This blog post will explore how automation can accelerate the development of SaaS services within an organization. Drawing from the experiences at CyberArk, it demonstrates how a well-crafted automation strategy can drastically reduce the time-to-production for new services.
The Challenge: Building SaaS Services at Scale
CyberArk, a company with over 4,000 employees and a large developer base, transitioned to a serverless-first SaaS provider. The initial experience of building their first SaaS service, the tenant Management Service, was challenging due to a lack of prior SaaS experience. After achieving maturity with the first service, the challenge shifted to scaling the development of new services while maintaining standards and best practices. The goal was to enable different teams to adopt serverless technologies, utilize common observability tools, and ensure rapid replication of successful patterns across the organization.
The Solution: Automation and Blueprints
To tackle these challenges, CyberArk built an automation solution that has been used by hundreds of developers and has created dozens of microservices. This automation reduced the time required to bring a new service to production from 18 weeks to approximately 3 hours. This resulted in significant cost savings, estimated to be over $1.5 million from the previous year to the end of the current year.
The core components of the automation include:
Developer Portal: A self-service hub that allows developers to initiate the creation of new services by filling out a form with necessary parameters such as GitHub organization, service ID, service name, and team. CyberArk uses Port as their developer portal.
Blueprint Orchestrator: A serverless step function state machine with Lambda steps that orchestrates the creation of microservices from blueprints. It interacts with Jenkins, GitHub, and other APIs to create repositories and trigger deployment pipelines.
Blueprints: These are microservice starting points that serve as templates, containing all the necessary best practices, tools, and built-in observability. Developers can focus on writing business logic instead of reinventing the wheel. Blueprints also ensure governance by enforcing the use of standardized tools and practices across the organization.
What it Takes to Build a Production-Ready SaaS Service
Building a production-grade "Hello World" SaaS service involves multiple microservices and integrations. Even a simple backend microservice requires consideration of several elements:
Infrastructure as Code: Using tools like CDK, Terraform, or Serverless Framework to define and manage resources.
CI/CD Pipeline: Automating the process from code commit to deployment, including linting, security scanning, and testing.
Lambda Best Practices: Implementing hexagonal architecture, security measures (input validation, authentication, authorization), and tenant isolation.
Testing: Unit, integration, and end-to-end tests.
Unified Observability: Logs, traces, metrics, and alarms to monitor the service, along with dashboards for visualization.
The frontend development also has its considerations:
Infrastructure as Code: Defining the cloud front distribution and S3 bucket.
CI/CD Pipeline: Automating the deployment of frontend code.
Frontend Best Practices: Developing reusable components, integrating with backend APIs, and implementing security measures.
Testing: Unit tests, end-to-end tests, and cross-client compatibility testing.
Telemetry: Using tools like Mixpanel to understand user behavior and inform development priorities.
Furthermore, integrating with the SaaS control plane adds complexity, including subdomain registration, cross-account access, and secure APIs. Services often need to be deployed across multiple AWS accounts (Dev, Test, Stage, Production) and regions.
Cross-Account Access Automation
A critical aspect of the automation is the SaaS control plan integration blueprint, which leverages AWS Service Catalog. This blueprint facilitates dynamic cross-account access. The process involves:
Deploying a blueprint that creates an IAM role in the service account.
Using an AWS CloudFormation custom resource to send an SNS message to the SaaS control plane.
Invoking a Lambda function in the control plane that updates the trust relationship of the IAM role, allowing the service account to assume the role.
Actionable Steps
Start with Blueprints: Begin by creating templates for individual microservices.
Iterate and Expand: Gradually add self-service capabilities, more blueprints, and a developer portal.
Automate Multiple Blueprints: Connect the blueprints and automate their deployment.
Embrace Serverless: Utilize serverless services for their simplicity and cost-effectiveness.
Key Takeaways
Platform engineering teams need to have a product mindset and continuously seek feedback from internal customers.
Executive support is crucial to encourage the adoption of platform solutions.
The development team should be convinced, not forced, to use the platform, so they need to see the value.
Building a comprehensive platform is an iterative process that requires time and effort.
By implementing automation and embracing serverless technologies, organizations can significantly accelerate SaaS service delivery, reduce costs, and empower developers to focus on innovation.
Comments