OPS 2: How do you approach application lifecycle management?

Adopt lifecycle management approaches that improve the flow of changes to production with higher fidelity, fast feedback on quality, and quick bug fixing. These practices help you rapidly identify, remediate, and limit changes that impact customer experience.

Resources

AWS SAM template example using nested stacks
AWS SAM template example using parametrized environment
Quick-start reference for cross-account deployments
Using dynamic references to specify template values in AWS CloudFormation
Amazon Partner Blog: Multi-account deployments

Best Practices:

Improvement Plan

Use infrastructure as code and stages isolated in separate environments

  • Use a Serverless framework to help you execute functions locally, build and package application code, separate packaging from deployment, deploy to isolated stages in separate environments, and support secrets via configuration management systems.
  • For a large number of resources, consider breaking common functionalities such as alarms into separate infrastructure as code templates.
  • Prototype new features using temporary environments

  • Use a Serverless framework to deploy temporary environments named after a feature.
  • Implement a process to identify temporary environments that may have not been deleted over an extended period of time.
  • Prototype application code locally and test integrations directly with managed services.
  • Use a rollout deployment mechanism

  • For production systems, use a linear deployment strategy to gradually roll out changes to customers.
  • For high volume production systems, use a canary deployment strategy when you want to limit changes to a fixed percentage of customers for an extended period of time.
    Setting up canary deployments for Amazon API Gateway
  • Use configuration management

  • Use environment variables for configuration options that change infrequently such as logging levels, and database connection strings.
    Setting up Lambda environment variables
    Storing sensitive information in environment variables
    Passing API Gateway stage-specific metadata to Lambda functions
  • Use a configuration management system for dynamic configuration that might change frequently or contain sensitive data such as secrets.
    Amazon Partner Blog: AWS Lambda and Secret Management
  • Review the function runtime deprecation policy

  • Identify and report on runtimes that might deprecate, and their support policy.
  • Use CI/CD including automated testing across separate accounts

  • Use a Continuous Integration/Continuous Deployment (CI/CD) pipeline solution that deploys multiple stages in isolated environments/accounts.
  • Automate testing including but not limited to unit, integration, and end-to-end tests.
  • Favor rollout deployments over all-at-once deployments for better resilience, and gradually learn what metrics will best determine your workload’s health to appropriately alert on.
  • Use a deployment system that supports traffic shifting as part of your pipeline, and rollback/roll-forward traffic to previous versions if an alert is triggered.
    Traffic shifting using AWS CodeDeploy, AWS SAM and Amazon CloudWatch Alerts