Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru and DevOps Guru at JavaLand 2022

Revolutionize DevOps with ML capabilities
Introduction to DevOps Guru and CodeGuru
Vadym Kazulkin, ip.labs, 15 March 2022

Contact
Vadym Kazulkin
ip.labs GmbH Bonn, Germany
Co-Organizer of the Java User Group Bonn
and Serverless Bonn Meetup
v.kazulkin@gmail.com
@VKazulkin
https://www.linkedin.com/in/vadymkazulkin
https://www.iplabs.de/

ip.labs
https://www.iplabs.de/

What is AWS DevOps Guru
Amazon DevOps Guru is a service powered by machine learning
(ML) that is designed to make it easy to improve an application’s
operational performance and availability
DevOps Guru helps detect behaviors that deviate from normal
operating patterns so you can identify operational issues long
before they impact your customers
• increased latency
• error rates (timeouts, throttles)
• resource constraints
https://aws.amazon.com/devops-guru

Benefits of DevOps Guru

How DevOps Guru work

DevOps Guru integration in 3rd party incident
management tools
• PagerDuty
• Atlassian Opsgenie

DevOps Guru Example Application

DevOps Guru Integration with PagerDuty
https://www.pagerduty.com/docs/guides/amazon-devops-guru-integration-guide/

DevOps Guru Integration with PagerDuty

DevOps Guru PagerDuty Incidents

• Design test experiment to provoke errors
and latency increase
• Reduce the service quote of the AWS
service (API Gateway, Lambda,
DynamoDB)
• Low service quotas for the sake of
reducing AWS costs only
• Stress test with JMeter to run into the
operational issues
• See if the DevOps Guru recognized the
operational issues
DevOps Guru Examples
| CONFIDENTIAL
21

DevOps Guru: Recognize operational issues
in DynamoDB

DevOps Guru Examples: DynamoDB Throttling

DevOps Guru Examples: DynamoDB Throttling
stress test and empty burst credits

in API Gateway

DevOps Guru Examples: API Gateway Throttling

in Lambda

DevOps Guru Examples: Lambda Throttling

DevOps Guru Examples: Lambda Timeout Error
Add 11 sec
sleep in the
code of the
Lambda
function

DevOps Guru Examples: Lambda Timeout Error

DevOps Guru Examples: Lambda Memory Error
Java
runtime
requires 256
MB to start
and execute
this code

DevOps Guru Examples: Lambda Memory Error

DevOps Guru Examples: Lambda Increased
Latency
Add 9.5 sec
sleep in the
code of the
Lambda
function

DevOps Guru Examples: Lambda Increased
Latency

DevOps Guru Conclusions
• All errors have been correctly recognized so far
• It took several minutes to create an incident after
anomaly appeared
• Tested mainly in the context of AWS Serverless stack
• AWS is responsible for monitoring those services
• Not all PagerDuty alarms have been automatically closed
after the incident resolution
• Especially in case there have been several anomalies
within one incident

DevOps Guru for RDS
https://aws.amazon.com/devops-guru/features/devops-guru-for-rds/

What is AWS CodeGuru
Amazon CodeGuru is a developer tool that provides intelligent
recommendations to improve code quality and identify an
application’s most expensive lines of code
• CodeGuru Reviewer uses machine learning and automated
reasoning to identify critical issues, security vulnerabilities,
and hard-to-find bugs during application development and
provides recommendations to improve code quality
• CodeGuru Profiler helps developers find an application’s
most expensive lines of code by helping them understand
the runtime behavior of their applications, identify and
remove code inefficiencies and improve performance
https://aws.amazon.com/codeguru

Benefits of CodeGuru
• CodeGuru Reviewer benefits
• Catch code problems before they hit production
• Proactively improve code quality with continuous
monitoring
• CodeGuru Profiler benefits
• Troubleshoot performance issues
• Discover anomalies and common issues in your
application performance
• Catch your most expensive line of code

How CodeGuru work

CodeGuru Programming Language Support
• Java
• Python

CodeGuru
CodeGuru Reviewer in Java

CodeGuru Reviewer Scans
• Full repository analysis
• Incremental code reviews (pull requests)

Java Code for CodeGuru Analysis

CodeGuru Reviewer Recommendation
The recommendations for Java fall into the following categories:
• AWS best practices
• Security
• Resource leaks
• Concurrency
• Integration with Infer (https://fbinfer.com/)
• detect null pointer dereferences, thread safety violations
and improper use of synchronization locks
• Other specialized categories such as sensitive information
leaks, input validation, and code clones
• General best practices on data structures, control flow,
exception handling, and more
https://aws.amazon.com/de/blogs/devops/improving-aws-java-applications-with-amazon-codeguru-reviewer/

CodeGuru Review Full Repository Analysis

CodeGuru Review AWS Best Practices with
Java SDK V1

CodeGuru Review AWS Best Practices with
Java SDK V2

CodeGuru Review other AWS Best Practices

CodeGuru Incremental Review
Occurs automatically when creating a pull request with CodeGuru associated
with CodeCommit repository

CodeGuru Review Expected, but No Findings
https://aws.amazon.com/de/blogs/devops/tightening-application-security-with-amazon-codeguru/

CodeGuru Reviewer AWS CI/CD Integration

CodeGuru Reviewer CI/CD Integration
For CodeBuild add to buildspec.yaml
pre_build:
commands:
- pip3 install awscli --upgrade --user
- export TAG=${CODEBUILD_RESOLVED_SOURCE_VERSION}
- aws codeguru-reviewer create-code-review --name your-
codeguru-review-name$TAG
--repository-association-arn arn:aws:codeguru-
reviewer:eu-central-1:your-codeguru-arn
--type
RepositoryAnalysis={RepositoryHead={BranchName=main}}

CodeGuru Reviewer GitHub CI/CD Integration
https://aws.amazon.com/about-aws/whats-new/2021/06/amazon-codeguru-reviewer-announces-ci-cd-integration-github-actions-new-security-detectors-for-java/?nc1=h_ls

CodeGuru vs SonarQube
• CodeGuru currently support only 2 languages vs SonarQube
supporting 20+
• CodeGuru is much powerful in detecting AWS best practices
(including AWS security best practices)
• SonarQube is much more powerful detecting common Java
issues

CodeGuru Conclusions
• Very good findings for AWS best practices when using Java
SDK V1
• Many missing findings with Java SDK V2 compared to 1
• Many officially described security findings are not detected
in my examples
• Full repository scans are very expensive
• Use incremental code reviews (pull requests) scan as
much as possible
• Use CodeGuru in conjunction with SonarQube

www.iplabs.de
Accelerate Your Photo Business
Get in Touch

Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru and DevOps Guru at JavaLand 2022

More Related Content

What's hot

Similar to Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru and DevOps Guru at JavaLand 2022

More from Vadym Kazulkin

Recently uploaded

In this document

Revolutionize DevOps with ML capabilities. Introduction to Amazon CodeGuru and DevOps Guru at JavaLand 2022