Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.

My Latest Posts:

🚀 Project Update:

Lambda API: v0.10.2 Released

Lambda API v0.10.2 has been released to add additional TypeScript support (@maxmellen), fix an issue with multiValueHeaders containing a null value (@stawecki), and support for overriding console.log for logging output (@Sleavely). Read More...
🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #50

So much serverless content… 📚

Welcome to Issue #50 of Off-by-none. Thanks for stopping by! 😉

Last week, we looked at the new Serverless Components from Serverless, Inc. This week, we welcome Oracle to the FaaS party, share some excellent podcast listening, and we have a ridiculous amount of amazing serverless content from the community.

There is so much serverless goodness to get to, so we need to get right to it. 🎯

Serverless News & Product Announcements 🚀

Oracle Functions Now Generally Available
Oracle Cloud Infrastructure’s functions-as-a-service (FaaS) platform is now GA. (insert wisecrack here about being a little late to the dance).

Serverless September CFP!
The Cloud Advocates at Microsoft are hosting Serverless September. A new Azure serverless blog or tutorial will be posted every day during the month of September. Fill out this form if you’d like to contribute.

Serverless Stories 📖

From LAMP to serverless: case study of
Matthieu Napoli walks us through the migration of a PHP application to serverless on AWS using Bref. Lots of really interesting detail in here as well as an assessment of the effort required to accomplish each major task.

Building a minimal Evernote alternative in 6 hours with Amplify
Adam Clark was inspired by an old blog post of mine 🙌, and ended up building a prototype of a serverless note taking app in just a few hours!

How We Reduced Lambda Functions Costs by Thousands of Dollars
Mohamed Labouardy explains how his team implemented monitoring to tune their serverless infrastructure and save thousands of dollars.

Serverless: The Ideal Choice For Startups? (CloudForecast Case Study)
I love stories like this! Francois Lagier actually shows you the serverless.yml file that contains the four functions and IAM permissions that launched his startup’s infrastructure for $0.

Serverless with real-time communication (WebSockets)
Oskar Kaminski explains how his team built real-time communications into their app using API Gateway and websockets.

Serverless Use Cases 🗺

Some examples for micro services you can extract to serverless functions
Are you running enough server capacity to handle unexpected spikes? Philipp Heuberger explains why breaking off pieces of your application to make them serverless makes a whole lot of sense.

Building an infinitely scalable cloud host for less than $5/mo
Levi Nunnink does some back of the envelope math and discovers that a serverless solution would be quite inexpensive. Sure, there are other costs involved, but for the most part, his math isn’t far off.

How to Schedule Any Task with AWS Lambda
This is becoming a very common use case. Renato Byrro outlines several different serverless ways to schedule tasks with AWS.

Serverless Commit Message Validation
Here’s a simple use case that could come in quite handy. Harish Aravindan uses Lambda to validate commit messages by making sure they reference a JIRA ticket.

If you’re interested in learning some advanced serverless concepts… 🏗

The five Serverless Framework commands that you should be using
Ryan Jones outlines five common Serverless Framework commands that you should have at the ready. Deploying a single function and local testing are my two favorites.

How to generate deployment artifacts in your CI/CD pipeline for Serverless apps
This post looks at generating deployment artifacts in your CI/CD pipeline for Serverless Framework applications.

How to Manage Multiple Serverless API Gateways on AWS
The ability for custom domains in API Gateway to point different base paths to separate API Gateways is an incredibly powerful feature. Eoin Shanaghy shows you the basics in this post.

Differences between PUT and POST S3 signed URLs
Tamás Sallai explains the difference between PUT and POST S3 signed URLs. It’s good stuff to know, but he suggests just sticking with POST.

Getting the most out of CloudWatch Logs
Yan Cui does a deep dive into CloudWatch Logs and explains Subscription filters, metric filters for creating CloudWatch Metrics, and CloudWatch Logs Insights for analyzing log messages.

An easy way to manage Serverless project resources by using AWS Resource Groups
Yi Ai gives you a quick tutorial to show you how to use AWS Resource Groups with CloudFormation Stacks to list and perform tasks on corresponding resources in a group.

Understanding the AWS Lambda SQS Integration
Lots of people still struggle with the correct settings for SQS event sources with Lambda. Frank Rosner does a great job explaining the services and what to look out for in the configurations.

Why Serverless deployment artifacts cannot be reused across stages
Jack Jiang from explains why you can’t reuse artifacts from the Serverless Framework as part of stage promotions in your CI/CD process.

If you’re just starting your serverless journey… 🐣

The Ultimate Guide to Migrating to the Cloud with Serverless
Sam Williams has created this step by step guide to migrating an existing software product to run serverlessly in the cloud. If you’re looking to get started, this should help.

Why Use Serverless Architecture for App Development
Manisha Mishra outlines five reasons why you would want to utilize serverless. I’m curious if this statistic is correct: “developers spend 30–40% time in resolving the infrastructure or backend issues” with traditional architectures. It wouldn’t surprise me.

Developing AWS locally with Serverless Offline Plugins
I like to debug and test serverless functions locally, but Tobias Schaber takes it further by using local versions of DynamoDB and S3. I’m not a huge fan of local mocks, but do what you need to do to be productive.

Major in Serverless Confidence at Serverless Summer School!
If you haven’t had a chance to check out Stackery’s Serverless Summer School, you really should. There is a lot of great information and this will definitely help you develop (or sharpen) your serverless skills.

Serverless Tutorials 🏗

Meet AWS SAM CLI: sam init
Eric Johnson gives you a run down of all the commands you need to know to get you started with the AWS SAM CLI.

Building a Full-Stack Serverless App with Cloudflare Workers
In this tutorial, Kristian Freeman shows you how to build a full-stack serverless application on top of the CloudFlare Workers platform, using Wrangler, Cloudflare’s command-line tool for building and deploying Workers applications.

New – Local Mocking and Testing with the Amplify CLI
Danilo Poccia gives you a quick tutorial on how to use the new local mocking and testing features in the Amplify CLI.

Introduction to Amazon Lambda, Layers and boto3 using Python3
Gabriel Dos Santos Goncalves gives you the basics of setting up a Lambda function and using Lambda Layers to load a CSV file as a Pandas DataFrame, do some data wrangling, and save the metrics and plots on report files to an S3 bucket.

Found in translation
James Beswick shows how to connect an Amazon S3 bucket to Amazon Translate, so every time a new text object is added to the bucket it will be automatically translated into a number of different languages. Very cool.

Learn Serverless by Making a Slack App: Part 1
In this (very in depth) tutorial, Lekha Surasani shows you how to create a serverless Slack application with AWS.

Make your website live with Serverless framework
Maciek Grzybek gives you a quick and easy way to deploy your Gatsby site to AWS using the Serverless Framework with the serverless-finch plugin.

A Beginner’s Guide to AWS AppSync
Looking for a quick start on AWS AppSync? Ran Ribenzaft has a great tutorial to get you started.

How to create PDF in Lambda using Puppeteer
Crespo Wang follows up on his wkhtmltopdf post and this time uses Puppeteer and chrome-aws-lambda to accomplish the same task.

Developing and testing GraphQL APIs, Storage and Functions with Amplify Framework Local Mocking features
Ed Lima gives you another run through of working with the new local development features of Amplify.

Serverless Security 🔒

Serverless Security: Best Practices to Secure your Serverless Infrastructure
Hillel Solow outlines a number of serverless security best practices to make sure that your serverless infrastructure is secure.

Is Your Serverless Application Secure?
Swaroop Yermalkar points out several ways to exploit Lambda functions if you leave your application open to application level attacks. This is a good reminder that it doesn’t matter how secure the cloud is, YOU are still responsible for app security.

AWS Amplify’s Security UX is Insufficient and Dangerous
Ross Williams points out some security concerns with AWS Amplify. I’m curious if others have verified this?

Serverless Computing Services Security Quick Guide
Trisha Paine from Protego outlines more best practices for making sure your serverless applications are secure.

AWS Lambda Security Checklist
Ben Ellerby points out a few main things to be conscious of when deploying your serverless applications. Good advice.

Serverless Reads 🤓

How to do blue-green deployment for Step Functions
This is really interesting. Do you know what happens to Step Function executions when you deploy a new version? Yan Cui looks into it.

ICYMI: Serverless Q2 2019
Everything you could possibly want to know about serverless happenings at AWS in Q2, nicely curated for you.

Non Prod AWS Lambda Environments
How does serverless benefit us in environments & deployment management? Muhammad Umair explains.

Approaches for serverless without vendor lock-in
Jason Umiker wrote a demo Express.js app that can be deployed to all three major cloud providers. I get the initial appeal of this, but I think making potentially subpar technology choices just to avoid highly unlikely migration costs in the future is wasted productivity.

Why Serverless Apps Are Taking Over
This post is another take on the pros and cons of serverless applications. There are more and more pieces like this, but I always like seeing what others make of the benefits (and shortcomings) of serverless.

Whole-Event Serverless Observability
Erica Windisch explains why IOpipe has chosen to implement Whole Event Observability that is complete, unsampled, and non-aggregated.

Serverless Functions With WebAssembly Modules
This is a really interesting set of experiments run by James Thomas. Being able to use WebAssembly modules in our Node.js serverless functions is pretty cool, especially if we need more complex compiled libraries.

Why I Converted an AWS SAM Template to Serverless (And Maybe You Should Too)
Yann Stoneman from Serverless Gurus really likes the Serverless Framework. According to this post, using the Serverless Framework reduced deployment complexity by 97.4%. I do like what AWS is doing with SAM, but the Serverless Framework is just so easy.

Serverless application architecture with GraphQL
Pritam Roy explains why he believes GraphQL is superior to traditional REST APIs. I’m a big fan of GraphQL, but I still love REST for lots of things.

Python Pandas at Extreme Performance
What if you could write simple code in Python and run it faster than using Spark, without requiring any re-coding or devops overhead? Yaron Haviv says it’s possible today using Nuclio and RAPIDS.

When you prefer multimedia experiences… 📽

Serverless Chats – Episode #9: Chaos Engineering in Serverless with Gunnar Grosch
In this episode, I chat with Gunnar Grosch about the motivations behind chaos engineering, how we run chaos experiments, and what are some of the common weaknesses we can test for in our serverless applications.

Serverless beyond Functions: Building Modern Applications
Another great presentation by Danilo Poccia. These are just the slides, but just reading through them is still worth it.

Fast, Cheap & Global React Apps via Serverless Framework Components [Video]
Here’s a tutorial from Austen Collins on how you can deploy React applications that are fast, global and cheap to host. The outcome of this is a website with a React app, a custom domain and SSL certificate.

ServerlessTalk – S02 Episode 2 – Discussing Observability with Honeycomb CTO Charity Majors
This is an excellent episode featuring Charity Majors. Charity says failed deployments should be rare, and if you’re not deploying on Fridays, you’re sacrificing 20% of your velocity. “Code only matters once it’s been shipped!”

Testing Serverless AWS AppSync GraphQL APIs with AWS Amplify – Quick Start
In this quick video, Nader Dabit shows you how to use the “mock” command that was added as part of new test suite built into the Amplify CLI that allows you to test GraphQL APIs, NoSQL databases, storage, and Lambda functions.

When you’re wondering what AWS is building… 👷‍♀️

Amazon SNS Message Filtering Adds Support for Attribute Key Matching
Amazon Simple Notification Service (SNS) message filtering now supports attribute key matching. This feature lets you create an Amazon SNS subscription filter policy that matches incoming messages which contain an attribute key, regardless of the attribute value associated with this key.

Amazon CloudFront Announces Support for Resource-Level and Tag-Based Permissions
You can now define Identity and Access Management (IAM) policies to specify granular resource-level and tag-based user permission in CloudFront. These new features give you increased flexibility to manage access to your CloudFront distributions.

Amazon Rekognition now detects violence, weapons, and self-injury in images and videos; improves accuracy for nudity detection
Hot dog, or not hot dog. Plus Amazon Rekognition improves Face Analysis.

AWS Step Functions Adds Support for Nested Workflows
AWS Step Functions now allows you to orchestrate more complex processes by composing modular, reusable workflows. This is pretty cool!

Amazon DynamoDB now helps you monitor as you approach your account limits
Amazon DynamoDB now publishes account metrics to help you monitor capacity consumption against your account limits. You can now alarm as your capacity approaches your account limits and proactively request limit increases, helping ensure your DynamoDB tables are always available.

Serverless Tools 🛠

Automating AWS Lambda Layer Creation for Python with Makefile
Ojas Kale gives you a simple Makefile that will automate the creation of Lambda Layers for Python.

A History of Amazon Web Services (AWS)
Not sure if this classifies as a “tool” or not, but Jerry Hargrove has done an amazing job putting together this list of announcement and launch dates for AWS services.

sosw – Serverless Orchestrator of Serverless Workers
sosw is a set of serverless tools for orchestrating asynchronous invocations of AWS Lambda Functions. Nikolay Grishchenko has a post that explores how you can use it to solve some uncommon use cases.

Thoughts from Twitter 🐦

“My question is: what happens in a serverless world when the cloud provider doesn’t detect hardware wonkiness due to gray failure? How would an app owner identify that an increase in errors is localized to a particular “node”, if that abstraction isn’t exposed?” ~ Lorin Hochstein
This is just one of those really interesting questions that most of us never think to ask.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

August 16, 2019 – Serverless Application Troubleshooting Webinar with Yan Cui (Lumigo)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rich Buggy (@richbuggy).  Rich is the CTO at piiq digital and a serverless consultant from Sydney, Australia. He also writes about all aspects of the serverless development process on his excellent blog, But one of the things that makes Rich such a valuable member of the serverless community, is his willingness to help people. It’s hard to find a post on that he hasn’t replied to. And if he can’t provide you with an answer, he’ll at least point you in the right direction.  His continued dedication not only makes the forums more useful, but he makes the community a better place to be. Thanks for everything you do, Rich! 🙌

Final Thoughts 🤔

Wow. There was so much content this week! 😳 Speaking of which, I’ve been adding some additional content sources to find new and interesting serverless posts, but if you ever have an article to share, please send it to me. Also, Off-by-none is turning ONE in a few weeks. We’re planning something big, so stay tuned. 🎂

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #49

Introducing Serverless Components… 🚀

Welcome to Issue #49 of Off-by-none. Thanks for being here! 🙌

Last week, we took a deep dive into Laravel Vapor, a new service that lets you deploy serverless Laravel applications. This week, we look at the new Serverless Components, plus we have plenty of great serverless content from the community.

There’s a lot of serverless to get to, so let’s get started. 🏇

When you’d rather focus on outcomes… 🏆

This past week, Serverless, Inc. announced Serverless Components Beta, a new way to easily deploy serverless applications without complex infrastructure configuration files. The idea is to create reusable, composable, cloud-agnostic components that completely abstract away infrastructure configuration. It’s sort of like SAR (the Serverless Application Repository) from AWS, but even easier to use. Just a few simple parameters, and all of the infrastructure complexity is handled for you.

You can check out the repo here: serverless/components

People have already started playing around with Serverless Components. Check out Gavin Lewis’s Road Testing Serverless Framework’s Components and Christopher Bartling’s Deploying Gatsby websites using Serverless Components for some early feedback.

Serverless News & Product Announcements 🚀

Epsagon Delivers Automated, Distributed Tracing for .NET Apps
Epsagon now supports .NET, enabling more support for hybrid environments.

EventBridge Use Cases and Examples
v1.49.0 of the Serverless Framework now has support for Amazon EventBridge. Philipp Müns gives us a great overview of some of the use cases that it can support.

Announcing PartiQL: One query language for all your data
Hmm, this looks… interesting. Too bad it needs to run on a JVM. I’ll be curious to see where this goes and whether or not it crosses over into ORM territory.

Introducing the AWS Baseline
Florian Motlik just released a really interesting open source tool that lets you deploy and manage multiple AWS accounts using a series of customizable defaults. He explains the differences between this and Control Tower in this post, and why you might want to take a look at what he’s done.

Serverless Step Functions: no more leaky abstractions
Version 2.2 of the Serverless Step Functions plugin now allows you to use the local function name instead of CloudFormation logical IDs generated by the Serverless Framework. 👍

Serverless Stories 📖

Monolith to Microservices to Serverless — Our journey
Ben Jones from ResponseTap discusses his teams transition from a traditional monolith, through K8s, and then finally on to serverless.

Custom Runtimes in AWS Lambda. A good idea? Yes, but only if you have to!
Ben Ellerby recounts his experience with the pros and cons of using custom runtimes in AWS Lambda.

Serverless Use Cases 🗺

Building a state-aware workflow with Amazon Connect and AWS Step Functions
Naveen Narayan shows you how to use Step Functions along with other AWS services to build a better customer support ticketing system.

Launch: AWS Budgets Integration with AWS Chatbot
This is a great example by Erin Carlson and Matt Cowsert of how to stitch a few AWS serverless services together to solve real world problems.

Cross-Region Actions with CodePipeline on AWS
Gavin Lewis outlines a use case that could be applied to lots of deployment scenarios. I honestly don’t think I’ve ever seen two CI/CD pipelines that are alike.

If you’re interested in learning some advanced serverless concepts… 🏗

Building a Custom Serverless Chatbot — Pieces & Parts
Paul Heath put together quite the compendium of information on serverless chatbots. Lots of reference information in here, but if you’re thinking of building one, this could save you quite a bit of research time.

Intro to Lambda Layers in Python
Lambda Layers are incredibly powerful and make it easy to split out reusable code into separate components. This piece will get you started.

AWS Amplify beyond the quickstart
Christophe Bougère does a deep dive into AWS Amplify, along with thoughts on limitations, some real world integration examples, and a wishlist for the Amplify team.

If you’re just starting your serverless journey… 🐣

How to Create an HTTP Endpoint on AWS With Serverless Framework
Matt Solomon has a great starter tutorial for anyone looking to get started with the Serverless Framework.

Building RESTful APIs — Serverless — Part 1 – AWS Cognito User PoolsPart 2 – AWS Lambda, and Part 3 – API Gateway
In this three part series by Mahfuzul Alam, he walks you through building a serverless RESTful API using AWS services. Next step is IaC.

Anatomy of a Serverless YAML File
Here’s a great resource from Richard Keller that explains what each part of the serverless.yml file does.

The Serverless Framework vs Stackery
This is like a heavyweight title bout. 💪 Masoud Abdi gives some of the reasons why you might choose one over the other, but I still think Muhammad Ali would come out on top. 😉

Function as a Service — A new paradigm shift in Software Development
Dineshkumar Yadav has some thoughts on the power and limitations of FaaS.

Move Your Spring Boot API to AWS Lambda and Reduce Costs by 100%
Yann Stoneman points out the benefits of moving your Java app to Lambda.

Serverless Tutorials 🏗

Toward a bastion-less world
I still haven’t tried this new feature with AWS Session Manager, but Vinod Shukla gives you a full rundown of how to configure it.

Serverless WebSockets
Mischa Spiegelmock takes you through the history of bi-directional web communication and shows you how to use WebSocket support in API Gateway.

Testing Cloud Functions with Jest
Testing is one of my favorite topics, and Keith Coughtrey has put together a good overview of how to get started with Jest.

How to make serverless framework boilerplates customizable
Yan Cui has some ways to customize boilerplates in your serverless.yml files. This overcomplicates things for me, but I can see it working in the right circumstances.

Excluding the AWS SDK from a Serverless Package
Chris Shepherd offers a workaround to reduce your package sizes by cutting out the AWS-SDK. Current best practice is to include the version of the AWS-SDK that you need for your project, which seems heavy, but will get better once v3 is launched.

Serverless Security 🔒

Secrets Management for AWS Powered Serverless Applications
Gareth McCumskey has another great post about managing secrets in Serverless applications. There are many ways to do this, but the new Serverless Framework capabilities are pretty sweet.

Analyzing AWS WAF logs with Amazon ES, Amazon Athena, and Amazon QuickSight
Great post by Aaron Franco that shows you how to aggregate all your AWS WAF logs into a central data lake so that you can query and visualize them.

S3 Bucket Namesquatting – Abusing predictable S3 bucket names
This is an interesting piece by Ian Mckay that talks about a different type of vulnerability that could affect your automation scripts.

Serverless Reads 🤓

Serverless is not a Technology
Toby Fee explains why serverless is not a technology and not a product, but a goal. Great comparison to DevOps as being an ideal state of collaboration.

Infrastructure as Code in the Era of GraphQL and Full Stack Serverless
Nader Dabit has a vision for the future of full stack application development, and Amplify is a manifestation of that vision. This is a very interesting read.

AWS CloudFormation is an infrastructure graph management service — and needs to act more like it
Ben Kehoe outlines one of the major issues with CloudFormation that requires sanctioned workarounds in order to appropriately connect resources when deploying your infrastructure.

Do X-Ray and IOpipe play nice together?
According to Austin Huminski, yes, they do. There is some good detail in here about how X-Ray works and how observability services like IOpipe go beyond what standard AWS tools do.

Building Serverless Data Lake Pipeline on AWS
Looking for some ideas around building a data lake, Joey Yi Zhao outlines his thoughts on using Glue along with some other services to create one of his own. Sample code included.

Cloud Run VS Cloud Functions: What’s the lowest cost?
This is a really interesting piece by Guillaume Blaquiere that compares these Google Cloud services on more than just cost. I really like the isolation that the single concurrency model brings, but Cloud Run is really interesting.

It’s Time for Fullstack Dev Tools
Interesting idea by Nir Soudry to start integrating browser dev tools with backend tracing technologies. It would be really great to see the whole picture.

When you prefer multimedia experiences… 📽

Serverless Chats Podcast – Episode #8: Observability in Modern Applications with Ran Ribenzaft
In this episode, I chat with Ran Ribenzaft about the three pillars of observability, how we instrument our code, and the how and why of distributed tracing in modern applications.

Simple example using Amazon EventBridge
Marcia Villalba shows you the basics of EventBridge with the Serverless Framework. But since this video was recorded (just a week ago), native support has been added in the Framework. Things move fast!

Building Resilient Serverless Systems
In this QCon presentation, John Chapin explains how to use serverless technologies and IaC to build resilient systems in the cloud.

Serverless chaos – Disk space failure
Gunnar Grosch looks at using tmp storage with AWS Lambda and creates a chaos engineering experiment to simulate a disk space failure.

FLOSS Weekly 540 Serverless – Podcast
Gareth McCumskey is a guest on this podcast and explains what serverless is and what you can do with it. If you think everybody knows about serverless, I think this podcast will open your eyes a bit. We have a ways to go to spread the word of serverless.

The Right Serverless Mindset & Multi-Cloud Strategies and Compliance and Zero-Trust
The new Serverless Smarts podcast by Protego has an episode with Ryan Jones from Serverless Guru. These are two posts that sum up parts of the discussion.

Distributed Tracing in Modern Applications – Microservices and Containers
Epsagon has a webinar with Ran Ribenzaft and Hen Peretz, along with Stuart Scott from Cloud Academy to give you some fundamentals of distributed tracing and instrumentation.

When you’re wondering what AWS is building… 👷‍♀️

Amazon Polly Launches Neural Text-to-Speech and Newscaster Voices
Neural Text-to-Speech (NTTS) technology, which delivers “ground-breaking improvements in speech quality through a new machine learning approach”, is now available on Polly. Plus several new voices.

Amplify Framework Adds Predictions Category
“No previous machine learning experience is required.” This new Predications category lets you easily plug in services like Rekognition, Textract, Transcribe, and Comprehend. More details here.

Lambda@Edge Adds Support for Python 3.7
What’s next, custom runtimes? 😜 There’s more work to be done with Lambda@Edge, but adding additional runtimes is a good next step.

AWS CloudFormation now supports higher StackSets limits
The number of stack sets you can have in your administrator account has increased from 20 to 100. The number of stack instances you can have per stack set has increased from 500 to 2000. That’s a lot of StackSets.

Serverless Tools 🛠

Serverless costs calculator for AWS Lambda
Simple tool from the Bref team to give you a rough idea of your Lambda costs on AWS.

hammerframework/hammer: Opinionated, full stack, serverless JAMstack web application framework
It seems as though this project is just getting off the ground, but more projects like this will pave the way for more serverless adoption.

Serverless PHP on App Engine Cloud Firestore with Firevel
Laravel recently went serverless with Laravel Vapor for AWS, now this new project is offering a Google Cloud alternative.

Thoughts from Twitter 🐦

Quick life update: Friday was my last day on the AWS Evangelism team. I’ve moved to the Amazon Connect team to help build out new features and tools for a super fun product. I’ll still be around and speaking but with less of a focus on outbound. Thanks for an amazing 5 years! ~ Randall Hunt
Randall has been at the core of the AWS Evangelism team for as long as I can remember, and has been a source of some truly amazing and helpful content. Wishing him well in his next role!

I didn’t get why “stackery local invoke” is better than the SAM CLI until I tried it. Here’s the killer feature: It magics a trust onto your deployed Lambda roles so you can test local code under the *cloud stack’s* permissions. This is the future. ~ Forrest Brazeal
I’m a huge fan of testing serverless functions locally. It’s a workflow that I’m used to and most productive with. Stackery is making that easier for us.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Adrian Hornsby (@adhorn). Adrian is a Senior Tech Evangelist at AWS that likes to break things, but in a good way. Adrian has been writing and talking about building resilient serverless applications for quite some time, and has been instrumental in bringing serverless Chaos Engineering to the masses. He has written a Lambda Layer that you can use to start running chaos experiments, and he has a blog that contains a treasure-trove of information on building battle-tested serverless applications. Thank you for what you do, Adrian. The serverless community is lucky to have you!  🙌

Final Thoughts 🤔

Every week, I spend a lot of time reading posts that teach people about serverless, reviewing serverless forums, and scrolling through community Slack channels. And every week I see people eager to learn, people eager to teach, and most importantly, people eager to help one another. This past weekend, the United States was devastated by another hate-filled attack. I don’t pretend to know how to solve this problem, but I do know this:

People helping people is a beautiful thing. Learning from one another, and celebrating diversity in opinions, culture, mindset, backgrounds, and ideas, makes us better developers, better community members, and better human beings. Differences are inevitable, but the way we work through those differences can either move us forward, or set us back. I see the serverless community as an example of people trying to move us forward, welcoming anyone who wishes to take part, and treating everyone with the respect and dignity they deserve. We need more of this. ❤️

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.


Off-by-none: Issue #48

Turning PHP Servers into Vapor… 💨

Welcome to Issue #48 of Off-by-none. Thanks for joining us this week! 👋

Last week, we looked at the new full lifecycle Serverless Framework and heard some additional thoughts about Amazon EventBridge. This week, we take a deep dive into the recently announced Laravel Vapor, and as always, share lots of amazing content from the serverless community.

Before we begin, make sure you fill out the State Of Serverless Community Survey that Serverless, Inc. is running. Always amazing insights from the results.

Okay, there’s a lot of amazing serverless content to get to. Let’s get right to it. 🏎

When you find out that a massive community of PHP developers can now go serverless… 🙌

This past week at Laracon, Taylor Otwell, creator of the Laravel framework for PHP, launched Laravel Vapor. Vapor is a new deployment and management service that lets you run serverless Laravel! Using your existing Laravel projects, you can use Vapor to deploy your application to a combination of Lambda, SQS, S3, and CloudFront. You also have several options around caches and databases, including Aurora Serverless.

This is a very, very big deal for the serverless community. Laravel is extremely popular, has an active community, and boasts tens of thousands of production implementations in the wild. Introducing an entire population of PHP developers to serverless and letting them easily reuse millions of hours of development time, is perhaps one of the most frictionless paths to serverless I’ve ever seen! Plus, Vapor only interfaces with the customer’s AWS account, giving developers complete control to add additional services to extend their applications with other serverless AWS offerings. I’m excited to see what people do with this.

If you’re interested in learning more about the details of Vapor, Taylor Otwell and I had a chat (Serverless Chats – Episode #7) about it. Lots of really great information in here that gets into the nuts and bolts of how it works, and what the future of Laravel and serverless might look like.

Serverless News & Product Announcements 🚀

New tool from cloud startup Stackery streamlines AWS serverless development
Wow! Stackery has released their CLI as a standalone tool that anyone can use, even without a Stackery account. Debugging and iterating locally is a huge time saver when developing serverless applications. Tying into your cloud resources makes this so much easier. Learn more here.

Zero Configuration AWS Lambda Notifications & Alerts with Serverless Framework
Some new details about the recently released full lifecycle Serverless Framework. The notifications and alerts feature includes zero configuration anomaly detection that tracks and alerts on metrics like memory usage, function duration, errors, and invocations.

Sigma Product Updates
The Sigma web-based IDE for serverless applications announced support for Python as well as the ability to debug Lambda functions before deployment.

SAM v1.13.0 Released
A new version of the Serverless Application Model has been released with OpenApi 3 Support, Request Models Support, and a number of bug fixes.

Introducing Durable Entities for Serverless State
Jeremy Likness gives you a rundown of the new Durable Entities for Microsoft Azure. Lots of interesting serverless stuff happening over there at Azure. 🧐

Serverless Stories 📖

Starting my Python journey with a Serverless application
I always love seeing people experience the magic of serverless. In this piece, Hirudinee Liyanage walks you through building a serverless function in Python using the Sigma IDE.

How we made our Serverless payments platform CMS driven
Static sites using headless CMS tools seems like all the rage these days.

How I’m writing Nodejs Serverless services these days
Ewan Valentine has developed some conventions for developing serverless applications, and he graciously shares them with us. I feel like a lot of us that have been working with AWS and Lambda for awhile have a similar post swirling around in our brains.

Serverless Use Cases 🗺

Simple Two-way Messaging using the Amazon SQS Temporary Queue Client
What sort of black magic is this? Temporary queue clients for Request-Response scenarios using SQS instead of HTTPs? Very interesting, though not sure how long-polling receivers would work with Lambdas just yet.

Serverless Web Scraping With Python, AWS Lambda and Chalice
Danny Aziz lays out a five step plan for using Lambda to pull data from other sites.

Manage databases through custom skills with Amazon Alexa and AWS Systems Manager
“Alexa, drop all my production databases.” As long as that command isn’t supported, I think this is a pretty cool use case.

Debugging AWS Services with Lambda
The power of Lambdas (beyond just resizing images for you). Gary Sieling points out an excellent use case, debugging other services in your account.

Serverless Video Rendering
I’ve seen some examples of this before, but parallelizing video rendering could be very powerful if it is done right.

Attaining Spending Sanity with Serverless
Trying to enforce CloudFormation resource tagging to help track and manage your cloud costs? Use serverless like Justin Rice does.

If you’re interested in learning some advanced serverless concepts… 🏗

Ten Things Serverless Architects Should Know
Justin Pirtle from AWS has an excellent piece that outlines some very important concepts that serverless architects definitely should know.

Chaos Engineering — Part 2
Adrian Hornsby’s work is the gift that keeps on giving. His Failure Injection Lambda Layer makes it easy to start implementing serverless chaos experiments, and this posts gives you some much needed context for figuring out what to test.

AWS S3 Event Notifications have “probably once” delivery
Eric Urban coined this phrase to emphasize the “on very rare occasions, events might be lost” issue with S3 notifications. He implements a clever way of dealing with it, though a delivery guarantee would be much better.

Building a Modern CI/CD Pipeline in the Serverless Era with GitOps
Shimon Tolts discusses the transition and the different steps of modern software development to showcase the possible solutions for the serverless world.

A walkthrough of the Amazon DynamoDB Accelerator console – Part 2
If you’re using DynamoDB and you need microsecond response times, DAX is an excellent write-through cache solution. Ishita Mehta-Desai gives you a walkthrough of the console and how it works.

AWS Serverless App: Testing
A quick run down on setting up unit tests on serverless projects with Sinon, Chai, and NYC for recording test coverage.

If you’re just starting your serverless journey… 🐣

The 6 concepts you need to know before trying Serverless
If you’re getting started with serverless, take Lou Bichard’s advice and learn these six key concepts. I agree with all of them. –  Serverless help from experts
Got serverless questions? Jared and Forrest at Trek10 set up this great little Q&A site that should get you pointed in the right direction.

Building applications rapidly with Serverless
Gareth McCumskey’s article will get you started with the Serverless Framework, including setting up an account to see the new full lifecycle capabilities. Don’t get distracted by the adorable baby photo in his profile picture.

Introduction to AWS SAM and Installation and Initialization of Project
If you’d rather get started with AWS’s Serverless Application Model instead, take a look at this article.

Awfully Thorough Guide to Choosing the Best Serverless Solution
I included this post by Ilya Kritsmer two weeks ago, and he has since added Part 1.2Part 1.3Part 2.1, and Part 2.2. Excellent content, but I think he should pace himself a bit. 😉

Serverless Tutorials 🏗

Forms without servers — handling form submissions with Lambda
James Beswick is back with another great post. I’d guess that 99.9% of websites could be static if it wasn’t for that pesky contact form. Serverless to the rescue.

Introducing a better way to record custom metrics
Yan Cui wrote a new SAR app that parses custom metrics from CloudWatch Logs and sends them to CloudWatch as custom metrics.

Serverless contact form handling for static websites
If you’re using Google Cloud instead of AWS, here’s how to add that serverless contact form to your static sites.

Automating Amazon CloudWatch alarms with an AWS CloudFormation macro
Interesting post by Alex Nicot that shows you a clever way to utilize CloudFormation macros.

How to process media in AWS Lambda? (FFMPEG)
Mohammed Lutfalla shows you how he set up a media processing pipeline using FFMPEG and Python. There’s also a Lambda layer for this.

Developing and Testing Lambdas with pytest and LocalStack
It’s always interesting to see how people set up local development workflows and local testing. Ciaran Evans shares his methods.

Deploy Serverless App with Next.js 8, AWS Lambda and CircleCI — Part 1
This is a full walkthrough to get you started using Next.js and AWS Lambda to get a serverless service up and running. Code included.

Serverless Security 🔒

7 Serverless Auth Strategies for Protecting Gated Functions
David Wells outlines the pros and cons of seven different strategies used to authorize access to your serverless functions.

The Truth About Serverless Security
Roman Sachenko covers a long list of precautions that developers should take when developing serverless applications. I agree with nearly all his suggestions, but it is important to stress that you’re already way ahead of the security game when you switch to serverless.

7 Ways to Deal with Application Secrets in Azure
I’m a fan of whatever Mikhail Shilkov writes, so I’ve included this for two reasons. I think this is good info in general, and with a few tweaks, it would apply to AWS as well.

Use AWS S3, KMS and Python for Secrets Management
Ruan Bekker proposes a solution for secrets management.

Serverless Reads 🤓

Cloud Irregular: Amazon won’t spin off AWS, and that’s too bad for AWS
Forrest Brazeal has a great post about the pressure software vendors feel to avoid using AWS because of conflicts from potential clients that compete with According to him, this is resulting in suboptimal technology choices in order to hedge bets against future customers. Seems crazy, but I totally get it.

How Serverless Is Impacting the IT Landscape
Bit of a plug article, but has some interesting statistics about the electricity use of data centers. Serverless provides an interesting solution to this problem versus always-on, dedicated resources.

Serverless for Startups — A quick way to build and validate your ideas.
Edmo Lima gets it, and hopefully others will too. For any technology startup looking to move fast, iterate quickly, and scale without worrying about rewrites, serverless is the fastest and cheapest way to get there.

Why we didn’t brew our Chai on AWS Lambda
Okay, serverless isn’t all rainbow and unicorns, and it’s important to hear stories where it doesn’t work well for someone. Nikhil Sharma outlines why their team decided against it.

Serverless Architecture Market Size Worth $9.17 Billion by 2023
This is a pitch for the full-report, but there are a few stats that are shared in this post, plus a sample report.

When you’d rather have the book read to you… 🔊

Serverless Chats – Episode #7: Serverless Laravel using Vapor with Taylor Otwell
In this episode, I chat with Taylor Otwell about Laravel Vapor, a new service that lets you deploy your Laravel PHP applications to Amazon Web Services and run them using a fully managed suite of serverless components.

Cedrus: Migrating a Legacy Application to a Serverless Ecosystem
Matt and Bradley walk us through the migration of the ABCL’s legacy Visual Basic and Oracle application to a Serverless ecosystem that leverages Amazon AppSync to allow users to query data without having to understand query languages or data structures.

Modern Apps on AWS: Challenges and Solutions
Trevor Hansen from AWS, Forrest Brazeal from Trek10, and Nitzan Shapira from Epsagon give a master class in modern application development.

When you’re wondering what the devs at AWS are building… 👷‍♀️

Introducing AI-Driven Social Media Dashboard
Monitor and ingest specified tweets using stream processing and leverage a serverless architecture and machine learning services to translate and extract insights from those tweets. 😳

Amazon SNS Adds Support for AWS X-Ray
You can now enable AWS X-Ray for your messages passing through Amazon SNS, making it easier to trace and analyze messages as they travel through to the downstream services.

Introducing AWS Chatbot (beta): ChatOps for AWS in Amazon Chime and Slack Chat Rooms
AWS Chatbot provides an interactive agent that enables you to monitor and interact with your AWS resources from team chat rooms. More on this here.

AWS Amplify Console adds support for automatically deploying branches that match a specific pattern
This is pretty cool. The Amplify console now supports branch pattern deployments, allowing developers to automatically deploy branches that match a specific pattern without any extra configuration.

CloudWatch Logs Insights adds cross log group querying
This is quite amazing. Being able to consolidate metrics from across multiple functions is incredibly powerful. This is perfect for common metrics that span across multiple Lambda functions.

Amazon S3 adds support for percentiles on Amazon CloudWatch Metrics
More good stuff for CloudWatch Metrics. This provides customers with more granularity about their request patterns on S3 and helps them observe and diagnose anomalies in request patterns on S3.

AWS IoT Events actions now support AWS Lambda, SQS, Kinesis Firehose, and IoT Events as targets
This seems extremely useful for a number of use cases. In addition to publishing messages to SNS and MQTT, these extra targets now open up a ton of new capabilities.

Temporary Queue Client Now Available for Amazon SQS
The client supports common messaging patterns such as request-response, and helps you save development time and deployment costs when creating application-managed temporary queues.

Serverless Tools 🛠

An extension of the serverless-webpack plugin. This plugin bundles your Node.js Lambda functions with sensible defaults so you don’t have to maintain your own Webpack configs.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 31, 2019 – Serverless Summer School: Class is in session! by Stackery

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

October 14-16, 2019 – Serverless Architecture Conference Berlin (I’m speaking here as well)

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Taylor Otwell (@taylorotwell). Taylor is the creator and maintainer of the Laravel framework, and a big supporter of the open source PHP community. Even though Vapor is his first major foray into the serverless world, the impact is massive. The work he’s done over the last year has made it possible for Laravel users to easily switch to a serverless solution on AWS. This has the potential to introduces hundreds of thousands of developers to serverless, and that is a very big deal. Thanks for all your work on Laravel, Taylor. And thank you for building out Vapor so that Laravel users can begin to make the serverless leap! 🙌

Final Thoughts 🤔

This was a banner week for serverless. I really think Vapor is going to be a huge gateway for hundreds of thousands of developers to experience serverless. The bigger this community gets, and the more voices we hear from, means we get more tools, better services from cloud vendors, and more innovation and ideas. I really love watching this community grow and seeing all these new faces learning, adopting, and teaching serverless.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #47

The Serverless Framework You’ve Been Waiting For… ⚡️

Welcome to Issue #47 of Off-by-none. It’s super awesome that you’re here! 😎

Last week, we took a deep dive into the new Amazon EventBridge service. This week, we look at the new Serverless Framework, we hear some more thoughts about Amazon EventBridge, and, of course, we share lots of amazing content from the serverless community.

There is plenty of great serverless stuff to get to, so let’s jump right in! 🏊‍♀️

When you thought the Serverless Framework couldn’t get any better… 🙌

Unless you’ve been trapped in a cave for the last several years (or maybe work at a datacenter 🧛‍♂️- no offense to the wonderful people who keep our servers running, BTW), you’ve likely heard of the Serverless Framework. In marketing speak, the Serverless Framework lets you “build apps with radically less overhead and cost.” In technospeak, you can easily build and deploy serverless applications running on AWS and other public cloud providers. I’m a huge fan and have been using it since the early days.

The last several months have been pretty exciting as the team at Serverless, Inc. has been working to build a platform that supports enterprises with advanced features and services that cover the full lifecycle of serverless applications. They just announced that they are making it available to everyone, and you can use it for free. There are a ton of great new features (you may have seen some released recently) and an entire platform to build, test, deploy, secure and monitor your serverless applications.

For more information about the new capabilities, check out their overview video or Marcia Villalba’s new episode of Foo Bar that looks at the new dashboards. There’s also an article on TechCrunch (Serverless, Inc. expands free Framework to include monitoring and security) about the release. The serverless ecosystem is expanding rapidly with lots of tools and services to help make building your serverless applications easier. Having these features integrated directly into the deployment platform (that we know and love) is very cool.

When people are still talking about Amazon EventBridge… 🌉

Last week we looked at the new Amazon EventBridge service that was announced at AWS Summit New York. On the day it was announced, Chris Munns from AWS, was speaking at ServerlessDays London. Instead of giving his scheduled talk, he pulled a fast one on the attendees and gave this presentation on EventBridge instead. It’s a great presentation and worth reviewing to understand some of the important concepts of EventBridge.

There have been some more thoughts on EventBridge since last week as well. Darragh O’Grady (aka The Learning CTO) wrote this piece about Why AWS EventBridge Changes Everything, Jerry Hargrove created a nice set of Visual Notes for it, and despite the clickbaity title, Mark Runyon is rather optimistic about its potential in AWS EventBridge: Revolutioning Serverless or CloudWatch Events 2.0?

I promised some more thoughts on this from me as well, and so far I’ve been doing a lot of poking and prodding to see what’s possible. I did have an idea for using the observable nature of events with EventBridge, along with its built-in retry mechanisms to implement the SAGA pattern using an attached resolver service. I got some interesting feedback, and I’m still fleshing out some ideas, so expect some more info on this soon.

In the meantime, if you’re wondering what is the best AWS service to use to manage events in your application, try Jared Short’s AWS Event Source Wizard.

Serverless News & Product Announcements 🚀

Serverlessconf NYC 2019 agenda announced
54 serverless experts speaking over the course of two days. The agenda is now available! I’m speaking on Day 2.

Epsagon Makes Troubleshooting Apache OpenWhisk a Snap
In its latest release, Epsagon now supports tracing for OpenWhisk. I think this is a great tactic for monitoring and observability companies that have been closely tied to AWS and their serverless offerings.

Maintaining peace in your serverless stack with Thundra Alerts!
Thundra’s new alerting functionality builds on top of their powerful querying capabilities. You can now save queries to trigger alerts, set the severity of them, and easily throttle or mute them during an issue.

Monitoring for Serverless Workloads Now Generally Available in Datadog
This new release from Datadog includes visualizing service maps, correlating traces and logs with AWS X-Ray and Cloudwatch Logs, additional support for Python, Node.js, and Go, and more.

Introducing Adobe I/O Runtime: How Serverless at Adobe Will Shape the Future of Digital Marketing and Creativity
This caught my eye a while back, and now that it’s GA, I need to explore it more. But the idea of companies providing serverless compute resources to enable custom workflows for their customers is something I think is very interesting.

Introducing Conference App in a Box
Deploy a themeable, customizable, full stack and cross-platform mobile app for your next event in minutes. Thanks to Nader Dabit.

Serverless Stories 📖

ALB Triggers for a Serverless Web App
Andreea Paduraru discusses the experience the big data team at had when building a new serverless application. They found ALB to be a more suitable solution than API Gateway. Maybe it’s right for your app?

Intermittent RDS Errors When Triggering Lambda Functions
Ethan Bray shares an issue he had that turned out to be a misconfiguration of subnets. Little things like this can be frustrating, so if you’ve ever done something like this, you’re not alone.

How Bank of America Is Using Adobe I/O Runtime to Boost the Efficiency of Its Personalized Offers in Adobe Target
Curious what integrated serverless runtimes can do and how powerful they can be? This piece shows how Bank of America used Adobe’s I/O Runtime to manage personalized offers to its customers.

Serverless Use Cases 🗺

How to extract a HUGE zip file in an Amazon S3 bucket by using AWS Lambda and Python
Working with large files is a common use case. John Paul Hayes outlines a solution in Python that lets you bypass the 500MB Lambda limit.

Build a Serverless API for IoT Devices
Moheeb Zara shows you how to use AWS Lambda and API Gateway to publish messages to an AWS IoT Device.

Connecting existing user database to AWS Cognito
Miki Wawrzyniak needed to use a legacy database with Cognito. I’m not sure this is a common use case, but he presents a solution for you.

If you’re interested in learning some serverless basics… 🏗

Data modeling with Amazon DynamoDB – ADB301 – New York AWS Summit
Alex DeBrie gave a presentation at the New York summit on DynamoDB and data modeling. I wish the video was available for this.

How to Optimize Lambda Memory and CPU
Renato Byrro gives you some details into how choosing the right amount of memory affects the CPU and performance of your Lambda functions.

Understand AWS Serverless architecture in 10 minutes
There are more than 9 services that can trigger Lambda, but Corentin Doue from Theodo gives you a good overview of the most common ones.

Why deploy your Serverless app into multiple AWS accounts?
The team at continues with more Serverless Tips, this time outlining the pros of maintaining AWS account segregation.

How to share an API domain between services in a monorepo Serverless app
And in another excellent Serverless Tip from, they outline two different ways to have multiple services share the same domain name with API Gateway. I prefer the first method as it significantly reduces coupling, and still provides you with independent APIs for each service.

If you’re just starting your serverless journey… 🐣

What is Serverless and how to use it in practice
Rafael Quintanilha from ButterCMS outlines some basics on serverless architecture, what problems it solves, and when you should use it.

5 tips to choose a serverless vendor
Tips #1, #2 and #5 make sense. I wouldn’t worry too much about vendor lock-in from a FaaS standpoint, as for #4, any public cloud provider will be fine to run your dev and production workloads.

Serverless Tutorials 🏗

Injecting Chaos to AWS Lambda functions with Lambda Layers- RELOADED
Adrian Hornsby’s latency injection layer for Lambda has evolved into a more general failure injection one. This article explains what it is, and how to use it to inject some chaos into your serverless applications.

How to connect SNS to Kinesis for cross-account delivery via API Gateway
Yan Cui outlines a number of different solutions to deal with the problem of per account concurrency and resource limitations. There’s even a solution that uses EventBridge.

Separating queries and managing costs using Amazon Athena workgroups
Roy Hasson shows you how to separate workloads, control user access and
manage query usage and costs when working with Amazon Athena workgroups.

Generate a PDF in AWS Lambda with NodeJS and Puppeteer
Nice walkthrough from Aki Rautio that shows you how to perform this common task. Code is included.

Build a serverless website with SAM on AWS
Fabrizio Fortunato shows you how to configure a SAM template to deploy a static website onto AWS.

Serverless Security 🔒

A Deep Dive Into Serverless Attacks. SLS-6: Security Misconfiguration
Tal Melamed from Protego details some of the perils (and ways to mitigate) misconfigurations in your serverless functions.

How Serverless Is Changing Security: The Good, Bad, Ugly, and How to Fix It
I don’t agree with everything in this article (such as serverless creates a larger attack surface and that 3rd party services are more of a risk), but overall, Alexander Posashenko gives a good overview of the changing nature of serverless security.

Winning with Serverless DevSecOps Pipelines
Abhay Bhargav Serverless DevSecOps pipeline offers a very secure process for developing, analyzing, deploying and monitoring serverless applications. I’m a stickler for security too, but this is probably too extreme for many organizations.

Serverless Reads 🤓

What you need to become a full-stack serverless developer
Sam Williams outlines the 4 areas of development you need to know to call yourself a full-stack serverless developer.

Accelerating Agile with Serverless
Sarjeel Yusuf from Thundra outlines the effect that serverless has on the agile process and why it will likely win out over containers to shorten release cycles even more.

Why serverless is the future for small startups
Aidan Hallett has some thoughts on when to use serverless and why it helps early stage companies get off the ground.

The Serverless Revolution
Steven Yue’s collection of thoughts over the last few months about serverless. Some interesting points in here.

Serverless Days – London – My Key Takeaways
If you missed ServerlessDays London, Decebal Dobrica took some notes and shares his takeaways in this post.

Going Serverless
A group from the Nielsen Marketing Cloud team explores the computing world’s journey from an ownership model TO a leasing model and eventually TO a short-term-rental model.

When you prefer Netflix to AWS Documentation… 📼

Serverless Chats – Episode #6: Why Developers Need to Think About Cloud Costs with Erik Peterson
In this episode, I chat with Erik Peterson about cultural changes around cost optimization in the cloud, cost as a first class metric, and how to predict total cost of ownership (TCO) according to your product roadmap.

Building Happy Little APIs
Maybe I’m just getting old, but I find Twitch really hard to navigate. Luckily, the good folks at AWS have taken Eric Johnson’s fabulous “Building Happy Little APIs” series, and put it in a YouTube playlist, where old guys like me can more easily find it. Lots of great information in these episodes.

Serverless Patterns (The awkward years)
I came across this PDF of slides from Mike Roberts talk at SACON (2019, I think). Really interesting slide deck that is loaded with patterns that apply to serverless development.

Macquarie Bank: Securing Payment Websites at the Edge Serverless-ly
AWS’s This is My Architecture shows how Macquarie Bank migrated to a serverless architecture largely at the edge, leveraging Amazon S3, AWS Lambda@Edge, Amazon Cloudfront, AWS WAF and AWS Shield.

When you think the AWS Serverless team might be on holiday… 🏖

Not a lot of “serverless” announcements this past week, but I’m sure the teams are gearing up for something big soon (or maybe sitting on a beach). There was this announcement that Amazon Comprehend Custom Entities now supports multiple entity types. When you used custom entities with Comprehend in the past, multiple entity types required separate models, meaning multiple calls per document. Now it supports up to 12 entity types per model, so that’s pretty cool.

Thoughts from Twitter… 🐦

Gartner’s cautions around @awscloud are spot on and mirror what I’ve seen. ~ Corey Quinn
This is a great thread that highlights Gartner’s analysis of the big public cloud vendors. If you work for these companies, some of these things might sting a little. But I think the analysis is probably spot on. 🤷‍♂️

Results from the short attendee survey we did with the tickets on usage of #Serverless … 386 respondents ~ ServerlessDays London
Quick little survey of the ServerlessDays London attendees. Still a big group of people that are barely using serverless. So, still lots of minds to change.

This makes EventBridge a big no-go for me. #serverless ~ Ryan Marsh
According to the docs, “typical latency is about half a second” for EventBridge. For asynchronous workflows, this doesn’t seem unreasonable to me. Do you agree with Ryan on this one?

Serverless Tools 🛠

Version 1.3 of Lambda Power Tuning Released by Alex Casalboni
AWS Lambda Power Tuning is a state machine powered by AWS Step Functions that helps you tune the memory configuration of Lambda functions in a data-driven fashion.

Inspired by the AWSLABS aws-serverless-express library, this is tailor-made for the Fastify web framework, letting you run your existing Fastify projects in Lambda.

ccbrown/keyvaluestore: robust key-value store abstraction for DynamoDB
This package provides an interface with a Redis-like API and implementations for multiple key-value store backends.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 25, 2019 – Distributed Tracing in Modern Applications – Microservices and Containers (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

October 14-16, 2019 – Serverless Architecture Conference Berlin (I’m speaking here as well)

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Austen Collins (@austencollins).  Austen is the creator of the Serverless Framework (which probably needs no introduction) and the founder of Serverless, Inc. He’s been a driving force in building the serverless ecosystem and the serverless community, with the Serverless Framework empowering thousands of developers and organizations to more easily adopt serverless technologies. His contributions to the CNCF Serverless Working Group and the latest version of the framework (that includes tools to manage the full lifecycle of your serverless applications) continues to push the industry forward and make serverless more accessible than ever. Thanks for all you do, Austin!  🙌

Final Thoughts 🤔

This was another week filled with so much serverless goodness! Every week the community continues to grow, the tools continue to evolve, and the content continues to flow. It’s an exciting time to be alive. 😉

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.