Video details

Infrastructure as Software | Paul Stack

Serverless
08.18.2020
English

Paul Stack

In this talk, Paul will demonstrate why writing infrastructure in general programming languages is a better way to is a better choice for infrastructure management. Pulumi is an open source tool that allows users to write their infrastructure code in TypeScript, Python, DotNet or Go.
General purpose languages allow infrastructure code to have integrated testing, compile time checks as well as being able to create infrastructure APIs and is more suited to infrastructure management than DSLs, JSON or YAML. In addition, he will demonstrate how to build infrastructure that manages Serverless, Kubernetes, PaaS and IaaS systems across multiple cloud providers.

Transcript

So welcome to my talk, which is infrastructure software, so. Infrastructure software is a topic that is related to using the tooling in order to build your systems into the cloud. My name is Paul Stack Stack seventy two and I work for a company called me. Everything you see today is open source. I'm not going to ask you to pay for anything, but the examples that I am given will show you prove to me as a tool to different. Companies, different people are at different levels of transition. There are notoriously three different levels. So we have the one which is like traditional entier style architectures that have been pushed into the cloud. So you just think that you've picked up your your physical data center and moved it to the cloud. You have some application servers, you have some Web servers there, long managed, and they're usually managed by a configuration management tool, maybe puppet, maybe chef, maybe Ansible, maybe something like this. And they're longer running tools that you sort of care for in a little way. Then you move into the to V two is a little bit of a more transitional style. So it's a little bit of entier style architecture, but using managed services may be hosted. SQL Server or a RORA and S may be taking advantage of containers like Docker and your system starts to become a little bit more ephemeral. So effectively you can much more move into the immutable style infrastructures where infrastructure can be created and destroyed. And they don't really have long running states held within the application themselves because you know that that's sort of a little bit dangerous when you go to the client and then you have these three infrastructures. These are what we classis modern infrastructures. You've probably heard the term cloud native or micro services or all these different things. And this is what we mean by the modern infrastructure. So you're probably using a container scheduler, maybe Khubani days, maybe hash nomad. You're taking advantage of maybe Cervalis. You're taking advantage of hosted monitoring tools that are feeding by, excuse me, back into your code. And everything is sort of fully dynamic. And it's very difficult to get at each and every piece running because there are so many different pieces of your of your system. If you think of it in terms of micro services, you could have five thousand and micro services running within your system. But to run all five of those on your own, your developer laptop would be very difficult. So there are different ecosystems on there excuse me, different parts of the ecosystem and different people are at different levels. So I'm not saying that if you're not a V three, you're not doing the right thing. That's really not the point of this talk. All of the tooling that exists today and I do mean all of the tooling. So we're talking cloud formation, we're talking ALM templates. We're talking how she got terraform, we're talking Paluma, we're talking puppet, we're talking Ansible. They target specific levels or a combination of levels of all of the transitions. But we had we at Plumy believe that we're very much targeting, targeting V three because we're taking advantage of real languages in order to understand and build sort of these dynamic architectures as we go. And I'll show you that as we go through. So just to get everybody on the same page, what is infrastructure is code. It's a way of eliminating error prone Meynell changes. It's a way of bringing your best practices to infrastructure and you gain visibility through code of using previous to your codifying your infrastructure. It's automated and it's repeatable and it's faster to get to market because it is actually got plans and previews. It's actually safe and predictable. So it's a declarative syntax. Whereas Plumy, we believe that we're actually modern infrastructure as code because we use real languages, you get to create layers of abstraction to real APIs, real packages. You can use your favorite tools, your ideas, your testing. You can deploy it. You have a CLI which for your gets opposite their action, which fits into your workflow. And of course, because of that, you could audit all your changes that go with it across all the other agencies. Well. So for us, we don't believe that its infrastructure as code, we actually believe it is infrastructure software because we're using real languages, we can actually take advantage of the real language ecosystems and we can start to actually really build in proper development practices into our infrastructure. We no longer have to have these rubbish scripts or really nasty JSON files or DSL files that have grown and not being given care and attention. We believe that you can actually create real software in the same way you would create your real application. Infrastructure code is just as important as the application code because without the infrastructure code, you can't deploy your application. So you need to treat it with the same care in respect to Plumy has a number of layers that allow you to do this. So let's start at the bottom and we will say that it has a like a layer of of providers. This is our foundation. Everything's built on. So we have access to the SDK and the APIs for Azure Google cloud cover that is open digital ocean, VMware data, all CloudFlare and so many more tools. And because we have that, you can create real infrastructure against those pieces of those vendors or those specific clouds. Then because of that, we can create libraries on top of those, which will actually be layers of abstraction which allow you to interact with containers or Cervalis or infrastructure. And then as at pluming, we have developed this idea of cross crosswalk where we have created the best practices in the simplest way in order to make people as productive as possible. So I'll give you an example of a crosswalk in action to create a fully working VPC in Amazon. So VPC is your own virtual private cloud. You would need the VPC, you would need the subnets that go with it. You would need the Internet gateway. You would need if it was private subnets, you'd need the right tables and the right table associations that allow you to talk into the private subnets. And then you would need some not gateways, which would actually allow your private subnets to talk to the Internet. Now, there's a lot of boilerplate code there, and we've actually been able to wrap that away in a single line of code which will actually take care of that for you. And I could show you that in a demonstration virtual. So I said Illuminists modern infrastructure is code that allows you to take advantage of your existing tools in your existing ecosystem. So we support, of course, all major source code providers. I'm not saying these are the only ones. Of course, these are the ones that we have most use it from. So GitHub, Atlassian get life vests, we support JavaScript and typescript, we support Python. We support go on. We support all of the dot net core ecosystem languages. So C sharp, F sharp and VB. We are real languages. Therefore we can take advantage of NPM. We can take advantage of Newgate, we can take advantage of Pioppi, we can hook into these systems. And then as I said previously, we actually have support for our GCP. Carbonetti Open Stack, Digital Ocean Packet Daughton. That's on so many other cloud. So it's important to understand that even though it's using real languages, Paluma is declarative by default, it is actually and state that you declare. So in this small application, you will see in typescript, you would declare that you want a security group with these ingress rules. You would declare that you need this specific instance and using this specific security group that goes with it on the Amite, of course, that we said as a constant. But because it's an imperative application, you need to understand and create the correct application structure that will allow you to run it. Because in this case, in JavaScript, if I was to try and declare the instance before the security group, then of course, that's not a correct application structure and it would actually fail to compile. So it's really giving you the ability to create that NSA configuration in an imperative manner. It has, of course, got support for loops and conditions and real programming constructs, so in this example, we only provision of VPC, if there's excuse me, a VPC, a public subnet, if there's a site or block. So you can start to take advantage of of understanding the conditions that are happening in your system. We have multi provider workflows where the output of one resource can be the input of another resource. You'll see that the Engine X, the excuse me, the constant buckett will actually store our engine X configuration. And that is then actually passed into a and that is deployment in the spec. So you can see Buckett look at the then we have reusability so you can actually package things up into your own API so your operations team can create APIs around networking or a run coroneted or a run these areas that you as developers are not so caring about. You don't care about how you build a clarinettist cluster. You need a Cuban heti's cluster in your environment that you can actually start to deploy your applications on to you to test your applications so we can actually allow you to package them up within your environment and reuse those. And then we can start to do much more interesting things. So this is an example of advanced orchestration. So what this code is doing right now is it is creating three replicas of a deployment, so we're going to call that our country after the three replicas have been created, it will then go off to check Prometheus because it's real code. We can actually import the Prometheus SDK package or we can actually talk to the Prometheus API directly once we're happy inside this check matrix and function. Once we're happy that everything works as expected, then we can actually proceed with the next 10 replicas of our cluster. So no more bluegreen deploys or canary rollouts that would actually allow you to talk to do one half, then go off and manually look at some graphs and then come back and hope everything is OK and then manually deploy the rest. This would actually allow you to encompass everything within the same application. One of the new things that we've actually added in Pelamis 2.0, which was released maybe a month ago now, maybe a month and a half, is the ability to have real test driven infrastructure. So infrastructure testing is hard because the feedback loop is extremely slow because you actually have to wait on resources to to speed up and understand what's happening. But if we think about that, what we're doing there is we're testing. That the API request that we sent to our specific cloud is actually valid after it has spun up the infrastructure. So we know that if we give a cloud a specific request, that they will give us a well-formed response. So in Plumy, we can actually mock that response right now and we can actually say, hey, if there's a request to to create a new resource, if it's a resource of this specific type, then we can mock that the response from the cloud would be X. If it is of another type, it will be response Y, it's another type, it will be response Z. And because of that, we can then actually test that our code works, not the actual cloud themselves, because, you know, most of the time our tests are actually testing that it's the cloud rather than our specific code that's been written. And my favorite feature about Pelamis is the secrets management. Infrastructure is co tooling has predominantly not had secrets management as a first class member throughout the years, we've usually had to use another tool that goes with it or it's being bolted on throughout time. But Plumy was actually built with secrets management built in by default. So we will take care of secret management for you when you create a project that I will show you that very soon. And it actually allows you to integrate with existing providers that you have. If you don't use a CMS or Azure key vote or Google Cloud CMS or you vault, then Pelamis will assign a Plumy CMS key to your project and it will use that which under the hood is using a CMS. And you don't have to worry about setting up the infrastructure for it. But of course you can bring your own. I'm bringing your own will adhere to your own security protocols within your organization. This is one of my favorite features and it's one of the first ones on the demo super fast. Just to talk about the internals of Pelamis. Let me as a client and Seelie, the Cielito on your local machine or on your you will read the credentials. It will not transport the credentials anywhere else. So the claim makes two calls. It makes a call to your cloud when it actually has the API call on it. Of course, does that over https and it will authenticate correctly against the cloud and then it will actually talk to at API dot com or dot com to store your state. That's only the metadata. The metadata does not include your credentials. We never link those off the local machine or you do not have to use the Paluma source. What you can actually do is you can use an S3 bucket or a GCP bucket, earn as your blog and you can log in very quickly and store your state there so you don't even have to talk to me in any way, shape or form. It's really important. I think someone may have had a question because I heard a beep. If someone has a question on that, please do ask it. No, I'll continue on. So let's go and actually start writing some codes that we can see this in action. I know it's really important to know here that just before I started this talk, I myself have started have an API error rates. So my demo may be interesting, but we shall see if it is interesting or not. And so let's go have a look at it. So I created just a folder. There's nothing in the folder. Absolutely zero in here. And the first thing is that we Paluma a I told you so if I run Pelamis it will give us all of the available commands and believe me, but what it actually does is it says the most popular commands that people used or to begin working with is pluming. You let me up, stack, configure, destroy, and then it has all of the other ones. So preliminary is by default, plumy is it by default and interactive. Seelie So if we run the command pluming you, it will give us a list of pre scaffolded templates that actually have everything, all of the dependencies required in order to run a Paluma application. So today I'm going to choose a typescript. I've given this demo like 100 times. It'll be a typescript and it'll be the fastest to show you a lots of good information. So we're going to call and they say, Özlem, you can give it a description. And then it'll ask you, do you want the stack so Stacks and Pelamis, you can think of a stack as an environment, so Dev test stage and production, what you can also think of a stack as each and develop. Each individual developer can have their own stack. A stack is a way of managing a state for a group of resources, and you can have multiple stacks pointing to the same project. So this is what allows you to deploy independently of each other and each stack can have its own configuration. So if you think that your production stack needs one set of credentials, you'd have a different set of credentials. And this is actually how we take care of it. So we're just going to say that because we're not going to get in multiple stacks today and then it'll ask as a region. So I'm going to say US West, too, because I know that every demo that I give today works in US West to or should work in US West. And then of course it's JavaScript. So it's going to download and install the entire Internet. So that is. An entire Paluma application that has been scaffolded, so let's go and write some, so I'm just going to open my ID very fast. And we can see in. Presentation mode, I apologize, and what it's given us is a number of things, firstly, it has all of our node modules has again ignored. It has indexed outguess, which will come back to our package adjacent, OK, which has our dependencies. It has a Pelamis Yamal. OK, this is the description of the Plumy Project, including the runtime. So if we change the runtime, the thought that it would actually run C sharp or F sharp or whatever. And then lastly, it has a Paluma stack, that YAML file. So in this case, we chose Dev. So it's a dead file that that file can have config us west to the prod file can have config us one, for example, is a region I'm not in. And then lastly, it has our index. That's so it has three different things that are indexed. First, it has our imports. So if we think of these like our packages, so Pelamis being the helper's the actual engine access to the engine itself as being the raw provider and Adobe as being that crosswalk compatible API that sits across the top and then we can actually write some programs against this. So everything in our cloud and I'm using Amazon here, the same style of demo can be given to Azure and you would have the same style of packages. So we have Adobe s S3 d'Alpuget or I can say const X equals new Astarte s, which is the database component, and we would actually see that as an instance. So we get full auto complete because of the fact that we are a type language. You know, for anyone who is watching the talk, if you a JavaScript person, please do not laugh at my JavaScript. I am not a JavaScript developer, but this actually is extremely simple to get from halloumi. So that is everything. That is a working Paluma application. And if I am change, which is I use a tool for managing my credentials locally and if I say this just loads my credentials halloumi up, what Plumy will do is it will try and create a plan of what it's going to do. The first thing it says is going to create a website because it doesn't exist right now. And as part of that dive, it will create a number of resources now, the resources in this case will only be an S3 bucket and nothing else. And we can have a look at the details of what it's going to do. Now, there's one interesting thing to note right here is the bucket that it's going to deploy has a suffix on the name Plumy by default, will take the constructor name. Add a random suffix to it, and that would be the name of the resource by default, we employ auto naming by default because we try and allow you the ability to create before were destroyed in the crime. There are lots of resources, let's say storage accounts and Azure as three buckets and will be as obvious launch configurations, loads of different pieces that you can create a new one before you delete the old one. And if you're trying to use a strongly typed name, then of course at that point you can be in some problems because the name already exists and it won't allow you to do it. So by default, Paluma will actually auto name for you. We're going to say no here on that. I can actually override that and I can call it bucket and I can say in D.C. Oslo 2020 demo. So we're actually strongly naming the bucket right now. So I go back to cleaning up and of course, pulling me up this time will tell me that it's going to create the bucket with the exact name that I specified. And one second. Please go and we can see it's an embassy also trying to win a demo and let's roll that back it up. So Pelamis now has that in its state. I can promise you that this specific account has hundreds of three buckets, but this Paluma application itself only cares about this specific S3 bucket and nothing else. I really hope somebody else hasn't denied that. There we go. And we get the bucket name back. So if I say Pelamis Stack Export, we can have a look at the state that it actually hold on just to show you that we don't store any credentials. It has the manifest. No, it has the secret provider, the secret provider. Just be that we're actually logged into the service, it doesn't store any credentials or any way, shape or form. And there are no street credentials, actually. Excuse me, be credentials being stored in our state file or transmitted in our state files. This Jason Blobbed is everything that is being pushed to our state, our metadata server and nothing else. And we can see that it's created the bucket and it has all of these specific outputs that come with it. OK, so we can add some tags to it. Tags and we can say owner. Seventy two on the next Paluma up it will actually only tell me what has changed because it has the state it understands it what the state is currently in our application. And it will tell me that it's going to change the tags and we can have a look at the details and it's only going to touch the tags and nothing else. And then lastly, if I destroy it, this is not interesting. This part of the demo, we can see it's only going to destroy that specific pocket and nothing else within this account. And we can say, yes, that goes with that. So that is the most basic flow of a new provider. OK, let's go and write some more interesting code that actually is a little more useful. So I have some code that I've already written. And let me just grab it. So the first thing that we need to do is I am going to create. A number of resources, again, please allow for my JavaScript, and I promise you, it's it only gets better. I can't actually get any worse with JavaScript, but that's OK. So we have firstly, we go off to Italy and we get the Army for a specific Ubuntu image that we want to launch machine. Then we have an SFH key. Please never do this in production where you embed your public key and your infrastructure. Then we have a security group that goes with it. So let's say that we actually want to launch multiple Web servers here. This is why I love JavaScript as a demo, because I can say let Web servers equals an unbounded array and I can actually say. So we're in a real loop right now. We can actually take advantage of all of being able to look and taking care of everything inside the system. So we're going to say we need to usually do something like CONSED Web server equals new adobe as. To that Web server, excuse me, for instance, our instance will need to have a unique name for everything in the look, OK, just because that type of woman works, every part of every individual resource needs its own unique name. So here we're just going to use the number, which will be X, then we can actually say our am I will be able to. But I'd. We're getting look, we're actually getting full intellisense the whole wide range that we're missing, our instance type we're missing amongst other things, I'm going to say our keenon. These are key. Then I'm going to say our VPC security group IDs are our open security group thought ID. We'll come back and I'll show you in a second what's wrong right there. And lastly, our instant's time. Let's do two media, OK? Just because I know that that's the case, though, usually this would look OK code and you would actually run your tool and it would actually come back with an error in the two we know. Let me understand straight away that a string is not assignable to an array. So we understand that this actually needs to be array. So let me ask given us because only because of the fact that we're using real languages, it's given us the hints as it goes along. And then lastly, we can say Web servers that push. And we can smell lambda x dot public DNS. Public IP. And lastly, we can export past the Web server IP equals Web servers that map. And you can actually pull the information out of it. No, this is a little bit painful because we need to declare and we need to actually push individual pieces. So what we can really do is we can whatsoever stop, push the entire instance. Into the array and then I can say Web servers, x dot, I have full access to everything inside here using the individual map and of course my autocomplete giving me now if I went and ran that. Let me just show you polemic up here, it is going to tell me it's going to create one hundred instances plus the stock. And of course, because the instances have no relationship between each other, it can do all of those instances at the same time. There we go. So it'll create one hundred and three resources in total. We're going to say no. So that's not really of use. Let's actually take advantage of you know, not everybody knows each and every individual piece here. So what we can do is we create our own individual component. And I can say whatever that's. And my Web server, Dotts, would do the following. So I can import tar as Pelamis from. Plumy pluming, an import star, as you may know, Pelamis, this typescript, so we can take advantage of inheritance, I can actually. Export a class. Not just inheritance here, but, of course, real programming, construction, not taking advantage of custom resources right now, I can say export a class which will be Web server. Web server itself will return a public. Read only VM, which will be of type Adaba, is not easy to. Instant's. And we need to construct their. The constructor will take a name which is of type string, it will take an Army ID, which is of type and put. String. I'll explain that in a second. And lastly, it will take an instance type. Which we can just pass it as history, so we have are class set up, everything is working as expected. And then I can say this, that the. Was new obvious that these two incidents, you will actually say that the incidents will be made and we can say the AMEDEE is. Our Amedee, we can say, are instance type. Is our instant site, and then I'm actually just going to move some of these files just to make it nice and simple. I'm going to move security group and SS HQ because they can be specific to this individual class itself. And I'll just embed them in this file. I can say this is HP. Ma'am, I apologize, is key name. And then lastly, I can say VPC security group IDS is open security group thought I.D.. Now, of course, this is tell me straight away that this is actually not the correct type because it needs to be an instance type. So we created this this helper class, which we can say it'll be on easy to to instance type. And I'll show you that in action, the second, which will now mean it is assignable as expected, everything works and all of the the code works as expected law instead of creating a new instance here, what I can actually do is I can say a new Web server. I notice my ID will not. There we go, there's our import statement, so we're importing Web server from the website reclass. We will pass in a Web server, Bashmilah X. And it takes like two more parameters, which 11:00 am I? Needs to be able to apologize, I've been through it and it needs to be, as I told you before, like we created this helper layer, for instance, type, so we can say yes to that instance, pipes dot and we get autocomplete for all of the instant types inside. Yes. And that works as expected. I noticed that our ID has told us, wait a minute, this is incorrect because public IP doesn't exist on X anymore because X returns of VM, which has public IP inside it. So straight away, we've been able to refactor and actually push a number of pieces of components down into the Web server class that can be packaged up and it can actually be distributed amongst developers or operators or whatever. So creating those layers of abstraction are nice and simple. Let's do something more interesting. Let us have a look at the secret management of plumbing. So the first thing I need to do is I need to install Apple on me and I'm going to say random. So random is like it suggests it's a package that allows you to create random strings and random pieces of functionality and importantly, random passwords that are of like different character strengths and things like this. So the first thing that it is important to Osram, the. From Plumy Random, OK, now I'm going to say consed, my password equals new random random password. I'm going to say Demo one, and I want that password to be 30 characters and have special characters. Especially, you know, what we could actually do, and this is how most schools work today and can consed password value equals my password and I know that this is stored and result. And if I go and I run Plumy up, I'm going to say yes here. So I'm going to skip the prompt, which actually asks you for yes. And I'm going to say skip prevue. This sort of puts Paluma into the CIA mode where it doesn't have any interactivity that comes back at all. And what this allows us to do is we actually get a password that will be prompted and pushed out. And you can see that it's in plain text. I told you Plumy was secret by default. We actually have a secret provider enabled. And if I do exactly the same thing with a second random password, the third argument to the resource, the resource is called customer resource options. And inside here, we can actually take advantage of additional secret outputs on it. Strongly typed right now. But that could change in the future and this allows us to be any output of that name. So result from the parameter, the output parameter result will be treated as a secret. There are a lot of interesting extra things in here, so you can actually mark things as delete before replace import if you have existing infrastructure and you can actually protect your infrastructure so that glooming will never destroy it or ignore any changes that happen to your infrastructure. You can version of aliases, cost and everything. There's a lot of different things on here, but for now we're just going to say the output will be resolved. And I'm going to say my password too, is my password to that result. If I run the same, you'll see the first one comes back as normal as the the unencrypted string. But you'll see the second one is actually secret and even inside Plumy state. We will see that it is stored as secret, we can see the ciphertext right here. OK, this is using McMath's, like I told you, because it's there. But when I halloumi stack in it to create a new provider, you can very much pass in your own CAMHS eBay, your own adjectival or CM's. Or of course, if you use hash vault, we could use hash cobalt as well to do that. So for us this is extremely important. But you don't just set secrets that way. So let's say we need a password that is going to be used in certain applications. If I say halloumi config, set my database password and it'll be password. One, two, three, four. Exclamation mark, declamation mark. Unless it's secret to make it secret and we can see that by default, let doesn't know that is a secret. So we can pass the same and we could say with secret. And we can see it has been used as a secure string. Now it's really important to show you one thing here. So if I import star as us plumy from Bloomy. And I want to show you. That we keep. We actually pass it around as a secret the whole way through and we don't decrypt it and then use it with it's actually only used at the point of execution is when it's actually decrypted and passed around. Otherwise, it is a secret. And I'm going to show you that. So contact my DB password equals config. Get secret. The secret that I called it was my database, Rick password, and then lastly, I can't export it, Export Council X equals that on if I make up my. We will get the correct behavior, which will pass and we will see it coming back, X is a secret. And of course, more importantly, is X is stored as a secret in our provider. There we go in is stored as a ciphertext. So everything by default, the outputs are all stored as ciphertext. And you can push as many of these in as you need. So as well as a result, we can pass length. We can pass specials so nobody can actually see if it's a character that's been encrypted with special characters or how big the password is, it's the one on Plumy will store all of those one last time we can look at it. There'll be no changes because all it's doing right now is change in the state and nothing else, we can see that there are three unchanged resources and if we go back to our state, we can see that special is not encrypted, result is encrypted and length is encrypted. So you can encrypt any output parameter that you require in order to keep your state as safe as possible. So. That is secret management, senior management for us is extremely important. OK, so I'm just going to destroy that application, right? Let's go to something a little more. What am I got 20 minutes. Okay, perfect. I have a lot of time. I have a lot of time. So let's actually go in and create some a little bit more interesting for those of us. If you know and ask that secret management is or excuse me, I am management is painful because you actually have to use Jason Blob's everywhere. So this shows the ability of hyperglycemic can actually abstract that away from you. So let's I usually in person, I would give a prize for the person who can help me code this. Hey, folks, I'm really sorry I didn't realize I was kicked out. I asked that if anyone could hear me and they said yes. So I don't understand what happened. I apologize for that. So what I was actually showing is I was where I was. I so I was showing that we were able to create a layer of abstraction around an API gateway and hook a lambda function up to the API gateway with the correct permissions that Pelamis would package the API gateway for us. The API gateway actually excuse me, the Lambda has code in it that talks to Adobe as Dinamo DB because imported this Adobe SDK package. Pelamis understands that it needs to include that as a reference within your lambda. And lastly, it actually will expose that lambda when somebody makes a get request to the right on the API gateway. OK, so in the code, what that actually looks like. And it looks like I am is dying right now, but I'm still hearing people maybe talking to me. Can you say, oh, good, I thought I was like, can you can everyone hear me? Yes. OK, perfect, perfect, perfect. I don't want to be kicked out again, I don't want to be kicked out again so we can actually see that it's packaging and building the software as well as our infrastructure at the same time. And that's extremely useful because as a developer, we maybe don't care about all of the individual components that are required in order to get our lamda into the cloud. Let let this specific package that has been created deployed this for you. Now it looks like this deployment is not going to happen because I am still down, I believe, and it will allow me to roll up the IAM. But effectively, what I would be able to do that would be to make a Kerl request to the end point of the URL on the URL. I actually have outputted from the site that has been created and it would actually see the hits actually trigger it up. So it's extremely useful in terms of doing that. But what we can do is we can cancel it and then we can actually see Pelamis actually telling you if you terminate it, it's going to give you orphaned resources. So we don't care. We'll just say plumy cancel to cancel the update. And then lastly, there we go. Up there has completed. I'm just going to destroy the infrastructure that goes with that. So the serverless layers of abstraction is extremely useful here because it gives us the ability that we can actually do different things. So let me just go into another folder, demo testing. I have one last demo because I have five minutes demo testing. The testing. There we go. I'm going to scaffold a new Paluma application so pluming, you know best, TypeScript, and I'm going to say yes. And you can see it chooses the default for me, but I'm going to override the configuration of the region, so make config set, it'll be region is US West to. I'm going to install another package, so npm install Ortolani. And the plumy package is a layer of abstraction around ECUs, which allows us to create Carbonetti components, and I'm going to install that. I'm going to create a folder called Tests. I'm going to go inside the test folder and I'm going to scaffold a new Pelamis policy pack, which will allow us to run the tests. So halloumi policy, new typescript. And that just sets up some basic, like configuration that allows us to do different things, and I just need to add some code in here. OK, so the first thing I'm going to do. Is I am going to open my idee. So my idea will allow me to do a number of things here, so firstly in tests, I'm going to kill everything that's in here and I'm going to write a policy test. This is policies that will always apply to the code every time you try and deploy the code. And what it is, is I want to verify that a specific version of X has been deployed.