After recently migrating an on-premises deployment, our deployment on the cloud may still be of a monolithic structure. It may contain just one repository holding all the application logic, making it difficult to separate responsibility and hence difficult to maintain.
In such a scenario, it is best to slowly break it apart into a more microservice-based architecture. In doing this, first one of the considerations is to split functionality based on Lambda functions, considering the scope of each and how they can in general reduce complexity. In doing so, each function will be independent and can manage to reduce the impact of failures in an area that could impact other operations. In the case that two microservices access the same function, it is imperative to architect it in such a way that it shares the logic or even merge them together in order to eliminate complexity or points of failure.
As part of coordinating the interaction of microservices in the form of Lambda functions or other components, AWS Step Functions or Amazon EventBridge can be used, to coordinate the components of distributed applications visually and produce and consume messages from a serverless event bus respectively. As part of this, the CI/CD pipeline as part of continuous deployments has to account for this and code needs to be organized and deployed based on common functionality for ownership and repos, creating groups of functions that could define a microservice.
From a security perspective, it is imperative to implement a zero trust policy, ensuring that if a breach does occur, only one microservice is impacted while others remain secure, unlike the problem of a breach for a monolithic application. Hence, IAM resource policies and execution roles will be necessary for this. Continuous monitoring with services such as AWS CloudWatch and AWS CloudTrail to monitor and log suspicious activity will also be necessary, alongside integration with third party services such as Snyk or DataDog.
That’s all for this blog post folks! In my next post, I’ll talk in more depth about security within serverless microservices-based deployments after a change from a monolithic application as discussed here.