/Test/Release
Cycles
Clearownershipand
accountability
Easiertoscale
eachindividual
micro-service
Newreleases
takeminutes
Shorttimetoadd
newfeatures
Easierto
maintainand
evolvesystem
v
Benefits of microservices
Rapid
Build/Test/Release
Cycles
Clearownershipand
accountability
Easiertoscale
eachindividual
micro-service
Newreleases
takeminutes
Shorttimetoadd
newfeatures
Easierto
maintainand
evolvesystem
Fasterinnovation
Delightedcustomers
Increasedagility
v
Appoaches for Building Microservices Applications on AWS
v
Drivers
micro-service
Payments
micro-service Location
micro-service
Ordering
micro-service
Restaurant
micro-service
Typical microservices application
vMicro-serviceDesign
Approach#1EC2
vMicro-serviceDesign
EC2
vMicro-serviceDesign
EC2
vMicro-serviceDesign
EC2EC2 EC2 EC2
vMicro-serviceDesign
EC2EC2 EC2 EC2
ElasticLoadBalancer
vMicro-serviceDesign
EC2EC2 EC2 EC2
ElasticLoadBalancer
AWSElastic
Beanstalk
vv
Elastic Beanstalk vs. DIY
Yourcode
HTTPserver
Applicationserver
Languageinterpreter
Operatingsystem
Host
ElasticBeanstalkconfigureseachEC2instanceinyourenvironmentwiththecomponentsnecessarytorunapplicationsfortheselectedplatform.Nomoreworryingaboutloggingintoinstancestoinstallandconfigureyourapplicationstack.
Focusonbuildingyourapplication
Providedby you
ProvidedandmanagedbyElasticBeanstalk
On-instanceconfiguration
vMicro-serviceDesign
Approach#2Containers
UsingECS
vv
Amazon
EC2ContainerService(ECS)
istheclustermanagementsystemtorunyourDockercontainers
vvCluster Management Made Easy
• Nothing to run
• Complete state
• Control and monitoring
• Scale
UseAmazonEC2ContainerServiceforcontainerworkloads
Amazon
EC2Container
Service(ECS)
vvFlexible Scheduling
• Applications
• Batch jobs
• Multiple schedulers
UseAmazonEC2ContainerServiceforcontainerworkloads
Amazon
EC2Container
Service(ECS)
vvDesigned for Use with Other AWS Services• Elastic Load Balancing
• Amazon Elastic Block Store
• Amazon Virtual Private Cloud
• AWS Identity and Access Management
• AWS CloudTrail
UseAmazonEC2ContainerServiceforcontainerworkloads
Amazon
EC2Container
Service(ECS)
vMicro-serviceDesign
EC2EC2 EC2 EC2
ElasticLoadBalancer
vMicro-serviceDesign
EC2EC2 EC2 EC2
ElasticLoadBalancer
vMicro-serviceDesign
EC2EC2 EC2 EC2
ElasticLoadBalancer
Amazon
EC2Container
Service(ECS)
tomanagecontainers
vMicro-serviceDesign
Approach#3APIGateway
+Lambda
v
AWSLambda
letsyouruncodewithoutmanagingservers
v
Lambdaautomatically
scales
Uploadyourcode(Java,JavaScript,
Python)
Payforonlythecomputetime
youuse(sub-secondmetering)
SetupyourcodetotriggerfromotherAWSservices,
webservice calls,orappactivity
v
AWSAPIGatewayistheeasiestwaytodeploymicro-services
v
CreateaunifiedAPIfrontendfor
multiplemicro-services
…aswellasmonitoring,
logging,rollbacks,clientSDK
generation…
Authenticateandauthorizerequests
HandlesDDoSprotectionandAPIthrottling
v
It’s a journey…
Expectchallengesalongtheway…
• Understandingofbusinessdomains• EventualConsistency• Servicediscovery• Lotsofmovingpartsrequiresincreased
coordination• Complexityoftesting/deploying/
operatingadistributedsystem• Culturaltransformation
vAdditionalAWSresources:
• MicroservicesonAWSwhitepaper:
https://d0.awsstatic.com/whitepapers/microservices-on-
aws.pdf
• ServerlessWebapp - ReferenceArchitecture:
https://github.com/awslabs/lambda-refarch-webapp• MicroserviceswithECS:
https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-with-microservices-deployed-on-amazon-ecs/
• MicroserviceswithouttheServers
https://aws.amazon.com/blogs/compute/microservices-without-the-servers
Popularopen-sourcetools:
• Serverless – http://serverless.com• Apex – http://apex.run/
https://aws.amazon.com/devops/
Additional resources
v
Thank you