The NEED TO KNOW Info On Amazon's Software Development

00:00

I think that we make a common mistake in

00:02

software development Circles of

00:03

dismissing the unicorns I suppose that

00:06

we often make the mistake of too slowly

00:07

following them too but that's probably

00:10

the topic for a different episode one

00:12

day

00:13

I can't tell you how many times people

00:14

have told me don't mention Google or

00:17

Amazon or Facebook we aren't them

00:20

I can understand that but also I think

00:23

it's a little bit of a risky strategy to

00:25

ignore the lessons of successful

00:27

companies we can learn from them

00:30

sure there are things that make the

00:32

problems these web Monsters Face unique

00:36

but there are also lessons that we can

00:38

take away and they grew to the States

00:41

because they were doing some things

00:43

right

00:44

so today I'm interested in what we can

00:47

learn from how Amazon develops software

00:53

[Music]

00:57

hi I'm Dave Farley of continuous

00:59

delivery welcome to my channel if you

01:02

haven't been here before please do hit

01:04

subscribe and if you enjoy the content

01:06

today hit like as well Amazon of one of

01:09

the most successful companies in the

01:10

world and produce software at a

01:13

staggering Pace these days Amazon

01:15

deployed change into production more

01:18

than 136

01:20

000 times per day

01:22

that's more than 1.5 times per second

01:26

but it wasn't always like that Amazon

01:29

began with a fairly conventional

01:31

relational database back system written

01:33

in C plus they grew very quickly so

01:37

quickly in fact that for many years

01:38

their technology was the main constraint

01:42

on the growth of the company

01:44

I remember sitting in the audience at an

01:47

internal presentation by Amazon CTO

01:50

Verna Virgos he was describing the

01:54

challenges of web scale Computing this

01:57

was not long after the famous Jeff Bezos

02:00

email that introduced small two Pizza

02:02

teams and what became the distributed

02:06

service model that was the Genesis of

02:09

Amazon web services

02:11

in his presentation Werner described

02:13

several of the challenges and two stuck

02:16

very clearly in my mind they resonated

02:19

because at the time I was working in a

02:22

different context on both of these

02:23

problems one was that relational

02:26

databases don't scale

02:28

my take on that is that the answer to

02:30

this DB problem was to move to a

02:33

generally distributed model for the

02:34

system architecture overall and that

02:37

tends to lead us into the Realms of

02:38

event-based systems asynchrony and

02:40

eventual consistency all stuff I was

02:43

actively working on at the time

02:46

the other idea was that if this more

02:49

complex model of systems is what we

02:51

really need then how do you structure

02:53

development so that you can give

02:55

developers insight into the correctness

02:57

of their changes

02:59

at this time I was part way through

03:02

writing the continuous delivery book and

03:04

so believed that I knew the answer to

03:06

this too at the end of his talk Werner

03:08

said if you know any how to do any of

03:11

this come and talk to me but I didn't

03:13

because I was rather enjoying what I was

03:15

working on at the time and there was a

03:17

long queue of people waiting to speak to

03:19

him presumably about other aspects of

03:21

his talk but it looks like Amazon did

03:24

okay anyway to me

03:25

before we go any further let me say

03:27

thank you to our sponsors we're

03:29

fortunate to be sponsored by equal

03:31

experts trisentis and transfig all of

03:35

these companies offer products and

03:36

services that are very well aligned with

03:38

the topics that we discuss here on this

03:40

channel every week so if you're looking

03:42

for excellence in continuous delivery

03:44

and software engineering please do click

03:47

on the links in the description below

03:48

and check them out Amazon were fairly

03:51

early adopters of continuous delivery as

03:53

a general approach to software

03:55

development I recently came across a

03:57

post by Amazon engineer Claire liguri

04:01

who writes about some of the detail of

04:03

how they organize their work

04:05

this isn't the team topologies part or

04:07

the message-based event-driven micro

04:09

service part this is the basics of

04:12

working so that your software is always

04:15

releasable and keeping it there

04:16

continuous delivery clay describes the

04:19

Amazon version of continuous delivery as

04:21

comprising of four fundamental Parts

04:24

Source build test and prod my

04:28

terminology is slightly different but we

04:30

are talking about exactly the same ideas

04:32

I describe a deployment pipeline as

04:35

consisting of commit acceptance and

04:38

production phases and Define the scope

04:41

of the pipeline is evaluating an

04:43

independently Deployable unit of

04:45

software

04:46

so I'd map Amazon stuff onto my model

04:49

rather like this

04:52

Amazon lists the things they expect to

04:54

be in the repository that the pipeline

04:57

evaluates these are the things that

04:59

define a releasable unit of software

05:03

everything is under Version Control

05:05

together

05:06

so the Version Control defines the

05:08

versions of all of these things that

05:10

work and change together

05:13

this eliminates any problems of

05:15

dependency management by making the

05:17

scope of the stuff in a repo the stuff

05:20

that defines a releasable unit of

05:22

software

05:23

what Amazon calls build I'd call the

05:27

commit phase

05:29

the job of the commit phase is to give

05:31

Fast accurate feedback to developers

05:33

following any change

05:35

if all these tests pass then the Amazon

05:38

developer can move on to work on new

05:40

things

05:41

at the end of the build or commit step

05:44

if all of the tests pass they package

05:46

and store the artifact I call this

05:49

creating the release candidate but once

05:52

again despite differences in terminology

05:54

this is exactly how I Define the job of

05:57

the commit stage in continuous delivery

06:00

all of these things are strongly focused

06:03

on delivering great fast feedback on

06:05

changes to the development team and so

06:08

supporting the fine-grained development

06:11

process there's no hiding change away on

06:14

feature branches here or the change

06:16

management theater of git flow Amazon

06:19

practice trunk-based development and

06:21

full-blown continuous integration all of

06:24

the time this maximizes visibility for

06:27

the development teams into the true

06:28

state of the system that they're working

06:30

on at all times

06:33

the next phase in the deployment

06:35

pipeline is what I call the acceptance

06:37

phase but what Amazon just call testing

06:40

inevitably I suppose I like my words

06:43

better because there's testing in every

06:46

phase but the goals of and the

06:48

fine-grained detail of the approach are

06:51

still identical to the model that I

06:53

recommend

06:54

the build or commit phase produce the

06:57

artifact or release candidate as the

07:00

result of all tests passing and from now

07:03

on any further testing that we do will

07:05

be evaluating things at the release

07:07

candidate level

07:08

rather than at the level of source code

07:11

so any more testing from now on starts

07:14

by deploying the risk release candidate

07:17

and then checking that it's up and

07:18

running and ready for use

07:21

Amazon refers to this part as health

07:23

checks which confirm that the system is

07:25

ready before starting the tests

07:28

here's the picture that I use in my

07:30

training to describe what this process

07:31

looks like they're almost identical

07:35

I don't know if my work influenced

07:37

Amazon but I didn't get this from them

07:40

so either they got it from me or

07:43

probably more likely this is an example

07:46

of convergent evolution

07:49

this approach works so well that when

07:52

you apply a disciplined engineering

07:55

approach to thinking about problems and

07:57

solving them and trying different things

08:00

keeping the things that really work and

08:01

discarding the things that don't now you

08:04

tend to end up in the same place

08:06

even if you began from different

08:08

starting positions in science this kind

08:12

of thing is called reproducibility and

08:15

that is one of the strongest assertions

08:16

of the correctness of your findings that

08:19

there is

08:19

again there are some terminology

08:21

differences but the process is pretty

08:24

much identical once again if you'd like

08:26

to learn more about this reproducible

08:28

world-class approach to software

08:30

development by the way check out my free

08:32

introductory training course there's a

08:33

link to that in the description below

08:36

Amazon calls the next phase of testing

08:38

integration testing Jazz and I called

08:41

its acceptance testing but the goal is

08:44

the same aim is to deploy the same bits

08:47

and bytes that represent our release

08:49

candidate into a production-like test

08:51

environment and then to evaluate it in

08:54

realistic lifelike scenarios or as

08:57

Amazon describe it

08:58

these tests exercise the full stack end

09:00

to end by calling Real apis Running on

09:03

real infrastructure

09:05

fundamentally what's going on here is

09:08

completely perfectly in line with the

09:10

approach that we describe as continuous

09:11

delivery

09:13

I describe this phase of the pipeline is

09:15

evaluating the release ability of our

09:17

changes and the idea is that this

09:19

evaluation is completely definitive if

09:23

the pipeline says pass we're free to

09:25

release the change into production with

09:27

no further work to do if it says fail

09:30

we're not and need to submit a new

09:32

change to the pipeline to correct the

09:34

mistake what determines release ability

09:37

for Amazon might be different to what

09:40

determines it for you or me but they're

09:43

doing exactly the same thing here as I

09:46

do when I when I form a project

09:49

for the high performance systems that I

09:51

used to build there's not enough about

09:52

performance testing here Amazon focuses

09:55

more explicitly on testing observability

09:57

than when we did building high

09:59

performance systems we bundled

10:01

observability testing in with our

10:03

regular acceptance testing presumably

10:05

Amazon bundled performance testing into

10:08

what they call load testing but these

10:10

are differences due to the nature of the

10:13

differences in the business the model of

10:15

development is still identical Amazon

10:18

talk about one box testing which is

10:20

aimed at allowing teams to make progress

10:23

independently of one another

10:25

microservices called the production

10:27

version of the API from Services owned

10:29

by other teams but in the pipeline they

10:32

also just check the compatibility with

10:35

the pre-production version of the those

10:37

dependent apis too

10:39

so to be clear Amazon micro Services

10:42

support multiple versions of all of

10:44

their apis as a mechanism to manage

10:47

change between them as I described in

10:50

this video

10:51

I'm not entirely clear how Amazon cope

10:54

with the potential race conditions

10:55

between teams in this approach to

10:57

compatibility testing that is what

11:00

happens if team a checks compatibility

11:02

with Team B service just as Team B is

11:05

moving the pre-prod API to being the

11:07

prod API for example

11:10

at this scale there isn't going to be a

11:12

single copy of the truth of the whole

11:14

system anywhere other than in production

11:17

this isn't monolith a monolithic testing

11:19

strategy so that means there are

11:22

multiple copies of collections of

11:24

related Services if I understand this

11:27

correctly the way that Amazon cope with

11:29

this is to accept that there's no

11:32

perfect here and accept that for some

11:35

things they might discover problems

11:38

later in the process maybe even in

11:40

production

11:41

so what they do is to optimize to be

11:44

great at rolling back changes and to

11:46

limit the blast radius of any failure

11:48

that does actually make it into

11:50

production they accomplish this through

11:52

sophisticated form of canary releasing

11:56

rolling out change progressively and

11:58

having great observability on the

12:01

assumption that if there is a problem it

12:03

will be found before the change is

12:05

rolled out to everyone this isn't the

12:07

right answer for every kind of business

12:09

but it's exactly right for Amazon I'd

12:12

also assume that there are some other

12:13

forms of contract testing somewhere in

12:15

the picture of pre-release testing at

12:18

least that's what I think I would do in

12:20

their position

12:21

to further reduce the chances of

12:23

failures in production turning up even

12:26

if I was good at containing them and

12:27

recovering from them

12:29

there's a lot more of really interesting

12:32

detail in Claire's post and I recommend

12:34

that you check it out there's a link to

12:35

that in the description below too and a

12:38

lot there's a lot to learn from it but

12:39

what I find really interesting is just

12:43

how closely this tracks the model of

12:45

continuous delivery that I present I

12:48

guess that I'm not really surprised by

12:50

all of this since I know that this stuff

12:51

works better than anything else that

12:53

we've found so far

12:54

but I think that the level of detail

12:56

with which Amazon's model for continuous

12:58

delivery tracks what I've done and what

13:01

I describe on this channel is an

13:03

important independent verification and

13:06

validation of this model of world-class

13:09

software development thank you over on

13:12

patreon WE host a regular q a show where

13:16

you can send me specific questions and I

13:18

answer them in a pre-recorded session

13:20

once per month

13:21

right now we're hosting a competition

13:23

for our members where you can win the

13:25

chance to host the Q a show where you

13:28

can ask me the questions submitted by

13:30

members as well as throwing in as many

13:32

as you like of your own if that's

13:33

something that you're interested in then

13:35

enter the competition by becoming a

13:37

supporter on patreon if you're not

13:39

already there's a seven day free trial

13:41

available

13:42

once you are a member submit a question

13:45

on our Discord server for the next q a

13:47

show that's it the deadline for entry

13:50

will be the 31st of August this year 23.

13:53

so good luck to you

13:57

[Music]