Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.


My Latest Posts:

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #42

Is serverless becoming easier? 🤷‍♂️

Welcome to Issue #42 of Off-by-none. It’s great to see you! 👍

Last week, we learned how to switch from RDBMS to DynamoDB and looked at a number of interesting serverless stories. This week, we look at some frameworks that are making serverless easier, hear some thoughts from serverless naysayers that don’t agree, and share tons of great content from the serverless community.

There is a lot to get to this week, so let’s get right to it! 📚

Serverless News & Product Announcements 🚀

Introducing Pulumi Crosswalk for AWS: The Easiest Way to AWS
This is really interesting. I like to have control over the different components, but services like this that can easily wire them together for you, seems like the direction these frameworks are heading.

Serverless Framework v1.45.0 – ALB event source, API Gateway Websocket logs
Speaking of frameworks, the new version of the Serverless Framework has added some more interesting features. Automatically creating ALB event sources is very cool. Don’t forget that Lambda API automatically handles the parsing and response formatting for you. 😉

ServerlessDays London Keynotes and Speakers Announced
Teri Radichel, Lin Clark, Till Schneidereit and Sarah Drasner are all giving keynotes, plus plenty of other great speakers. This should be a great event!

Function Faster on AWS Lambda: IOpipe Launches New Search Visualization Feature
Here is another really cool feature from the team over at IOpipe. Visualizations are so much easier to consume than lists of search results, so seeing this aggregated view instead makes a ton of sense.

Lumigo adds monitoring support for AWS Chalice
Serverless Python users rejoice.

Serverless Stories 📖

Learnings from “no failure”
Marc Villagrasa tells the story of building Genioo and how serverless played an important part in letting them focus on solving their domain problems.

Taking Cloud Run for a trial run
Aviv Laufer tried Google Cloud Run. The scale up time seems a bit high.

Making a Smarter Smart Thermostat with Go, Lambda, and SAM
Joshua Barratt wrote some Go code and used serverless to take control of his thermostat. While not everyone has the skills to do this, for those that can, how can using a serverless backend not be the perfect choice?

Serverless Use Cases 🗺

FICO: Fraud Detection and Anti-Money Laundering with AWS Lambda and AWS Step Functions
Even though Lambda doesn’t do the actually batch processing, this is a great example of how you can use serverless components to manage interactions and workflows with your “non-serverless” services.

Build your own real-time voice translator application with AWS services
I’ve been using Transcribe lately and have been impressed by the accuracy. Tomasz Stachlewski takes this even further and stitches together a complete end-to-end translation service.

Auto-Generating Tags for Content using Amazon SageMaker BlazingText with fastText
Yi Ai has another great use case for serverless, using it to call Amazon SageMaker to predict the tags of text content.

Injecting data into AWS IoT Analytics from Amazon Kinesis Data Streams
AWS IoT Analytics provides a public BatchPutMessage API action. Vikram Singh shows you how to use Lambda to inject data from a Kinesis Data Stream.

Analyzing Performance and Cost of Large-Scale Data Processing with AWS Lambda
“Being able to go from zero to processing nearly two million records per second and back to zero over the course of just minutes is unheard of using traditional server-based architectures. It’s also incredibly powerful across many use cases.”

AWS CodePipeline Approval Gate Tracking
If you want to keep track of your CI/CD approvals, here’s a relatively easy way to use the “PutApprovalResult” events from CloudTrail to do some magic with Lambda.

Understanding AWS Lambda behavior using Amazon CloudWatch Logs Insights
Alice Xiao discusses how State Street built a framework using CloudWatch Logs Insights to support their innovation process of rapidly converting business ideas into client-centered applications.

If you’re thinking about going serverless… 🤔

How to overcome the challenges of serverless
Eoin Shanaghy has an excellent article that talks about the current state of serverless and how we can overcome some of the challenges.

How to cut the Cloud bill by 90%?
Fouad Maach gives you a quick overview of some of the benefits of serverless. Aurora Serverless doesn’t scale to thousands of instances, but the sentiment is right. Serverless “frees a lot of time to improve the application features and generate more business value than ever.”

AWS costs every programmer should know
Not specific to serverless, but there are a lot of costs (often small) involved with the cloud. David Hatanian points out some of the most important ones.

The Goods and Bads of Serverless
Benjamin Tanone gives some pretty harsh critiques of the state of serverless (right now), but I can think of several optimizations that would dramatically reduce the issues he’s experiencing. But maybe the real problem (as he says) is that this information isn’t ubiquitous enough.

Serverless Tutorials 🏗

AWS Lambda: how to detect and stop accidental infinite recursions
Yan Cui shows you how to mitigate infinite recursions using the dazn-lambda-powertools open source project.

How to mock and unit test serverless lambda invoking AWS and DynamoDB
Here’s a simple way from Suranjana Basu to override calls to AWS services using some simple mocks.

Easily Deploy a Serverless Node App with ZEIT Now
While this may be another “Hello World” post, William Imoh gives you a glimpse at how easy it is to create serverless applications using ZEIT. No need to worry about cloud infrastructure at all.

Part two: serverless real-time ReactJS app — AWS IoT MQTT
In the second part of this tutorial, Ryan Jones shows you how to build out, deploy, and test the backend of a real-time serverless React app.

Building a Serverless App Using Athena and AWS Lambda
Ran Ribenzaft gets you started with Amazon Athena via a simple tutorial that uses Athena and deploys with the Serverless Framework.

Serverless Data Processing with AWS Step Functions, Part II.
In the second installment of this tutorial, Jun Fritz shows you how to call SNS topics directly from your Step Functions to alert on success or failures.

How to install a WordPress site on Google Cloud Run
Step 1: Don’t! 🤦🏻‍♂️

Serverless Security 🔒

AWS Lambda Security Best Practices
Hillel Solow from Protego explains why applying the Least Privilege Principle to your AWS Lambda functions isn’t as easy as you think.

AWS SSM is a trojan horse: fix it now!
Not serverless, but interesting cloud security stuff. Michael Wittig outlines the power of SSM and why you might want to take some extra steps to protect your environment.

Too much FUD? Fear, uncertainty, and doubt be gone!
This is kind of fun. Now you can easily call out Nuweba if they publish something that promotes FUD with their serverless security posts.

Securing credentials using AWS Secrets Manager with AWS Fargate
Fargate customers can now easily consume secrets securely and parameters transparently from their own task definitions thanks to a new integration with AWS Secrets Manager and Parameter Store.

Serverless Reads 🤓

Why Serverless/FaaS is not there yet
Dragos Bulugean provides some additional criticism of serverless in this post. I agree that serverless isn’t perfect, but there are a lot of arguments here that could be solved with a bit of education.

How to implement the perfect failover strategy using Amazon Route53
Fascinating post by Simon Tabor that walks you through a number of tests that DAZN ran to optimize Route53 routing failover.

You’ll always need VMs says, surprise, VMware: Run on any cloud you like and get portability
I just thought this article was funny. Some of the comments are even better.

On The Serverless Cold Start Problem
I agree cold starts are overblown, and if your use case requires the absolute elimination of them, then yes, FaaS might not be for you. But for the 99% of other workloads out there, it generally isn’t that big of deal.

Better IoT with GraphQL and AppSync
Sarjeel Yusuf from Thundra outlines why GraphQL and AppSync might give us the IoT future we were promised.

Serverless Stream Consumers — Common Pitfalls and Best Practices
This is a really interesting article by Jose Antonio Moreno that shows how Capital One is experimenting with different forms of stream processing using long-polling Lambdas. Not sure I like this approach, but sometimes we just need to do what works.

When you’re all about the audio/visual experience… 📽

Serverless Chats – Episode #1: Serverless Purity vs. Practicality with Alex DeBrie
In this episode I chat with Alex DeBrie from Serverless, Inc. about the choices facing developers when building serverless applications, and when a practical approach sometimes trumps best practices.

Writing integration tests in serverless applications
Marcia Villalba shows us how to write some basic integration tests to make sure that our deployed applications work as expected.

Screaming in the Cloud – Episode 64: Serverless Runs on Serverless Framework with Austen Collins
In this episode, Austen talks about his work with AWS, building the Serverless Framework, and why it’s solving so many problems.

Porting your web app to serverless in 30 minutes
Alex Casalboni hosts a live-coding session that guides you through the process of migrating an existing Express application to AWS Lambda.

When you’re wondering what AWS has been up to… ⚙️

Amazon S3 Update – SigV2 Deprecation Period Extended & Modified
Not a lot of serverless happenings to announce this week at AWS, but here’s something that’s worth noting. If you have any really old apps that are still using SigV2 to access S3, don’t worry! They just pushed the deprecation back another year.

AWS Amplify Console now supports AWS CloudFormation
More great work to ensure repeatable deployments of serverless applications, this time with the Amplify Console.

Thoughts from Twitter

As an old school #perl guy it is so funny to watch the younger generation rediscover CGI. ~ Sebastian Riedel
This is in reference to some Serverless Framework examples. The funny thing? He’s not entirely wrong. My Stop Calling Everything Serverless! post and keynote makes a very similar point, although serverless is much more powerful and important than the cgi-bins of the past.

⚡ I need your help! #serverless poll! I’m curious — In your opinion, what is the most important feature that MUST exist for a service to be defined as “serverless” as opposed to “fully managed”? ~ Jeremy Likness
Speaking of not calling everything serverless, Jeremy Likness had an interesting poll on Twitter this past week that tried to discern between serverless and managed services. The results are interesting, especially since the winning vote might be the exact definition of a managed service.

You know you’re a #serverless developer when your CSP account balance is $1.01 and you’re like, “This must be an accounting error!!” ~ Linda Nichols
This is a fun reminder that small serverless projects are practically free.

When introducing new engineers to #serverless, it still feels like teaching them how to draw an owl: Step 1: Write and deploy a lambda function Step 2: Build the rest of your damn production-ready event-driven application! ~ Javier Toledo
This has been a common complaint. There are a lot of “Hello World” tutorials out there, but when you start to build more complex applications, the “how-to” information is obviously less ubiquitous. There is some good stuff out there, but not always easy to find.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 19, 2019 – Serverless Best Practices by Dashbird (webinar)

June 19, 2019 – Serverless Security: A Practitioners Guide by Protego (webinar)

June 21, 2019 – ServerlessDays Milan. (I’m giving a keynote)

June 25-26, 2019 – AWS re:Inforce. (I’m doing a Dev Chat on Serverless Security on Wednesday afternoon)

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex Ellis (@alexellisuk). Alex is the creator of OpenFaaS, which is an open source project that makes it easy to turn anything into a serverless function using Docker Swarm or Kubernetes. The project has over 200 contributors, 17k GitHub Stars, and two Bossie awards from InfoWorld. Alex was recently accepted as an  ambassador to the Cloud Native Computing Foundation (CNCF). He’s also a speaker, author, consultant, and coach, that has made a huge impact on the serverless community. Thanks for everything you’re doing, Alex! 🙌

Final Thoughts 🤔

This week I finally launched my new podcast, Serverless Chats. I have been working on this for awhile and it has been a lot more work than I had anticipated. Having the opportunity to talk with all these amazing guests has been an awesome experience, and I look forward to all the future chats I’ll get to have. I’d love your feedback on the podcast, and I welcome any requests for topics and guests. With your help and support, I think we can build something really interesting here.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next week,
Jeremy

Off-by-none: Issue #41

Switching to DynamoDB in 20 Easy Steps… 😉

Welcome to Issue #41 of Off-by-none. I’m so happy you’re here! 😀

Last week, we discussed AWS’s new “serverless” way to access your MySQL databases, plus I shared my new Data API Client library that makes working with the Data API even easier. This week, we see what happens when you offer some DynamoDB advice that resonates on Twitter, plus we look at several great serverless stories, and share a boat load of awesome content from the serverless community.

Lots of great stuff happening in the serverless world, so let’s get right to it! 🚤

When you want to switch from RDBMS to DynamoDB… 👨🏻‍💻

If you’re a regular reader, or you follow me on Twitter, you’ve probably noticed that I advocate for using DynamoDB, while at the same time, still building tools to support using RDBMS solutions with serverless. There are two very important reasons for this.

First, the vast majority of my existing workloads are built using MySQL backends. I have neither the time, nor the inclination, to rewrite these to use a different database. However, I have moved several of my compute requirements to Lambda, so interacting with MySQL is an absolute must. Second, DynamoDB isn’t right for every application. While I often start with DynamoDB as my new default, sometimes I still have use cases that require (or at least fit better into) MySQL.

There are a lot of factors that go into choosing NoSQL over RDBMS, but the first step in understanding that choice, should be getting to know what NoSQL (and specifically DynamoDB) is capable of. I posted a thread to Twitter last week that outlined 20 “easy” steps to switch from RDBMS to DynamoDB. It apparently resonated with quite a few people, so upon request, I turned it into a blog post. Give it a read, and see if it convinces you to give DynamoDB a try.

Serverless News & Product Announcements 🚀

Qubole launches Quantum, its serverless database engine
This looks really interesting. The data sits on AWS, and you can query it using a high-performance SQL engine. I’m curious how this compares to Athena.

Meet the Newest AWS Heroes! June 2019
Welcome to the new AWS Heroes! There is a good batch of people in here.

Epsagon Achieves the AWS Data & Analytics Competency Status
This designation recognizes that Epsagon has demonstrated success in helping customers evaluate and use the tools, techniques, and technologies of working with data productively, at a high scale, to successfully achieve their data and analytics goals on AWS. Good for them!

AWS goes live with Windows containers… but contain yourselves: It’s going to be niche
Remember that time we wanted to run Windows containers? Me neither, but I’m sure this is super exciting for people who love operational complexity. 😜

Bref is backed by null, the company
Maintaining open source projects is a huge time commitment, but it looks like Matthieu Napoli has found a way to keep building Bref (an open-source project for PHP).

Serverless Stories 📖

Creating Asynchronous Serverless APIs with AWS AppSync
Very cool implementation by Nordcloud Engineering that uses AppSync subscriptions to create a better UX for a RedShift-backed datastore.

Moving Faster With AWS by Creating an Event Stream Database
The team at Nike Engineering came up with an incredibly creative (and cost effective) way to use Kinesis Firehose, S3, and Athena, to build a high-volume event stream. Great solution for getting around the limitations of other services.

AWS Summit London case study: Going Serverless at Comic Relief
Caroline Rennie adds some more thoughtful information and advice to her AWS Summit London presentation.

Serverless Event Sourcing
Eric Li from OfferUp outlines how his team used event sourcing with DynamoDB and streams to create their new shipping feature.

Serverless is easier than you think
Tai Nguyen Bui from the Agile Monkeys explains how and why they built the Made For Serverless site.

Deduplicating Amazon SQS Messages
Ross Rhodes shows how his team solved the duplicate message problem using DynamoDB. This could also possibly be solved by using DynamoDB streams to enforce uniqueness.

Serverless Use Cases 🗺

Tracking software licenses with AWS Service Catalog and AWS Step Functions
Here’s an interesting little use case that uses CloudWatch Logs, Lambda and DynamoDB to automatically keep track of license utilization and notify administrators when the utilization increases.

Building a DIY ADHD Medication Reminder with Azure Functions & Twilio
Simple, but straightforward use case to automate your life. This is one of those “infinitely small” use cases for serverless, which can help you automate things without needing to deploy infrastructure to do it.

Feature Toggling and A/B Testing with React
These are two very standard use cases for any web application. Follow BJ Clark’s advice, or put these in CloudFront with Lambda@Edge and up your serverless game.

100% Serverless Asynchronous API with APIG, SQS and Lambda
Asanka Nissanka outlines a very good method for using AWS Service Integrations to route traffic from API Gateway directly into an SQS queue. There is very little transformation happening here, and removing Lambda from the equation is fairly easy, and will be faster and cheaper.

If you’re thinking about going serverless… 🤔

Avoiding an Organizational Cold Start
Migrating your enterprise to serverless has a number of benefits, but Adam Johnson outlines three things that enterprises need to be aware of when making the switch.

WTF is Serverless?
I’m not sure we need another one of these posts, but Adam Berlinsky-Schine does give some good history in this one. Definitely don’t agree that it’s “possible that serverless is a passing fad”, but maybe I’m just a bit biased. 🤷‍♂️

10 things to know about serverless computing — before you make the leap
There are plenty more things you might want to know, but Rahul Sharma captures a few of them for you in this post.

Are you ready for serverless development?
Uri Parush from Lumigo recounts his foray into serverless and how he had to learn to think differently about building applications.

Serverless Basics and Best Practices… ✅

AWS Lambda Timeout Best Practices
Rajesh Bhojwani outlines some common timeout scenarios with AWS Lambda and how you can monitor and deal with them.

alias cicd=’sam deploy’
Richard Boyd goes all literal on us and takes issue with some of the Serverless Application Model’s (SAM) semantics. He’s totally right though, CI/CD is the preferred way to deploy your production applications.

Understanding AWS Cognito and IAM Roles
User pools, Identity pools, and IAM roles to share access to AWS resources. A comprehensive walkthrough with common use cases and code samples.

AWS Step functions and Lambda
Sanket Bengali may have gotten a little overzealous with CMD+SHIFT+4, but this post is chockfull of screenshots to run through the basics of Step Functions.

Reproducing the ‘SQS Trigger and Lambda Concurrency Limit’ Issue
Zac Charles outlines how to break SQS Triggers with Lambdas every time. I mistakenly thought he was mistaken, until I responded, and realized that I, in fact, mistook his mistakeness for intentionally being mistaken. 🤦🏻‍♂️

Serverless Tutorials 🏗

Deploying Lambda Function GraphQL Resolvers
The Amplify CLI recently added support for deploying Lambda GraphQL resolvers directly from your Amplify environment. Nader Dabit gives you an in-depth look at how to take advantage of this cool new feature.

How to get near-realtime logs for a Terraform-managed Lambda function
If you’re using Terraform to manage and deploy Lambda functions, I would suggest switching to the Serverless Framework or SAM. If that’s not an option, then maybe Tamás Sallai post will make your life easier.

Build a real-life serverless app with AWS Amplify
Thomas Bouron shows you how he built an app for his wife’s travel company using AWS Amplify and DynamoDB. Nice use of GIFs as well. 👍

Build a voting website that doesn’t crash — part two. Now with Amplify.
James Beswick is back with another excellent post that shows us some of the basics of Amplify and how we can use it to create powerful SPAs.

 Create Lambda Layers with Serverless Framework and Offline support
In part 2 of Dhaval Nagar’s Lambda Layers series, he shows you how to develop and test Lambda Layers using the Serverless Framework.

Sorting Queries with AWS Amplify’s Key Directive
Jan Hesters teaches you how to sort your GraphQL queries in AWS Amplify using the @key directive.

Serverless Security 🔒

How to securely provide database credentials to Lambda functions by using AWS Secrets Manager
Ramesh Adabala shows you how to secure your credentials in Lambda functions without hardcoding the secrets in code or passing them through environment variables.

Keeping the Security and Scalability of Serverless Apps Problem-Free with AWS Secrets Manager
Chase Douglas from Stackery outlines a similar method to Ramesh, but focuses more on the permissions and ongoing management of your secrets.

10 Serverless security best practices
Snyk provides you with a handy cheatsheet for making sure you follow some general guidelines for securing your serverless functions.

Serverless Reads 🤓

5 Ways to Understand Distributed System Logging and Monitoring
Ran Ribenzaft from Epsagon outlines several ways to add observability into your serverless applications.

Serverless = Distraction-Free
Alex Glikson gives us another “what is serverless” post, but positions it as an approach that reduces distractions when building applications. I kind of like that line of thinking.

Serverless Caching for Faster Data Serving
This is such a strange post that I had to include it. No disrespect to the author, but I’ve never heard the term “serverless caching” before, and I’m not sure I want to hear it again. This is why we need to Stop Calling Everything Serverless!

When you’re all caught up on the new season of The Handmaid’s Tale… 🍿

Writing unit tests in serverless applications
Marcia Villalba is back with another video in her serverless testing series. This time she shows us how to write unit tests with Jest.

How to build a social network entirely on serverless
In this talk, Yan Cui discusses his journey of migrating a social network startup to serverless, and how his team was able to improve performance, scalability and feature delivery using serverless technologies.

Visual Notes – Amazon API Gateway & Amazon Personalize
Can you draw me a picture? Jerry Hargrove (aka @awsgeek) has some more excellent visual notes for those of you that would rather read comic books instead of documentation. 👨🏻‍🎨

Serverless ❤️ GraphQL | 2019 – Serverless Architecture Conference
Here are Marcia Villalba’s slides from her talk at the Serverless Architecture Conference in The Hague.

When you want to know what AWS has been cranking on… ⚙️

Updates to Serverless Architectural Patterns and Best Practices
Drew Dennis recaps some of the updates since re:Invent 2018 that have enhanced the AWS serverless ecosystem.

Amazon Personalize Now Generally Available
Um, so yeah, now pretty much any site can have the personalization features of Amazon.com. Lots of powerful stuff outlined in this blog post.

Amazon Pinpoint now includes support for AWS CloudFormation
Now you can configure Pinpoint as part of your infrastructure, which will be a great way to build reusability into your targeting campaigns.

Serverless Image Handler Now Leverages Sharp and Provides Smart Cropping with Amazon Rekognition
I love that this now has a facial recognition cropping feature. It’s not particularly innovative (we were doing this back in 2010), but having it just done for you (without licensing facial recognition software) is nice.

Amazon CloudWatch Launches Dynamic Labels on Dashboards
Maybe not “serverless” news, but I like this little personalization feature for your dashboards. Now I can stop telling people, “no, I can’t change the label.”

Amazon ECS Support for Windows Server 2019 Containers is Generally Available
There are no words. I mean, can’t we just run .NET Core on Linux?

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 12, 2019 – VS Code + AWS Serverless Workflow by Stackery

June 12, 2019 – Azure Service Bus, better managed and monitored using Serverless360 (webinar)

June 12, 2019 – AWS Lambda & Serverless: Making It the Best Thing that Happened to AppSec (webinar)

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rick Houlihan (@houlihan_rick). Rick is a Principal Technologist for NoSQL at AWS and a #NoSQL wizard 🧙‍♂️. If you’re building serverless applications, and you’re using (or thinking about using) DynamoDB, Rick is definitely your guy. For some context, be sure to watch his Amazon DynamoDB Deep Dive: Advanced Design Patterns for DynamoDB (DAT401) session from re:Invent 2018 and Advanced Design Patterns for Amazon DynamoDB (DAT403-R) from re:Invent 2017. Rick will completely change how you think about NoSQL and DynamoDB. These videos inspired me, and I think others will be inspired too. Thanks for sharing your knowledge, Rick! It is incredibly helpful. 🙌

Final Thoughts 🤔

Another week in the books, with plenty of happenings in the serverless ecosystem. Be sure to check out the inaugural episode of the Serverless Chats Podcast with guest Alex DeBrie on Monday, June 17th. We had a great chat about Serverless Purity vs. Practicality that I think you’ll enjoy.

Also, on a personal note, I just passed 5,000 followers on Twitter 🎉, which is pretty cool. Interacting with all of you, and sharing thoughts and ideas on serverless, is one of my very favorite things to do. You all make that possible, and I’m very thankful for all of you and the serverless community. 🙇‍♂️

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Take care,
Jeremy

Off-by-none: Issue #40

Did your RDBMS just become serverless?

Welcome to Issue #40 of Off-by-none. Thank you for being here! 👋

Last week we reviewed a nifty little update to AWS Step Functions and shared some interesting serverless stories. This week, AWS GA’d an exciting new “serverlessish” way to access your MySQL databases, plus I share a new Node.js library that’ll make using this new innovation even easier. And as always, we share some amazing content from the serverless community.

It was another busy week, so let’s get to all the good serverless stuff! 🎁

When you reallyreally need to use a MySQL database with your serverless app… 🙈

This past week, AWS announced the General Availability of the Aurora Serverless Data API. In short, it lets you “issue SQL commands against an Aurora Serverless cluster by simply invoking an API endpoint provided by the Data API and the Data API takes care of managing database connections and returning data.” This is a pretty big deal, because as we know, managing MySQL connections with Lambda is a challenge (if only someone had written a package to help with that 😜).

The preview of Data API launched just before re:Invent 2018, to quite a bit of fanfare. Unfortunately, the performance wasn’t great. In November of last year, I wrote a post outlining my initial (poor) experience with it. However, this new release is much better, so I’ve update my post (Aurora Serverless Data API: An (updated) First Look) with lots of new details. Jeff Barr also has an official AWS post that shows you how to set up the Data API and gives some basic usage examples as well.

But wait! There’s more! When I was playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up getting just a bit carried away, and turned it into a full-blown, “DocumentClient”-esque library! 🎉 I call it the “Data API Client“, and it’s available now on GitHub and NPM. Your feedback and contributions would be greatly appreciated, and hopefully you’ll find it super familiar and useful for your projects.

Serverless News & Product Announcements 📢

Palo Alto Networks buys Twistlock, PureSec for container security
Wow, good for Ory and the team over at Puresec. They built an amazing product and Palo Alto Networks should make a great home for them. If you’re wondering what’ll happen to Puresec, read this open letter to PureSec’s clients, partners, and friends.

Visual Studio Code · Stackery Documentation
This is simply amazing. Stackery’s visual builder tool now runs locally as a VSCode extension. I’ve played around with this, and the workflow is excellent.

Lumigo adds Java Tracing support for AWS Lambda
Good news for people who enjoy painfully slow Lambda start up times. Hopefully this new feature from Lumigo will help them make the decision to choose a different runtime. Just sayin’. 😏

Announcing Manual Instrumentation for .NET Agent
You can now add manual instrumentation with the new OpenTracing compatible API. According to the post, automated instrumentation support for .NET is on the way.

Just Write Code: Improving Developer Experience for Cloudflare Workers
Cloudflare Workers gets a CLI, new and improved docs, multiple scripts for everyone, the ability to run applications on workers.dev without bringing your own domain, plus a free tier for developers to try it out. I’ve been very impressed lately by Cloudflare’s push to bring computing to the edge. Very cool stuff.

Serverless Developer Acceleration at Trek10
I came across this page on the Trek10 site and thought it was worth sharing. Not only are Forrest and Jared two of the most knowledgable serverless folks I know, they are also huge contributors to the serverless community. If I had a group of developers that needed to be trained to do serverless the right way, these would be the first people I’d call.

Serverless Stories 📖

CI/CD, AWS, and Serverless: 5 tips I learned the hard way
Speaking of Forrest Brazeal, he has a great piece that outlines some best practices for testing and deploying your serverless applications; picked up from his time in the software trenches. 👨‍🏭

How I Built This: IsraelVC
Elie Steinbock built a side project that catalogues the latest investments in Israeli high tech. It uses Google Sheets as a database, but for his use case, it’s probably a fine choice.

No More Marking is going Serverless!
I love reading success stories like this. Chris Wheadon’s short piece explains why they went serverless, and their plans for the future.

Serverless Use Cases 🗺

Sequence Numbering in Serverless via API Gateway
Love this use case, because it’s probably needed by most of us. Sheen Brisals from the Lego Group shows us how to use DynamoDB as an atomic counter for generating sequence numbers. He even shows you how to create an API Gateway with a (😱) Service Integration to use it! No Lambda function required.

Using the MailChimp API with Netlify Serverless Functions
Using a serverless function to subscribe someone to a mailing list is a nice, simple use case. The Raymond Camden shows us how he built one with a Netlify function.

Scheduling irregular AWS Lambda executions through DynamoDB TTL attributes
Good post by Michael Bahr that shows the use of DynamoDB TTLs as a way to schedule events. As Yan Cui has pointed out, the TTLs are not very accurate, so don’t use this if your requirements require precision. Also, Michael doesn’t mention Step Functions as a way to schedule one-off executions without needing a CloudWatch rule.

Building A ‘Serverless’ Chrome Extension
Serverless as a backend for your browser extensions. Bilal Tahir outlines some experiments he did with Google Cloud Functions and how he tied that into his Chrome Extension.

Realtime Object Detection API using Amazon SageMaker and Amazon API Gateway
Great post by Yi Ai that shows us how to take advantage of AWS’s machine learning services to build some really interesting applications.

Running Arbitrary Executables in AWS Lambda — Encrypting a PDF
If you have more complex executable requirements, it’s likely still possible to run them in a Lambda, you just need the right build environment. Keith Coughtrey shows you how to do it by building it on an EC2 instance first.

Easily query AWS service logs using Amazon Athena
Damon Cortesi shows you some need tricks to query your log files from S3 using Amazon Athena. He also introduces AGSlogger, an open-source Python tool for converting popular log formats into columnar-based Parquet files.

Some things to think about when you’re going serverless… 🤔

Thirty serverless architectures in 30 minutes
If you’re still wondering what you can do with serverless, check out Chris Munns’ slides from AWS Summit Chicago. This should get the wheels spinning (or your brain smoking).

Deconstructing Serverless Computing Part 3: Ninety-Nine Platforms but How to Choose One?
Lucian Toader outlines nine different FaaS platforms, including their general and differentiating features. Lots of really great info in here.

How to Save Hundreds of Hours on Lambda Debugging
Renato Byrro outlines some limitations with CloudWatch Logs and how tracking down errors isn’t quite as straightforward as you might think. There are better ways to do this, whether by using Dashbird, or one of several other excellent observability tools for serverless.

Don’t Be Surprised by Your Serverless Bill
Speaking of observability, Yan Cui outlines a few common situations that can result in higher serverless costs. Good news, most observability platforms, like Epsagon, are able to help you monitor these.

Part 1 — Getting started with AWS Lambda Layers
Lambda Layers are a great way to manage shared dependencies across functions. Dhaval Nagar runs through the basics of creating and using one.

Serverless Tutorials 🏗

Serverless Framework Courses & Tutorials
This is a great resource. The Serverless Framework has put together a compendium of courses that’ll help you learn the ins and outs of building a serverless application with their framework.

Getting started with serverless
And if you’re looking for some more serverless courses, this post outlines a new AWS Fundamentals: Building Serverless Applications Coursera course that is now available.

Serverless Gatsby Pipeline with AWS Amplify
A step-by-step guide for setting up and deploying your React Gatsby project using an automated pipeline to a serverless S3 bucket backed by Cloudfront.

Create your first Serverless workflow with Durable functions
Chris Noring gives you the what, why, and how-to, for building with Azure’s Durable functions. Lots of interesting stuff in here.

Ordered queue processing in Azure Functions with Sessions
Jeff Hollan writes about one of his favorite topics, processing events in order (his words). But seriously, using queues that “lock” a session to a consumer to guarantee ordering might be genius.

Serverless Security 🔒

Council Post: Servers To Serverless: Does New Technology Mean New Security
I certainly don’t want to downplay security, but I feel like many of the suggestions in here don’t apply if you’re not managing the containers (read Kubernetes) that run your serverless functions. AWS is really good at security, so I’m going to defer to them for most of this stuff.

10 Things To Know About Palo Alto Networks Buying Twistlock, PureSec
Not a lot of serverless talk in here, but I included it because of point #5: Buying PureSec Is A Meaningful Milestone For The Serverless Movement. I wholeheartedly agree. 😀

Serverless Security AntiPatterns: 7 Serverless Computing Security Mistakes
I certainly don’t want to overplay security (see what I did there?), but I think these tips by Twain Taylor are a good starting point for creating and maintaining a good serverless security posture.

Serverless Reads 🤓

On SQS
Excellent post by Tim Bray arguing that “if you’re building a moderately complex piece of software that needs to integrate heterogeneous microservices and deal with variable sometimes-high request loads, then if your design doesn’t have a queuing component, quite possibly you’re Doing It Wrong.”

Cloud Irregular: Does Anyone Know How Your System Works?
Another installment of Forrest Brazeal’s Cloud Irregular newsletter. His analysis of the problem is spot on, but the solution is hard (and often impossible) for most teams to swallow.

Cost Analysis: Serverless scheduling of irregular invocations
Michael Bahr does some math and details the cost of implementing his serverless irregular scheduler. Spoiler alert, it doesn’t cost much!

Why I believe in the brave new world of serverless
I really enjoyed this post by Zan Markan. It’s short, but it captures and explains the true power of serverless. Lowering the barrier to entry has both its pros and cons, but ultimately it creates a huge marketplace for ideas and innovation. Personally, I think this new world is going to be a good one.

An Intro to the Power of Serverless with AWS Amplify
Jared Short shows you how powerful Amplify and AppSync are by building an old-school “visitor counter” badge.

Thoughts from Twitter… 🐦

Trying to convince security that we should have an SCP in prod with “Deny”: [“ec2:*”, “ecs:*”]. You know, just to be safe. #serverless ~Ben Kehoe
Forget about being safe, maybe just issue this as a challenge for your developers to build things without needing to provision servers.

If you were going to make a falsifiable claim about k8s and serverless adoption over the next 12-24 months, to explain more people getting frustrated with the former and going to the latter, what would it be? ~ Joe Emison
Interesting conversation going on here. People love containers (I mean, hey, they are pretty darn cool), but after having used serverless for several years, I have zero interesting in adopting Kubernetes to solve a problem that no longer exists for me.

How do you install kubernetes on serverless? ~ Aaron Patterson
I had to include this. Some of my favorite replies are “Machine learning to generate blockchain-authenticated YAML?” and “May the pods be ever be in your favor.”

Question: What’s your favourite AWS Lambda event trigger? (yes it’s an odd question, but I’m interested to know) ~ Paul Johnston
Maybe an odd question, but the responses and discussions it started are quite interesting. Worth a quick skim at the very least.

When you’re looking for a more audio-visual experience… 🎧

Screaming in the Cloud – Episode 62: Serverless Storytelling with Anna Spysz
Corey interviews Anna Spysz from Stackery about her unusual path into programming, writing good documentation, and developing serverless applications locally with Stackery.

Investing in Serverless: Less Servers, More Code
Learn about the Azure serverless platform and how Azure Functions, Event Grid, and Logic Apps work together to deliver cloud native experiences.

Introduction to testing serverless applications | Hunting for errors
Marcia Villalba gives you an introduction into how we might test serverless applications and why flipping the testing triangle on its head might be a really good idea.

When you’re wondering if the developers at AWS ever sleep… 😴

Amazon Textract – Now Generally Available
Textract is a managed machine learning service that automatically extracts text and structured data from documents. It’s darn pretty cool, and I can image this saving quite a bit of data entry for all those companies and government agencies that still love paper forms. 🤖

Amazon Elasticsearch Service now supports SQL querying
So, this is actually quite amazing. Now you can query your Elasticsearch domain using standard SQL syntax. Plus, there’s a JDBC driver for it. Elasticsearch is crazy powerful, but the query language for it is a bit bulky. This should make it a lot more accessible.

Amazon Aurora Serverless MySQL 5.6 Now Supports Data API
Already mentioned this one, but it’s totally worth repeating. Still probably not fast enough for synchronous operations, but there are plenty of use cases that this is a perfect fit for.

Amazon Aurora with PostgreSQL Compatibility Supports Database Activity Streams For Real-time Monitoring
Yeah, so the cool stuff just keeps on coming. If you have compliance requirements (or you’re a fan of DynamoDB streams), you can now stream your database activity to CloudWatch (then off to Lambda), Imperva’s SecureSphere Database Audit and Protection, McAfee’s Data Center Security Suite, or IBM’s Infosphere Guardium. 😎

AWS Step Functions Enables Access to Workflow Metadata
Step Functions are no longer black boxes powered by elves living in a tree. You now have access to metadata about workflow executions, making it easier to correlate logs for faster debugging and to measure workflow performance data.

Amplify Framework Adds Support for AWS Lambda Functions and Amazon DynamoDB
The Amplify CLI now includes support for adding an AWS Lambda function to your AWS AppSync API using the GraphQL Transformer and the new @function directive. Lots of cool things you can do with these updates. More info in this blog post.

Announcing Tag-Based Access Control for AWS CloudFormation
I’m really loving this tag-based access stuff that AWS is doing. With the addition to CloudFormation, you can now deny certain users deletion or update privileges to stacks with a specific tag, while allowing access to others. 🔒

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 5, 2019 – BuildOn | Securing Serverless Apps on AWS with Alex Casalboni

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Michael Hart (@hichaelmart).  Michael is the Director of Research Engineering at Bustle and an AWS Serverless Hero. Not only is he the creator of the popular LambCI tool, but he has several other open-source projects including docker-lambda, which was utilized to create AWS SAM Local (which eventually became the AWS SAM CLI). Recently, he wrote an eyeopening post reviewing the AWS Lambda nodejs10.x runtime, plus his Massively Parallel Hyperparameter Optimization on AWS Lambda piece is still one of my favorites. I’m pretty sure that everyone in the AWS serverless community has benefited from Michael’s work in one way or another. And for that, we thank you! 🙌

Final Thoughts 🤔

There are so many amazing things happening in the serverless ecosystem right now. The recent acquisition of Puresec (for $47M!) should be a clear market indicator that will push for more investment and more innovation in the space. The cloud providers are releasing new products at a mind-blowing pace, with libraries, frameworks, and downstream providers rapidly innovating and maturing in near-realtime. I remember the early days of cloud adoption, but never have I seen something like serverless that has redefined modern applications so quickly. This is a great show to watch! 🍿

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Cheers,
Jeremy

Off-by-none: Issue #39

One small step for AWS, one giant leap for Step Functions… 👨‍🚀

Welcome to Issue #39 of Off-by-none. Thank you so much for joining us! 🙌

Last week we introduced the new Serverless Chats Podcast and took on some serverless contrarians. This week, we talk about a nifty little update to AWS Step Functions, share some serverless stories, and narrow down the mountain of content from the community. 🏔

Lots of serverless goodness this week, so let’s get to it. ⚡️

When you really wish you could get a callback… ☎️

This past week, AWS Step Functions added support for Callback Patterns in Workflows. If you’re not familiar with Step Functions (or state machines in general), they are a really useful way to orchestrate tasks in distributed systems. With serverless, they allow you to easily “compose” multiple functions that automatically trigger and track each step, as well as handle retries. This allows the “steps” in your application to execute in order, every time.

There are some issues with Step Functions (like pricing), but one of the biggest problems was controlling execution when long-running, synchronous tasks were required. This meant that any time you needed to pause the state machine, you had to set a delay that polled a resource to see if it could move to the next step. This worked well for shorter tasks, but what if you needed to wait several minutes? Or hours? Or days? You would end up paying for hundreds or thousands of executions just to check a status. Not very efficient or cost effective.

With the new Callback Pattern support, you can trigger a task and pass along the generated taskToken. The Step Function execution will pause until another process calls the SendTaskSuccess command with the taskToken to restart the workflow from where you left off! I can envision use cases that trigger third-party APIs that listen for callbacks on a webhook endpoint, or long-running transcoding/processing tasks that trigger callbacks from completion events. Think of all the possibilities (and cost savings)! Very cool stuff. 👊

Serverless News & Product Announcements 📢

Introducing Logbird — log gateway for the cloud
The Dashbird introduced a service to aggregate and filter log streams for events and trigger activities from them. Think of it as a centralized log collector that you can subscribe to for post-processing in event-driven applications. Interesting idea.

Log Search: Finding the needle in the haystack with Thundra!
Thundra’s new Log Search feature allows software teams to search through invocation logs using specific patterns.

Introducing New Relic Monitoring for AWS Lambda
Monitor, visualize, troubleshoot, and alert on your AWS Lambda functions using the New Relic ONE platform. Similar instrumentation and implementation as other serverless observability offerings.

ServerlessDays Stockholm – Call for Papers Now Open
ServelessDays Stockholm is scheduled for October 24, 2019. CFP is now open. Learn more at stockholm.serverlessdays.io.

Serverless Stories 📖

Lessons Learned From Sending Millions of Serverless Webhooks
Rocky Warren shares 10 things his team at Dwolla learned from converting their webhook notification system to serverless. Key insights in here regarding dynamic provisioning and resource tagging.

Less is More: Securing Payment Application with Serverless Architecture
Great post that shows how the Macquarie Group removed 60 groups of EC2 instances and replaced them with just a few AWS services including AWS CloudFront, AWS WAF, AWS Lambda@Edge and Amazon S3.

How we used the Slack API and Cloud Functions to help us keep track of events in our platform
Shailen Naidoo from GetTruck explains how they built a simple serverless Slackbot using Google Cloud Functions and Whatsapp.

Openfit: Serverless, CI/CD, SRE, Monitoring, and more
Read how API Gateway, Lambda, and DynamoDB, proved to be a perfect architectural match for Openfit’s requirements.

Serverless Use Cases 🗺

API Gateway to front services not hosted in AWS
Richard Boyd from iRobot is a big fan of API Gateway Service Integrations. In this post, he shows you how to use API Gateway as a proxy to external APIs without using Lambda. If you can wrap your head around it, you can use this type of pattern to cut latency and cost.

Real-time Streaming for Data Science with Time Series and Serverless
Data Science with serverless tends to get a bad wrap because of the limitations of certain providers. This tutorial from Iguazio demonstrates the use of Kafka and Nuclio to support the availability of streaming data in real-time datasets.

Deploy serverless Symfony on AWS Lambda with Bref
Want to make your Symfony PHP app serverless? Thibaud Lemaire outlines the use case and how to do it in this step-by-step post.

Automate Analyzing your IAM Permissions using IAM Access Advisor
Here’s a great little use case by Hassan Murtaza that uses generate_service_last_accessed_details and get_service_last_accessed_details to detect old IAM roles.

When you’re thinking about going serverless… 🤔

A serverless glossary
Just getting into serverless? Check out this glossary of terms by Toby Fee.

Testing Applications Built on Serverless Architecture: Don’t Fear the Transition
Dan Widing from ProdPerfect outlines how serverless changes (or doesn’t change) your testing practices.

15 Frameworks for Creating Serverless Apps
Alex Ivanovs lists 15 frameworks and tools that can be useful when building serverless applications. There are a lot more than this, but this should get you started.

An Introduction to Serverless Functions with The Minions!
Explain it to me like I’m a five-year-old. 😁 But seriously, if you’re new to serverless and you like Minions, this article will give you a basic intro to how Functions-as-a-Service (FaaS) works.

Serverless Tutorials 🏗

Safe List updates with DynamoDB
Robert Zhu gives you some tips and tricks to update lists in DynamoDB and avoid race conditions.

How to log timed out Lambda invocations
Yan Cui shows you how to preemptively log timeouts in your Lambda functions if you want something more than the standard “timed out”message.

Getting Started with the AWS Websockets API
An introduction to the power of an AWS Lambda powered real-time AWS WebSocket API, complete with Node.js code examples.

Adding Websockets to your AWS Serverless application
In case you’d prefer Python examples for using Websockets, Nino van Hooff has you covered.

Building a Serverless Workflow using AWS Step Functions
Dhaval Nagar takes you through building a simple workflow using AWS Step Functions.

Advanced Serverless CICD – Part 1 :  AWS CodeBuild
Erez Rokah shows you how to set up a Serverless CI/CD system using AWS CodeBuild connected to a GitHub repo.

AWS Lambda Layers: Getting Started Guide
Lambda Layers are extremely powerful and useful tool for your serverless applications. In this post, Ran Ribenzaft demonstrates how to create a layer with the Serverless Framework and then include it in your next project.

Serverless Security 🔒

Council Post: Rethinking Security For Your Serverless Applications
I think Ameesh Divatia’s recommendations might be overkill, but there are some good thoughts in here about the potential for human error.

5 Serverless Security Platforms
I agree with Ishan Mathur that developers need to be aware of security requirements, and having a tool that can help account for human error and nefarious behavior, can definitely provide that peace of mind.

4 fundamental practices for serverless architecture security
Clive Longbottom points out a few recommendations for securing your serverless applications. Most of these are best practices for any type of application, but always good to be reminded every once in awhile.

Serverless Reads 🤓

Reviewing the AWS Lambda nodejs10.x runtime
Michael Hart from Bustle banged up against the new AWS Lambda Node.js 10.x runtime, and he has just a few concerns. 😳

Getting it right between EC2, Fargate and Lambda
Choosing the right cloud compute service means balancing operational burden with cost to achieve the optimal experience. Sarjeel Yusuf has some thoughts on how to make the right decision.

Azure Functions’ Durable Entities
Chris Gillum from Microsoft runs through the thinking and use cases behind the new Durable Entities. I think there are times when rehydrating state would be very useful, but I’d hate to see it become a crutch that allows developers to embrace old, less-scalable application patterns.

4 reasons to go multicloud according to tech experts. Do you agree?
NO. 🤨 TLDR; 1) Vendor lock-in. Nope. 2) Customized solutions. Really? 3) Minimizes risk. If by “cloud” you mean a “server in a garage with a T-1 line,” sure. 4) Cost savings. If you ignore the cost of setting up and maintaining the complexity of multi-cloud as well as the lost revenue by over-engineering a solution and not getting to market fast enough. Other than that, I have no strong opinions on the matter.

5 Cost Saving Tricks to Reduce AWS Cloud Hosting Bill
If “cost savings” is making you think multi-cloud, try following Mark Runyon’s advice first. You know what’s a big cost saving? Going serverless. 😜

4 factors to ruin your serverless migration
Sure, serverless isn’t all 🦄s and 🌈s, but I have to respectfully disagree with Lee Atchison on a number of these points. You should certainly understand the performance capabilities of FaaS and whether it can handle your use case, but best practices and tools have emerged for managing complexity and controlling scaling costs. Plus, FaaS is the one part of serverless that has the least lock-in. Your data, on the other hand…

Data availability and backups in AWS
As Kirill Kolyaskin so eloquently puts it, “shit happens.” There are some rather interesting scenarios in here that could result in data loss, even if it’s “backed up.”

What the technology hype cycle tells us about the future of crypto
Tim Wagner has some interesting thoughts of where crypto is in the technology hype cycle, using his experience with AWS Lambda as a comparison. When the father of Lambda speaks, we should listen. 😉

Server to Serverless: How to achieve more by thinking of servers less
I really liked this piece by Richard Reukema as he points out that thinking about the underlying server deployments are a “distraction from the business need.” He says, “We need to stay above the implementation perspective, and only think of what the application requires from a services perspective.”

Thoughts from Twitter… 🐦

Lambda Layers Tip: I have a layer structure like this. It’s a utility layer for libraries I use (aws-sdk, aws-xray-sdk, uuid). I also have a simple response-handler.js. In Node I can use “const rh = require(‘/opt/response-handler’);” to utilize. #Serverless #ServerlessForEveryone ~ Eric Johnson
This is a neat way to utilize multiple libraries in a single require.

Not pleased to learn that the Node 10.x runtime for AWS Lambda is no longer logging serialized errors. Example code with screens of error output in 8.10 vs 10.x: exports.handler = async (event) => throw Error('simple err') This is really bad for bug resolution. 😠 ~ Brian Leroux
Brian is definitely not happy about this Node 10.x runtime for Lambda issue. I mean, look at how angry that emoji is!

Pearls of wisdom from @matthewfellows , “If you can’t build good microservices you shouldn’t be doing serverless” at @AWSMelb meetup ~ Tom Dickman
While I tend to agree, there are a lot of serverless use cases that don’t require as much choreography or orchestration as a traditional microservice would.

When you search for “serverless” on Netflix… 🍿

Building Event-Driven Serverless Apps with AWS Event Fork Pipelines
Stop reading and go watch this now! James Hood from AWS walks you through building event-driven applications and how you can use reusable Event Fork Pipelines to create loosely coupled serverless services. The underlying pattern is where the real power is.

AWS for Developers: Data-Driven Serverless Applications with Kinesis
Marcia Villalba has a new course out. It’s on LinkedIn Learning, so if you already have a LinkedIn Premium membership, you can access the course for free.

DevOps Chat: Serverless Intelligence With Lumigo’s Aviad Mor
Aviad Mor from Lumigo talks about how their customers are embracing serverless in hybrid environments, and why serverless is more about a way of thinking, rather than a specific technology.

Creating A Website Using AWS AppSync
Luke from Serverless Guru shows you how to build a file upload website using AppSync and DynamoDB.

American Heart Assoc: 100 years of Content is Discoverable with Serverless & AI on AWS
Heitor Lessa talks with AWS customer, Chirag Chhita, from the American Heart Association. He explains how they use serverless and AI tools to create better experiences for their platform users.

Azure Friday Live – Building serverless Python apps with Azure Functions
It looks like Microsoft bought an old CNN set to record this demo, but the fact that Azure Functions support Python now is pretty cool. Asavari Tayal takes you through a demo using the Azure Function VSCode extension.

Serverless Tools 🛠

cloudkj/scar: Deploy static websites in seconds – with HTTPS, a global CDN, and custom domains
Kelvin Jiang built a useful CloudFormation stack that allows “one-click” deployments for your static sites on AWS.

ICYMI: five updates you’ve missed about Serverless Step Functions
If you’re using the Serverless Framework and Step Functions, check out Yan Cui’s recent updates to the serverless-step-functions plugin.

When you’re wondering what AWS is building… 👷‍♀️

Updated timeframe for the upcoming AWS Lambda and AWS Lambda@Edge execution
Based on customer feedback, AWS has extended the timeframe for validation as well as given customers some more control. You now have five additional weeks to test and update affected functions.

CloudWatch Logs adds support for percentiles in metric filters
This is pretty cool. You can now visualize and trigger alarms on p90, p95, p99, p99.9 or any other percentile with CloudWatch logs.

Amazon DynamoDB adaptive capacity is now instant
This is another great update to avoid throttling on hot partitions. There are still limitations, so make sure to choose good partition keys.

Amazon API Gateway Now Supports Tag-Based Access Control and Tags on Additional Resources
And another really cool feature. Now you can use tags to limit access to routes/methods with API Gateway. I’m thinking this will be a very handy pattern for creating ACLs for Lambda and service integrations.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 29, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Matthieu Napoli (@matthieunapoli). Matthieu is a software consultant and full stack developer that has been instrumental in introducing serverless to the PHP community. He is the creator of Bref, a PHP framework for building serverless PHP applications on AWS Lambda, as well as the creator of several other open source projects for PHP developers. Plus, he’s an active speaker at conferences, spreading serverless to the masses (of PHP developers). You can learn more about his upcoming speaking engagements and read his blog at mnapoli.fr. Thanks for your contributions, Matthieu! 🙌

Final Thoughts 🤔

The amount of serverless content being produced every week is overwhelming. But I really do enjoy reading it, picking out the interesting stuff, and sharing it all with you. If you find this newsletter valuable, and you think that some of your friends and coworkers might as well, I would really appreciate if you shared it.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Until next time,
Jeremy