Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.


My Latest Posts:

🚀 Project Update:

Serverless MySQL: v1.5.2 released

Added a retry for another error that is resetting connections (this should fix the issues in #57 and #62) as well as some minor documentation and dependency updates. Read More...
🚀 Project Update:

Data API Client: v1.0.1 Released

There was an issue with batch records via standard queries versus those wrapped in transactions. v1.0.1 includes a patch that checks the arguments and conditionally flattens the array for proper handling in each context. Read More...

Takeaways from AWS re:Invent 2019’s Amazon DynamoDB Deep Dive: Advanced Design Patterns (DAT403)

AWS re:Invent 2019 is a wrap, but now the real work begins! There are hundreds of session videos now available on YouTube. So when you have a few days (or weeks) of downtime, you can dig in to these amazing talks and learn about whatever AWS topics you fancy.

I was only able to attend a few talks this year, but one that I knew I couldn’t miss in person, was Rick Houlihan’s DAT403: Amazon DynamoDB deep dive: Advanced design patterns. At the last two re:Invents, he gave similar talks that explored how to use single-table designs in DynamoDB… and they blew my mind! 🤯 These videos were so mind-bending, that they inspired me to immerse myself in NoSQL design and write my How to switch from RDBMS to DynamoDB in 20 easy steps post. I was hoping to have a similar experience with this year’s edition, and I WAS NOT DISAPPOINTED.

As expected, it was a 60 minute firehose of #NoSQL knowledge bombs. There was A LOT to take away from this, so after the session, I wrote a Twitter thread that included some really interesting lessons that stuck out to me. The video has been posted, so definitely watch it (maybe like 10 times 🤷‍♂️), and use it to get started (or continue on) your DynamoDB journey.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.3 Released

Lambda API v0.10.3 has been released to fix a few minor bugs around route prefixing and base64Encoding (thanks @Sleavely and @btakita), and to add a whitelist for headers on error cases (@hussfelt). Read More...

The Dynamic Composer (an AWS serverless pattern)

I’m a big fan of following the Single Responsibility Principle when creating Lambda functions in my serverless applications. The idea of each function doing “one thing well” allows you to easily separate discrete pieces of business logic into reusable components. In addition, the Lambda concurrency model, along with the ability to add fine-grained IAM permissions per function, gives you a tremendous amount of control over the security, scalability, and cost of each part of your application.

However, there are several drawbacks with this approach that often attract criticism. These include things like increased complexity, higher likelihood of cold starts, separation of log files, and the inability to easily compose functions. I think there is merit to these criticisms, but I have personally found the benefits to far outweigh any of the negatives. A little bit of googling should help you find ways to mitigate many of these concerns, but I want to focus on the one that seems to trip most people up: function composition.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.2 Released

Lambda API v0.10.2 has been released to add additional TypeScript support (@maxmellen), fix an issue with multiValueHeaders containing a null value (@stawecki), and support for overriding console.log for logging output (@Sleavely). Read More...
🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

Update November 19, 2019: AWS announced support for SQS FIFO queues as a Lambda event source (announcement here). FIFO queues guarantee message order, which means only one Lambda function is invoked per MessageGroupId.

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #72

Suddenly everyone’s interested in DynamoDB…

Welcome to Issue #72 of Off-by-none. Thanks for being here! 👍

Last week, we shared a number of tutorials and some thought-provoking serverless reads. This week, we have a bunch of great DynamoDB resources, several serverless concept deep-dives, and plenty of great posts from the community.

News & Announcements 📣

Production-Ready Serverless workshop is coming to a city near you
AWS Serverless Hero, Yan Cui, is taking his Production-Ready Serverless workshop on the road. There are multiple locations being offered in Europe.

SLAppForge Incorporates US Entity and Announces New CEO
SLAppForge, the serverless technology startup, has announced the incorporation of its US entity SLAppForge Inc. and the appointment of Wallace Wilhoite as its new CEO.

New course – Learn you some Lambda best practice for great good!
Yan Cui also has a new course out. If you like video courses and want to learn some best practices for Lambda, take a look at this.

Lumigo announces ISO 27001 & 27799 certification
Congrats to the team over at Lumigo. This most definitely shows a commitment to user security.

Serverless Stories 📖

Integrating DynamoDB in my Chinese vocab app
Emily Shea outlines how she added DynamoDB to her serverless Chinese vocabulary app in order to store the list of words that users were sent. With all the complex DynamoDB use cases we discuss, the thought of tackling a project with it can be overwhelming. This is a nice straightforward implementation that gets the job done for pennies a month.

Lessons Learned From a Legacy Serverless App
Mahdi Azarboon had to take a “legacy” serverless application that was built with no tooling, IaC, or documentation, and bring it up to modern development standards. There are also some good points in this post about the variations between cloud providers, and why developers might want to take some time to understand the differences.

How AWS Lambda Solved a Major Photo Bug
Quinn Flagg from the Expedia Group explains how his team used a Lambda function and S3 notifications through SNS to quickly solve an image orientation bug.

Serverless Use Cases 🗺

Handling webhooks with EventBridge, SAM and SAR
Slobodan Stojanović built a generic webhook-to-EventBridge SAR application for you to easily launch serverless-scale webhooks and use all the magic of EventBridge to do your event routing. The post also contains some great insights into the architectural choices.

Big Data Pipelines as Serverless Microservice’s
Big Data pipelines are becoming the norm, rather than the exception. Joel Lutman shows you how his team used Step Functions, Lambda, S3, and several other services to coordinate a rather sophisticated architecture.

Fun with AWS Image Recognition & the Twitter Account Activity API
If you’ve got some time on your hands, check out Philip Damra’s incredibly lengthy tutorial that shows you how to build a Twitter bot that will process tweeted images with AWS Rekognition, and tweet back what it identifies.

Running a Fargate task from a Lambda Python function to automate Pull Request creation
I’m sure this is a fine solution to the problem, but I thought it was a bit ironic that they are using a Lambda function to automate pull requests for their Kubernetes cluster configurations. 🤔

Serverless Concepts 🏗

SQL, NoSQL, and Scale: How DynamoDB scales where relational databases don’t
Alex DeBrie has put together an excellent post that explains why NoSQL databases are better at scaling than RDBMS. There are lots of considerations when choosing your operational datastore, and Alex does a great job pointing out all the intricacies. It’s a very long article, but worth the read.

Serverless Environment Variables – A Comprehensive Guide
Everything you ever wanted to know about using environment variables with the Serverless Framework and AWS from Adam DeLong.

AWS CloudFormation Doesn’t Do That Yet?! No Problem
Mark Fowler gives you a complete run down on the why, what, where, when, and how of AWS CloudFormation Custom Resources.

Amazon Builders’ Library in focus #3: Avoiding fallback in distributed systems
Yan Cui has another post in his series of notes on the Amazon Builders’ Library. In this installment, he outlines Amazon’s strategy for avoiding fallback mechanisms, why fallbacks are a bad idea, and what are some better alternatives.

AWS Lambda Canary Deployments with API Gateway
Serkan Özal explains how canary deployments can improve the stability of your web applications by using traffic shifting with API Gateway to verify new releases.

AWS Serverless Application Repository explained
There hasn’t been a lot of buzz about the Serverless Application Repository lately, but it’s a great way to package, share, and reuse serverless application patterns. Ernesto Marquez gives a quick overview of what it is and what you can do with it.

How to optimize AWS Lambda performance
Efi Merdler-Kravitz has a great post that explains some ways to tweak your settings to get better performance out of your Lambda functions.

Serverless Tutorials 👷‍♀️

Alexa Node JS skill Serverless Integration
I think voice interface technology is going to be the next big thing, so if you want a crash course in building an Alexa skill with Serverless, take a look at this tutorial by Renjith Chandran.

Supercharging Your Development Workflow with Serverless Framework Pro
If you haven’t been paying attention to all the new features being added to the Serverless Framework Pro, take a few minutes and review it. The Serverless Framework has been a staple for many serverless developers over the years, and the new features make managing the full lifecycle of your applications super easy.

Setup CI/CD Pipeline for AWS Lambda using Github & Travis CI
Another serverless application, another unique CI/CD setup. Luke Mwila shares another way to automate the deployment of AWS Lambda functions.

How to Create CDK Constructs
Thinking about building your own AWS CDK constructs? Matt Bonig has a simple tutorial to get you started.

Serverless Reads 🤓

Why ‘Born in the Cloud’​ NoSQL Services will win
I recently came across this article by Rick Houlihan. He says, “In the end, people who actually scale NoSQL databases learn fast that NoSQL is about simple queries that facilitate CPU conservation so performance is driven by proper denormalized data modeling and not fancy query API’s.” This is an incredibly important point that developers choosing NoSQL have to be aware of.

Serverless: It’s how things get done. But what is it?
Apologies for the self promotion, but after I was interviewed by Stu Miniman about serverless, Betsy Amy-Vogt wrote a great follow up piece. TLDR; serverless is getting harder, so we need better abstractions, and multi-cloud doesn’t make sense for most companies.

Don’t Go Brainless Into Serverless
I always appreciate reading a differing point of view. Florian Martens has a really harsh criticism of serverless that is worth taking a look at, even though I believe his underlying arguments are based on misleading and/or outdated information. There is no doubt that AWS can become expensive (this has been an ongoing criticism with their data transfer and managed database pricing), but there is a very large gap between companies that can afford to hire the necessary expertise to reliably and securely run applications at scale, and those that can’t. This is a much longer discussion, but one worth having.

Six people on the cutting edge of serverless modernization
This was a nice post by Toby Fee highlighting several people who are making an impact in the serverless space. It’s an honor to be on this list with so many amazing people.

2020 enterprise technology predictions: cloud, serverless computing, compliance and beyond
Sanjay Castelino makes a good point that companies will “need to prioritise understanding consumption models because those models will have a significant impact on their business.” Pay-per-use sounds great to most of us, procurement departments not included.

Serverless Podcasts and Videos 🍿

Serverless Chats Podcast – Episode #31: Voice Automation with Serverless with Aleksandar Simovic
In this episode, I chat with Aleksandar Simovic about the evolution and predictability of voice interface technology, how serverless helped commoditize it for home and business use cases, and what the future of conversations with intelligent agents will look like.

All you need to know to use DynamoDB as a pro
In this video, Marcia Villalba teaches you the basic concepts that you need to know in order to use DynamoDB. She reviews concepts such as primary keys, partition keys, sort keys, global secondary indexes, and local secondary indexes.

SE Daily Podcast – NoSQL Optimization with Rick Houlihan
Rick Houlihan is interviewed on the Software Engineering Daily Podcast and shares lots of great insights into building applications with NoSQL.

What the teams at AWS have been working on… 🚀

Amazon SQS Now Supports 1-Minute CloudWatch Metrics In All Commercial Regions
Yay! SQS launched support for 1-minute Amazon CloudWatch metrics back in December in just a few regions. Now you can set up Amazon CloudWatch metrics at 1-minute intervals at no additional cost in all commercial regions. This is great for alarming on queue issues much earlier.

Urgent & Important – Rotate Your Amazon RDS, Aurora, and DocumentDB Certificates
Just in case you somehow missed all the alerts, make sure you rotate your AWS database certificates as soon as possible.

The Amazon Builders’ Library is Now Available in 16 Languages
The Amazon Builders’ Library is an amazing resource for cloud engineers to learn from the masters. Having it published in a multitude of languages is a great way to help spread the knowledge to more people.

Amazon Cognito now supports CloudWatch Usage Metrics
This is a nice little add. You can now monitor things like SignUpSuccesses, SignInSuccesses, FederationSuccesses, and more from your Cognito Pools.

Amazon Translate introduces Batch Translation
You now have the option to translate a large collection of text or HTML documents stored in a folder in Amazon Simple Storage Service (S3) bucket using the new asynchronous Batch Translation service.

Amazon CloudFront launches in five new countries – Bulgaria, Greece, Hungary, Kenya, and Romania
Viewers in these countries will now see, on average, up to a 50% reduction in first-byte latency when accessing content through CloudFront. In addition, CloudFront also launched its first Edge location in Dusseldorf, Germany, bringing totals up to 216 Points of Presence in 84 cities across 42 countries.

Serverless Tools 🛠

AWS CDK Serverless Architecture Patterns
I’m not sold on the CDK, but if you are, here is a repo that promises to contain all of the official AWS Serverless architecture patterns built with CDK for developers to use.

dynaglue now has basic UpdateItem and adjacency list support for DynamoDB
Chris Armstrong has released some additional updates to his dynaglue project.

Dynamo Plus
Extend and supercharge your DynamoDB DocumentClient with promises, retries, and more.

Thoughts from Twitter 🐦

In the days when I was a back end dev, all you needed to know was some PHP and MySQL. Now you need to know: * Authentication (IAM) * File Storage (S3, Cloud Front) * Serverless (Lambda) * Databases * Orchestration * Containers (k8s) * Messaging (SQS) ~ WellPaidGeek
I don’t think developers need to learn K8s, but if you’re building modern applications, many of these skills (and more) are quite necessary. Especially with serverless, understanding the “backend” becomes critically important. Just because you don’t need to manage it, doesn’t mean you don’t have to know the impact of your architectural choices.

You’re looking at a $200/mo SaaS but decide to build it yourself. It takes a $100,000/yr engineer 3 months to build, + 2 weeks a year to maintain. Congratulations. You saved $2400 but spent $28,846 building it yourself. The most expensive solution ever is writing your own code ~ Brandon Savage
☝️This. 100% this! This is also why serverless makes so much sense. Even if certain managed services only get you 80% there, the time and money savings can be huge.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

January 20, 2020 – End Cold Starts in Your Serverless Apps with AWS Lambda Provisioned Concurrency

January 24, 2020 – ServerlessDays Belfast 🗣

January 27, 2020 – Device Hacking 101: Build a Serverless Application for an IoT Device

January 31, 2020 – AWS Community Nordics

February 12, 2020 – Remote debugging of live AWS Lambda functions (Workshop at ServerlessDays Cardiff)

February 13, 2020 – ServerlessDays Cardiff 🗣

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville 🗣

March 19, 2020 – ServerlessDays Zürich

March 24, 2020 – ServerlessDays Helsinki 🗣

March 27, 2020 – ServerlessDays Hamburg 🗣

April 6, 2020 – ServerlessDays Boston

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is John Chapin (@johnchapin). John’s experience extends well over a decade in software development and engineering, but these days he’s a Partner at Symphonia, a serverless and cloud technology consultancy based in NYC. At Symphonia, John shows teams how they can unlock untapped potential (and success) through serverless and modern Agile practices. John shares great resources on serverless through Symphonia’s blog, as a speaker at conferences, and with open source software published on GitHub. Thanks for all you do to help teams be better with serverless, John! 🙌

Final Thoughts 🤔

I came across a lot of DynamoDB content this past week (which may be because I have been geeking out over it lately), but there has certainly been an uptick in interest over the last few months. There is a lot to explore there, and plenty of tools being released that are helping make NoSQL modeling and runtime interactions easier. I’m hoping this trend will continue!

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Best,
Jeremy

P.S. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Off-by-none: Issue #71

Starting off 2020 with a serverless bang… 💥

Welcome to Issue #71 of Off-by-none. Thanks for joining us! 🤘🏻

Last week, we looked at the most popular links from 2019 and I shared some of my plans for 2020. This week, we’ve got lots of great tutorials and some thought-provoking serverless reads, plus plenty of other excellent posts from the serverless community.

Serverless Stories 📖

Troubleshooting While Turning a Pycharm Project into an AWS Lambda Function (Windows)
I really like reading stories like this. Kevin Lin documents the trials and tribulations of converting a project to serverless and, for the new serverless developer, the experience seems to be consistent.

Building Serverless workflows with AWS Step Functions
Mark Carrington has a very detailed post that outlines how Finimize automated database syncing using AWS Step Functions. Lots of code examples and great explanations in here.

How mycrypto.tools uses AWS Lambda Serverless Architecture? And the overview of AWS products/services. (Do you really need Servers?)
Tuna Tore of mycrypto.tools outlines and explains the serverless architecture and tools he used to build his service. I love when people are willing to share the details of their architecture like this, so please keep these coming.

Serverless Use Cases 🗺

Scaling WordPress: Servers vs Serverless
I know that people love WordPress, but jamming it into ephemeral compute still seems like a terrible idea to me. While some traditional architectures can be ported, WordPress, IMO, definitely isn’t one of them. If you’re still running WordPress (like me 😞unfortunately), put it behind CloudFront until you can find a more cloud native solution.

Exploring AWS CDK – Loading DynamoDB with Custom Resources
Matt Morgan uses the AWS CDK to create a custom resource that pre-populates data into an DynamoDB table. Interesting use case, especially when you are spinning up new environments that store configuration data used in your applications.

Create PDF using Chromium Puppeteer in Serverless AWS Lambda
Puppeteer is an excellent utility for controlling the headless version of Chromium. Crespo Wang has updated his demo for using it with Lambda.

How to use S3 to share media with your friends
Never really thought of using S3 to share files with friends and family, but Michael Bahr outlines a pretty simple use case that might even let your non-techie family members use it.

Serverless Concepts 🏗

Amazon Builders’ Library in focus #2: Using load shedding to avoid overload
The AWS Builders’ Library is an amazing resource for cloud architects that want to learn directly from the people who have been building massively scalable systems at Amazon for over a decade. Yan Cui has a new series that is helping to summarize the posts for you. Here is the second post in that series.

Deep dive: 3 ways to invoke AWS Lambda Function
Zahidul Islam gives a good overview of three different invocation models for Lambda: synchronous, asynchronous, and poll-based.

The power of Amazon EventBridge is in its detail
Sheen Brisals put together an excellent primer on EventBridge that will show you all the available options for transforming events and passing the data to consumers.

The Serverless API
Blunt Jackson has an intro into building a serverless API with API Gateway, Lambda, and DynamoDB. Good read for the newbies out there.

Tracing Requests in Serverless Systems with AWS CloudWatch ServiceLens
Helpful post by Joonas Laitio that gives some insights into how the new CloudWatch ServiceLens works, where it’s useful, and where it falls short.

Serverless Tutorials 👷‍♀️

⏱ 10 Minute Tutorial: Creating a Serverless Express Web Server & API
If you want to build a serverless Express app by practically doing nothing, take a look at this tutorial by Nader Dabit. He uses the Amplify Framework, which pretty much does everything for you.

AWS Parameter Store with Python
This seems like a helpful tool for Python developers that need to retrieve multiple parameters at once. The SDKs have a getParametersByPath method that allows you to do this as well, but solving this with a layer might make your life easier.

Building an AWS IoT Core device using AWS Serverless and an ESP32
Here’s something for the true serverless and IoT geek! Moheeb Zara has a great post that shows you how to use serverless and IoT Core to build a device with bi-directional communication. 🤖

Build & Release Serverless Apps with Github Actions
Matt Tyler’s post walks you through setting up an entire CI pipeline using serverless and Github Actions. This could be a very useful alternative to using CodePipeline.

Building a real-time stock monitoring dashboard with AWS AppSync
Very cool post by Jan Michael Go Tan that shows you how to use the Amplify Framework and AWS AppSync to build a real-time serverless application.

Serverless Web Application
Manideep Reddy Gillela shows you how to build a serverless web app, running a simple Python flask API in AWS Fargate and serving content from AWS S3.

Private API endpoints with API Gateway Authorizers and Cognito. Part 3 & Part 4
Saurav Verma’s posts add to his series about building serverless APIs that utilize Cognito authorizers. In parts 3 and 4 he explains private API endpoints and federated identities to provide users temporary access to AWS resources.

Serverless Security 🔒

Orchestrating a security incident response with AWS Step Functions
Benjamin Smith shows you how to implement the callback pattern of an AWS Step Functions Standard Workflow to add a manual approval step into an automated security incident response framework.

Serverless Reads 🤓

Serverless is problematic
This is perhaps one of the most well articulated criticisms of serverless that I’ve ever read. Samantha Atkins lays out a number of highly logical arguments as to why serverless isn’t the silver bullet that many purport it to be. There are several things that I don’t agree with (such as not being able to take advantage of previous invocations, brittleness, and runtime efficiency), but there are lots of things that I do agree with. Most notably, the fragility of the developer toolchain and the maintainability argument. It is most definitely worth the read.

Code-wise, cloud-foolish
Another incredibly insightful edition of Cloud Irregular by Forrest Brazeal. In this piece, he explains why many short term (and short-sighted) architectural and code choices can lead to painful tech debt in the future. He does an excellent job making his case, so be sure to give this a read.

Ask the Expert: 8 challenges teams face when doing serverless
This is a great post that outlines a number of challenges that teams need to consider when adopting serverless. For me, the two most important on this are “underestimating the learning curve” and “not embracing new architectural patterns.” Serverless can get very complex, very quickly, and holding on to old ways of thinking will dramatically slow down your journey.

Yan Cui: All my serverless content in 2019
Yan Cui is probably the most prolific man in serverless, and if you don’t believe me, just check out the treasure trove of serverless posts he produced in 2019.

Simple AWS Serverless Patterns for Building Cost Effective and High Performing Applications
Bill Buckley from CloudZero discusses a few patterns that can be used to build serverless applications. Key here is not to try and “lift and shift” your existing applications to Lambda functions, because this won’t give you the results you’re hoping for.

For the A/V fans… 📽

Episode #30: What to expect from serverless in 2020 with James Beswick
In this episode, I chat with James Beswick about the most popular serverless tools and services that companies are adopting, how built-in cloud features are making apps more resilient, and what serverless will look like in 2020.

Jeremy Daly | CUBEConversation January 2020
Hey look, Ma! I’m on TV (well, sort of). I sat down with Stu Miniman of theCUBE and talked about the future of serverless, and why multi-cloud is a bad idea for most companies.

New from AWS… 🆕

Introducing AWS Systems Manager Change Calendar
AWS announces Systems Manager Change Calendar is a new capability that helps you prevent changes to your AWS resources during important business events. This feels like it was borne out of experience, so I have a feeling someone pushed some code when they shouldn’t have.

Amazon SES now lets you use your existing IP address ranges to send email
You can now BYOIP (Bring Your Own IP) to Amazon SES, which is important for organizations that have already built a reputation around their mail delivery services. It requires a Class C address, so still no dice if you want to move from another provider that issued you a single IP.

Amazon QuickSight launches new analytical functions, Athena Workgroup and Presto VPC connector support
Amazon QuickSight added some cool new math functions (if you’re into that sort of thing), including logarithms, exponents, and square roots. Plus it now supports Athena Workgroups, so you can tie report generation costs back to teams and business units.

Amazon Comprehend launches multi-label custom classification
The Comprehend custom classification was a very cool feature, but limiting it to single labels with multi-class classifications excluded lots of use cases. Now with multi-label, documents can return multiple classifications, opening up lots of possibilities.

Serverless Tools 🛠

Dynobase
I didn’t even know this tool existed. Dynobase is described as a modern, flexible and fast DynamoDB editor. I have to spend some time looking at this.

Peeking into an AWS EventBridge bus
Yan Cui demonstrates the new AWS EventBridge features in the lumigo-cli tool.

S3 Email
This is super cool. S3 Email is an unmanaged email server with unlimited email addresses that also offers the benefit of easily organizing messages by adding the + character to the email names. It uses S3, SES and Lambda and is 100% serverless.

Thoughts from Twitter 🐦

Predictions for #serverless in 2020 ~ Rob Sutter
Rob makes the point that “FaaS fades into the background as service integrations become king.” I think this will happen eventually, but there are still too many people coming into the space that feel more comfortable writing code. IMO, FaaS will remain an important part of serverless for quite some time.

Hey #Serverless folks. Tell me, how do YOU use #AWSLambda in DevOps or Operations? I am curious. ~ Eric Johnson
Good discussion started by Eric here. Lots of interesting DevOps use cases here that are completely peripheral to the monolith. Could give you some ideas for bringing serverless into your organization.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

January 20, 2020 – End Cold Starts in Your Serverless Apps with AWS Lambda Provisioned Concurrency

January 24, 2020 – ServerlessDays Belfast (I’m speaking here!)

January 27, 2020 – Device Hacking 101: Build a Serverless Application for an IoT Device

January 31, 2020 – AWS Community Nordics

February 12, 2020 – Remote debugging of live AWS Lambda functions (Workshop at ServerlessDays Cardiff)

February 13, 2020 – ServerlessDays Cardiff (And here!)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville (And also here!)

April 6, 2020 – ServerlessDays Boston

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rowan Udell (@elrowan). Rowan is the Cloud Practice Director at Versent, an AWS Premier Consulting Partner in the Asia Pacific region. At Versent, he works with customer and internal teams to deliver change at scale and speed using serverless and AWS native services. Rowan has published video courses on AWS, been a guest on Serverless Chats, and his book, the AWS Administration Cookbook, is filled with great recipes to help you build and administer your cloud environment with AWS. Thank you, Rowan, for your work with AWS and educating the serverless community! 🙌

Final Thoughts 🤔

2020 is already off to quite an incredible start. I was interviewed on theCUBE, I’ve been accepted to speak at several ServerlessDays events, I’ve started recording a number of Serverless Chats episodes (with some awesome guests), and I’ve begun work on a bunch of serverless content and projects. And it’s only January 7th! Lots to come in 2020 that I’m excited to share with all of you, so stay tuned.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Cheers,
Jeremy

P.S. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Off-by-none: Issue #70

Happy (Serverless) New Year! 🎉

Welcome to Issue #70 of Off-by-none. Thanks for spending 2019 with us! 🙌

Last week, we shared some interesting serverless reads for your holiday reading list. This week, we’ll look back at the most popular links from 2019, I’ll share some of my plans for 2020, and we’ve got some great posts from the serverless community as well.

Looking back at 2019… 👀

A lot happened with serverless in 2019, so there were always plenty of stories, use cases, and tutorials to share. Last year I shared over 2,500 links to amazing content produced by the serverless community. I’ve analyzed the data, and here are the most popular links for 2019.

We started off the year with Forrest Brazeal’s excellent from relational DB to single DynamoDB table: a step-by-step exploration post. Then I showed you How To Use SNS and SQS to Distribute and Throttle Events. Mikhail Shilkov gave us insights into running Serverless at Scale and I shared a pattern for Throttling Third-Party API calls with AWS Lambda.

Berkeley published their View on Serverless Computing and said that “serverless computing will grow to dominate the future of cloud computing.” Then AWS released their Solutions site with vetted, technical reference implementations designed to help you solve common problems.
Rob Gruhl released a two-part series about Event-sourcing at Nordstrom and Kyle Galbraith explained How a Monolith Architecture Can Be Transformed into Serverless.

Ryan Jones outlined some Best Practices for Serverless Development, The New Stack told us that Static Sites with Gatsby were all the rage, and Ben Kehoe said that Serverless is a State of Mind. Peter Swain shared the AWS Serverless Tools You Can’t Live Without, AWS introduced Event Fork Pipelines, and Danilo Poccia gave us his Serverless By Design tool. While the Serverless versus Containers debate raged on, Chris Munns told us that AWS shaved 1/3 off the p99 on the Lambda service’s overhead latency.

The Serverless Chats podcast was launched, Trek10 took a pragmatic approach to Enterprise CI/CD on AWS, and I gave an (updated) First Look at the Aurora Serverless Data API (which is pretty sweet). Chris Munns attempted to share thirty serverless architectures in 30 minutes and Forrest Brazeal shared 5 tips he learned the hard way about CI/CD, AWS, and Serverless. I offered up some advice on how to switch from RDBMS to DynamoDB in 20 easy steps and Pulumi announced Crosswalk for AWS.

AWS announced EventBridge and told you how extending SaaS Application Data into Your AWS Environment will end the need for webhooks. Many people (including me) thought that it was a game changer. Jared Short thought it was the biggest thing since AWS Lambda itself, and Paul Johnston said it will change the way you build serverless applications. Philipp Müns even shared some Use Cases and Examples with us.

Trek10 gave us an AWS Event Source Wizard tool, Justin Pirtle told us 10 Things Serverless Architects Should Know, and Gojko Adzic shared a trick for Publishing Lambda Layers using SAR. AWS announced improved VPC networking for AWS Lambda functions just as Einar Egilsson complained that serverless was 15% slower and 8x more expensive.

AWS showed us how they built a production service using serverless technologies, and then Forrest Brazeal opined that there was no magic, just thorough execution. I shared my Dynamic Composer pattern, Paul Swail compared multi and single table approaches to designing a DynamoDB data model, and Ben Arena shared some thoughts on Error Handling in AWS Lambda and API Gateway.

The Dashbird launched a Cloud Knowledge Base and Toby Hede published some Serverless Patterns. Serverless, Inc. covered the New Lambda Features from pre:Invent, Rafal Wilinski shared some lessons learned using Single-table design with DynamoDB and GraphQL in production, and I released the DynamoDB Toolbox.

There were plenty of re:Invent serverless announcement recaps (like this one and this one), plus some good deep dives like Yan Cui’s The end of cold starts as we know it, Fernando Medina Corey’s post about AWS API Gateway v2 for HTTP, and Jared Short’s Lambda Destinations: What We Learned the Hard Way.

Alex DeBrie put together an Awesome DynamoDB repo and I shared my takeaways from AWS re:Invent 2019’s Amazon DynamoDB Deep Dive: Advanced Design Patterns talk by Rick Houlihan. We got an introduction to Serverless Microfrontends in AWS, we saw the the pros and cons and use cases of Cognito, and we went Under the hood of AWS Lambda.

I also put together a Best of 2019 episode of Serverless Chats that shares some of my favorite moments.

Serverless Reads 📖

Developing a Serverless Twitter Streamer and Performing Sentiment Analysis
2020 is going to be the year of use cases for serverless, and I think ones surrounding data processing are going to be extremely important. This post by Ryan Lenahan will show you how easy it is to start adding sentiment analysis to your data streams.

The Ultimate Guide to Backend Serverless Development
Sam Williams has put together the Ultimate Guide to Backend Serverless Development. If you’re looking for a thorough primer, this is worth taking a look at.

Serverless ETLs? Easy Data Lake Transformations using AWS Athena
I’m a big fan of Athena and what it allows you to do with massive amounts of data. It takes some planning to get your data stored correctly, but it’s worth the exercise and is a lot cheaper than running something like Redshift.

re:Invent 2019: A Very Late Recap on Tech Highlights, Conversations, Observations & News
This is a great post by Mark Fowler that echos many of my thoughts around re:Invent. His point about education is spot on. There is way too much to learn, and the average developer simply will not have the time. If companies want to get serious about the cloud, they’re going to need to find that time for their devs.

Provisioned Concurrency: The Silver Bullet to AWS Lambda Cold Starts
Sarjeel Yusuf has the lowdown on the new Provisioned Concurrency for Lambda. Chances are you’ll never need to use this feature, but it’s good to know that it’s there if you do.

Monolith, SOA, Microservices, or Serverless?
If you’re interested in the different architectural approaches, Jalel Tounsi does a good job explaining them… until he gets to serverless. While the information is mostly accurate, the idea of using “serverless” for only client-heavy apps or that long-running tasks are a problem, goes to show that serverless is evolving so fast that the content can’t keep up.

How Many Ways are there to Schedule a Task?
Michal Yanko’s post describes several ways to schedule tasks, and for some specialty cases, I’d generally agree. She even provides a nice little flow chart at the end to help you choose. However, for me, I default everything to a serverless solution first. If that doesn’t fit, then I’d look at other alternatives.

Thoughts from Twitter 🐦

Startup Guidance 2010s:
• Work 120 hours a week • Ignore profitability • Grow at all costs  • Bay Area or bust • Hustle or die trying
2020s:
• Work however much feels right • Focus on revenue • Build a sustainable company • Hire remote teams • Take care of yourself
 ~ Brenden Mulligan
I can’t express how much I love this tweet. There is no doubt that hard work and dedication are important factors to success, but there’s something to be said about slow and steady. Over my 20+ year career, I’ve found that focus and simplicity are the things that get you ahead. I just wish I had taken my own advice sooner.

Hypothetically, if one is to write a book about #serverless architectures on #AWS in 2020, what kind of content would you be most interested in? A runthrough of service features? Architectural patterns? Mini-projects to follow along? Learnings from real-world architectures? ~ Yan Cui
Hypothetically, I would be very interested in this book. My only concern with books on topics like “serverless”, however, is that what was true yesterday, may no longer be true today.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

January 24, 2020 – ServerlessDays Belfast

February 13, 2020 – ServerlessDays Cardiff

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville

April 6, 2020 – ServerlessDays Boston

Final Thoughts (of the decade) 🤔

This past year, I published 52 issues of the Off-by-none newsletter, 29 episodes of the Serverless Chats podcast, several open source projects, and a bunch of blog posts. I also worked with a number of consulting clients to help them on their serverless journeys. It was incredibly busy, but also extremely rewarding. I was honored to be named an AWS Serverless Hero and to be able to speak at several conferences around the world. Now the question is, how do I maximize my time and help the most people I can in 2020?

I’m excited to announce that I will be shifting the majority of my time and attention in 2020 to this newsletter and the Serverless Chats podcast, along with time dedicated to open source contributions, writing, and other forms of serverless content production. I’ll also be doing plenty of consulting, so if you need help with any of your serverless projects, please feel free to contact me. I’m ridiculously excited about all the opportunities this will bring, and I’m looking forward to sharing more with all of you in 2020.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Happy New Year, 🍾🥂
Jeremy

Off-by-none: Issue #69

Serverlessly celebrating the holidays… ❄️

Welcome to Issue #69 of Off-by-none. Thanks for being here, and happy holidays to all of you! ☮️

Last week, we looked at more great content and video recommendations from re:Invent. This week, we’ve got some interesting serverless reads for your holiday reading list, plus plenty of other great content from the serverless community.

Serverless News & Announcements 📣

Cloud and Serverless Computing: Tech’s Unsung Heroes
Not really “news”, but serverless got a nice mention in the Wall Street Journal. “One important technology that is adding business value but hasn’t generated much buzz is serverless computing… Serverless computing can modernize applications while reducing the costs necessary to run and support them.”

ICYMI: Serverless re:Invent re:Cap 2019
If you still have a re:Invent hangover and can’t remember all the amazing serverless announcements, here’s a great recap with links to plenty of serverless-related session videos.

FaunaDB: Announcing UDF in Console
FaunaDB is another product on my list of things to take a deeper look at. If you’ve had experience with it, I love to hear your feedback.

Deno runtime support for Architect
There is now experimental support for Deno in OpenJS Architect by way of a custom runtime for Lambda.

LambCI version 0.11.0 is out – Updated to Node.js 12
Lots of updates in this new version, including upgrades to the Ruby/Python/PHP/Go/gcc versions, and it’s now available via the Serverless Application Repository (SAR).

Serverless Stories 📚

Tech Stack: How I quickly developed and launched a successful product as a solo developer
Thomas Thelliez created Pixelixe using Firebase and a few other managed services, all by himself. I like this story for several reasons, but perhaps the point that stands out the most, is how he leveraged the web browser to do most of the “compute” for him. With the rise of WASM, expect to see much more of this type of “client compute” in the future.

How rewundo minimizes costs by using the Serverless Architecture
The team at Rewundo is a self-funded, early-stage startup that is using serverless to iterate quickly and fail fast. This is a short piece, but captures the “serverless for startups” superpower quite well.

Serverless Use Cases 🗺

Generating PDFs with AWS Lambda NodeJS 10+ Runtimes
Classic use case for generating reports, invoices, etc. Joonas Laitio presents you with the hard way AND the easy way to do this with AWS Lambda.

How to build a serverless e-commerce portal
Want to take Amazon.com down a notch? Build your own serverless ecommerce portal on AWS. 😉

Serverless ML
Phil Massie has a very in-depth post that shows you how to get a simple weather prediction algorithm up and running on AWS Lambda. I’ve been meaning to try one of these Towards Data Science tutorials, but after re:Invent, I think I’m just going to spend more time learning all the new SageMaker stuff.

Serverless Concepts 🏗

Monitoring Serverless Applications Across Multiple AWS environments
There are a number of solutions for log shipping, including rolling your own. Zamira Jaupaj details how to build a flexible system that can ingest logs from multiple accounts and send them to Elasticsearch for analytics.

Couple of Minutes: Serverless Microservices Communication
Loganathan Murugesan has a good post that explains the different types of microservice communications used in serverless applications. Take note of the cascading effect of chaining Lambda functions with synchronous calls.

Distributed Tracing in Asynchronous Applications
Ran Ribenzaft explains the complexity involved with performing distributed tracing in modern async applications. There are a lot of “out-of-the-box” solutions out there, so implementing this yourself creates a lot of undifferentiated heavy lifting.

Serverless Tutorials 👩‍💻

Connect your relational database (MySQL) using Lambda, API Gateway and the Serverless framework.
This tutorial technically works, but I’m including it because it highlights one of my biggest frustrations with serverless. Things are moving really quickly, which is great from an innovation standpoint, but also makes it really difficult to stay current. There is now the Data API, RDS Proxy, Aurora Serverless, Secrets Manager, Parameter Store, Async/Await, and other new features that will make this example more robust, resilient and secure. This tutorial is from YESTERDAY, but (likely unbeknownst to the author) communicates outdated practices that should be avoided if possible. I don’t fault the author for writing this, as I believe sharing information and experience is extremely important. However, I’m not sure how we should address this as a community.

How to OCR Text in PDF and Image Files with Amazon Textract
Here’s a great tutorial by Yi Ai that shows you how to stitch together some services and build a serverless OCR text extractor.

Connecting a Node.js client to the new serverless Cassandra offering by AWS
It would be nice if the AWS SDK handled all this for you, but for now, it looks like you need to jump through a few hoops to get the new Amazon Managed Apache Cassandra Service running with your apps.

Serverless Security 🔒

Securing serverless platforms will be most challenging for network security in 2020
Klaus Gheri predicts that misconfigurations by humans and outdated third-party libraries will continue to cause security headaches with cloud deployments. The solution, he posits, is a shift towards cloud automation and cloud-based compliance posture automation.

Serverless Reads 🤓

IBM CTO Sees Smaller Container Platforms Ahead
This is another “can you see the writing on the wall” piece by Mike Vizard. K8s is a beast, and the future (as seen by Chris Ferris of IBM), is reducing the size of containers and letting them run as close to bare metal as possible (hello Margaret, it’s me, Fargate). And as mentioned, this leads to the eventuality of pushing compute to the edge and then down to the devices connected to it.

AWS Builders’ Library in focus #1: Timeouts, retries, and backoff with jitter
The AWS Builder’s Library is an amazing resource for cloud architects that want to learn directly from the people who have been building massively scalable systems at Amazon for over a decade. Yan Cui has a new series that is helping to summarize the posts for you.

Managing separately stateful and stateless Serverless Stacks
This is a great post by Aaron Osborne that articulates the current trend for building serverless microservices, separating your stateful and stateless components into separate stacks for easier management, better security, and more control over your environments. He also highlights the important point of being able to reuse existing tools as part of your serverless transformation. If you use Terraform to deploy other cloud resources, keep using that, but then use a more purposeful tool to deploy your serverless business logic.

Serverless Engineer, where are you?
Sheen Brisals is convincing the naysayers to think serverless-first. He outlines six traits of a “serverless engineer”, and through a conversation with the status quo, gently argues why these will be the ones that matter most.

New toolkits and platforms will bring maturity to edge and serverless in 2020
This time of year is always filled with prediction pieces, but this one by Kris Beevers resonates with me. Edge computing and its relationship with serverless is definitely something to pay attention to. He casually mentions WebAssembly, but I see this becoming a major piece of serverless edge systems (including browser-based compute). Lots of unanswered questions, but very promising.

Top 20 Azure Serverless Blogs of 2019
Don’t forget that Microsoft has lots of serverless things too. Surya Venkat curated the top 20 Azure Serverless blogs from 2019 for you.

For those who want an audio/visual experience 📽

Episode #28: Amplifying Serverless with Nader Dabit
In this episode, I chat with Nader Dabit about the AWS Amplify team’s philosophy around full-stack development, what the Amplify framework is empowering developers to do, and how new features like the Amplify Datastore are making it even easier to build full-scale serverless applications.

Serverless Stocking Stuffers: The 12 things you missed about serverless at this year’s re:Invent
Adam Johnson and James Beswick discuss all the serverless goodness from re:Invent.

What the teams at AWS have been working on 🚧

NoSQL Workbench for Amazon DynamoDB adds support for AWS Identity and Access Management (IAM) roles and temporary security credentials
This is a nice new feature that should make it easier for teams to work with DynamoDB tables from NoSQL Workbench.

AWS WAF improves request logging for context around matched rules
I can’t believe this feature didn’t exist before, but now you can review the area within a request deemed to be suspicious by SQLi or XSS detection rules. This will make analyzing false-positives and whitelisting a lot easier.

Amazon Textract is now PCI DSS certified and extracts even more data from tables and forms
Probably not an overly exciting announcement for most, but this opens up a lot of use cases for any workflows that include highly sensitive data.

Serverless Tools 🛠

PSM: Serverless Configuration Management
PSM, short for Parameter Store Manager, is a security enabled simple REST service to manage application configuration in AWS SSM Parameter Store.

failure-lambda
failure-lambda is a small Node module for injecting failure into AWS Lambda. It offers a simple failure injection wrapper for your Lambda handler where you then can choose to inject failure by setting the failureMode to latency, exception or statuscode.

Thoughts from Twitter 🐦

Here’s a timely reminder why you should use the lumigo-cli if you use AWS and Lambda. Reason #1 – it lets you powertune (i.e. find the best memory setting) functions with a single command #aws #awslambda #serverless ~ Yan Cui
Lots of good reasons to take a look at the lumigo-cli in this thread by Yan Cui.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

January 24, 2020 – ServerlessDays Belfast (I’m speaking here!)

February 13, 2020 – ServerlessDays Cardiff (And here!)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville (And also here!)

April 6, 2020 – ServerlessDays Boston

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rodric Rabbah (@rabbah). Rodric is the co-founder and CTO of Nimbella, a company that aims to help developers overcome the challenges they face when adopting serverless. Rodric was also a founder and lead technical contributor to Apache OpenWhisk, an open-source, advanced, and production-ready serverless computing platform offered as a hosted service from IBM and Adobe. While he was at IBM, Rodric and his team laid the groundwork for what we know today as IBM Cloud Functions, and even operated the earliest internal offering of serverless within IBM. Thank you for all you’ve done to contribute to the serverless ecosystem, Rodric! 🙌

Final Thoughts 🤔

This week we announced that ServerlessDays Boston will be on Monday, April 6, 2020. Hopefully you can join us, give a talk, or sponsor the event. Tickets go on sale January 1st.

Beside that, I will have more (hopefully exciting) news to share in the upcoming days as well. Until then, here’s wishing all of you safe and happy holidays. Thanks for being part of this amazing community.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Happy Holidays,
Jeremy

Off-by-none: Issue #68

Sorry, we’re still talking about re:Invent… 🤷‍♂️

Welcome to Issue #68 of Off-by-none. Thanks for being here!

Last week, we looked at a few of the big serverless announcements from re:Invent. This week, we’ve got some more great content and video recommendations from re:Invent, plus some awesome stuff from the serverless community.

Let’s get right to it! 🏎

Yup, there’s more stuff from re:Invent…

AWS Events Content
Didn’t get to go to all the sessions you wanted to at re:Invent? Well, you’re in luck, because hundreds of slide decks are now available on the AWS site. Most of the videos are available on YouTube as well.

AWS re:Invent 2019: A serverless journey: AWS Lambda under the hood (SVS405)
If you’re overwhelmed by the re:Invent session catalog and want some help choosing something to watch, I highly recommend taking a look at Holly Mesrobian and Marc Brooker’s presentation of AWS Lambda under the hood. Pay special attention to how Holly explains the error handling and retry mechanisms built into Lambda. Then architect your system to use them and let the cloud manage it for you.

Recap of AWS re:Invent 2019
I’m sure you’re sick of reading re:Invent recaps, but this one by Richard Seroter gives a great overview of all the main announcements (along with links) and will leave you feeling like you didn’t miss anything (which you probably did).

LaunchMas
Marcia Villalba shares all her favorite serverless launches from re:Invent in this awesome series of videos.

AWS re:Invent 2019 Swag Review
And finally, the really important stuff from re:Invent… swag. I spent a grand total of about 3 hours in the expo hall and only grabbed a few shirts and some stickers. Nick Triantafillou, on the other hand, somehow managed to document the offerings of all 12 million vendors (give or take). If you need to give your marketing team some ideas, forward them this link.

Serverless News & Announcements 📣

Atlassian launches new serverless cloud development platform
“Forge will empower developers to more easily build and run enterprise-ready cloud apps that integrate with Atlassian products.” Oh yeah, and it’s powered by AWS Lambda.

Serverless Use Cases 🗺

Deploy a Symfony application with AWS Lambda: in-depth analysis on advanced use
If you really want to run Symfony with AWS Lambda, then Alessandro Minoccheri shows you how to extend the basic application with more details on using the tmp folder, environment variables, and event triggers.

An Introduction to AWS Cognito
This is a good summary of the pros and cons of AWS Cognito. As with most opinionated systems, the lack of control can be an issue, but the use cases (especially being able to provide authentication to other AWS resources) makes it a compelling choice for the right types of workloads.

Serverless Concepts 🏗

Lambda Destinations: What We Learned the Hard Way
Jared Short and Forrest Brazeal spent some time banging on the new Lambda Destinations feature in AWS Lambda. There are some interesting complexities that you need to be aware of, and thanks to this post, now you will be.

Is it possible to debug Lambdas locally?
There seems to be a million ways to test, deploy, and manage your Lambda functions now. But even with all these tools, serverless development workflows still feel a bit clunky. Serkan Özal outlines a few different ways to structure code for local testing as well as explains how you can use cloud debugging for tracing more complex data flows.

Tips on unit testing AWS lambda’s SNS/SQS communication with Node
Marek Krzynówek gives you some ideas for testing your asynchronous Lambda functions. If you read this article and think, “wow, this looks really complicated,” you’re not alone. Testing shouldn’t be this hard.

Serverless Tutorials 🏗

microVM: Another Level of Abstraction for Serverless Computing
When AWS released Firecracker as an open source project last year, I heard many rumblings that nobody would do anything with it besides AWS. Mostafa Moradian has built a project that makes it easier to work with directly. I’m not sure exactly what I would do with it, but I bet there are a few of you out there that will come up with something really interesting.

AWS Serverless Application Model for ASP.Net Core Apps
If you are looking to go serverless with your ASP.Net Core apps, Ravi Aakula has a full walkthrough for you.

TensorFlow Image Recognition Tutorial using Serverless Architecture
Here’s another mind-bending machine learning tutorial from the Towards Data Science blog. This time, Raghav Prabhu uses a Convolutional Neural Network’s MobileNet model to perform image recognition with AWS Lambda. Yeah, I don’t know what that means either.

Serverless GraphQL on Adobe I/O Runtime
I’m a big fan of Adobe’s (and other SaaS platforms’) strategy around enabling ephemeral compute for their customers. Lots of interesting things can be done to enhance and optimize your workflows within a provider’s ecosystem. This article shows how they implement GraphQL with schema delegation on the I/O Runtime. Cool stuff.

Serverless application development with Node.js on AWS platform using Serverless framework
It’s been a while since I’ve included a getting started tutorial, so here’s something for the newbies. Gökhan Olgun has a very detailed article that walks you through the basics of building out a serverless API with a DynamoDB backend. Couple of minor nits: don’t use scan and use the DocumentClient to marshall/unmarshall those hideous DynamoDB type mappings.

How to write and test a serverless plugin
Davide de Paolis has a helpful article that can get you writing your own Serverless Framework plugins in no time.

Serverless Security 🔒

Waging a Winning WAR in AWS
Ignoring the hard sell at the end, this article makes a pretty good case for doing an AWS Well-Architected Review on your critical workloads.

‘Alexa, hack my serverless technology’ – attacking web apps with voice commands
There’s no substitute for good coding practices, and certainly, serverless applications are no exception. Event-driven applications (like serverless) offer many more sources of user supplied data. While we may not have WAFs to protect us, implementing some good old fashioned data validation can go a long way.

Serverless Reads 🤓

In Defence of “Serverless” —the term
Ben Ellerby defends the word serverless and attempts to define the boundaries of the term. Reminds me of my rant from last year that ended up turning into a keynote. In the words of Yogi Berra, “It’s like déjà vu all over again.”

AWS to Meld Containerd and Fargate
If you’re curious why Fargate running on micro-vms is so amazing, this article by Mike Vizard will give you a good summary of Claire Liguori’s explanation from re:Invent.

Amazon Managed Apache Cassandra Service stokes competition
On the list of databases that could benefit from being fully-managed and serverless, Cassandra was definitely near the top of the list. This article gets some perspective from others in the Cassandra ecosystem, with some hoping that a rising tide raises all ships. Ultimately for AWS, this was an incredibly smart move, and I think taking away the pains of managing your own Cassandra ring is probably worth missing out on a few features.

For the commuter… 🚎

Serverless Chats – Episode #27: ServerlessDays Going Global with Ant Stanley
In this episode, I chat with Ant Stanley about the history of ServerlessDays, how the serverless-focused conference has grown over the last few years, and what the global organizing team is doing to make it easier for new organizers to host an event.

What the teams at AWS have been working on… 🚧

Amazon CloudWatch Contributor Insights for Amazon DynamoDB (Preview) is now available in 15 additional AWS Regions
This is a super cool tool, so it’s good to see it being offered in more regions.

Amazon MQ introduces throughput-optimized message brokers
Amazon MQ now supports throughput-optimized message brokers, backed by Amazon Elastic Block Store. Throughput-optimized brokers reduce the number of required brokers and the cost of operating high-volume applications.

AWS Security Hub integrates with Amazon Detective
AWS Security Hub now integrates with Amazon Detective (preview). Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.

AWS CloudFormation updates for Amazon API Gateway, AWS CodePipeline, Amazon S3, AWS IAM, Amazon ECS, Amazon RDS, Amazon ES, AWS Lambda and more
AWS CloudFormation adds support for over two dozen new and updated CloudFormation resource types. These include the new HTTP API, Provisioned Concurrency, Lambda Destinations, and many more.

Amazon SQS Now Supports 1-Minute CloudWatch Metrics
Seems like a simple thing, but if you’ve ever had a queue backup, then you’ll welcome the added granularity.

AWS CodeBuild Now Supports Cross-Account Resource Sharing
Need to take a closer look at this, but I’m hoping I can ditch the cross-account roles in a shared services account and trigger CodeBuild projects in target accounts from shared CodePipelines.

Amazon CloudFront now provides seven new data fields in access logs
Ooh, I like the new time-to-first-byte metric.

Serverless Tools 🛠

Introducing sls-dev-tools
This looks like a promising project from Ben Ellerby and the team over at Theodo. They say it is “Chrome Dev Tools for the Serverless World.”

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

December 20, 2019 – Using Relational Databases with AWS Lambda – Easy Connection Pooling (Webinar)

January 24, 2020 – ServerlessDays Belfast (I’m speaking here!)

February 13, 2020 – ServerlessDays Cardiff (And here!)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville (And also here!)

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Adam Johnson (@adjohn). Adam is currently the Principal Product Manager for Serverless at New Relic, but you might know him from his days at the helm of IOpipe, where he was co-founder and CEO. IOpipe helped developers and engineering teams get real-time visibility into the detailed behaviors of their serverless applications. Adam and the IOpipe team have since joined forces with New Relic, and I look forward to the innovations his new team will make to the serverless ecosystem. Thank you for helping to build great tools for serverless, Adam! 🙌

Final Thoughts 🤔

It is amazing how long it takes to get back to normal after re:Invent, but I think I’m finally there. This past week has been a whirlwind of great discussions and follow ups from re:Invent. Lots happening, so I should have a bunch of great stuff to announce soon (including the date of ServerlessDays Boston). 2020 looks like it’ll be a great year for serverless.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next week,
Jeremy