S U M M I TP A R I S
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
DevOps pour les Ops : Utiliser les microservices et le serverless pour accélérer l’innovation
Guillaume MarchandSolutions ArchitectAWS France
M A P 3 0 5
Thierry CiboireHead of IT Cloud DevOps DomainEuler Hermes Group
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Quels changementsdoivent êtreapportés dans cenouveau monde ?
Patterns d’architecture
Modèle d'exploitation
Déploiement logiciel
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Lorsque l'impact du changement est faible, la vitessede déploiement peut augmenter.
MonolithFait tout
MicroservicesFait une seule chose
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
MICROSERVICE API
API MICROSERVICE
MICROSERVICEEV
ENT
APIMICROSERVICE
EVEN
T
API MICROSERVICE
APPLICATION
Mobile client
Client
IoT
PERSISTENCE PERSISTENCE
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Les APIs sont la porte d’entrée des microservices
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Gérer les APIs avec API Gateway
Mobile apps
Websites
Services
Internet Amazon CloudFront
Amazon CloudWatch monitoring
API Gateway
cache
Any other AWS service
All publicly accessible endpoints
AWS Lambda functions
Endpoints in your VPC
Regional API Endpoints
AWS Lambda functions
Endpoints on Amazon EC2
Your VPCAWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Augmenter la disponibilité des applicationsSurveiller en permanence l'état de santé de chaque ressourceMettre à jour dynamiquement l'emplacement de chaque microservice
Augmenter la productivité des développeursRegistre unique pour toutes les ressources applicativesDéfinir des ressources avec des noms conviviaux
Intégration avec les services de containers AWSAWS FargateAmazon Elastic Compute Cloud (Amazon ECS)Amazon Elastic Container Service pour Kubernetes (Amazon EKS)
AWS Cloud Map
AWSCloud Map
Nouveau
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Les architectures Cloud-native sontdes briques, faiblement couplées
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Découpler la gestion d’état en utilisant des messages
QueuesSimple
Fully managed
Any volume
Pub/subSimple
Fully managed
Flexible
Amazon Simple Queue Service
Amazon Simple Notification
Service
Messaging
SynchronizationRapid
Fully managed
Real-time
Amazon CloudWatch
Events
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Tout cela est-il difficile à maintenirmaintenant que nous avonsénormement de composants ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Modèle de responsabilité opérationnel AWS
On-Premises Cloud
Less More
Compute Virtual MachineAmazon EC2 AWS Elastic Beanstalk LambdaFargate
Databases MySQL MySQL on Amazon EC2 Amazon RDS for MySQL Amazon RDS Amazon Aurora Serverless DynamoDB
Storage StorageS3
Messaging ESBsAmazon MQ Amazon Kinesis SQS / SNS
AnalyticsHadoop Hadoop on EC2 EMR Amazon Elasticsearch Service Amazon Athena
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Qu’est ce serverless ?
Pas de provisioning d'infrastructure, pas de gestion
Mise à l'échelle automatique
Payer pour la valeur Haute disponibilité et sécurité
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS Lambda
AWS Fargate
Amazon API Gateway
Amazon SNS
Amazon SQS
AWS Step Functions
COMPUTE
DATA STORES
INTEGRATION
Amazon Aurora Serverless
Amazon S3
Amazon DynamoDB
AWSAppSync
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Execution de container
sans gestion de serveursLongue durée de vie
Apport du code existant
Orchestrateur managé
AWS Fargate
Concentrons nous sur le Compute
Execution de code serverless
pilotée par évènementCourte durée
Tous langages de programmation
Intégration des sources de données
AWS Lambda
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Comparaison de la responsabilité opérationnelle
AWS LambdaServerless functions
AWS FargateServerless containers
Amazon ECS/Amazon EKS
Container-management as a service
Amazon EC2Infrastructure-as-a-Service
Meilleure pratique
Moins bonne pratique
AWS s’occupe Le client s’occupe
• Intégrations des source de données• Matériel physique, logiciels, réseaux et
batiments.• Provisioning
• Code applicatif
• Mise à l’echelle du cluster• Orchestation de container• Matériel physique, logiciels, réseaux et
batiments.
• Code applicatif• Intégrations des source de données• Configuration et mises à jour de sécurité,
configuration réseau, tâches de gestion
• Orchestation de container• Matériel physique, logiciels, réseaux et
batiments.
• Code applicatif• Intégrations des source de données• Cluster de worker• Configuration et mises à jour de sécurité,
configuration réseau, tâches de gestion
• Matériel physique, logiciels, réseaux et batiments.
• Code applicatif• Intégrations des source de données• Scaling• Configuration et mises à jour de sécurité,
provisioning, mise à l’échelle et patching de serveur
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Comment surveiller et contrôler tousces microservices ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Mettre la logique à l'intérieur de chaque microservice est complexe
Microservice
Application Code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Plus facile : Découpler la logique opérationnelle
Application codeMicroservice
Proxy
Logic for:
MonitoringRoutingDiscoveryDeployment
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Déployer facilement la configuration et analyser des métriques
App developer
Infra operator Reporting
Intent
Proxy
Microservice
Nouveau
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Comment observer les applications distribuées et éphémères ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS X-Ray is fait pour les applications modernes
Analyser rapidementles problèmes
Vision de bout enbout de chacun des
services
Identifier l'impact sur les clients
Support de Serverless
*Nouveau* X-RayRoot Causes
*Nouveau* Support de API Gateway
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Comment développer et deployer dansune architecture microservices serverless ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pilliers de la mise à jour d’une application moderne
Continuous delivery
Continuous integration
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
FAQs Serverless microservices pour le déploiementapplicatif
Comment surveiller ces Nouvelles ressources éphémères ?
Comment puis-je uniformiser les meilleures pratiques ?
Comment gérons-nous le processus de déploiement de tant de services ?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Cycle de vie de développement du monolithe
MonitorReleaseTestBuild
Developers
Delivery pipelines
Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Cycle de vie du développement de microservicesDevelopers Services
MonitorReleaseTestBuild
Delivery pipelines
MonitorReleaseTestBuild
MonitorReleaseTestBuild
MonitorReleaseTestBuild
MonitorReleaseTestBuild
MonitorReleaseTestBuild
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Qu’est ce DevOpsà Amazon ?
(microservices, 2 pizza teams)
(gouvernance, templates)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Nous avons publié les AWS Developer Tools for CI/CD
AWS CodeBuild + Third Party
AWS CodeCommit AWS CodeBuild AWS CodeDeploy AWS X-Ray
Source Build Test Deploy Monitor
AWS CodePipeline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
MyAppCodeCommit
Source
BuildCodeCommit
Build
DeployToIntegCodeDeploy
Integration
IntegTestEnd2EndTester
DeployToProdCodeDeploy
Production
Source
Build
Deploy to integration stack
Integration tests
Deploy to production
Modéliser le process au sein de CodePipeline
ActionEtape
Pipeline
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Etape 1: Build et test unitaire1. Déclenche le pipeline en cas de
changement de source2. Build et tests unitaires3. Déploie dans un env. d’intégration4. Exécute les tests d’UX5. Exécute les tests d’intégration
Tests
Source
MyAppSourceCodeCommit
Build
BuildAndUnitTestsCodeBuild
IntegrationDeployCodeDeploy
TestOnChromeCodeBuild
TestOnChromeCodeBuild
IntegTestEnd2EndTester
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Etape 2: Notifier en cas d’échecChange 1
CloudWatchEvents
(Failed Action)
Tests
Source
MyAppSourceCodeCommit
Build
BuildAndUnitTestsCodeBuild
IntegrationDeployCodeDeploy
TestOnChromeCodeBuild
TestOnChromeCodeBuild
IntegTestEnd2EndTester
Change 2
Lambda FunctionNotifySlackOnPipelineActionFailure()
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
V1V1 V1 V1 V1 V1 V1 V1 V1 V1V2 V2 V2 V2 V2V2 V2 V2 V2 V2
Déploiement ”Rolling Update"
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Déploiement “Blue/green”
Succès
Groupe bleu Groupe vert
V1 V1 V1 V1 V1 V1 V1 V1 V1 V1V2 V2 V2 V2 V2
Auto Scaling Auto Scaling
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Diminuer le risque en segmentant• Minimiser l'impact des échecs
• Potentiellement identifier les problèmes avant vos clients
• Permet un rollback plus rapide, avec moins d'impact
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Etape 1: Répartir la production en plusieurs segments
Types de segments typiques :• Région• Zone de disponibilité• Sous-zone• Hôte unique (Canary)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Production
CanaryDeployCodeDeploy
PostDeployTestApproval
Deploy-AZ-1CodeDeploy
PostDeployTestApproval
Deploy-AZ-2CodeDeploy
Deploy-AZ-3CodeDeploy
DeployToIntegCodeDeploy
Integration
IntegTestEnd2EndTester
Etape 2 : Déployer sur chaque segment
Production – Region 2
CanaryDeployCodeDeploy
PostDeployTestApproval
Deploy-AZ-1CodeDeploy
PostDeployTestApproval
Deploy-AZ-2CodeDeploy
Deploy-AZ-3CodeDeploy
Nouveau
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Les déploiements ”Canary” sont différents
Tous les hôtes de production• Participe à la desserte du trafic de production• Configuré en tant qu'instance de production• Participe au flux des métriques de production
Hôtes “Canary”• Possède son propre flux de métriques• Les validations des “Canary” utilisent le flux métrique des “Canary”
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS CodeDeploy
• Automatise les déploiements de code• Gère la complexité de la mise à jour de vos
applications• Évite les temps d'arrêt pendant le déploiement
des applications• Rollback automatique• Déploiement sur des ressources Amazon EC2,
ECS, Lambda ou on premise.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
CodeDeploy-Lambda deploymentsEnable in your serverless application template
Resources:
GetFunction:
Type: AWS::Serverless::Function
Properties:
DeploymentPreference:
Type: Canary10Percent10Minutes
Alarms:
- !Ref ErrorsAlarm
Hooks:
PreTraffic: !Ref PreTrafficHook
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS CodeDeploy
AWS CodeDeploy automatisedésormais les déploiements blue-green vers AWS Fargate et Amazon Elastic Container Service (ECS)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Vérification de la fiabilité des pipelines
Source
MyAppSourceCodeCommit
Build
MyAppBuildBuild
Deploy
safetyCheckApproval
ProductionDeployCodeDeploy
Lambda FunctionsafetyCheck
Change 1SNS Topic
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Vérification de la fiabilité des pipelines
Source
MyAppSourceCodeCommit
Build
MyAppBuildBuild
DeployToProd
MyAppCodeDeploy
CloudWatch Event (event-
based)
Lambda FunctiondisablePushtoProduction
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pilliers de la mise à jour d’une application moderne
Infrastructure as code
Continuous delivery
Continuous integration
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Les objectis de Infrastructure as code
1. Rendre les changements d’infra. reproductibles et prévisibles
2. Utiliser les mêmes outils de déploiements que le code.
3. Répliquer les env. de production dans d’autres env. Pour permettre le
continuous testing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Continuous testing avec l’infrastructure as codeValider un artefact (Build stage)
• Tests unitaires• Analyse statique• Dépendances et
environnements simulés• Scan de vulnérabilité des
images
Valider un environnement(Test stages)
• Test d’integration• Test de charge• Test d’intrusion• Monitoring
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Comment pouvons-nous modéliser et dimensionner au mieux notre infrastructure ?
Developer AWS CodeCommit
AWS CodeBuild
AWS CloudFormation
Amazon SNS
Amazon S3 bucket
AWS
Stack
Stack
Stack
Pre-create
Create stacks
Post-create
Deploy
AWS CodePipeline
Region
Region
Region
cfn-nag
https://aws.amazon.com/solutions/aws-cloudformation-validation-pipeline/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Developer PreviewAWS Cloud Development Kit (Amazon CDK)
AWS CDK application AWS CloudFormation
templateStack(s)
Construct Construct
Resources
AWS CloudFormation
Amazon Simple Queue Service
Lambda Amazon S3 bucket DynamoDB
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
AWS Fargate AWS CloudFormation
Mon Projet “Trivia”
AWS CodeBuild
Developpeurs
AWS Fargate
Responsablesproduit et tech
chatbot devops Application “Trivia-preview-42”
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Pull Request Bot
https://github.com/clareliguori/clare-bot
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Développement des applications modernes
• Simplifier la gestion des environnements avec serverless• Réduiser l’impact des changements avec une architecture microservice• Automatiser les operations en modélisant les apps. et l’infra. en code• Accélerer le déploiement de nouvelles fonctionnalités CI/CD• Gagnez en visibilité sur l’ensemble des apps en permettant l’observabilité• Protéger vos clients et votre entreprise avec une sécurité et une conformité
de bout en bout
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thierry CiboireHead of IT Cloud DevOps Domain
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Introduction to Credit Risk
SUPPLIER Selling on credit terms
To be competitive
If other suppliers offer credit, the company will generally need to do it as well, if they want to compete for the buyer’s business
Risk: What if in between the supplier goes bankrupt ?
BUYERBuying on credit terms
To help my cash flow
• If the credit period is long enough he may be able to sell the goods before he has to pay for them
• Credit from a supplier may be cheaper / easier to obtain than credit from a bank
• Credit periods may be longer for overseas buyers to take into account the shipping time
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Credit Insurance in 60 seconds
Our Mission • Predict Trade and Credit Risk • Protect our customers
Our main Products:• Trade Credit Insurance• Bonds and Guarantees• Fraud Cover• Debt Collection
YOUR COMPANY (Supplier)
YOUR CUSTOMER(Buyer)
Selling goods and/or services
Credit insurance contract
Risk analysis
Unpaid debt collection
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
EULER HERMES : WHO ARE WE?NOT A STARTUP FOR SURE, BUT A GLOBAL ACTOR WITH A SIGNIFICANT RECORD OF SUCCESS
1883-1992 1993-1999 2000-2009 2010-2012 2013-2014 2015-2018
• 1883ACI, USA
• 1917Hermes, Germany
• 1918Trade Indemnity, UK
• 1927SFAC, France and SIAC, Italy
• 1929COBAC, Belgium
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Main application architecture principles
EH Information System
transformation
API-fication
Micro-servicization
Elasticity & ResiliencyCloud first
Event-Driven architecture & Analytics
• Applications must propagate all business events in EH streaming Bus to leverage event-driven architecture & real-time analytics
• Applications must be built in a modular way with independent loosely-coupled and stateless micro-services representing a consistent set of unitary functionalities
• Applications must be designed to be elastically scalable • Applications must be designed to be resilient with no
Single-Point of Failure (SPOF)
• Applications must expose their functionalities and data through API aligned with EH API Governance
• Applications must handle integration with Rest APIs
• Applications must be designed to run on a cloud environment (AWS) and follow EH Cloud principles
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
DEVOPS with a Strong OPS Culture
Cloud First
• Infrastructure as Code: Terraform/Gitlab
• Zero Data Center target.
API
• To foster partnerships and engagement with our customers.
• Simplify.• Easy to work
with.
Serverless
Focus on :• Lambda functions• Containers on
ECS/Fargate• Kinesis• Aurora
Micro Services
To benefit of the cloud model and ease transformation.Ops Challenges!• Observability
(logging, alerting)• Automation • CI/CD• Auto healing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
VPC
Subnet
Availability zone
Subnet
Availability zone
Subnet
Availability zone
SERVERLESS architectures pattern
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Micro services architecture pattern
ECS Cluster µA
µB (Fargate)
ECS Cluster µA
Lambda
API Gateway
RDS
Kinesis shards
DynamoDB
ALB
Fargate
Containers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Continuous Integration
DevOps
Product
DeliverySourceRepositories
Unit Tests
Code Analysis
Test Coverage
DevOps
Cloud
ManualCode Review
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Continuous Delivery
DevOps
Cloud
DevOps
Product
Infrastructure Module
Repository
Application Code repository
DeploymentCode Repository
Amazon S3 bucket ECR repository
Infrastructure As
Code
Stack
AWS FargateLambda
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Observability: Logical architecture
Infrastructure Data
Processing
Collection
Logs
Alert
Analyze
Visualize
Traces
Metrics
PUSH
PULL
DATA
DATA DATA
Tools portfolio
DATADATA
DATA
DATA
Middleware
Middleware
App App
App App
2. Ingestion 3. Storage 4. Consumption1. Sources & Data
PreventionDetectionTroubleshooting Correction
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Observability : Infrastructure
AlertIT
Infrastructure
APIAgents
MiddlewareAPI
Agents
App
APILibs
AgentsFrameworks
AmazonCloudWatch
Splunk
Pull Metrics
Export Metrics
Prometheus
PrometheusExporters
Alert Manager
Grafana
Processed Metrics
Push Logs & Metrics
ServiceNow
Amazon SNS
DB
Visualize
Alert
DB
Analyze
Visualize
Analyze
Alert
Tickets
Phone
SMS
SlackCollaboration
81Microsoft Exchange
EmailPull Metrics
Push Logs & Metrics
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
And next …
Chaos Engineering
Feature flipping
Service Mesh
Distributed TracingAntifragility
ObservabilityZero Trust Architecture
Self-Healing
Merci!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.