Simon Obetko, Dev @ Stacktape
March 15, 2024
Going to production? You'll need to tighten things up. That means making sure your app can scale, your resources are secure, and you're alerted if something goes wrong. Stacktape is here to help with all of that. Here’s a look at getting your app ready for the big leagues, focusing on scalability, security, and monitoring with Stacktape.
Developers who haven't dealt with Ops might overlook scaling. It's crucial for handling more users without crashing. With some components such as Lambda functions, you get scaling out of the box. For container services such as web-service, a small configuration is required.
So let's take an example application containing: web-service, function and relational-database
resources:# handles requests and main application logicweb:type: web-serviceproperties:packaging:type: stacktape-image-buildpackproperties:entryfilePath: src/index.tsresources:cpu: 1memory: 1024# generates report every two hoursgenerateReport:type: functionproperties:packaging:type: stacktape-lambda-buildpackproperties:entryfilePath: src/lambdas/generate-report.tsevents:- type: scheduleproperties:scheduleRate: rate(2 hours)# database for storagedatabase:type: relational-databaseproperties:engine:type: postgresproperties:primaryInstance:instanceSize: db.m6g.largecredentials:masterUserPassword: my_secret_pass_123
With Stacktape, scaling becomes simple. You won't have to dive deep into Ops to get it right.
By simply specifying lower and upper thresholds for the number of instances, Stacktape sets up autoscaling for you. Optionally, you can define conditions for when to scale. This means your app adjusts automatically to the traffic it receives, ensuring smooth performance without manual intervention.
resources:# handles requests and main application logicweb:type: web-serviceproperties:packaging:type: stacktape-image-buildpackproperties:entryfilePath: src/index.tsresources:cpu: 1memory: 1024scaling:minInstances: 1maxInstances: 5scalingPolicy:keepAvgCpuUtilizationUnder: 70# ... rest of the resources
Another trick is to use a CDN (Content Delivery Network) for your compute resources, like a web-service. By caching content with a CDN, you reduce the load on your web-service. Fewer requests hit your server, and your app speeds up. Content from a CDN is stored at edge locations near your users, making your app faster for them. Stacktape makes setting this up easy.
Using CDN helps you in two ways:
- reduces load on your compute resources
- increases the speed of your app for users
resources:# handles requests and main application logicweb:type: web-serviceproperties:packaging:type: stacktape-image-buildpackproperties:entryfilePath: src/index.tsresources:cpu: 1memory: 1024scaling:minInstances: 1maxInstances: 5scalingPolicy:keepAvgCpuUtilizationUnder: 70cdn:enabled: true# ... rest of the resources
When it comes to production readiness, securing your infrastructure is important. Let's explore how Stacktape simplifies this key step.
First off, handling sensitive information like passwords securely is a must. Using secrets to store passwords ensures that sensitive data is encrypted and managed safely. Stacktape enables you to easily create secrets in Stacktape console or using CLI. Secrets are securely stored in your AWS account and you can reference them in your config for straightforward integration.
Using secrets to store sensitive information is a must.
For database security, the goal is to shield it from unauthorized access. Making your database accessible only within a Virtual Private Cloud (VPC) is a common practice. This setup limits access to your database, protecting it from external threats. However, if you need external access, Stacktape offers a solution. By utilizing a bastion resource, you can establish a secure tunnel to your database. This allows for safe external connections without exposing your database to the wider internet.
resources:# database for storagedatabase:type: relational-databaseproperties:accessibility:accessibilityMode: vpcengine:type: postgresproperties:primaryInstance:instanceSize: db.m6g.largecredentials:masterUserPassword: $Secret('my-db-pass')# adding bastion to enable access outside of VPCbastion:type: bastion# ... rest of the resources
Securing your web-service CDN is just as important. The web application firewall (WAF) resource in Stacktape provides a defense against common internet exploits. By filtering traffic before it reaches your service, the WAF helps to prevent attacks and keep your application safe.
resources:# handles requests and main application logicweb:type: web-serviceproperties:packaging:type: stacktape-image-buildpackproperties:entryfilePath: src/index.tsresources:cpu: 1memory: 1024scaling:minInstances: 1maxInstances: 5scalingPolicy:keepAvgCpuUtilizationUnder: 70cdn:enabled: trueuseFirewall: wafwaf:type: web-app-firewallproperties:scope: cdn# ... rest of the resources
Monitoring your application’s health and performance is crucial, especially in production. Stacktape offers flexible alarm configurations to keep you informed and ready to react. You can set up alarms directly on specific resources or create them globally through the Stacktape console. Global alarms are then automatically applied to your chosen resources during deployment, based on your predefined rules.
Alarms aren’t just about monitoring; they’re also about immediate, actionable notifications. Stacktape allows you to receive alarm notifications through Slack, MS Teams, or email. For more customized responses, you can integrate alarms with a Lambda function to execute specific logic when an alarm is triggered.
Stacktape allows you to receive alarm notifications through Slack, MS Teams, or email.
For example, if you want to be notified into Slack whenever your generateReport
function fails, you can set up an alarm like this
resources:# generates report every two hoursgenerateReport:type: functionproperties:packaging:type: stacktape-lambda-buildpackproperties:entryfilePath: src/lambdas/generate-report.tsevents:- type: scheduleproperties:scheduleRate: rate(2 hours)alarms:- trigger:type: lambda-error-rateproperties:thresholdPercent: 0notificationTargets:- type: slackproperties:accessToken: $Secret('slack-access-token')conversationId: CXXXXXXX# ... rest of the resources
After your function encounters a failure, a notification will be sent directly to your configured Slack channel, ensuring you’re instantly aware of any issues.
Wrapping up, we've walked through scaling, securing your infrastructure, and setting up alarms with Stacktape. These steps significantly improve your app's readiness for production. Stacktape makes this straightforward, letting you focus on what you do best: building great software.
We have made a few changes to improve the security and robustness of our app, so here is a complete config:
resources:# handles requests and main application logicweb:type: web-serviceproperties:packaging:type: stacktape-image-buildpackproperties:entryfilePath: src/index.tsresources:cpu: 1memory: 1024scaling:minInstances: 1maxInstances: 5scalingPolicy:keepAvgCpuUtilizationUnder: 70cdn:enabled: trueuseFirewall: wafwaf:type: web-app-firewallproperties:scope: cdn# generates report every two hoursgenerateReport:type: functionproperties:packaging:type: stacktape-lambda-buildpackproperties:entryfilePath: src/lambdas/generate-report.tsevents:- type: scheduleproperties:scheduleRate: rate(2 hours)alarms:- trigger:type: lambda-error-rateproperties:thresholdPercent: 0notificationTargets:- type: slackproperties:accessToken: $Secret('slack-access-token')conversationId: CXXXXXXX# database for storagedatabase:type: relational-databaseproperties:accessibility:accessibilityMode: vpcengine:type: postgresproperties:primaryInstance:instanceSize: db.m6g.largecredentials:masterUserPassword: $Secret('my-db-pass')# adding bastion to enable access outside of VPCbastion:type: bastion
We are looking forward to seeing what you build with Stacktape, and your feedback to make it even better.
Let Stacktape transform your AWS into a developer-friendly platform.
Learn more