Separation of Duties: IaC vs AppCode

Stop writing code directly in your Lambda functions!

I see this pattern a lot in AWS based environments that employ Lambda functions to create serverless environments and wanted to touch on something. I suppose this could be applied to GCP and Azure as well.

In this post, I'm going to convey a concept you can take with you and apply in your organization to help with a separation of duties. I often take this for granted because I've been doing this pattern for so long that it's almost a no-brainer to me.

IaC: Infrastructure as Code

Often times, folks employ tools like AWS CDK, Terraform, SaltStack, Ansible, Puppet or Chef to manage infrastructure as code to describe how they want their environment to look or describe how they want to deploy the infrastructure. There's nothing wrong with this except when you have to embed code itself into the IaC or configuration.

So the idea is to use your IaC to describe the infrastructure itself and not include code artifacts as much as you can help it.

Leveraging a Framework

Typically, what I do is a separation of duties so this doesn't have to happen. In my previous video on Anatomy of a Framework and post, I break down the basic concepts of writing up a framework. The idea is to have a central codebase to contain the scripts and code you would otherwise embed in your Lambda functions or on your servers.

This is often preferred for folks that are not familiar with a framework like ZendFramework for PHP, Django for Python, RubyOnRails for Ruby, Spring for Java, you get the point. It's a small and lightweight codebase that gets the job done, imports dependencies and has a relatively small footprint.

Most software languages these days support the concept of:

  • packaging/package management
  • builder/build runner/compiling
  • versioning
  • repository/artifact management & storage

So, let's take advantage of these concepts.

Import and Run Entrypoint

The result is you no longer write code directly in your lambda functions. Instead, consider writing up a small framework or library you can just import and execute the entrypoint. The great thing about this is you can de-couple the installation of the infrastructure using your fancy-dancy IaC from the software that needs to execute in dynamic serverless environments as well.

AWS Lambda also supports running docker containers! An added bonus is you can containerize your code into an executable container and AWS Lambda will handle the rest!

This allows a separation of concerns between infrastructure and software that should execute in a serverless environment.

Try this in your next implementation and let me know how you get along in the comments!

Comments

Post a Comment

Popular posts from this blog

Setup and Install Monero(d) -- p2pool -- xmrig

Image
Video Guide Text Guide Intro MineXMR is shutting down! What are we going to do?! OMG! Greetings and welcome to Kizano's FinTech where I teach you from zero to master in IT and DevOps. Nothing in this video is financial advice since I'm not a financial advisor. I'm an IT guy who's going to teach you some technical details about Monero as a service in Linux, the p2pool software to run the mining pool side chain and xmrig, some mining software that's required in order to start mining. Also, I trust you know the laws of your local juristiction. This is for education and information purposes only. If you're running short on time, feel free to use the timestamps below so you can get what you need and be on your day. If you found this helpful, it would be very grateful if you slapped that like button on your way out to ensure this video shows up at the top of search results for others seeking answers to the same questions I'm about to answer in this video. F...
Read more

Subversion Tutorial

I figured I'd put this tutorial together for those who are struggling to grasp the concept or commands in SVN. I have also had to reproduce this tutorial for more than one company, so I wanted to generalize it for anyone new to SVN. Installing a command-line SVN client Windows Windows users can goto SlikSVN and install the client from there. Linux Linux/Mac users should first type which svn to see if they have subversion installed. If not, Debian-based users can type: sudo apt-get install -y subversion RHEL based users can use: sudo yum install -y subversion OSX Mac OSX users can use MacPorts or Homebrew to install their cli-subversion client. brew install subversion or sudo port install subversion Configure Your Subversion Client Windows After you have run the installation package for both subversion and gnuDiff, make ...
Read more

Build xmrig on Linux

Hi all, So, I am getting into the crypto-mining space a bit and I wanted to share a few things I've learned. This whole experience has been teaching me a lot as of late! In this post, we'll be talking about xmrig what it is and how to compile it on Linux. I'm going to skip the wallet and other details as I wanted this post to be as context-specific and straight to the point as possible. Let's dive right in. What is xmrig??? My take on this is xmrig is a swiss army knife of a mininig tool that can be used for many algorithms and various coins. I mostly found and used this to mine Monero (XMR), so we'll take that as an example. xmrig supports both CPU and GPU minining, but not all algorithms are CPU- or GPU- friendly. Some are specific to either, so be mindful of what you are doing when you are setting this up. Let's dive into the build and running instructions and examples. Building xmrig I happen to be using d...
Read more