문제

질문 22

Four large banks in the country have collaborated to create a secure, simple-to-use, mobile payment app that enables users to easily transfer money and pay bills without much hassle. With the new mobile payment app, anyone can easily pay another person, split the bill with their friends, or pay for their coffee in an instant with just a few taps in the app. The payment app is available on both Android and iOS devices, including a web portal that is deployed in AWS using OpsWorks Stacks and EC2 instances. It was a big success with over 5 million users nationwide and has over 1000 transactions every hour. After one year, a new feature that will enable the users to store their credit card information in the app is ready to be added to the existing web portal. However, due to PCI-DSS compliance, the new version of the APIs and web portal cannot be deployed to the existing application stack. How would the solutions architect deploy the new web portal for the mobile app without having any impact on 5 million users?

1. Forcibly upgrade the existing application stack in Production to be PCI-DSS compliant. Once done, deploy the new version of the web portal on the existing application stack.

2. Deploy the new web portal using a Blue/Green deployment strategy with AWS CodeDeploy and Lambda in which the green environment represents the current web portal version serving production traffic while the blue environment is staged in running a different version of the web portal.

3. Deploy a new OpsWorks stack that contains a new layer with the latest web portal version. Shift traffic between existing stack and new stack, running different versions of the web portal using Blue/Green deployment strategy by using Route53. Route only a small portion of incoming production traffic to use the new application stack while maintaining the old application stack. Check the features of the new portal; once it’s 100% validated, slowly increase incoming production traffic to the new stack. If there are issues on the new stack, change Route53 to revert to old stack.

4. Create a new stack that contains the latest version of the web portal. Using Route 53 service, direct all the incoming traffic to the new stack at once so that all the customers get to access new features.

풀이 및 공부

2번

프로젝트에서는 ec2 instance를 사용하고 있으며 lambda 를 쓴다고 문항에 나와있지는 않음.

그리고 bluegreen에 대한 설명도 반대로 되어있다.

The blue environment represents the current application while the green represents the new one

아래 사진은 문제와 큰 연관은 없는데 codedeploy에서 lambda deploy를 하면 아래처럼 traffic을 조금씩 이동시키며 실행시켜주는구나.

3번

Blue/Green deployment strategy by using Route53. Route only a small portion of incoming production traffic to use the new application stack while maintaining the old application stack.

이것은 route53의 weighted policy를 통해 할 수 있다.

route 53 콘솔에 오랜만에 들어가보니 아래처럼 visual editor가 새로생겼는데 policy가 한눈에 들어올뿐만 아니라 이해도 쉽다. 잘 만든 것 같다.

참고

• https://aws.amazon.com/blogs/startups/upgrades-without-tears-part-2-bluegreen-deployment-step-by-step-on-aws/