S U M M I TP A R I S

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

DevOps pour les Ops : Utiliser les microservices et le serverless pour accélérer l’innovation

Guillaume MarchandSolutions ArchitectAWS France

M A P 3 0 5

Thierry CiboireHead of IT Cloud DevOps DomainEuler Hermes Group

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Quels changementsdoivent êtreapportés dans cenouveau monde ?

Patterns d’architecture

Modèle d'exploitation

Déploiement logiciel

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Lorsque l'impact du changement est faible, la vitessede déploiement peut augmenter.

MonolithFait tout

MicroservicesFait une seule chose

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

MICROSERVICE API

API MICROSERVICE

MICROSERVICEEV

ENT

APIMICROSERVICE

EVEN

T

API MICROSERVICE

APPLICATION

Mobile client

Client

IoT

PERSISTENCE PERSISTENCE

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Les APIs sont la porte d’entrée des microservices

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Gérer les APIs avec API Gateway

Mobile apps

Websites

Services

Internet Amazon CloudFront

Amazon CloudWatch monitoring

API Gateway

cache

Any other AWS service

All publicly accessible endpoints

AWS Lambda functions

Endpoints in your VPC

Regional API Endpoints

AWS Lambda functions

Endpoints on Amazon EC2

Your VPCAWS

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Augmenter la disponibilité des applicationsSurveiller en permanence l'état de santé de chaque ressourceMettre à jour dynamiquement l'emplacement de chaque microservice

Augmenter la productivité des développeursRegistre unique pour toutes les ressources applicativesDéfinir des ressources avec des noms conviviaux

Intégration avec les services de containers AWSAWS FargateAmazon Elastic Compute Cloud (Amazon ECS)Amazon Elastic Container Service pour Kubernetes (Amazon EKS)

AWS Cloud Map

AWSCloud Map

Nouveau

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Les architectures Cloud-native sontdes briques, faiblement couplées

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Découpler la gestion d’état en utilisant des messages

QueuesSimple

Fully managed

Any volume

Pub/subSimple

Fully managed

Flexible

Amazon Simple Queue Service

Amazon Simple Notification

Service

Messaging

SynchronizationRapid

Fully managed

Real-time

Amazon CloudWatch

Events

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Tout cela est-il difficile à maintenirmaintenant que nous avonsénormement de composants ?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Modèle de responsabilité opérationnel AWS

On-Premises Cloud

Less More

Compute Virtual MachineAmazon EC2 AWS Elastic Beanstalk LambdaFargate

Databases MySQL MySQL on Amazon EC2 Amazon RDS for MySQL Amazon RDS Amazon Aurora Serverless DynamoDB

Storage StorageS3

Messaging ESBsAmazon MQ Amazon Kinesis SQS / SNS

AnalyticsHadoop Hadoop on EC2 EMR Amazon Elasticsearch Service Amazon Athena

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Qu’est ce serverless ?

Pas de provisioning d'infrastructure, pas de gestion

Mise à l'échelle automatique

Payer pour la valeur Haute disponibilité et sécurité

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

AWS Lambda

AWS Fargate

Amazon API Gateway

Amazon SNS

Amazon SQS

AWS Step Functions

COMPUTE

DATA STORES

INTEGRATION

Amazon Aurora Serverless

Amazon S3

Amazon DynamoDB

AWSAppSync

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Execution de container

sans gestion de serveursLongue durée de vie

Apport du code existant

Orchestrateur managé

AWS Fargate

Concentrons nous sur le Compute

Execution de code serverless

pilotée par évènementCourte durée

Tous langages de programmation

Intégration des sources de données

AWS Lambda

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Comparaison de la responsabilité opérationnelle

AWS LambdaServerless functions

AWS FargateServerless containers

Amazon ECS/Amazon EKS

Container-management as a service

Amazon EC2Infrastructure-as-a-Service

Meilleure pratique

Moins bonne pratique

AWS s’occupe Le client s’occupe

• Intégrations des source de données• Matériel physique, logiciels, réseaux et

batiments.• Provisioning

• Code applicatif

• Mise à l’echelle du cluster• Orchestation de container• Matériel physique, logiciels, réseaux et

batiments.

• Code applicatif• Intégrations des source de données• Configuration et mises à jour de sécurité,

configuration réseau, tâches de gestion

• Orchestation de container• Matériel physique, logiciels, réseaux et

batiments.

• Code applicatif• Intégrations des source de données• Cluster de worker• Configuration et mises à jour de sécurité,

configuration réseau, tâches de gestion

• Matériel physique, logiciels, réseaux et batiments.

• Code applicatif• Intégrations des source de données• Scaling• Configuration et mises à jour de sécurité,

provisioning, mise à l’échelle et patching de serveur

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Comment surveiller et contrôler tousces microservices ?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Mettre la logique à l'intérieur de chaque microservice est complexe

Microservice

Application Code

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Plus facile : Découpler la logique opérationnelle

Application codeMicroservice

Proxy

Logic for:

MonitoringRoutingDiscoveryDeployment

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Déployer facilement la configuration et analyser des métriques

App developer

Infra operator Reporting

Intent

Proxy

Microservice

Nouveau

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Comment observer les applications distribuées et éphémères ?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

AWS X-Ray is fait pour les applications modernes

Analyser rapidementles problèmes

Vision de bout enbout de chacun des

services

Identifier l'impact sur les clients

Support de Serverless

*Nouveau* X-RayRoot Causes

*Nouveau* Support de API Gateway

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Comment développer et deployer dansune architecture microservices serverless ?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pilliers de la mise à jour d’une application moderne

Continuous delivery

Continuous integration

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

FAQs Serverless microservices pour le déploiementapplicatif

Comment surveiller ces Nouvelles ressources éphémères ?

Comment puis-je uniformiser les meilleures pratiques ?

Comment gérons-nous le processus de déploiement de tant de services ?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Cycle de vie de développement du monolithe

MonitorReleaseTestBuild

Developers

Delivery pipelines

Services

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Cycle de vie du développement de microservicesDevelopers Services

MonitorReleaseTestBuild

Delivery pipelines

MonitorReleaseTestBuild

MonitorReleaseTestBuild

MonitorReleaseTestBuild

MonitorReleaseTestBuild

MonitorReleaseTestBuild

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Qu’est ce DevOpsà Amazon ?

(microservices, 2 pizza teams)

(gouvernance, templates)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Nous avons publié les AWS Developer Tools for CI/CD

AWS CodeBuild + Third Party

AWS CodeCommit AWS CodeBuild AWS CodeDeploy AWS X-Ray

Source Build Test Deploy Monitor

AWS CodePipeline

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

MyAppCodeCommit

Source

BuildCodeCommit

Build

DeployToIntegCodeDeploy

Integration

IntegTestEnd2EndTester

DeployToProdCodeDeploy

Production

Source

Build

Deploy to integration stack

Integration tests

Deploy to production

Modéliser le process au sein de CodePipeline

ActionEtape

Pipeline

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Etape 1: Build et test unitaire1. Déclenche le pipeline en cas de

changement de source2. Build et tests unitaires3. Déploie dans un env. d’intégration4. Exécute les tests d’UX5. Exécute les tests d’intégration

Tests

Source

MyAppSourceCodeCommit

Build

BuildAndUnitTestsCodeBuild

IntegrationDeployCodeDeploy

TestOnChromeCodeBuild

TestOnChromeCodeBuild

IntegTestEnd2EndTester

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Etape 2: Notifier en cas d’échecChange 1

CloudWatchEvents

(Failed Action)

Tests

Source

MyAppSourceCodeCommit

Build

BuildAndUnitTestsCodeBuild

IntegrationDeployCodeDeploy

TestOnChromeCodeBuild

TestOnChromeCodeBuild

IntegTestEnd2EndTester

Change 2

Lambda FunctionNotifySlackOnPipelineActionFailure()

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

V1V1 V1 V1 V1 V1 V1 V1 V1 V1V2 V2 V2 V2 V2V2 V2 V2 V2 V2

Déploiement ”Rolling Update"

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Déploiement “Blue/green”

Succès

Groupe bleu Groupe vert

V1 V1 V1 V1 V1 V1 V1 V1 V1 V1V2 V2 V2 V2 V2

Auto Scaling Auto Scaling

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Diminuer le risque en segmentant• Minimiser l'impact des échecs

• Potentiellement identifier les problèmes avant vos clients

• Permet un rollback plus rapide, avec moins d'impact

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Etape 1: Répartir la production en plusieurs segments

Types de segments typiques :• Région• Zone de disponibilité• Sous-zone• Hôte unique (Canary)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Production

CanaryDeployCodeDeploy

PostDeployTestApproval

Deploy-AZ-1CodeDeploy

PostDeployTestApproval

Deploy-AZ-2CodeDeploy

Deploy-AZ-3CodeDeploy

DeployToIntegCodeDeploy

Integration

IntegTestEnd2EndTester

Etape 2 : Déployer sur chaque segment

Production – Region 2

CanaryDeployCodeDeploy

PostDeployTestApproval

Deploy-AZ-1CodeDeploy

PostDeployTestApproval

Deploy-AZ-2CodeDeploy

Deploy-AZ-3CodeDeploy

Nouveau

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Les déploiements ”Canary” sont différents

Tous les hôtes de production• Participe à la desserte du trafic de production• Configuré en tant qu'instance de production• Participe au flux des métriques de production

Hôtes “Canary”• Possède son propre flux de métriques• Les validations des “Canary” utilisent le flux métrique des “Canary”

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

AWS CodeDeploy

• Automatise les déploiements de code• Gère la complexité de la mise à jour de vos

applications• Évite les temps d'arrêt pendant le déploiement

des applications• Rollback automatique• Déploiement sur des ressources Amazon EC2,

ECS, Lambda ou on premise.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CodeDeploy-Lambda deploymentsEnable in your serverless application template

Resources:

GetFunction:

Type: AWS::Serverless::Function

Properties:

DeploymentPreference:

Type: Canary10Percent10Minutes

Alarms:

- !Ref ErrorsAlarm

Hooks:

PreTraffic: !Ref PreTrafficHook

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

AWS CodeDeploy

AWS CodeDeploy automatisedésormais les déploiements blue-green vers AWS Fargate et Amazon Elastic Container Service (ECS)

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Vérification de la fiabilité des pipelines

Source

MyAppSourceCodeCommit

Build

MyAppBuildBuild

Deploy

safetyCheckApproval

ProductionDeployCodeDeploy

Lambda FunctionsafetyCheck

Change 1SNS Topic

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Vérification de la fiabilité des pipelines

Source

MyAppSourceCodeCommit

Build

MyAppBuildBuild

DeployToProd

MyAppCodeDeploy

CloudWatch Event (event-

based)

Lambda FunctiondisablePushtoProduction

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pilliers de la mise à jour d’une application moderne

Infrastructure as code

Continuous delivery

Continuous integration

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Les objectis de Infrastructure as code

1. Rendre les changements d’infra. reproductibles et prévisibles

2. Utiliser les mêmes outils de déploiements que le code.

3. Répliquer les env. de production dans d’autres env. Pour permettre le

continuous testing

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Continuous testing avec l’infrastructure as codeValider un artefact (Build stage)

• Tests unitaires• Analyse statique• Dépendances et

environnements simulés• Scan de vulnérabilité des

images

Valider un environnement(Test stages)

• Test d’integration• Test de charge• Test d’intrusion• Monitoring

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Comment pouvons-nous modéliser et dimensionner au mieux notre infrastructure ?

Developer AWS CodeCommit

AWS CodeBuild

AWS CloudFormation

Amazon SNS

Amazon S3 bucket

AWS

Stack

Stack

Stack

Pre-create

Create stacks

Post-create

Deploy

AWS CodePipeline

Region

Region

Region

cfn-nag

https://aws.amazon.com/solutions/aws-cloudformation-validation-pipeline/

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Developer PreviewAWS Cloud Development Kit (Amazon CDK)

AWS CDK application AWS CloudFormation

templateStack(s)

Construct Construct

Resources

AWS CloudFormation

Amazon Simple Queue Service

Lambda Amazon S3 bucket DynamoDB

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

AWS Fargate AWS CloudFormation

Mon Projet “Trivia”

AWS CodeBuild

Developpeurs

AWS Fargate

Responsablesproduit et tech

chatbot devops Application “Trivia-preview-42”

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Pull Request Bot

https://github.com/clareliguori/clare-bot

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Développement des applications modernes

• Simplifier la gestion des environnements avec serverless• Réduiser l’impact des changements avec une architecture microservice• Automatiser les operations en modélisant les apps. et l’infra. en code• Accélerer le déploiement de nouvelles fonctionnalités CI/CD• Gagnez en visibilité sur l’ensemble des apps en permettant l’observabilité• Protéger vos clients et votre entreprise avec une sécurité et une conformité

de bout en bout

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thierry CiboireHead of IT Cloud DevOps Domain

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Introduction to Credit Risk

SUPPLIER Selling on credit terms

To be competitive

If other suppliers offer credit, the company will generally need to do it as well, if they want to compete for the buyer’s business

Risk: What if in between the supplier goes bankrupt ?

BUYERBuying on credit terms

To help my cash flow

• If the credit period is long enough he may be able to sell the goods before he has to pay for them

• Credit from a supplier may be cheaper / easier to obtain than credit from a bank

• Credit periods may be longer for overseas buyers to take into account the shipping time

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Credit Insurance in 60 seconds

Our Mission • Predict Trade and Credit Risk • Protect our customers

Our main Products:• Trade Credit Insurance• Bonds and Guarantees• Fraud Cover• Debt Collection

YOUR COMPANY (Supplier)

YOUR CUSTOMER(Buyer)

Selling goods and/or services

Credit insurance contract

Risk analysis

Unpaid debt collection

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

EULER HERMES : WHO ARE WE?NOT A STARTUP FOR SURE, BUT A GLOBAL ACTOR WITH A SIGNIFICANT RECORD OF SUCCESS

1883-1992 1993-1999 2000-2009 2010-2012 2013-2014 2015-2018

• 1883ACI, USA

• 1917Hermes, Germany

• 1918Trade Indemnity, UK

• 1927SFAC, France and SIAC, Italy

• 1929COBAC, Belgium

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Main application architecture principles

EH Information System

transformation

API-fication

Micro-servicization

Elasticity & ResiliencyCloud first

Event-Driven architecture & Analytics

• Applications must propagate all business events in EH streaming Bus to leverage event-driven architecture & real-time analytics

• Applications must be built in a modular way with independent loosely-coupled and stateless micro-services representing a consistent set of unitary functionalities

• Applications must be designed to be elastically scalable • Applications must be designed to be resilient with no

Single-Point of Failure (SPOF)

• Applications must expose their functionalities and data through API aligned with EH API Governance

• Applications must handle integration with Rest APIs

• Applications must be designed to run on a cloud environment (AWS) and follow EH Cloud principles

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

DEVOPS with a Strong OPS Culture

Cloud First

• Infrastructure as Code: Terraform/Gitlab

• Zero Data Center target.

API

• To foster partnerships and engagement with our customers.

• Simplify.• Easy to work

with.

Serverless

Focus on :• Lambda functions• Containers on

ECS/Fargate• Kinesis• Aurora

Micro Services

To benefit of the cloud model and ease transformation.Ops Challenges!• Observability

(logging, alerting)• Automation • CI/CD• Auto healing

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

VPC

Subnet

Availability zone

Subnet

Availability zone

Subnet

Availability zone

SERVERLESS architectures pattern

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Micro services architecture pattern

ECS Cluster µA

µB (Fargate)

ECS Cluster µA

Lambda

API Gateway

RDS

Kinesis shards

DynamoDB

ALB

Fargate

Containers

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Continuous Integration

DevOps

Product

DeliverySourceRepositories

Unit Tests

Code Analysis

Test Coverage

DevOps

Cloud

ManualCode Review

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Continuous Delivery

DevOps

Cloud

DevOps

Product

Infrastructure Module

Repository

Application Code repository

DeploymentCode Repository

Amazon S3 bucket ECR repository

Infrastructure As

Code

Stack

AWS FargateLambda

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Observability: Logical architecture

Infrastructure Data

Processing

Collection

Logs

Alert

Analyze

Visualize

Traces

Metrics

PUSH

PULL

DATA

DATA DATA

Tools portfolio

DATADATA

DATA

DATA

Middleware

Middleware

App App

App App

2. Ingestion 3. Storage 4. Consumption1. Sources & Data

PreventionDetectionTroubleshooting Correction

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Observability : Infrastructure

AlertIT

Infrastructure

APIAgents

MiddlewareAPI

Agents

App

APILibs

AgentsFrameworks

AmazonCloudWatch

Splunk

Pull Metrics

Export Metrics

Prometheus

PrometheusExporters

Alert Manager

Grafana

Processed Metrics

Push Logs & Metrics

ServiceNow

Amazon SNS

DB

Visualize

Alert

DB

Analyze

Visualize

Analyze

Alert

Tickets

Phone

SMS

SlackCollaboration

81Microsoft Exchange

EmailPull Metrics

Push Logs & Metrics

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

And next …

Chaos Engineering

Feature flipping

Service Mesh

Distributed TracingAntifragility

ObservabilityZero Trust Architecture

Self-Healing

Merci!

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.