The Anatomy of a Secure Serverless Platform — Delivery
I recently joined Stackery from Puppet: a company that specializes in great automation software for the globe’s biggest enterprise IT operations teams. I had the privilege of learning from folks doing the best work of their life to automate the provisioning, configuration, and maintenance of infrastructure that enables teams of developers to move fast and make a difference for their business.
To me, serverless represents a movement towards specializing in providing best-in-class infrastructure so developers can spend less time thinking about virtual machines or containers and more time focussing on the hard work of designing, developing, and delivering distributed applications that operate on the public internet.
Software infrastructure automation is hard work that’s unnoticed if it’s working well and under-appreciated when it’s not. It’s my appreciation for this hard work that drew me to Stackery and excites me about the work we’re announcing today.
As both the architecture and the team behind an application scale, it’s critical to have a clear view of what’s changing and whether those changes integrate well with everyone’s work. Equally important is the process of delivering those changes through environments between the laptop and the customer.
This is not a simple process for most teams to get right, because it introduces a host of complex problems to solve, which is why Stackery is introducing additional capabilities that automate secure serverless delivery best practices and help teams build on an already solid foundation of serverless solutions.
Stackery users have never had to sacrifice consistency and security as teammates are added and their code-base proliferates – But today, we’re introducing secure delivery pipelines to Stackery so teams can focus on designing and developing serverless applications while Stackery does more to help the whole team move a change from a laptop to production AWS infrastructure, including:
Automated Preview Stacks
Stackery now manages the lifecycle of built stacks per-pull/merge request. This helps facilitate your team’s peer-review for the purpose of manual validation, executing a test suite, running load tests, audit checks, and whatever else is part of your existing review process. These are refreshed when commits are added and torn down when the PR is closed for the most lightweight workflow possible.
Dependency Vulnerability Checks & Test Execution
At the time of proposing a pull/merge-request, Stackery can now execute the test suite you provide with your stack on your behalf, against the preview stack it maintains per-PR. We’ve built this on top of AWS CodeBuild and provide links directly to the applicable CodeBuild job within your PR.
We’ve also integrated open source security tooling (such as npm audit for Node.js and safety check for Python) to perform package dependency vulnerability audits for every pull/merge-request.
No build jobs to design or repository configuration needed
Connecting Stackery to your stack repository in GitHub, Bitbucket, or GitLab is all you need to set up Stackery Pipelines. Simply choose which checks a stack should have enabled and Stackery will maintain the necessary webhooks, configure build jobs, execute the desired checks, provide feedback, handle queuing and all the other stuff you had to think about with a general CI/CD solution.
By the way, there are no concurrent build limits and queuing is automatically managed for you.
These features are now available for your entire software team!
Delivery & Promotion
Once a change has moved through peer-review from your laptop, Stackery can help you promote the change to a shared integration environment, and ultimately deploy into your production environment. You can configure auto-promotion when checks are green or one-click promote from the console after doing one last check.
The deployment pipeline will soon be available in beta preview.
How does my existing workflow improve?
You won’t have to do bespoke deployments to review proposed changes anymore, and should you choose, you don’t have to manually deploy (via the CLI or GUI) when everything’s green and you’ve merged the change.
Keep doing what you’re doing and enjoy the additional layer of verification available during the peer review process. While your current workflow for verifying changes remains the same, you don’t need to worry about colleagues kicking off the right tests during peer-review.
If you’re already using a CI/CD solution to build preview stacks and run functional tests, nothing needs to change. However, we encourage you to think about whether you need to continue maintaining your existing machine. We built our new CI/CD capabilities to further our mission of helping you focus on the design, development, and delivery of serverless applications, not their underlying infrastructure. We’d love to learn about your existing investment in CI/CD and how what we’ve built can help you get more time back. Reach out to us via in-app chat!
What’s the big picture?
Stackery has always been more than just a serverless development tool. It’s a complete platform that empowers your entire team to design, develop and deliver secure serverless architectures while enabling rapid modernization at the core of your business. These new capabilities bolster our preexisting delivery tooling enhancing security, confidence, and agility within your serverless workflow.
Have a look at the docs for these new capabilities: Serverless CI with Audits & Tests
We’ve collected content related to our design, develop, and delivery capabilities into a publication you can download and share with your whole team:
Whether you’re an existing user or you simply want a better idea of how Stackery can change your serverless development workflow, we invite you to schedule a complimentary workflow review. Our CTO, Chase Douglas, will review your current development process and identify areas of possible vulnerability or inefficiency in how you deliver applications.