Getting your apps production-ready

Stacktape vs. External link

Heroku

Render

Fly.io

Docs

Example projects

Careers

Roadmap

Blog

Šimon Obetko, Dev @ Stacktape

March 15, 2024

Going to production? You'll need to tighten things up. That means making sure your app can scale, your resources are secure, and you're alerted if something goes wrong. Stacktape is here to help with all of that. Here’s a look at getting your app ready for the big leagues, focusing on scalability, security, and monitoring with Stacktape.

Scale Easily Based on Your Needs

Developers who haven't dealt with Ops might overlook scaling. It's crucial for handling more users without crashing. With some components such as Lambda functions, you get scaling out of the box. For container services such as web-service, a small configuration is required.

So let’s take an example application containing: web-service, function and relational-database

resources:
  # handles requests and main application logic
  web:
    type: web-service
    properties:
      packaging:
        type: stacktape-image-buildpack
        properties:
          entryfilePath: src/index.ts
      resources:
        cpu: 1
        memory: 1024

  # generates report every two hours
  generateReport:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: src/lambdas/generate-report.ts
      events:
        - type: schedule
          properties:
            scheduleRate: rate(2 hours)

  # database for storage
  database:
    type: relational-database
    properties:
      engine:
        type: postgres
        properties:
          primaryInstance:
            instanceSize: db.m6g.large
      credentials:
        masterUserPassword: my_secret_pass_123

With Stacktape, scaling becomes simple. You won't have to dive deep into Ops to get it right.

By simply specifying lower and upper thresholds for the number of instances, Stacktape sets up autoscaling for you. Optionally, you can define conditions for when to scale. This means your app adjusts automatically to the traffic it receives, ensuring smooth performance without manual intervention.

resources:
  # handles requests and main application logic
  web:
    type: web-service
    properties:
      packaging:
        type: stacktape-image-buildpack
        properties:
          entryfilePath: src/index.ts
      resources:
        cpu: 1
        memory: 1024
      scaling:
        minInstances: 1
        maxInstances: 5
        scalingPolicy:
          keepAvgCpuUtilizationUnder: 70

      # ... rest of the resources

Another trick is to use a CDN (Content Delivery Network) for your compute resources, like a web-service. By caching content with a CDN, you reduce the load on your web-service. Fewer requests hit your server, and your app speeds up. Content from a CDN is stored at edge locations near your users, making your app faster for them. Stacktape makes setting this up easy.

Using CDN helps you in two ways:
reduces load on your compute resources
increases the speed of your app for users

resources:
  # handles requests and main application logic
  web:
    type: web-service
    properties:
      packaging:
        type: stacktape-image-buildpack
        properties:
          entryfilePath: src/index.ts
      resources:
        cpu: 1
        memory: 1024
      scaling:
        minInstances: 1
        maxInstances: 5
        scalingPolicy:
          keepAvgCpuUtilizationUnder: 70
      cdn:
        enabled: true

      # ... rest of the resources

Securing Your Infrastructure: From Passwords to Networks

When it comes to production readiness, securing your infrastructure is important. Let's explore how Stacktape simplifies this key step.

First off, handling sensitive information like passwords securely is a must. Using secrets to store passwords ensures that sensitive data is encrypted and managed safely. Stacktape enables you to easily create secrets in Stacktape console or using CLI. Secrets are securely stored in your AWS account and you can reference them in your config for straightforward integration.

Using secrets to store sensitive information is a must.

For database security, the goal is to shield it from unauthorized access. Making your database accessible only within a Virtual Private Cloud (VPC) is a common practice. This setup limits access to your database, protecting it from external threats. However, if you need external access, Stacktape offers a solution. By utilizing a bastion resource, you can establish a secure tunnel to your database. This allows for safe external connections without exposing your database to the wider internet.

resources:
  # database for storage
  database:
    type: relational-database
    properties:
      accessibility:
        accessibilityMode: vpc
      engine:
        type: postgres
        properties:
          primaryInstance:
            instanceSize: db.m6g.large
      credentials:
        masterUserPassword: $Secret('my-db-pass')

  # adding bastion to enable access outside of VPC
  bastion:
    type: bastion

  # ... rest of the resources

Securing your web-service CDN is just as important. The web application firewall (WAF) resource in Stacktape provides a defense against common internet exploits. By filtering traffic before it reaches your service, the WAF helps to prevent attacks and keep your application safe.

resources:
  # handles requests and main application logic
  web:
    type: web-service
    properties:
      packaging:
        type: stacktape-image-buildpack
        properties:
          entryfilePath: src/index.ts
      resources:
        cpu: 1
        memory: 1024
      scaling:
        minInstances: 1
        maxInstances: 5
        scalingPolicy:
          keepAvgCpuUtilizationUnder: 70
      cdn:
        enabled: true
        useFirewall: waf

  waf:
    type: web-app-firewall
    properties:
      scope: cdn

  # ... rest of the resources

Setting Up Alarms for Proactive Monitoring

Monitoring your application’s health and performance is crucial, especially in production. Stacktape offers flexible alarm configurations to keep you informed and ready to react. You can set up alarms directly on specific resources or create them globally through the Stacktape console. Global alarms are then automatically applied to your chosen resources during deployment, based on your predefined rules.

Alarms aren’t just about monitoring; they’re also about immediate, actionable notifications. Stacktape allows you to receive alarm notifications through Slack, MS Teams, or email. For more customized responses, you can integrate alarms with a Lambda function to execute specific logic when an alarm is triggered.

Stacktape allows you to receive alarm notifications through Slack, MS Teams, or email.

For example, if you want to be notified into Slack whenever your generateReport function fails, you can set up an alarm like this

resources:
  # generates report every two hours
  generateReport:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: src/lambdas/generate-report.ts
      events:
        - type: schedule
          properties:
            scheduleRate: rate(2 hours)
      alarms:
        - trigger:
            type: lambda-error-rate
            properties:
              thresholdPercent: 0
          notificationTargets:
            - type: slack
              properties:
                accessToken: $Secret('slack-access-token')
                conversationId: CXXXXXXX

  # ... rest of the resources

After your function encounters a failure, a notification will be sent directly to your configured Slack channel, ensuring you’re instantly aware of any issues.

Wrapping Up

Wrapping up, we've walked through scaling, securing your infrastructure, and setting up alarms with Stacktape. These steps significantly improve your app's readiness for production. Stacktape makes this straightforward, letting you focus on what you do best: building great software.

We have made a few changes to improve the security and robustness of our app, so here is a complete config:

resources:
  # handles requests and main application logic
  web:
    type: web-service
    properties:
      packaging:
        type: stacktape-image-buildpack
        properties:
          entryfilePath: src/index.ts
      resources:
        cpu: 1
        memory: 1024
      scaling:
        minInstances: 1
        maxInstances: 5
        scalingPolicy:
          keepAvgCpuUtilizationUnder: 70
      cdn:
        enabled: true
        useFirewall: waf

  waf:
    type: web-app-firewall
    properties:
      scope: cdn

  # generates report every two hours
  generateReport:
    type: function
    properties:
      packaging:
        type: stacktape-lambda-buildpack
        properties:
          entryfilePath: src/lambdas/generate-report.ts
      events:
        - type: schedule
          properties:
            scheduleRate: rate(2 hours)
      alarms:
        - trigger:
            type: lambda-error-rate
            properties:
              thresholdPercent: 0
          notificationTargets:
            - type: slack
              properties:
                accessToken: $Secret('slack-access-token')
                conversationId: CXXXXXXX

  # database for storage
  database:
    type: relational-database
    properties:
      accessibility:
        accessibilityMode: vpc
      engine:
        type: postgres
        properties:
          primaryInstance:
            instanceSize: db.m6g.large
      credentials:
        masterUserPassword: $Secret('my-db-pass')

  # adding bastion to enable access outside of VPC
  bastion:
    type: bastion

We are looking forward to seeing what you build with Stacktape, and your feedback to make it even better.