MS
Uploaded byMoshe Ben Shoham
PPTX, PDF547 views

Container-based Microservices DevOps in AWS

Perfecto Mobile transitioned from monolithic servers to a container-based microservices architecture using AWS, driven by the need for agility and efficiency. They adopted ECS for container orchestration, implemented infrastructure as code with CloudFormation, and optimized monitoring with Prometheus and Grafana. Key lessons learned include the importance of autonomous teams, cost management, and managing dependencies effectively.

Embed presentation

Downloaded 11 times
Container-based Microservices DevOps in AWS How Perfecto Did it and What We Learned So Far © 2018, Perfecto Mobile Ltd. All Rights Reserved.
About Perfecto 1/10/2018 2© 2018, Perfecto Mobile Ltd. All Rights Reserved.
How We Started We started 11 years ago with developing monolith servers in our own DCs We were moving slowly… 1/10/2018 3© 2018, Perfecto Mobile Ltd. All Rights Reserved.
But Then we Heard Some Buzzwords 1/10/2018 4© 2018, Perfecto Mobile Ltd. All Rights Reserved. And we decided we want to move faster and do more impact on the company business
Big Change 1/10/2018 5© 2018, Perfecto Mobile Ltd. All Rights Reserved. Waterfall Monolith servers Deployment in DC Dependencies Agile Microservices Cloud Autonomous teams
The 3 Components of the Change technology methodologyculture 1/10/2018 6© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Autonomous Teams DevOps Dev QA 1/10/2018 7© 2018, Perfecto Mobile Ltd. All Rights Reserved. Development Continuous integration Continuous deployment Monitoring Budget control
Technologies we Use (partial list…) 1/10/2018 8© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Why we Chose ECS for Container Orchestration • We were new to the containers world, but we understood container orchestration is a key decision • We looked at ECS, Kubernetes, Swarm and other alternatives. • ECS seemed best in terms on time to value 1/10/2018 9© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Our First Microservice 1/10/2018 10© 2018, Perfecto Mobile Ltd. All Rights Reserved. • Deployed in ECS • ELB + ECS tasks = ECS service • EC2 instances are managed in an Auto Scaling Group • Service Discovery using Route53 • Task per EC2 instance (ELB static port limitation)
Decisions we Took (1) 1/10/2018 11© 2018, Perfecto Mobile Ltd. All Rights Reserved. • Deploying in a single availability zone • One of those decisions you regret - overhead of changing it grows with time
Decisions We took (2) • Single VPC for all teams • Seems natural – it’s network, right? • Pros • Less work for teams • Simpler to move services between teams • Cons • Dependency between teams. Who owns the VPC? • Simpler to take shortcuts (e.g. use VPN to DC) • Budget control is more difficult - no option for account per team (need to tag all services) 1/10/2018 12© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Decisions we took (3) • ECS cluster per… what? • Options • One cluster to rule them all • Cluster per service (group of microservices) • Cluster per team • We let our teams decide between the two last options • No dependencies between teams • Better budget control • Reduce blast radius of ECS cluster issues (more on that soon) 1/10/2018 13© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Infrastructure as code is the only way to go • We (try to) do everything (except for very small and initial POCs) with CloudFormation • Every time you do a change in UI, CLI or API without CloudFormation – think again • CloudFormation templates stored in Git • CloudFormation invoked by Jenkins • We maintain shared CloudFormation templates used by all teams to create ECS clusters, services and more. 1/10/2018 14© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Working with CloudFormation • There is a learning curve • Templates can become long and unreadable • Split to sub-templates • Consider generating templates • CloudFormation behavior can be surprising, but it is consistent • Practice in product-like environments (dev/staging) • Using the UI is dangerous • Automate all CloudFormation invocations • Read-only access to UI • Protect your stacks using stack policies 1/10/2018 15© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Moving to ALBs • ALB – Application Load Balancer, can (should) replace ELB • Why • Cost - 1 ALB can replace X ELBs - Less expensive for clusters with large number of services • Dynamic port management – Allows deploying multiple services on one EC2 instance, more flexibility • ELB is (kind of) legacy – e.g. not supported in Fargate • Routes requests to backend containers based on request path rules • Challenge with ALBs – no URL rewrite in rules. If if you have no control on the request path in the deployed services, you will need a reverse proxy. 1/10/2018 16© 2018, Perfecto Mobile Ltd. All Rights Reserved.
ELB vs ALB 1/10/2018 17© 2018, Perfecto Mobile Ltd. All Rights Reserved.
What about logs? • We’re using CloudWatch logs • Note perfect, but very simple to integrate with anything in AWS • Container logs • Standard container logs can be sent to CloudWatch – that is easy, supported natively in Docker • To take application log files to CloudWatch – we’re using a ”satellite container” (AKA sidecar) per task - https://github.com/moshebs/docker-awslogs • ELB/ALB access logs: • Sent to S3, natively supported by ELB/ALB • CloudWatch event from S3  Lambda that parses the logs and pushes them to CloudWatch logs 1/10/2018 18© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Logs 1/10/2018 19© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Monitoring with Prometheus 1/10/2018 20© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Dashboards with Grafana 1/10/2018 21© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Monitoring in Perfecto • Each team owns their own monitoring system • Deployment • Maintenance • Building dashboards • Getting alerts, usually in Slack • Deployed using CloudFormation • All teams use the same templates • Coniguration using sidecar containers 1/10/2018 22© 2018, Perfecto Mobile Ltd. All Rights Reserved.
What we monitor • EC2 instance metrics – by deploying Prometheus node_exporter on the EC2 instances • Application metrics • If metrics are shared between the microservice nodes – scrape through LB • Otherwise – scrape each microservice tasks (how do you find them? Next slide…) • 3rd party (Mongo, RabbitMQ, Redis, e.g.) – standard open- source exporters • CloudWatch metrics – using cloudwatch_exporter (but be careful, pulling metrics from CloudWatch is expensive!) 1/10/2018 23© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Monitoring Architecture 1/10/2018 24© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Scraping ECS Tasks • The challenge: • Prometheus needs to know where each task runs, and what port to use for scraping • But Prometheus supports filtering EC2 instances by tags only • ECS decide which task goes where • The solution – a container that dynamically tags EC2 instances according to ECS tasks running on them 1/10/2018 25© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Scraping ECS Tasks 1/10/2018 26© 2018, Perfecto Mobile Ltd. All Rights Reserved.
ECS Biggest Challenge • The integration between ECS and Auto Scaling Group is not perfect • ASG changes ignore ECS tasks • Let’s look at 2 examples 1/10/2018 27© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Auto Scaling Group Downscale 1/10/2018 28© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4 VM5 VM6 VM7
Upgrade of ECS-Optimized AMI 1/10/2018 29© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4VM5 Auto Scaling Group
Simple Workaround • You can control when the EC2 instance sends the “I’m ready” signal to CloudFormation (in fact you must send it in the userdata) • Add a sleep, to allow the ECS task to start • Helps with the AMI upgrade scenario only • Upgrades are slower, but a bit safer • In practice – this really helped us 1/10/2018 30© 2018, Perfecto Mobile Ltd. All Rights Reserved.
Better Solution • Auto Scaling Group has life cycle hooks • We can add a hook to prevent VM shutdown until the task in the new VM is ready. 1/10/2018 31© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4VM5 Auto Scaling Group Shutdown Hook SNS ECS Deregister VM2 Wait for task Complete lifecycle action
But the truth is… • We don’t want to manage VMs at all • We just want to deploy containers over CPU and memory • Enter Fargate – serverless containers • We plan to try it soon, but we’re still missing • Storage attachment • Availability outside of us-east-1 1/10/2018 32© 2018, Perfecto Mobile Ltd. All Rights Reserved.
© 2018, Perfecto Mobile Ltd. All Rights Reserved. moshe_benshoham mosheb@perfectomobile.com Thank You!

More Related Content

PPTX
Lyft - One billion rides - with wavefront
byAnil Gupta (AJ) - vExpert
 
PDF
Web sphere application transformation and modernization at engie electrabel
byFlowFactor
 
PPTX
Introduction to Elastic Compute Service on Alibaba Cloud to Power Your Busine...
byOliver Theobald
 
PDF
ICN Akamai's Backbone
byAPNIC
 
PPTX
Multi-Cloud Global Server Load Balancing (GSLB)
byAvi Networks
 
PPTX
Introduction to ActOnMagic
byMadan Ganesh Velayudham
 
PPTX
Cloud as a Service: A Powerful New Cloud Management Platform
byBMC Software
 
PPTX
Secret Techniques to Manage Apache Cloudstack with ActOnCloud
byMadan Ganesh Velayudham
 
Lyft - One billion rides - with wavefront
byAnil Gupta (AJ) - vExpert
 
Web sphere application transformation and modernization at engie electrabel
byFlowFactor
 
Introduction to Elastic Compute Service on Alibaba Cloud to Power Your Busine...
byOliver Theobald
 
ICN Akamai's Backbone
byAPNIC
 
Multi-Cloud Global Server Load Balancing (GSLB)
byAvi Networks
 
Introduction to ActOnMagic
byMadan Ganesh Velayudham
 
Cloud as a Service: A Powerful New Cloud Management Platform
byBMC Software
 
Secret Techniques to Manage Apache Cloudstack with ActOnCloud
byMadan Ganesh Velayudham
 

What's hot

PPTX
On command shift 1.0 release
byTakano Masaru
 
PDF
Introduction to Istio on Kubernetes
byJonh Wendell
 
PPTX
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
byPT Datacomm Diangraha
 
PPTX
CloudStack Meetup - Introduction
byMadan Ganesh Velayudham
 
PDF
Cloud expo 2015_rags
byragss
 
PDF
Reality Check: Moving From the Transformation Laboratory to Production
byDevOps.com
 
PPTX
Learning Request Management
byCA | Automic Software
 
PDF
SIMCLOUD: Running Operational Simulators in the Cloud
byFinmeccanica
 
PDF
Istio Service Mesh
byLew Tucker
 
PPTX
Container and Test Automation Management Practices in TrendMicro
byJen-Chieh Ko
 
PPTX
Mumbai Meetup on Pivotal CF Jan 15
byMayur Gandhi
 
PPTX
OpenStack Telco Cloud Challenges, David Fick, Oracle
bySriram Subramanian
 
PPT
Savig cost using application level virtualization
byNati Shalom
 
PDF
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
byKhash Nakhostin
 
PPTX
Building a Scalable Federated Hybrid Cloud
byPLUMgrid
 
PDF
VMware: your path to the cloud
byVMEngine
 
PPTX
The future of scaling forrester research - GigaSpaces Road Show 2011
byNati Shalom
 
PPTX
Investing in Cloud Integration at Microsoft IT
byBizTalk360
 
PDF
Cloudify and terraform integration
byNati Shalom
 
PPTX
Citrix - Open Elastic Platform for the Private Cloud
byNati Shalom
 
On command shift 1.0 release
byTakano Masaru
 
Introduction to Istio on Kubernetes
byJonh Wendell
 
Converting Your Existing SAP Server Infrastructure to a Modern Cloud-Based Ar...
byPT Datacomm Diangraha
 
CloudStack Meetup - Introduction
byMadan Ganesh Velayudham
 
Cloud expo 2015_rags
byragss
 
Reality Check: Moving From the Transformation Laboratory to Production
byDevOps.com
 
Learning Request Management
byCA | Automic Software
 
SIMCLOUD: Running Operational Simulators in the Cloud
byFinmeccanica
 
Istio Service Mesh
byLew Tucker
 
Container and Test Automation Management Practices in TrendMicro
byJen-Chieh Ko
 
Mumbai Meetup on Pivotal CF Jan 15
byMayur Gandhi
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
bySriram Subramanian
 
Savig cost using application level virtualization
byNati Shalom
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
byKhash Nakhostin
 
Building a Scalable Federated Hybrid Cloud
byPLUMgrid
 
VMware: your path to the cloud
byVMEngine
 
The future of scaling forrester research - GigaSpaces Road Show 2011
byNati Shalom
 
Investing in Cloud Integration at Microsoft IT
byBizTalk360
 
Cloudify and terraform integration
byNati Shalom
 
Citrix - Open Elastic Platform for the Private Cloud
byNati Shalom
 

Similar to Container-based Microservices DevOps in AWS

PPTX
ECS and Docker at Okta
byJon Todd
 
PDF
Microservices Architecture with AWS @ AnyMind Group
byGiang Tran
 
PPTX
Docker on Amazon ECS
byDeepak Kumar
 
PPTX
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
byWeaveworks
 
PPTX
Amazon ECS.pptx tasks conatiner ecs new car
byzineblahib2
 
PPTX
從劍宗到氣宗 - 談AWS ECS與Serverless最佳實踐
byPahud Hsieh
 
PPTX
Introduction to AWS and Docker on ECS
byCloudHesive
 
PPTX
Designed_Amazon_ECS_Presentation ppt.pptx
bychandupriyar317
 
PDF
Microservices and elastic resource pools with Amazon EC2 Container Service
byBoyan Dimitrov
 
PDF
Getting started with Amazon ECS
byIoannis Polyzos
 
PDF
ECS and ECR deep dive
byShiva Narayanaswamy
 
PDF
AnyMind Group Tech Talk - Microservices architecture with AWS
byNhân Nguyễn
 
PPTX
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
byAWS Germany
 
PDF
Amazon ECS (December 2015)
byJulien SIMON
 
PDF
Deep Dive on Microservices and Docker
byKristana Kane
 
PDF
Running Docker clusters on AWS (June 2016)
byJulien SIMON
 
PPTX
Containers State of the Union I AWS Dev Day 2018
byAWS Germany
 
PDF
Breaking the monolith (an example)
byMassimo Ferre'
 
PPTX
Docker on AWS - the Right Way
byAllCloud
 
PDF
Introduction to Amazon EC2 Container Service
bychristophertcannon
 
ECS and Docker at Okta
byJon Todd
 
Microservices Architecture with AWS @ AnyMind Group
byGiang Tran
 
Docker on Amazon ECS
byDeepak Kumar
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
byWeaveworks
 
Amazon ECS.pptx tasks conatiner ecs new car
byzineblahib2
 
從劍宗到氣宗 - 談AWS ECS與Serverless最佳實踐
byPahud Hsieh
 
Introduction to AWS and Docker on ECS
byCloudHesive
 
Designed_Amazon_ECS_Presentation ppt.pptx
bychandupriyar317
 
Microservices and elastic resource pools with Amazon EC2 Container Service
byBoyan Dimitrov
 
Getting started with Amazon ECS
byIoannis Polyzos
 
ECS and ECR deep dive
byShiva Narayanaswamy
 
AnyMind Group Tech Talk - Microservices architecture with AWS
byNhân Nguyễn
 
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
byAWS Germany
 
Amazon ECS (December 2015)
byJulien SIMON
 
Deep Dive on Microservices and Docker
byKristana Kane
 
Running Docker clusters on AWS (June 2016)
byJulien SIMON
 
Containers State of the Union I AWS Dev Day 2018
byAWS Germany
 
Breaking the monolith (an example)
byMassimo Ferre'
 
Docker on AWS - the Right Way
byAllCloud
 
Introduction to Amazon EC2 Container Service
bychristophertcannon
 

Recently uploaded

PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PPTX
System Software_CIE_AS_LEVEL_CS_9618 .pptx
byJawaad BM
 
PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PPTX
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
Genesys Vision & CX Trends 2026 Unlocking Business Value in the Experience Ec...
byUni Systems S.M.S.A.
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PPTX
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PPTX
Leon Brands - Methodical GPU Profiling (Graphics Programming Conference 2025)
byleonbrands1998
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
PDF
Cybersecurity Prevention and Detection: Unit 3
byVICTOR MAESTRE RAMIREZ
 
PPTX
Formulation and Evaluation of herbal peel off mask gel
byRanikonde
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
System Software_CIE_AS_LEVEL_CS_9618 .pptx
byJawaad BM
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
kernel PPT (Explanation of Windows Kernal).pptx
byINFOBYTES1
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
Genesys Vision & CX Trends 2026 Unlocking Business Value in the Experience Ec...
byUni Systems S.M.S.A.
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
Connecting the unconnectable: Exploring LoRaWAN for IoT
byasasiraarthur
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Leon Brands - Methodical GPU Profiling (Graphics Programming Conference 2025)
byleonbrands1998
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 2
byVICTOR MAESTRE RAMIREZ
 
The Evolving Role of the CEO in the Age of AI
byPipal Tree Services Executive Search Firm
 
Cybersecurity Prevention and Detection: Unit 3
byVICTOR MAESTRE RAMIREZ
 
Formulation and Evaluation of herbal peel off mask gel
byRanikonde
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 

Container-based Microservices DevOps in AWS

  • 1.
    Container-based Microservices DevOpsin AWS How Perfecto Did it and What We Learned So Far © 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 2.
    About Perfecto 1/10/2018 2©2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 3.
    How We Started Westarted 11 years ago with developing monolith servers in our own DCs We were moving slowly… 1/10/2018 3© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 4.
    But Then weHeard Some Buzzwords 1/10/2018 4© 2018, Perfecto Mobile Ltd. All Rights Reserved. And we decided we want to move faster and do more impact on the company business
  • 5.
    Big Change 1/10/2018 5©2018, Perfecto Mobile Ltd. All Rights Reserved. Waterfall Monolith servers Deployment in DC Dependencies Agile Microservices Cloud Autonomous teams
  • 6.
    The 3 Componentsof the Change technology methodologyculture 1/10/2018 6© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 7.
    Autonomous Teams DevOps Dev QA 1/10/2018 7©2018, Perfecto Mobile Ltd. All Rights Reserved. Development Continuous integration Continuous deployment Monitoring Budget control
  • 8.
    Technologies we Use(partial list…) 1/10/2018 8© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 9.
    Why we ChoseECS for Container Orchestration • We were new to the containers world, but we understood container orchestration is a key decision • We looked at ECS, Kubernetes, Swarm and other alternatives. • ECS seemed best in terms on time to value 1/10/2018 9© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 10.
    Our First Microservice 1/10/201810© 2018, Perfecto Mobile Ltd. All Rights Reserved. • Deployed in ECS • ELB + ECS tasks = ECS service • EC2 instances are managed in an Auto Scaling Group • Service Discovery using Route53 • Task per EC2 instance (ELB static port limitation)
  • 11.
    Decisions we Took(1) 1/10/2018 11© 2018, Perfecto Mobile Ltd. All Rights Reserved. • Deploying in a single availability zone • One of those decisions you regret - overhead of changing it grows with time
  • 12.
    Decisions We took(2) • Single VPC for all teams • Seems natural – it’s network, right? • Pros • Less work for teams • Simpler to move services between teams • Cons • Dependency between teams. Who owns the VPC? • Simpler to take shortcuts (e.g. use VPN to DC) • Budget control is more difficult - no option for account per team (need to tag all services) 1/10/2018 12© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 13.
    Decisions we took(3) • ECS cluster per… what? • Options • One cluster to rule them all • Cluster per service (group of microservices) • Cluster per team • We let our teams decide between the two last options • No dependencies between teams • Better budget control • Reduce blast radius of ECS cluster issues (more on that soon) 1/10/2018 13© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 14.
    Infrastructure as codeis the only way to go • We (try to) do everything (except for very small and initial POCs) with CloudFormation • Every time you do a change in UI, CLI or API without CloudFormation – think again • CloudFormation templates stored in Git • CloudFormation invoked by Jenkins • We maintain shared CloudFormation templates used by all teams to create ECS clusters, services and more. 1/10/2018 14© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 15.
    Working with CloudFormation •There is a learning curve • Templates can become long and unreadable • Split to sub-templates • Consider generating templates • CloudFormation behavior can be surprising, but it is consistent • Practice in product-like environments (dev/staging) • Using the UI is dangerous • Automate all CloudFormation invocations • Read-only access to UI • Protect your stacks using stack policies 1/10/2018 15© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 16.
    Moving to ALBs •ALB – Application Load Balancer, can (should) replace ELB • Why • Cost - 1 ALB can replace X ELBs - Less expensive for clusters with large number of services • Dynamic port management – Allows deploying multiple services on one EC2 instance, more flexibility • ELB is (kind of) legacy – e.g. not supported in Fargate • Routes requests to backend containers based on request path rules • Challenge with ALBs – no URL rewrite in rules. If if you have no control on the request path in the deployed services, you will need a reverse proxy. 1/10/2018 16© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 17.
    ELB vs ALB 1/10/201817© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 18.
    What about logs? •We’re using CloudWatch logs • Note perfect, but very simple to integrate with anything in AWS • Container logs • Standard container logs can be sent to CloudWatch – that is easy, supported natively in Docker • To take application log files to CloudWatch – we’re using a ”satellite container” (AKA sidecar) per task - https://github.com/moshebs/docker-awslogs • ELB/ALB access logs: • Sent to S3, natively supported by ELB/ALB • CloudWatch event from S3  Lambda that parses the logs and pushes them to CloudWatch logs 1/10/2018 18© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 19.
    Logs 1/10/2018 19© 2018,Perfecto Mobile Ltd. All Rights Reserved.
  • 20.
    Monitoring with Prometheus 1/10/201820© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 21.
    Dashboards with Grafana 1/10/201821© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 22.
    Monitoring in Perfecto •Each team owns their own monitoring system • Deployment • Maintenance • Building dashboards • Getting alerts, usually in Slack • Deployed using CloudFormation • All teams use the same templates • Coniguration using sidecar containers 1/10/2018 22© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 23.
    What we monitor •EC2 instance metrics – by deploying Prometheus node_exporter on the EC2 instances • Application metrics • If metrics are shared between the microservice nodes – scrape through LB • Otherwise – scrape each microservice tasks (how do you find them? Next slide…) • 3rd party (Mongo, RabbitMQ, Redis, e.g.) – standard open- source exporters • CloudWatch metrics – using cloudwatch_exporter (but be careful, pulling metrics from CloudWatch is expensive!) 1/10/2018 23© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 24.
    Monitoring Architecture 1/10/2018 24©2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 25.
    Scraping ECS Tasks •The challenge: • Prometheus needs to know where each task runs, and what port to use for scraping • But Prometheus supports filtering EC2 instances by tags only • ECS decide which task goes where • The solution – a container that dynamically tags EC2 instances according to ECS tasks running on them 1/10/2018 25© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 26.
    Scraping ECS Tasks 1/10/201826© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 27.
    ECS Biggest Challenge •The integration between ECS and Auto Scaling Group is not perfect • ASG changes ignore ECS tasks • Let’s look at 2 examples 1/10/2018 27© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 28.
    Auto Scaling GroupDownscale 1/10/2018 28© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4 VM5 VM6 VM7
  • 29.
    Upgrade of ECS-OptimizedAMI 1/10/2018 29© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4VM5 Auto Scaling Group
  • 30.
    Simple Workaround • Youcan control when the EC2 instance sends the “I’m ready” signal to CloudFormation (in fact you must send it in the userdata) • Add a sleep, to allow the ECS task to start • Helps with the AMI upgrade scenario only • Upgrades are slower, but a bit safer • In practice – this really helped us 1/10/2018 30© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 31.
    Better Solution • AutoScaling Group has life cycle hooks • We can add a hook to prevent VM shutdown until the task in the new VM is ready. 1/10/2018 31© 2018, Perfecto Mobile Ltd. All Rights Reserved. VM1 VM2 VM3 VM4VM5 Auto Scaling Group Shutdown Hook SNS ECS Deregister VM2 Wait for task Complete lifecycle action
  • 32.
    But the truthis… • We don’t want to manage VMs at all • We just want to deploy containers over CPU and memory • Enter Fargate – serverless containers • We plan to try it soon, but we’re still missing • Storage attachment • Availability outside of us-east-1 1/10/2018 32© 2018, Perfecto Mobile Ltd. All Rights Reserved.
  • 33.
    © 2018, PerfectoMobile Ltd. All Rights Reserved. moshe_benshoham mosheb@perfectomobile.com Thank You!

Editor's Notes

  • #12 One VPC for all Here we will show a diagram of a set of microservices Deployed in ECS ECS cluster running on top of ASG (we started in a single AZ – don’t do that!) Using ELB (one task per EC2 instance) Service discovery using DNS in Route53 Network level One VPC for all Each cluster in separate subnet Using security groups to control access between machines Expose service to the Internet – using CheckPoint