Deploying workloads to your AWS environments using Stax Orchestrator

Unlock the Potential of Stax with a Serverless Orchestrator

Managing an AWS environment with multiple accounts and workloads can be complicated and time-consuming. Compliance and security can be difficult to maintain, and it can be hard to keep track of everything that’s going on. Fortunately, Stax is here to help.

What is Stax?

Stax is an AWS cloud management platform that enables organisations to build and renovate on the cloud whilst taking care of necessities like security, identity and access management, cost and compliance, risk management and reporting. Organisations can focus their time and resources on building solutions for strategic outcomes; leaving cloud complexities in the hands of Stax.

Stax offers a centralised platform where users can access real-time data and insights on their cloud infrastructure including cost and compliance. This allows organisations to easily monitor their infrastructure, identify issues and quickly take action to resolve them.

Introducing Stax Orchestrator

Stax Orchestrator is an orchestrator tool designed to interact with Stax using the public python SDK to perform common operations like deploying a workload and monitoring the state of a task. The orchestrator is deployed as a serverless application from Serverless Application Repository (SAR) with a click of a button (or an API call) into your AWS Account.

To deploy Stax orchestrator via the AWS console, click on Applications from Lambda console and select stax-orchestrator from the list of available public applications,

Deploying Stax Orchestrator from Serverless Application Repository (SAR)

When deploying Stax Orchestrator with default settings, only the task watcher state machine is deployed which can be used to monitor a Stax task. To enhance the deployment and include additional resources such as the workload state machine, CloudWatch dashboards, and tracing functionality, update the default optional values accordingly,

Customize and Deploy Stax Orchestrator to your AWS Account

Stax Orchestrator comes with a python script that you can run to deploy the application from Serverless Application Repository. Run the Makefile command make deploy-stax-orchestrator-app-from-sar to run a python script which deploys the serverless application in your AWS Account. The script also takes optional arguments to setup features like log level, X-Ray tracing and to deploy dashboards.

Deploy Stax Orchestrator using a python script

You can also use the AWS CLI directly and deploy the application.

SAR simplifies deployment by offering reusable, pre-built serverless components, fostering collaboration, scalability, cost efficiency, and easier maintenance. When you deploy the serverless application to your account, it deploys a Cloudformation stack that contains specified resources, in this case – AWS StepFunctions, related Lambda Functions and associated resources (IAM Role, Cloudwatch log group) to programmatically configure your AWS environments.

Why Stax Orchestrator?

• Accelerate onboarding to Stax by 50% and swiftly deploy secure and dependable mission-critical workloads from day 1.
• Utilize industry-maintained open-source tools for seamless interaction with Stax and effortless management of your AWS environments.
• Experience automatic updates to the orchestrator tool, ensuring immediate access to new features as they are released.
• Devote your energy to creating and sustaining business-value solutions, rather than spending time on managing orchestration tools for Stax and AWS.

Customizing Stax Orchestrator to your needs

Stax Orchestrator offers remarkable flexibility, empowering users with a suite of robust monitoring and observability tools. As illustrated in the Customize and Deploy Stax Orchestrator diagram above, you can choose to enable optional features like tracing and dashboards (disabled by default). This approach guarantees the deployment of only essential resources for your initial setup, while retaining the option to adjust preferences later.

Dashboards

Utilize prebuilt dashboards within AWS CloudWatch to gain comprehensive insights into your deployments and workloads. These dashboards are designed to facilitate the analysis of various metrics, including successful executions and error logs, providing you with valuable information to monitor and optimize your workload deployment effectively.

When deploying Stax Orchestrator, you have the flexibility to customize your deployment by opting to create either or both the workload and task watcher CloudWatch dashboards.

Monitor Stax Orchestrator execution and error logs using AWS Cloudwatch Dashboards

Tracing

Harness the power of the AWS X-Ray service to achieve enhanced visibility into the traces of Stax Orchestrator. AWS X-Ray empowers you with valuable insights, enabling you to analyze the entire lifecycle of requests and responses within the serverless application. This comprehensive tracing capability facilitates a deep understanding of the application’s performance, allowing you to pinpoint bottlenecks, connections with high latency, optimize resource utilization, and enhance overall efficiency.

You can optionally choose to deploy X-Ray tracing capabilities for Stax Orchestrator State Machine and Lambdas,

X-Ray Tracing Map for Stax Orchestrator State Machine and Lambdas

Each request is broken down into traces and by delving into each trace, you gain the ability to expand and explore individual segments, providing a comprehensive breakdown of the duration taken between each request,

X-Ray Timeline showing duration between segments

Alerts on failed workload deployments

Take advantage of SNS (Simple Notification Service)’s seamless integration capabilities, allowing you to effortlessly forward these alerts to your Security Information and Event Management (SIEM) system, such as Splunk. This integration ensures that deployment failures are not only promptly identified but also efficiently logged and analyzed within the broader context of your security landscape. With this approach, you establish a robust mechanism for monitoring, detection, and response, enhancing the overall resilience of your deployment processes.

An example email subscription is shown below,

Add an SNS subscription to your monitoring system such as Splunk

When there are issues with the serverless application, for instance, when the step function fails to update a Stax workload, an alert will be sent to the subscriber,

Sample alert sent for a workload update failure

Logging & Retention

Within the serverless application framework, you have the flexibility to tailor Python logging levels according to your specific requirements. The built-in logging functionality allows you to fine-tune the verbosity and detail captured in your logs, ensuring that you can precisely monitor and troubleshoot your serverless functions.

The serverless app lets you customize Python logging levels and retains function logs for 60 days, but customization is available for extended retention based on compliance needs. This means you can align your log retention policies with specific regulatory or organizational requirements, tailoring the duration to meet compliance standards and ensuring a comprehensive audit trail for an extended period.

Feedback & different patterns

We invite you to engage in a conversation with us, sharing your thoughts on potential modifications or adjustments that could align Stax and Stax Orchestrator even more closely with your requirements. Your feedback is an integral part of our continuous improvement cycle, fostering a collaborative environment where we can refine and tailor our solutions to better suit the dynamic needs of our users.

Let’s connect and explore how we can work together to ensure that Stax remains a robust and responsive tool in your cloud deployment arsenal. Your input is not only welcome; it is a catalyst for innovation and evolution within our platform.