Weitere ähnliche Inhalte Ähnlich wie 使用 AWS 無伺服器化應用程式模型 (SAM) 釋放您的 "敏捷" 能量 (Level 300) (20) Mehr von Amazon Web Services (20) 使用 AWS 無伺服器化應用程式模型 (SAM) 釋放您的 "敏捷" 能量 (Level 300)1. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Kim Kao
Solution Architect, Amazon Web Services
Unlocking Agility with the AWS
Serverless Application Model
3. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Release processes have four major phases
• Integration
tests with
other systems
• Load testing
• UI tests
• Penetration
testing
Source Build Test Production
• Check-in
source code
such as .java
files.
• Peer review
new code
• Compile code
• Unit tests
• Style checkers
• Code metrics
• Create
deployable
artifacts
• Deployment
to production
environments
4. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Release processes levels
Source Build Test Production
Continuous integration
Continuous delivery
Continuous deployment
7. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
AWS Serverless Application Model (SAM)
CloudFormation extension optimized for serverless
New serverless resource types: functions, APIs,
and tables
Supports anything CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model
8. SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
9. SAM template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells CloudFormation this is a SAM
template it needs to “transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with 5
Read & Write units
10. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
From: https://github.com/awslabs/aws-serverless-samfarm/blob/master/api/saml.yaml
<-THIS
BECOMES THIS->
SAM template
11. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
SAM Template Properties
AWS::Serverless::Function
AWS::Serverless::Api
AWS::Serverless::SimpleTable
From SAM Version 2016-10-31
Handler: index.js
Runtime: nodejs4.3
CodeUri: 's3://my-code-bucket/my-function.zip'
Description: Creates thumbnails of uploaded
images
MemorySize: 1024
Timeout: 15
Policies: AmazonS3FullAccess
Environment:
Variables:
TABLE_NAME: my-table
Events:
PhotoUpload:
Type: S3
Properties:
Bucket: my-photo-bucket
Tracing: Active|PassThrough
Tags:
AppNameTag: ThumbnailApp
DepartmentNameTag: ThumbnailDepartment
12. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
AWS::Serverless::Function Event source types
From SAM Version 2016-10-31
S3
SNS
Kinesis | DynamoDB
Api
Schedule
CloudWatchEvent
IoTRule
AlexaSkill
Note: Events are a map of string to Event Source
Object
Event Source Objects have the following structure:
Type:
Properties:
For Example:
Events:
MyEventName:
Type: S3
Properties:
Bucket: my-photo-bucket
13. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
SAM commands – Package & Deploy
Package
•Creates a deployment package (.zip file)
•Uploads deployment package to an Amazon S3 Bucket
•Adds a CodeUri property with S3 URI
Deploy
•Calls CloudFormation ‘CreateChangeSet’ API
•Calls CloudFormation ‘ExecuteChangeSet’ API
14. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
AWS SAM Local
CLI tool for local testing of serverless apps
Works with Lambda functions and “proxy-
style” APIs
Response object and function logs
available on your local machine
Uses open source docker-lambda images
to mimic Lambda’s execution environment:
• Emulates timeout, memory limits,
runtimes
https://github.com/awslabs/aws-sam-local
16. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Environment Variables
• Key-value pairs that you can dynamically pass to your
function
• Available via standard environment variable APIs such as
process.env for Node.js or os.environ for Python
• Can optionally be encrypted via AWS Key Management
Service (KMS)
• Allows you to specify in IAM what roles have access to the keys
to decrypt the information
• Useful for creating environments per stage (i.e. dev,
testing, production)
17. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
API Gateway Stage Variables
• Stage variables act like environment variables
• Use stage variables to store configuration values
• Stage variables are available in the $context object
• Values are accessible from most fields in API Gateway
• Lambda function ARN
• HTTP endpoint
• Custom authorizer function name
• Parameter mappings
18. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Stage Variables and Lambda Aliases
Using Stage Variables in API Gateway together with Lambda function Aliases you
can manage a single API configuration and Lambda function for multiple
environment stages
myLambdaFunction
1
2
3 = prod
4
5
6 = beta
7
8 = dev
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
Beta
lambdaAlias = beta
Dev
lambdaAlias = dev
19. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting & Safe Deployments
“By default, an alias points to a single Lambda function version. When the alias is updated
to point to a different function version, incoming request traffic in turn instantly points to
the updated version.”
20. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting & Safe Deployments
“By default, an alias points to a single Lambda function version. When the alias is updated
to point to a different function version, incoming request traffic in turn instantly points to
the updated version.
This exposes that alias to any potential instabilities introduced by the new version.”
21. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting & Safe Deployments
“By default, an alias points to a single Lambda function version. When the alias is updated
to point to a different function version, incoming request traffic in turn instantly points to
the updated version.
This exposes that alias to any potential instabilities introduced by the new version.
To minimize this impact, you can implement the routing-config parameter of the Lambda
alias that allows you to point to two different versions of the Lambda function and dictate
what percentage of incoming traffic is sent to each version.”
– AWS Lambda docs on “Traffic Shifting Using Aliases”
aws lambda update-alias --name alias name --function-name function-
name --routing-config AdditionalVersionWeights={”6"=0.05}
22. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting
myLambdaFunction
1
2
3 = prod
4
5
6 = prod 5%
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
aws lambda update-alias --name prod --function-name myLambdaFunction
--routing-config AdditionalVersionWeights={”6"=0.05}
23. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting
myLambdaFunction
5
6 = prod
My First API
Stage variable = lambdaAlias
Prod
lambdaAlias = prod
aws lambda update-alias --name prod --function-name myLambdaFunction
--function-version 6 --routing-config ''
25. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
SAM Globals + Safe Deployments
Globals:
Function:
Runtime: nodejs4.3
AutoPublishAlias: !Ref ENVIRONMENT
MyLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
DeploymentPreference:
Type: Linear10PercentEvery10Minutes
Alarms:
# A list of alarms that you want to monitor
- !Ref AliasErrorMetricGreaterThanZeroAlarm
- !Ref LatestVersionErrorMetricGreaterThanZeroAlarm
Hooks:
# Validation Lambda functions that are run before &after traffic shifting
PreTraffic: !Ref PreTrafficLambdaFunction
PostTraffic: !Ref PostTrafficLambdaFunction
NEW!
26. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
SAM Globals + Safe Deployments
Globals:
Function:
Runtime: nodejs4.3
AutoPublishAlias: !Ref ENVIRONMENT
MyLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
DeploymentPreference:
Type: Linear10PercentEvery10Minutes
Alarms:
# A list of alarms that you want to monitor
- !Ref AliasErrorMetricGreaterThanZeroAlarm
- !Ref LatestVersionErrorMetricGreaterThanZeroAlarm
Hooks:
# Validation Lambda functions that are run before &after traffic shifting
PreTraffic: !Ref PreTrafficLambdaFunction
PostTraffic: !Ref PostTrafficLambdaFunction
NEW!
27. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting & AWS SAM
AutoPublishAlias
By adding this property and specifying an
alias name, AWS SAM will do the following:
• Detect when new code is being deployed
based on changes to the Lambda
function's Amazon S3 URI.
• Create and publish an updated version of
that function with the latest code.
• Create an alias with a name you provide
(unless an alias already exists) and points
to the updated version of the Lambda
function.
Deployment Preference Type
Canary10Percent30Minutes
Canary10Percent5Minutes
Canary10Percent10Minutes
Canary10Percent15Minutes
Linear10PercentEvery10Minutes
Linear10PercentEvery1Minute
Linear10PercentEvery2Minutes
Linear10PercentEvery3Minutes
AllAtOnce
In SAM:
28. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda Alias Traffic Shifting & AWS SAM
Alarms: # A list of alarms that you want to monitor
- !Ref AliasErrorMetricGreaterThanZeroAlarm
- !Ref LatestVersionErrorMetricGreaterThanZeroAlarm
Hooks: # Validation Lambda functions that are run before & after
traffic shifting
PreTraffic: !Ref PreTrafficLambdaFunction
PostTraffic: !Ref PostTrafficLambdaFunction
In SAM:
Note: You can specify a maximum of 10 alarms
29. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
NEW: Can deploy AWS Lambda!!
Uses AWS SAM to deploy serverless applications
Supports Lambda Alias Traffic Shifting enabling
canaries and blue|green deployments
Can rollback based on CloudWatch Metrics/Alarms
Pre/Post-Traffic Triggers can integrate with other
services (or even call Lambda functions)
AWS CodeDeploy + Lambda
NEW!
30. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
CodeDeploy comes with a number of added
capabilities:
• Custom deployment configurations.
Examples:
• “Canary 5% for 1 hour”
• “Linear 20% every 1 hour”
• Notification events via SNS on
success/failure/rollback
• Console with visibility on deploy status,
history, and rollbacks.
AWS CodeDeploy + Lambda
NEW!
31. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
Use canary release deployments to gradually roll out new APIs
in Amazon API Gateway:
• configure percent of traffic to go to a new stage
deployment
• can test stage settings and variables
• API gateway will create additional Amazon CloudWatch
Logs group and CloudWatch metrics for the requests
handled by the canary deployment API
• To rollback: delete the deployment or set percent of traffic
to 0
NEW!
32. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
v1API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
api.mydomain.com/prod
All traffic to currently deployed version
33. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
v1
50%
v2
50%
api.mydomain.com/prod
50% traffic to new deployment of stage, rest to previous version
34. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
v1
90%
v2
10%
api.mydomain.com/prod
10% traffic to new deployment of stage, rest to previous version
35. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
v1
90%
v2
10%
api.mydomain.com/prod
10% traffic to new deployment of stage, rest to previous version
No changes to client
36. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
v2API Clients All publicly
and privately
accessible
endpoints
Backends
in AWS
api.mydomain.com/prod
All traffic to new deployed version
37. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Amazon API Gateway Canary Support
Interesting use-cases
• Explore new technologies in your API backend:
• New languages
• New frameworks
• Try Lambda in place of other HTTP endpoints!
• Compare/contrast performance with individual logs and metrics
• Migrate an API from on-premises to AWS via endpoint integrations in VPC
(new)
• API-GW -> Network Load Balancer (NLB) -> on-prem over Direct
Connect or VPN connection
• Can test method by method or even action by action, no need for an all at
once move!
38. Build & deploy your
application
https://secure.flickr.com/photos/spenceyc/7481166880
39. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Establish our testing/validation model
We want to make sure our code:
• is without syntax issues
• meets company standards for format
• compiles
• is sufficiently tested at the code level via unit tests
We want to make sure our serverless service:
• functions as it is supposed to in relation to other components
• has appropriate mechanisms to handle failures up or down stream
We want to make sure our entire application/infrastructure:
• functions end to end
• follows security best practices
• handles scaling demands
40. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Building a deployment package
Node.js & Python
• .zip file consisting
of your code and
any dependencies
• Use npm/pip to
install libraries
• All dependencies
must be at root
level
Java
• Either .zip file with
all
code/dependencies
, or standalone .jar
• Use Maven /
Eclipse IDE plugins
• Compiled class &
resource files at
root level, required
jars in /lib directory
C# (.NET Core)
• Either .zip file with
all code /
dependencies, or a
standalone .dll
• Use NuGet /
VisualStudio
plugins
• All assemblies (.dll)
at root level
Go
• .zip file
consisting of
your Go binary
and any
dependencies
• Use “go get” to
install
dependencies
41. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
AWS CodeBuild
Fully managed build service that can compile source
code, runs tests, and produces software packages
Scales continuously and processes multiple builds
concurrently
Can consume environment variables from AWS SSM
Parameter Store
NEW: Can run in your VPC
NEW: Supports dependency caching
42. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved.
buildspec.yml Example
version: 0.1
environment_variables:
plaintext:
"INPUT_FILE": "saml.yaml”
"S3_BUCKET": ""
phases:
install:
commands:
- npm install
pre_build:
commands:
- eslint *.js
build:
commands:
- npm test
post_build:
commands:
- aws cloudformation package --template $INPUT_FILE --s3-
bucket $S3_BUCKET --output-template post-saml.yaml
artifacts:
type: zip
files:
- post-saml.yaml
- beta.json
43. ©2018, AmazonWebServices, Inc. or its Affiliates. All rights reserved.
buildspec.yml Example
version: 0.1
environment_variables:
plaintext:
"INPUT_FILE": "saml.yaml”
"S3_BUCKET": ""
phases:
install:
commands:
- npm install
pre_build:
commands:
- eslint *.js
build:
commands:
- npm test
post_build:
commands:
- aws cloudformation package --template $INPUT_FILE --s3-
bucket $S3_BUCKET --output-template post-saml.yaml
artifacts:
type: zip
files:
- post-saml.yaml
- beta.json
• Variables to be used by phases
of build
• Examples for what you can do in
the phases of a build:
• You can install packages or run
commands to prepare your
environment in ”install”.
• Run syntax checking,
commands in “pre_build”.
• Execute your build
tool/command in “build”
• Test your app further or ship a
container image to a repository
in post_build
• Create and store an artifact in S3
44. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Testing tools
Code Inspection/Test Coverage:
• Landscape (only for Python)
• CodeClimate
• Coveralls.io
Mocking/stubbing tools:
• LocalStack- “Afully functional local AWS cloud stack. Develop and test your cloud apps offline!”
• Includes:
• Moto - boto mock tool
• Dynalite - DynamoDB testing tool
• Kinesalite – Kinesis testing tool
• more!
API Interface/UI testing:
• Runscope - API Monitoring/Testing
• Ghost Inspector - Web interface testing
46. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Continuous delivery service for fast and
reliable application updates
Model and visualize your software release
process
Builds, tests, and deploys your code every
time there is a code change
Integrates with third-party tools and AWS
AWS CodePipeline
47. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
An example minimal Developer’s pipeline:
MyBranch-Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
MyDev-Deploy
create-changeset
AWS CloudFormation
execute-changeset
AWS CloudFormation
Run-stubs
AWS Lambda
This pipeline:
• Three Stages
• Builds code artifact
• One Development environment
• Uses SAM/CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
48. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Lambda and API Gateway Variables + SAM
Parameters:
MyEnvironment:
Type: String
Default: testing
AllowedValues:
- testing
- staging
- prod
Description: Environment of this stack of
resources
SpecialFeature1:
Type: String
Default: false
AllowedValues:
- true
- false
Description: Enable new SpecialFeature1
…
…
#Lambda
MyFunction:
Type: 'AWS::Serverless::Function'
Properties:
…
Environment:
Variables:
ENVIRONMENT: !Ref: MyEnvironment
Spec_Feature1: !Ref: SpecialFeature1
…
#API Gateway
MyApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
…
Variables:
ENVIRONMENT: !Ref: MyEnvironment
SPEC_Feature1: !Ref: SpecialFeature1
…
49. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
SAM Best Practices
• Use Parameters and Mappings when possible to build
dynamic templates based on user inputs and pseudo
parameters such as AWS::Region
• Use the Globals section to simplify templates
• Use ExportValue & ImportValue to share resource
information across stacks
• Build out multiple environments, such as for
Development, Test, Production and even DR using the
same template, even across accounts
SAM Template
Source
Control
Dev
Test
Prod
50. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
CodePipeline + CloudFormation Parameters
Via referenced parameter file: Via Parameter Overrides:
51. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
An example minimal production pipeline:
This pipeline:
• Five Stages
• Builds code artifact
• Three deployed to “Environments”
• Uses SAM/CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a 3rd party
tool/service
• Has a manual approval before
deploying to production
Source
Source
CodeCommit
MyApplication
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWSLambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWSLambda
52. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Where and what to test?
Source
M yApplication
Build
Deploy Testing
Deploy Staging
Deploy Prod
• Code review via Pull
Requests
• (NEW In CodeCommit)
• Lint/syntax check
• Unit tests pass
• Code successfully
compiles
• Application deploys
successfully
• Mocked/stubbed
integration tests
• Application deploys
successfully
• Tests against real services
(potentially against
production dependencies)
• Deploy canaries
• Complete wait period
successfully
• Deploy 100%
1.
2.
3.
4.
5.
53. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Environments, Stages, Versioning, & Canaries?
A few best practices:
1. Use blue|green or canaries for production deployments with a rollback as automated as
possible
2. In Lambda Versioning is useful if you need to support multiple versions to multiple
consumers/invocation points
3. In API-Gateway Stages work similarly and are useful if you need to support multiple API
versions
4. Try to always have separate “stacks” for Development, Testing, Staging, Production
environments
1. Do not use Stages or Versioning for this
2. Think about having different accounts all together for different environments
55. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
FIN, ACK
• Peer review: Step 1 for most CI/CD processes
• Continuous Integration: A Must!
• Continuous Delivery: Configure it up through pre-
Production environments, use a ”gate” or manual
approval/task to push to production
• Multiple Environments: So easy and so low cost with
#serverless
• “Basic” 5 stage pipeline: Source, Build, Test, Pre-
Production, Production
57. ©2018, AmazonWebServices, Inc. or its affiliates. All rights reserved.
Personal Contact
https://bit.ly/2kCZSau
AWS: YikaiKao@
Line : YikaiKao
WeChat : YikaiKao
Twitter : @YikaiKao
GitHub Repos