Migrating to the Cloud and

refactoring applications
Rene Martinez
[email protected]

© 2019, Amazon Web Services, Inc. or its Affiliates.

Basic Concepts and Definitions

Monolith Microservices
Miniservices
Completely

? independent

© 2019, Amazon Web Services, Inc. or its Affiliates.

Original Monolithic Application - example
• On-premises
• Tightly coupled application components
• Load balancer
• Relational Database

Webserver

App Service
Load
Browser
Balancer Visualization Database
Service

Data Access Service

© 2019, Amazon Web Services, Inc. or its Affiliates.

Monolithic applications - limitations

Hard to Scale Can’t Handle Slow Deployment Limited options

Component Failures Process

© 2019, Amazon Web Services, Inc. or its Affiliates.

Drivers to switch to microservices

- Time to Market
- Time to Repair
- Enabled Hyperscaling
- Technologically Independent

© 2019, Amazon Web Services, Inc. or its Affiliates.

Can’t fit a monolith inside Lambda

APIs
Webserver

Integration services
APIs

App service APIs

InfoSec services

APIs
Visualization Service
Hooks

Data Access Service Lambda

Hooks
function
Logging
Limitations:
• Memory
Monitoring • Storage
• Package size
• Environment variables
© 2019, Amazon Web Services, Inc. or its Affiliates.
AWS 6R approach - at a glance

Rehost
Determine Modify underlying
Replatform new platform infrastructure

Repurchase
Redesign Application Full
Refactor application / code ALM / Integration
(re-architect) infrastructure development SDLC

Retire

Retain

© 2019, Amazon Web Services, Inc. or its Affiliates.

Migration to microservices - replatform

Separate:
• Stateless
• Stateful
• Supporting services
Replatformed

Monolith
here RP 2
Serverless
RP 1 (FaaS)
Containers
(CaaS)
Platform as a
Infrastructure Service (PaaS)
as a Service
Metal (IaaS)

© 2019, Amazon Web Services, Inc. or its Affiliates.

Migration to microservices - rearchitect

Decide: Refactored
(Lab example)
• Orchestrated (containers)
• Serverless

Monolith
here
Serverless
RF 2 Containers (FaaS)
(CaaS)
Platform as a
Infrastructure Service (PaaS)
as a Service
Metal (IaaS)
RF 1
© 2019, Amazon Web Services, Inc. or its Affiliates.
Transformation Steps

Discover Design Develop Deploy Refine

© 2019, Amazon Web Services, Inc. or its Affiliates.

Where do we start? - Discover

1. Identify 2. Outline 3. Map to

Components Requirements AWS Resources
Webserver • State?
• Compute?
App Service
• API? Amazon
AWS Lambda
Visualization DynamoDB
Service
• Storage?
• Security?
Data Access Service
• Managed?
Database • Estimated scale?
Amazon API Amazon S3
• Etc. Gateway

© 2019, Amazon Web Services, Inc. or its Affiliates.

Design, Develop, Deploy - a pilot

APIs Technical requirements

Webserver Integration services
APIs • API-driven
App service APIs • Independent DBs
InfoSec services

Visualization APIs
• Containerized or serverless
Service Organizational requirements
Hooks

Data Access Service

Hooks
• Dedicated product team
• Small frequent incremental changes
Logging

Monitoring

© 2019, Amazon Web Services, Inc. or its Affiliates.

Refine – repeat

© 2019, Amazon Web Services, Inc. or its Affiliates.

Not just technology People Culture
Product &
Agile Everyone is Continuous
Feature
methods an engineer improvement
teams

Product Process
Key concepts (*): Reduce
Version Automated Common
• Continuous everything – never done everything testing
technical
metrics
debt
• Everything is code – tested & monitored
• Commit frequently!
Test Driven Canary Continuous Continuous
Development rollouts integration delivery

Minimum Minimum
Small Continuous
Viable Viable
releases testing
Product Process

One step

* based on Amazon Developers Best practices

Technology Infrastructure
as Code
build, test,
deploy
Highly
monitored
(CI/CD)
© 2019, Amazon Web Services, Inc. or its Affiliates.
Rough Architecture – Design with Lambda

Amazon Amazon S3
CloudFront

Amazon
Aurora
serverless
Browser

Amazon API AWS Lambda Amazon

Gateway DynamoDB

© 2019, Amazon Web Services, Inc. or its Affiliates.

Security Posture - Lambda

• Bucket policies
• ACLs
IAM
Amazon • OAI Amazon S3
CloudFront • Geo-Restriction
• Signed Cookies
• Signed URLs
• DDOS Amazon
Aurora
serverless IAM
Browser

Amazon API • Throttling AWS Lambda Amazon

Gateway • Caching DynamoDB
• AWS WAF integration • Usage Plans
• Auth via Amazon Cognito
© 2019, Amazon Web Services, Inc. or its Affiliates.
Monitoring - Lambda
Amazon Amazon
CloudTrail CloudWatch
• Audit log of all • Custom
AWS API calls CloudWatch
Metrics & Alarms
Amazon • Access Logs in Amazon S3
CloudFront S3 Bucket • Access Logs in
• CloudWatch S3 Bucket
Metrics
Amazon • Queries per sec
Aurora • Latency
serverless
Browser

Amazon API • Latency AWS Lambda Amazon • Throttled Reqs

Gateway • Count • Invocations DynamoDB • Returned Bytes
• Cache Hit/Miss • Invocation Errors • Latency
• 4XX/5XX Errors • Duration
© 2019, Amazon Web Services, Inc. or its Affiliates. • Throttled Invocations
Rough Architecture – Design with Containers

Amazon Amazon S3
CloudFront

Amazon
Aurora
Browser serverless
AWS Fargate

Application Load Amazon ECS Amazon

Balancer DynamoDB

© 2019, Amazon Web Services, Inc. or its Affiliates.

Amazon ECR
Security Posture - Containers

Amazon IAM
Amazon S3
CloudFront

Amazon
Aurora
Browser serverless IAM
AWS Fargate

Application Load Amazon ECS Amazon

Balancer DynamoDB
• AWS WAF integration
• Auth via Amazon Cognito
• Security
© 2019, Amazon groups
Web Services, Inc. or its Affiliates.
Amazon ECR
Monitoring - Containers
Amazon Amazon
CloudTrail CloudWatch
• Audit log of all • Custom
AWS API calls CloudWatch
Amazon Amazon S3 Metrics & Alarms
CloudFront

Amazon • Queries per sec

Aurora • Latency
Browser serverless
AWS Fargate

• Access Log Application Load Amazon ECS Amazon • Throttled Reqs

• Request tracing Balancer • CPU, RAM, GPU DynamoDB • Returned Bytes
• Latency • CloudWatch container • Latency
• RequestCount insights
• ©4XX/5XX Errors
2019, Amazon Web Services, Inc. or its Affiliates.
Amazon ECR
Frameworks – Develop / Deploy

1. AWS Serverless Application Model (SAM)

2. Serverless

3. Zappa

4. Chalice

5. Etc.

© 2019, Amazon Web Services, Inc. or its Affiliates.

AWS Serverless Application Model (SAM)
AWS CloudFormation brings:
• Infrastructure as code
• Easy to provision and manage a collection of related AWS
resources
• Input .yaml file and output provisioned AWS resources
• Optimized for infrastructure

AWS SAM:
• CloudFormation extension optimized for serverless
• New serverless resources: functions, APIs, and tables
• Supports anything CloudFormation supports
• Local testing and debug (Node.js, Java, Python, and Go)
• Open sourced under Apache 2.0

© 2019, Amazon Web Services, Inc. or its Affiliates.

AWS Serverless Application Model (SAM)
Integration with developer tools:
• AWS Cloud9 IDE to author, test, and debug SAM-based applications
• AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline to build a
deployment pipeline

AWS Serverless Application Repository:

https://serverlessrepo.aws.amazon.com/applications

© 2019, Amazon Web Services, Inc. or its Affiliates.

AWS SAM: Less Complexity, More Power
CF template example – API triggering Lambda
AWSTemplateFormatVersion: '2010-09-09' AssumeRolePolicyDocument:
Resources: Version: '2012-10-17'
GetHtmlFunctionGetHtmlPermissionProd: Statement:
Type: AWS::Lambda::Permission - Action:
Properties: - sts:AssumeRole
Action: lambda:invokeFunction Effect: Allow
Principal: apigateway.amazonaws.com Principal:
FunctionName: Service:
Ref: GetHtmlFunction - lambda.amazonaws.com
SourceArn: ServerlessRestApiDeployment:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/* Type: AWS::ApiGateway::Deployment
ServerlessRestApiProdStage: Properties:
Type: AWS::ApiGateway::Stage RestApiId:
Properties: Ref: ServerlessRestApi
DeploymentId: Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
Ref: ServerlessRestApiDeployment StageName: Stage
RestApiId: GetHtmlFunctionGetHtmlPermissionTest:
Ref: ServerlessRestApi Type: AWS::Lambda::Permission
StageName: Prod Properties:
ListTable: Action: lambda:invokeFunction
Type: AWS::DynamoDB::Table Principal: apigateway.amazonaws.com
Properties: FunctionName:
ProvisionedThroughput: Ref: GetHtmlFunction
WriteCapacityUnits: 5 SourceArn:
ReadCapacityUnits: 5 Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
AttributeDefinitions: ServerlessRestApi:
- AttributeName: id Type: AWS::ApiGateway::RestApi
AttributeType: S Properties:
KeySchema: Body:
- KeyType: HASH info:
AttributeName: id version: '1.0'
GetHtmlFunction: title:
Type: AWS::Lambda::Function Ref: AWS::StackName
Properties: paths:
Handler: index.gethtml "/{proxy+}":
Code: x-amazon-apigateway-any-method:
S3Bucket: flourish-demo-bucket x-amazon-apigateway-integration:
S3Key: todo_list.zip httpMethod: ANY
Role: type: aws_proxy
Fn::GetAtt: uri:
- GetHtmlFunctionRole Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
- Arn 31/functions/${GetHtmlFunction.Arn}/invocations
Runtime: nodejs4.3 responses: {}
GetHtmlFunctionRole: swagger: '2.0'
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
© 2019, Amazon Web Services, Inc. or its Affiliates.
AWS SAM: Less Complexity, More Power
AWS SAM example – API triggering Lambda
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://flourish-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY

ListTable:
Type: AWS::Serverless::SimpleTable

© 2019, Amazon Web Services, Inc. or its Affiliates.

Serverless App Lifecycle Management
AWS SAM (Serverless Application Model)

AWS Lambda

Code/Packages/
Swagger

AWS Amazon DynamoDB

Package & Amazon Serverless
Deploy S3 Template CloudFormation
Serverless w/ CodeUri
Template

Amazon API Gateway

package deploy
© 2019, Amazon Web Services, Inc. or its Affiliates.
CI/CD Tools
Resources
Learning path (step by step guide) – https://aws.amazon.com/getting-
started/serverless-web-app/
Implementing Microservices on AWS:
https://d1.awsstatic.com/whitepapers/microservices-on-aws.pdf
Serverless page – https://aws.amazon.com/serverless/
Serverless architecture best practices (on YouTube) –
https://youtu.be/b7UMoc1iUYw
Serverless Application Model (SAM) deep dive – https://youtu.be/e3lreqpWN0A
AWS Lambda deep dive – https://youtu.be/dB4zJk_fqrU
Developer Tooling – https://aws.amazon.com/serverless/developer-tools/

© 2019, Amazon Web Services, Inc. or its Affiliates.

Thank you!

© 2019, Amazon Web Services, Inc. or its Affiliates.