Professional Documents
Culture Documents
Order UI User UI UI
Order UI User UI UI
Shipping
Order UI UI
Order Shipping
Order Service Shipping
Service
Service Service
Order
Service Service
Service
Service Service
Service
User
Service
Characteristics of Service Oriented Architectures
Decentralized Polyglot
Do one
Independent thing well
Amazon
ECS Cluster
Route 53
ECS Cluster
Amazon API
Gateway*
Add/Remove ECS
Availability Availability
tasks
Zone A Zone B
Order
Amazon ECS
Module
Order
Module
Scaling Policies Reporting
Publish metrics
Amazon
CloudWatch
Application
Load Balancer
Blue-Green Deployments
0%
100%
Route 53
record set
with
weighted
routing Task Task
policy
Service Discovery with Route 53 and Application Load
Balancers
PandaCRM.com
Amazon
PandaCRM.com PandaCRM.com/report
Route 53
ECS Cluster
What about DevOps?
The DevOps Stack
Continuous Deployment
Communication
Agile Delivery Pipelines
Deployment Automation
Continuous integration
Continuous delivery
Continuous deployment
DevOps Stack on AWS
CodeCommit
AWS Elastic Container Service
17
Where do I go from here?
• Collect Metrics. Graph anything that moves
• Log everything, Centralize logging, Log Analytics
• Infrastructure as Code
• Automated configuration management
• One click environment creation
• CI-CD pipelines
• Automated testing
We have a strong partner list, and it’s growing
*beta
Continuous Deployment
4. Push Image
AWS
3. Build
CodeBuild
Artifact
Amazon instance
2. Trigger
1. Commit ECR
Pipeline
Code
AWS
CodeCommit AWS
CodePipeline Amazon ECS
Spot
5. Update
Instance
Stack
6. Update Service
AWS
CloudFormation
Don’t forget security
Tenant
Access
Identity
Identity Broker
Provider
Key
Tenant 1 Tenant 2 Tenant1
Web Tier Web Tier Tenant2
Tenant1
Tenant 1 Tenant 2 Tenant3
App Tier App Tier
Tenant2
Tenant1
Tenant 1 Tenant 2 Tenant 1 Tenant 2
IAM Policies Scope Tenant Access
Web Tier
App Tier
CustomerTable
T1-Bucket T2-Bucket
Binding Policies to Tenants
Web Identity
Identity Broker
Application Provider
Tenant
Web Multi-Factor
Identity Broker
Application Authentication
Tenant
Identity
Provider
UserID: bob@abc.com
TenantID: “93194942”
Role: “Admin”
IAM Policy
AWS cloud
SaaS Identity Considerations
• SaaS identity is bigger than authentication
• Use identity broker pattern to decouple from identity
providers
• Leave the heavy lifting, risk, and innovation to someone
else
• Automate role and policy provisioning/management
• Add tenant context to identity token to limit bottlenecks
Recap: Be Agile