Modern Application Development

Best practices for rapid innovation

Companies are increasingly building products that are the technology itself or heavily influenced by technology. In order to be more competitive, companies must create better products, and to do that, they must increase agility and innovate faster.

Modern application development is an approach to designing, building, and managing applications. This approach increases the agility of your teams and the reliability, security, and scalability of your applications. Through modern application development, you can build better products faster so you can have happier customers.

In everything we do at Capital One, we always start from what our customers need and work back from there to figure out how to give it to them. The most important benefit of working with AWS is that we don’t have to worry about building and operating the infrastructure necessary to do that and can instead focus our time, money, and energy on creating great experiences for our customers.

George Brady
Executive Vice President and Chief Technology Officer, Capital One
 

Best practices for modern application development

The best practices of modern application development arose from our experience serving millions of customers and building applications for Amazon.com. We observed common approaches that enable our customers to increase agility, and build better applications that support the success of their businesses. While you can approach these practices from any starting point and in any order, the outcome is the same: applications that are more secure, reliable, scalable, and quickly available for customers.

Serverless technologies

Simplify infrastructure management with serverless technologies. Reducing time spent on routine environment management frees time to focus on business logic. Serverless technologies let you build applications without thinking about the underlying infrastructure.
 


Learn more about serverless technologies

Infrastructure as Code

Standardize operations by modeling all applications and infrastructure as code (IaC). IaC allows you to model your application and all the supporting infrastructure resources as code. This code serves as the single source of truth for all your infrastructure, and updates to your infrastructure are made directly in code. This eliminates the need for manual updates to infrastructure which can be error-prone.


Culture

Enable experimentation by creating small autonomous teams. When teams own the complete application lifecycle, including taking customer input, planning the roadmap, and developing and operating the application, they have the impetus and autonomy to improve the customer experience.

Microservices

Componentize applications using microservices. When applications are built with modular, independent components, called microservices, release velocity can increase because changes to any component are easier to make. Microservices make applications easier to scale and faster to develop, enabling innovation and accelerating time-to-market.

Learn more about microservices

Observability

Improve application performance by increasing observability. Collecting, aggregating, and correlating metrics, logs, and traces builds insights into application and customer behavior. We call this observability. Observability allows you to rapidly detect and respond to issues and opportunities to improve application performance.



CI/CD

Update applications and infrastructure quickly by automating continuous integration and continuous delivery (CI/CD). Using CI/CD, you build, test, and deploy each code change with an automated process. Automated CI/CD practices help you release better features faster.


Learn more about CI/CD 

Security & Compliance

Secure the entire application lifecycle by automating security. Building authentication, authorization, and compliance auditing directly into every component of your application, and securing your infrastructure from intrusions protects your users and your business. Automating the evaluation of security configuration and implementation throughout the development process and in production reduces the time it takes to secure your application.

Benefits of Modern Application Development

Illustration_Modern-App-Dev-Faster-To-Market

Faster to market

Illustration_Modern-App-Dev-Increased-Innovation

Increased rate of innovation

Illustration_Modern-App-Dev-More-Reliable-1

More reliable applications

Illustration_Modern-App-Dev-Reduced-Costs

Reduced costs

Using practices that speed up the release cycle and offload operational overhead, developers can quickly build new features. Automated test and release processes reduce error rates, so products are market-ready faster.

When architectures are modular, changes to any individual component can be made quickly, and with a lower risk to the application as a whole. Reducing time spent on maintenance also frees teams to spend more time experimenting with new ideas.

By automating test procedures and testing at every stage of the development lifecycle, modern applications are reliable at deployment. Building security and monitoring into that same lifecycle, and evaluating in real time results in applications with consistent high performance.

Modern applications built with serverless technologies use a pay-for-value pricing model that, for many customers, lowers cost dramatically. By offloading infrastructure management, you can also reduce the overall cost of maintenance.

Customer Stories of Modern Application Development

capital-one-200x100

Capital One cut the time needed to build new application infrastructure by more than 99 percent by establishing DevOps practices. Their DevOps teams now use AWS infrastructure building blocks that are available nearly instantaneously, so they can rapidly move from ideation to building. By using DevOps practices, Capital One not only gave developers autonomy, but also fostered a more collaborative culture.

Read the case study >>

200x100_The-Washington-Post_Logo

The Washington Post reduced time to release new products and features by refactoring their monolithic platform, Arc Publishing, into a microservices architecture. Leveraging AWS Partner Stelligent, the Post also took an infrastructure as code (IaC) approach to building infrastructure templates, which enable users to rapidly build their own apps on the platform using the code from these templates.

Read the case study>> 

200x100_bynder

Bynder grew 200% in a year and decreased time-to-market for products from 12 months to just 1 month by offloading infrastructure management to AWS. With more time to focus on innovation, Bynder introduced automation to their products and release process to get their new features into the hands of customers faster.

 

Read the case study>>

200x100_Alpha Apps_Logo

Alpha Apps reduced database costs by 97% by migrating to a serverless database, and lowered content delivery costs by 80% through a CDN service. Alpha Apps’ user base was growing fast, and they needed a way to scale their infrastructure on a start-up budget. By leveraging AWS, they can now meet high capacity demands, and also pass along savings to their customers.

Read the case study>>

finra-logo-200x100

FINRA improved processing times by 67% and reduced costs by 50% by going serverless with their stock trade validation system. Before adopting serverless, FINRA’s on-premises Hadoop clusters were hard to maintain, only ran in batches, and couldn’t scale easily. Their serverless architecture took just three months to get off the ground, and scaled to handle up to half a trillion validations every day.

Read the case study>>

200x100_Yelp_Logo

Yelp gained performance and flexibility by safely transforming a monolithic business-critical application to serverless microservices. With 10 years of development, Yelp’s monolith was functional but cumbersome. By refactoring it into a microservices architecture, Yelp gained the flexibility to evolve legacy systems, while improving their ability to monitor application performance.

Read the blog>>

Building Modern Applications with AWS

AWS is trusted by millions of customers around the world—including the fastest-growing startups, largest enterprises, and leading government agencies—to power their infrastructure, increase their agility, and lower costs. AWS offers a comprehensive portfolio of services to support your business as you develop modern applications.

Serverless Microservices

Serverless microservices architectures are built with composable infrastructure building blocks that are loosely connected by default or through events. These architectures offer high agility and low operational overhead. You can build serverless microservices with AWS services for compute, integration, databases, and storage. 

Serverless event-driven compute

AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume—there is no charge unless your code is running. With Lambda, you can run code for virtually any type of application or backend service—all with zero administration. You can set up your code to automatically trigger from other AWS services, or you can call it directly from any web or mobile app.

Serverless containers

AWS Fargate is a compute engine for Amazon ECS, a high-performance container orchestration service that allows you to run containers without having to manage servers or clusters. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing. AWS Fargate removes the need for you to interact with or think about servers or clusters.

API Management

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

Message Queue Service

Amazon SQS is a fast, reliable, scalable, fully managed message queuing service. Amazon SQS makes it simple and cost-effective to decouple the components of a cloud application. You can use Amazon SQS to transmit any volume of data, without losing messages or requiring other services to be always available.

Publish/Subscribe Messaging

Amazon SNS is a highly available, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks.

Orchestration

AWS Step Functions makes it easy to coordinate the components of distributed applications and microservices using visual workflows. Building applications from individual components that each perform a discrete function lets you scale and change applications quickly.

MySQL and PostgreSQL database

Amazon Aurora Serverless is a MySQL and PostgreSQL compatible relational database engine that combines the speed and availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora provides up to five times better performance than MySQL with the security, availability, and reliability of a commercial database at one-tenth the cost.

No SQL Database

Amazon DynamoDB is a fast and flexible NoSQL database service for applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed database and supports both document and key-value data models. Its flexible data model and reliable performance make it a great fit for mobile, web, gaming, ad-tech, IoT, and many other applications.

Object Storage

Amazon S3 is object storage with a simple web service interface to store and retrieve any amount of data from anywhere on the web. It is designed to deliver 99.999999999% durability, and scales past trillions of objects worldwide.

CI/CD, Monitoring, and IaC tools

The AWS suite of developer tools enable and automate the complete application lifecycle with services for development, building, testing, monitoring, provisioning, and deployment.

Infrastructure Provisioning

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Cloud-based IDE

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. AWS Cloud9 comes prepackaged with essential tools for popular programming languages so you don’t need to install files or configure your development machine to start new projects.

User Auditing

AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.

Continuous Delivery

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process every time there is a code change, based on the release model you define. This enables you to rapidly and reliably deliver features and updates.

Monitoring

Amazon CloudWatch is a monitoring service for AWS Cloud resources and the applications you run on AWS. You can use CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources.

Debugging

AWS X-Ray helps developers analyze and debug distributed applications in production or under development, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing so you can identify and troubleshoot the root cause of performance issues and errors.

Security and Compliance

The AWS suite of security services enable you to automate security throughout the entire application lifecycle without slowing down innovation.

Access Control

AWS Identity and Access Management (IAM) allows you to control users' access to AWS services. Create and manage users and groups, and grant or deny access.

Single Sign On

AWS Single Sign On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. 

Account Management

AWS Organizations offers policy-based management for multiple AWS accounts. With AWS Organizations, you can create groups of accounts, automate account creation, and apply and manage policies for those groups. 

Threat Detection

Amazon GuardDuty is a managed threat detection service that provides you with a more accurate and easy way to continuously monitor and protect your AWS accounts and workloads.

Security Assessment

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Virtual Private Cloud

Amazon Virtual Private Cloud (VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

WAF Management

AWS Firewall Manager is a security management service that makes it easier to centrally configure and manage AWS WAF rules across your accounts and applications.

DDoS Protection

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. 

Encryption Keys

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. 

SSL/TLS Certificate Management

AWS Certificate Manager lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.