A few weeks ago, I published a post about eight different DevOps chores that Heroku handles for you. There are, of course, many more things which Heroku takes care of, so that you can focus on building your application and not worry about your operations or infrastructure. We're going to continue our list with seven more things that Heroku does, this time focusing on networking, workflows, and integrating with other tools.
You're probably already aware that Heroku provides a marketplace with hundreds of add-ons. These are (typically) third-party services that can be tightly integrated with your application which provide third-party solutions for various extensions, such as logging, databases, search, job queueing, and more.
Heroku believes that offering a choice in external dependencies in a marketplace like this is a good thing. They've vetted the list to ensure that only the highest quality add-ons are available for applications hosted on Heroku. What's more, scaling these dependencies up or down to account for changing traffic demands can be executed through a single command:
heroku addons:upgrade ADDON [PLAN].
Much like the safeties guaranteed for your language or framework, Heroku regularly rolls out updates for add-ons to address critical issues; for example, here's one done for Redis a while back. Heroku takes security seriously, and takes a proactive approach to patching software like this so you don't have to worry about staying on top of vulnerabilities.
In order to establish access rights in the name of privacy, some application hosts require you to configure complicated ACLs for each and every aspect of your application and its dependencies.
Heroku provides a handful of permissions categories, within which you can group individuals or entire teams. The granularity of abilities for these permissions range from read-only access to an app, to managing the code, to full administrative ownership. They are simple enough to reason about, and flexible enough to protect users, whether they're a start-up or an enterprise-level organization.
If you're making use of Apache Kafka on Heroku, you can actually trigger one of your nodes to intentionally fail. The purpose of this is to observe how the message stream behaves under an unexpected disaster. The goal is to provide peace of mind, by demonstrating that your app will suffer no performance issues or degradation as a result, since we end up automatically rerouting data to another node. Regularly invoking this sort of chaos testing can help verify that your application operates successfully in the event of a real (though unlikely!) disaster.
You've coded a feature, opened up a pull request, and are looking for feedback from others on your team. An easy way to enable a frictionless discussion is to set up a pipeline with a Review App. For any new PR that's opened up, Heroku can build a Review App, which is a disposable app with a unique URL. Review Apps can quickly demonstrate the value of new changes, without requiring others to pull your branch or even have a development environment set up on their machine.
For apps with sensitive access to data, you may need to limit its exposure to the public Internet. Normally, this might involve setting up a VPC, with subnets defining the range of IP addresses that your app can communicate over. For an app which requires high availability, this also involves establishing separate VPCs per geographic region.
Heroku abstracts away all of the hassle with Private Spaces. This allows you to establish secure, site-to-site connections between a Heroku app and your company's Intranet. As can be expected, this too can be established just through the command-line:
heroku spaces:create my-space-name --team my-team-name --region tokyo
Last, but certainly not least, Heroku will secure your domain with an SSL certificate. Better yet, your apps can enable automated certificate management, to automatically provisions and renew SSL certificates over time. This guarantees that your certs are regularly kept up-to-date.
Are you curious about any other differences between Heroku and other PaaS providers that can be highlighted in a future post? Let me know in the comments!