2022 SF Summit - Improving Developer Experience with CDK
Download as PPTX, PDF0 likes105 views
The document discusses the challenges faced by Gaggle's technology team in delivering projects efficiently and isolating developer work. Some of the challenges included long feedback loops due to inability to work in isolation, lack of automation in provisioning AWS accounts and deployments. The solutions proposed were to provision separate AWS accounts for each developer, use AWS CDK to define infrastructure as code and automate deployments for each application, create pipelines for continuous delivery of dependencies and services, and set up separate integration accounts with budget automation to address costs. This improved the efficiency of Gaggle's technology team.
![© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
from account_budget import AccountBudget
class BudgetsStack(core.Stack):
def __init__(self) -> None:
for account in accounts:
b = AccountBudget(
self,
account_id=account.id,
daily_limit=daily_limit,
emails=[team.owner,account_cost.owner]
)
# create chatbot channel
aws_chatbot.SlackChannelConfiguration(
self,
slack_channel_id=config.org.channel,
slack_workspace_id=config.org.workspace,
notification_topics=[b.topic]
)
Solution: Budget Automation](https://image.slidesharecdn.com/2022-sf-summit-improving-developer-experience-with-cdk-220422144214/85/2022-SF-Summit-Improving-Developer-Experience-with-CDK-23-320.jpg)
2022 SF Summit - Improving Developer Experience with CDK
- 1. S A N F R A N C I S C O | A P R I L 2 0 , 2 0 2 2
- 2. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Improving developer experience with CDK Casey Lee D E V 2 0 2 Chief Technology Officer Gaggle
- 3. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gaggleâs Transformation Story Blocked Items 190,616,612 105% Messages 5,155,335,282 350% Files 6,276,549,392 489% PSS 20,395 61% Human Items 38,815,291 34% Lives Saved 1,338 50%
- 4. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: âThe tech team never gets anything done...when they do, it is months late!â
- 5. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. % Efficiency = (# Engineers) / (WIP) WIP = (Lead Time) x (Deploy Frequency) High WIP, Low Efficiency
- 6. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: Inability to work in isolation results in long feedback loops
- 7. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Provision separate AWS accounts per developer
- 8. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: Unable to use existing CI/CD to deploy into dev account
- 9. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Use CDK for each application
- 10. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Use CDK for each application from gaggle_cdk.core import S3Website, S3JsonFile, apply_permissions_boundary class AppStack(core.Stack): def __init__() -> None: s3_website = S3Website( self, hosted_zone=hosted_zone, website_sources=s3deploy.Source.asset(artifact) ) config = S3JsonFile( bucket=s3_website.bucket, object_key="assets/config.json", values={ "version": os.getenv("CODEBUILD_RESOLVED_SOURCE_VERSION","-"), "identityProviderId": user_pool_idp, "baseApiUrl": base_url, } )
- 11. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Automate IAM Permission Boundary from gaggle_cdk.core import apply_permissions_boundary class AppStack(core.Stack): def __init__(self) -> None: apply_permissions_boundary(self)
- 12. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Automate Tag Policy tags = GaggleTags( application=application, environment=environment, team=team, some_random_tag=âfoo", ) # Create a stack, add resources to it stack = core.Stack(app, "my-stack") # Apply the tags to the stack tags.apply(stack) # Additionally you can apply tags to the entire app tags.apply(app)
- 13. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: Deploying dependencies
- 14. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Automate build/deploy of dependencies from source
- 15. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Automate build/deploy of dependencies from source # Define the commands needed to build build: - npm run build # Define the dependencies to load dependencies: - repo: gaggle-net/service-a.git ref: main # Define the applications to run locally - basedir: infrastructure stacks: ui-stack context: my-context-key: my-context-value
- 16. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: QA is now a bottleneck to delivery process
- 17. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Separate integration accounts per team
- 18. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Create pipeline for each service
- 19. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Create pipeline for each service from aws_cdk import core from gaggle_cdk.core.pipelines import DeploymentPipeline class ExamplePipelineStack(core.Stack): def __init__(self,scope: core.Construct): pipeline = DeploymentPipeline( self, github_repo="sample-api", github_org="gaggle-net", integration_account="100000000000", staging_account="200000000000", production_account="300000000000", )
- 20. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenge: Many accounts can be expensive!!
- 21. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Budget Automation
- 22. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. # The 'org' sections defines settings for the entire organization org: owner: org-owner@gaggle.net workspace: T0000000 channel: ZZZZZZZ default_daily_limit: 5 # Teams are containers for accounts. # 'owner' - email address to notify for overages # 'channel' - slack channel to notify for overages teams: - name: FOO owner: alice@gaggle.net channel: YYYYYYYYYYY # Accounts are matched by 'name'. # - 'owner' an additional 'owner' can be specified to be included in overage emails. # - 'daily_limit' can be overridden per team account_costs: - name: developer-alice - name: developer-bob owner: bob@gaggle.net Solution: Budget Automation
- 23. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. from account_budget import AccountBudget class BudgetsStack(core.Stack): def __init__(self) -> None: for account in accounts: b = AccountBudget( self, account_id=account.id, daily_limit=daily_limit, emails=[team.owner,account_cost.owner] ) # create chatbot channel aws_chatbot.SlackChannelConfiguration( self, slack_channel_id=config.org.channel, slack_workspace_id=config.org.workspace, notification_topics=[b.topic] ) Solution: Budget Automation
- 24. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 25. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: Budget Automation
- 26. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Results...
- 27. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
- 28. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. % Efficiency = (# Engineers) / (WIP) WIP = (Lead Time) x (Deploy Frequency) Kickoff Transformation
- 29. Thank you! © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Casey Lee @nektos Survey Link ï
- 30. Please complete the session survey © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Editor's Notes
- #4: Duration: 120 seconds Talk Track Casey: Talk about who Gaggle is
- #5: Duration: 30 seconds Talk Track Casey: The challengeâŠ
- #6: Duration: 60 seconds Talk Track Casey: Describe problem: * Lead time = 47 days * Deploy frequency = 2/day * WIP 87 * Efficiency = 12%
- #7: Duration: 90 seconds Talk Track Casey: Inability to work in isolation -> long feedback loops * developers canât run everything locally (lambdas, kinesis, sqs, etc) * Forced use of shared account and release branches. * QA owns shared environment and deployed to shared account. SLOW FEEDBACK. â DEV and QA are coupled to get feedback.
- #8: Duration: 30 seconds Talk Track Casey: Use Control tower to provision each developer their own account
- #9: Duration: 90 seconds Talk Track Casey: How do they deploy to new accounts? Canât use bamboo ï
- #10: Duration: 120 seconds Talk Track Casey: Wrap existing CFN templates with CDK where possible. Create shared resources.
- #11: Duration: 120 seconds Talk Track Casey: Create higher order constructs S3Website â S3 Bucket, CloudFront, Route53, Deploy code S3JsonFile â dynamic values from CFN pushed to JSON file in bucket
- #12: Duration: 60 seconds Talk Track Casey: IAM Permission Boundary to allow creating IAM policies in CDK, but automatically add the appropriate perm boundary to avoid privilege escalation
- #13: Duration: 60 seconds Talk Track Casey: We enforce certain tags â make it easy to add those tags to the stack or app
- #14: Duration: 90 seconds Talk Track Casey: How do I deploy my dependencies?
- #15: Duration: 120 seconds Talk Track Casey: Define dependencies in code, pull/build/deploy deps Quickly converge any environment to run an app and its deps
- #16: Duration: 120 seconds Talk Track Casey: CDKR tool. Define deps in YAML. Run deploy Clones dependencies and deploys
- #17: Duration: 60 seconds Talk Track Casey: Still waiting on QA for all testing â and now devs are providing pressure! Still have shared account and release branches. Bottleneck is now QA. They own shared environment and deployed to shared account. SLOW FEEDBACK. â COUPLING between ALL dev teams to test/release changes. ONLY 1 path to production!
- #18: Duration: 60 seconds Talk Track Casey: MOAR accounts! New account per team This account allows teams to handle their integration testing in parallel of other teams
- #19: Duration: 60 seconds Talk Track Casey: Each service gets CodePipeline Explain how dependencies are deployed into team accounts but not to higher accounts
- #20: Duration: 120 seconds Talk Track Casey: CDK - high level construct for a pipeline Creates build job - use buildspec Creates deploy to integration and runs tests â Staging â prod
- #21: Duration: 60 seconds Talk Track Casey: Hard to manage costs across dozens of accounts Devs trying new things Devs scaling old things Need visibility
- #22: Duration: 120 seconds Talk Track Casey: Approach: decentralized view into budgets...give ownership to others Automate provisioning of budget per member account Attach SNS top to budget Subscribe slack and email
- #23: Duration: 120 seconds Talk Track Casey: # 'owner' - email address to notify for overages # 'workspace' - slack workspace id # 'channel' - slack channel to notify for overages # 'default_daily_limit' - a default daily limit for any account that isn't included in a team
- #24: Duration: 120 seconds Talk Track Casey: Run in master account. Loop through all accounts and create an account budget construct Budget construct does the budget, notifications, and sns topic Include daily limit and emails for notifications Include chatbot from budget SNS topic
- #25: Duration: 30 seconds Talk Track Casey: Leverage existing AWS tools (budget in console)
- #26: Duration: 30 seconds Talk Track Casey: Slack message
- #27: Duration: 5 seconds Talk Track Casey: transitionâŠ
- #28: Duration: 12= seconds Talk Track Casey: New process
- #29: Duration: 90 seconds Talk Track Casey: Results after transformation * Lead time = 47 days -> 12 days * Deploy frequency = 2/day -> 6/day * WIP 72 (40% increase in headcount) Efficiency = 12% -> 61% Pipelines launched efficiency and throughput