Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.

My Latest Posts:

🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #46

Building Serverless Event Bridges… 🌉

Welcome to Issue #46 of Off-by-none. I’m so happy that you’re here! 😃

Last week, we pondered how companies adopt serverless and previewed AWS Summit New York. This week, we take a deep dive into the new Amazon EventBridge service and share some amazing stories, tutorials, and content from the serverless community.

There is a lot to get to this week, so let’s get to it! 🏃‍♂️

When you’re wondering why EventBridge is such a big deal #NoMoreWebhooks…🤓

Last week Thursday was very exciting for all us serverless nerds out there. Werner Vogels introduced Amazon EventBridge in his keynote, and several people quickly took notice of how powerful this new service is. Besides this excellent post by Mike Deck, a few others had some rather good things to say about it:

Amazon EventBridge: The biggest thing since AWS Lambda itself
Jared Short made this rather bold claim, but I wholeheartedly agree. Yes, CloudWatch Events has been around for awhile, but custom event buses and partner integrations elevate events to first-class citizens within the AWS ecosystem. This is important.

Why Amazon EventBridge will change the way you build serverless applications
Paul Johnston gets it too. He also said that EventBridge is “the most important release for serverless applications since Lambda.” CloudWatch Events was a clever way to coordinate custom events without needing SNS or Kinesis, but now Paul says, “EventBridge has become a central pivot to a serverless applications on AWS.”

There have also been a few posts that show it in use:

If you want even more insights into what you can do with EventBridge, listen to the latest episode of Serverless Chats (Episode #5: Event-Driven Applications using Amazon EventBridge with Mike Deck) where Mike Deck and I chat all about it.

Serverless News & Product Announcements 🚀

Announcing Stackery’s AWS DevOps Competency – Professional Workflow & Tooling For Building On AWS Serverless
To achieve this certification, APN Partners must show AWS expertise and deliver solutions seamlessly on AWS. It’s great to see Stackery keeping up the good work!

Protego Labs Announces Enhancements with New Pipeline Integration Tool
With the enhancements and new functionality, Protego makes it easier for organizations to truly shift security left from development through to deployment, in a smooth and frictionless manner.

Serverless Guru Joins Serverless as a Development Partner
With this partnership in place, Serverless Guru will be able to work more closely with Serverless, Inc. on delivering solutions for its customers. The two companies will collaborate on training and supporting customers as well as building out further functionality in the Serverless Framework.

Serverless Plugin Support Program
This new program reviews community plugins to ensure specific standards are met. Enterprise customers can then be assured that Serverless, Inc. will support approved plugins used within their applications.

AWS Serverless Hero Yan Cui joins Lumigo
The legendary Yan Cui (aka The Burning Monk) joins Lumigo to head up their serverless consulting team. We should expect to see some great serverless stuff coming from this new partnership.

Serverless Stories 📖

How I made AWS Lambda work for my SaaS
Tim Nolet gives an overview of how he built his SaaS company, Checkly, using Lambda and other AWS services. Lots of interesting commentary in here, and nice reuse of Lambda functions for both synchronous and asynchronous use cases.

How BuildCenter and Serverless Guru Streamlined Their Serverless Development Cycle
Interesting case study that shows how Serverless Guru helped BuildCenter adopt the Serverless Framework.

Serverless data engineering at Zalando with the AWS CDK
Viacheslav Inozemtsev and the team at Zalando are big fans of the AWS CDK. Read how they used it to speed up their development lifecycle.

How we built a serverless architecture with AWS
A detailed look at Hypertrack’s AWS architecture and how they use serverless to implement live location for their developers’ apps.

Serverless Use Cases 🗺

How to Use R in AWS Lambda
Jakub Nowicki shows you how you can use R with Lambda functions and Lambda Layers to preprocess data for your ML models.

Orchestrating an ETL process using AWS Step Functions for Amazon Redshift
This is a great use case for Lambda and Step Functions. Thiyagarajan Arumugam shows you how to run serverless ETL tasks to refresh data from your source systems.

SAP IDoc integration with Amazon S3 by using Amazon API Gateway
In this blog post, you’ll see how to store SAP IDocs in Amazon S3 by using API Gateway, with AWS Lambda authorizers and Amazon Cognito both providing the authentication layer.

Responding to SMS in PHP using AWS Lambda and Bref
Simple use case for responding to SMS messages with Lambda functions and PHP.

If you’re interested in learning some serverless basics… 🏗

S3 or DynamoDB?
This is an excerpt from Gojko Adzic’s new book. Picking the right service for your key-based storage workflow should be a little easier after reading this.

Best Practices for Developing on AWS Lambda
George Mao gives you five tips for building applications with AWS Lambda. Pay special attention to #1, “When to VPC-Enable a Lambda Function.”

CloudFormation Nested Stacks Primer
This is an excellent primer by Jared Short from Trek10. The 200 resource limit from CloudFormation does creep up from time to time, and the reusability of child stacks is a very powerful thing. Just be sure you are aware of the “rough edges.”

AWS Step Functions 101
John Demian from the Dashbird gives you some basics of Step Functions, how they work, and when you might want to use them.

Simplify AWS Lambda Dependencies Using Layers
A simply overview of Lambda Layers by Jordan Chalupka.

Benchmarking AWS Lambda runtimes in 2019 (Part II)
The Agile Monkeys are back with Part II of their benchmarking tests, this time using a CRUD simulation. Interesting to see the performance stats, especially from API Gateway.

Understand Lambda Logging and Unlock CloudWatch Logs
Zac Charles explains how Groups, Streams, and Events fit together, describes some relevant parts of the CloudWatch API and how Lambda interacts with it, then explains how to make use of your logs after they’re sent to CloudWatch.

Serverless Tips
The team over at launched a series of Serverless Tips that are worth checking out. Some of the latest posts include:

If you’re just starting your serverless journey… 🐣

Six Things You Need to Know Before Going Serverless
Charbel Ghossain’s post is quite thorough and gives you some things to consider before jumping into your first serverless project.

Awfully Thorough Guide to Choosing the Best Serverless Solution
Speaking of thorough, Ilya Kritsmer outlines the event triggers, supported languages, performance, security, scaling capabilities, and much more, of the serverless offerings from the “Big Four” cloud providers.

Is AWS Lambda actually useful?
If you’ve seen even just a few of Lambda’s use cases, then you know this is a silly question, but Nemanja Novkovic gives some more context for the newbies out there.

Getting Started with AWS Lambda Event Sources
Renato Byrro has another post, this time highlighting the power of event-driven applications and giving some examples of event sources that can trigger our serverless workloads.

Consider DynamoDB for Your Next Data-Driven Application
This is a great post by Luke Mwila that gives a great overview of DynamoDB and why it may (or may not) be right for your next project.

Serverless Tutorials 🏗

GraphQLifying REST
Nader Dabit shows you how to put a GraphQL API (using AppSync) in front of an existing REST API to immediately add GraphQL to your project without a lot of engineering work.

Basic Integration Testing with Serverless Framework
Maciej Skierkowski from Serverless, Inc. shows you how to use the framework’s new integration testing feature to run some simple post deploy API tests.

In Depth Guide to Serverless APIs with AWS Lambda and AWS API Gateway (Part 2)
Kay Ploesser’s follow up to Part 1. This part uploads an image, adds image recognition, and a whole lot more.

Unit Test Serverless Applications The DevOps Way — Part 1 & Part 2
Mahdi Azarboon has a two part post that shows you his method for building unit tests for serverless, along with integrating them into a CI/CD pipeline for deployment.

Using TypeScript with AWS SAM Local
In this post, Henrik Bjørnskov explains how he sets up AWS SAM projects using Webpack and TypeScript.

How YOU can create a Serverless API in C# and .NET
In this article, Chris Noring takes you through building a Serverless function using C#,.NET, and Azure Functions.

Serverless Security 🔒

How to get specific security information about AWS services
Well this is pretty cool. AWS has created “Security Chapters” in the AWS documentation for over 40 different services. Lots of great information for serverless services like DynamoDB and Lambda.

Serverless Security Workshop
Talk about a dream team of serverless know-how! Danilo, James, Heitor and Simon (you know who I’m talking about) put on a Serverless Security workshop at ServerlessDays London last week. Here are the slides and a link to the Github repo.

Serverless Reads 🤓

Development workflow for serverless applications
Efi Merdler-Kravitz from Lumigo details the guiding principles and tools used at a 100% serverless company to ensure the most efficient workflow possible.

The real business value Comic Relief has unlocked by going Serverless
Caroline Rennie has written about this before, but this time gives a little more detail about some of the more nuanced advantages that going Serverless has unlocked for her organization.

From Laptop to Lambda: Outsourcing Everyday Jobs to Thousands of Transient Functional Containers (PDF)
A team from Stanford created, gg, a framework and set of command-line tools that lets you run thousands of parallel threads on FaaS to achieve incredibly fast completion times. It’s a long read, but very interesting.

Why does serverless matter?
Kevin Smith from Dootrix explains why serverless is important and what it has done for some of their clients, like Suffolk Libraries.

What to do if you’ve already finished season 3 of Stranger Things… 🍿

Serverless Chats – Episode #5: Event-Driven Applications using Amazon EventBridge with Mike Deck
In this episode, I chat with Mike Deck about Amazon EventBridge and how it works, what it means for the future of webhooks, and how we can use it to build serverless event-driven applications.

Vue.js and Serverless – Going Serverless with Vue.js
Divya Sasidharan examines strategies for building applications in VueJS with a serverless mindset. She walks us through real life use cases for making API calls and communicating with third party services.

Serverless is the Abstraction We Deserve – GOTO 2019
Jesse Butler gives an excellent talk about the benefits of serverless and what this new layer of abstraction means for developers. And he works for Oracle, so there’s that. – Episode 029: Building Serverless Apps on AWS
Yan Cui joins Mike Pfeiffer to discuss a number of serverless topics, including data lock-in, tooling, and much more.

Twilio & Serverless – Serverless Toronto Meetup
Developer evangelist, Phil Nash, from Twilio talks about Node.js-powered Twilio Functions, the new Autopilot, and some new features coming soon.

The Future of Serverless is … Functionless?
What if we could build an API that didn’t need Lambda to perform simple translations between services? Richard Boyd’s ongoing crusade to minimize the use of Lambda function continues. 🛡⚔️😀

If you’re curious what the AWS devs have been cranking on… 👷‍♀️

Announcing AWS Toolkit for Visual Studio Code
The toolkit enables you to easily develop serverless applications, including creating a new project, local debugging, and deploying your project—all conveniently from within the editor. The toolkit supports Node.js, Python, and .NET.

Amazon Elasticsearch Service increases data protection with automated hourly snapshots at no extra charge
Amazon Elasticsearch Service has increased its snapshot frequency from daily to hourly, providing more granular recovery points. If you need to restore your cluster, you now have numerous, recent snapshots to choose from.

Amplify Framework adds support for AWS Lambda Triggers in Auth and Storage categories
The Amplify CLI now allows you to enable and configure Lambda triggers for building custom authentication flows in your mobile and web applications.

Amazon Aurora with PostgreSQL Compatibility Supports Serverless
PostgreSQL lovers rejoice! The popular MySQL compatible edition is now joined by a PostgreSQL version. All the same benefits and scaling capabilities are available. More info here.

AWS New York Summit 2019 – Summary of Launches & Announcements
The New York Summit was last week, and there were a few more interesting announcements beyond EventBridge.

Session Manager launches tunneling support for SSH and SCP
I haven’t played around with this yet, but if I can get rid of jump boxes when accessing VPCs from my local environment, than this is pretty big!

Serverless Tools 🛠

Lambda Checklist
The Lambda Checklist Application is perfect for meticulous serverless engineers!

buggy/aws-sam-webpack-plugin: A Webpack plugin to replace the build step for SAM CLI
Neat tool by Rich Buggy that you can use to replace the sam build step if every function in your template uses the nodejs8.10 or nodejs10.x runtime.

Plugins Explorer | Serverless Plugins Directory
The new plugins directory lets you search for plugins and see which ones are now “certified” or “approved” by Serverless, Inc.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

July 22, 2019 – Lumigo: Serverless at Full Speed – Monitoring Webinar

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

October 14-16, 2019 – Serverless Architecture Conference Berlin

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erez Berkner (@erezberkner). Erez is the CEO & co-founder of Lumigo, a startup focusing on serverless application monitoring. Erez is always out there spreading the word of serverless, whether through Twitter and blog posts, or through his numerous speaking engagements and interviews. Since the beginning, Erez and Lumigo have embraced and contributed to the growth of the serverless community, and has used the Lumigo platform to engage and educate people on the benefits of serverless. It doesn’t go unnoticed. Thanks for all you do, Erez!  🙌

Final Thoughts 🤔

There were a lot of exciting serverless announcements this past week, plus a very successful ServerlessDays London event, so congrats to the organizing team over there. But there were also lots of dumb and incredibly hurtful things said that are becoming normalized in our culture (and I’m not just talking about that 10x Engineer nonsense). So without getting political, I’ll simply make a naive plea and ask that we all try to be better people, or in the words of Bill & Ted, “be excellent to one another.”

I’ll leave you with this excellent piece by Emma Wedekind: 101 Tips For Being A Great Programmer (& Human).

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #45

Where do companies start with serverless?

Welcome to Issue #45 of Off-by-none. I’m so glad you joined us! 🎉

Last week, we recapped AWS re:Inforce and looked at the broader AWS security ecosystem. This week, we ponder how companies adopt serverless, look ahead to AWS Summit New York, and share lots of great content from the serverless community.

Tons of stuff to get to this week, so let’s get to it! ⏩

When you’re looking to bring serverless to your organization… 👩‍💻

Earlier this week, Tom McLaughlin wrote this piece announcing that he was shutting down ServerlessOps (his cloud/serverless consulting company). The good news is that he will be bringing his expertise and wisdom to Liberty Mutual to help them with their serverless journey, but the bad news is, that another independent consultant is off the market.

Tom offers some insights into why he thinks a small, serverless-focused consultancy business isn’t viable (yet), and I think he’s probably correct for many reasons. There are certainly opportunities for serverless practitioners (of all sizes) to help companies looking to adopt serverless, but there are a lot of factors that drive the internal conversations. I’ve spoken to a number of companies simply looking for guidance, some who want to outsource completely, and some who have just started figuring things out on their own. I think these are all viable ways to get started with serverless. The key is that they are getting started.

However your company plans on adopting serverless, it’s good to know that there are some really good people out there (like Tom was) to help you, especially when you start dealing with complex architectures. I’m sure Tom will continue to share his thoughts and ideas with the serverless community, and maybe even give us some insights into how his new employer adopts serverless. We certainly wish him well.

For all you readers: I’d be curious to know the story of serverless adoption at your company. Please reach out to me on Twitter or LinkedIn if you’d like to share.

Serverless News & Product Announcements 🚀

Serverlessconf 2019 New York Speakers Announced
The speaker lineup is now available for Serverlessconf New York in October. Lots of amazing serverless minds will be taking the stage, and I’m honored to be joining them for a talk of my own. Hope to see you all there.

Releasing X-Lambda (alpha): Statistical Power Against Code Starts
Renato Byrro and the team at Dashbird have released an interesting way to deal with cold starts. It’ll depend on your use case as to whether or not you need this, but the approach is very cool.

The Best Serverless Sessions at AWS Summit New York
Stackery has put together a list of sessions that serverless fanatics can’t miss at the AWS Summit New York later this week. I’d add DEV11 to that list, but I’m a bit biased. 😉

NEW BOOK! Running Serverless: Introduction to AWS Lambda and the Serverless Application Model
Gojko Adzic’s latest book is now available in paperback and on Kindle. I read an early preview of this book and it was fantastic. Definitely worth checking out.

Serverless Stories 📖

Building Open Source Communities at AWS Serverless
Sanath Kumar Ramesh from AWS talks about the open source community around serverless developer tools, and his story about open sourcing two AWS products.

Surviving Azure Functions
Ali Zahid recounts the last year of being forced to work with Azure Functions, what he learned, and some of the challenges his team faced.

Australian Wool Handlers (AWH) — Case Study
A bit of a marketing piece for NONA, but the underlying solution for AWH was built using AWS and serverless components. Always nice to see large scale, successful serverless projects.

Lambda + Twilio + WhatsApp = Automated VISA Results Informer
Sort of a mix between a use case and serverless story. Anuraag Jain wrote a simple serverless tool one Sunday afternoon to check his VISA status.

Filling stadiums with serverless computing
“From an operations and management standpoint, we don’t need to be the experts at running a MongoDB database. And we don’t need to be experts in running some kind of streaming platform. We’ve got to be experts in being able to use it as a ticketing platform. But we don’t need to be the experts running it.” ~ Tane Oakes, Ticketek

Serverless Use Cases 🗺

Hybrid Load Balancing traffic between EC2 and Lambda functions – useful API migration pattern
Rafal Wilinski outlines how to implement the Strangler Pattern to migrate to serverless using AWS ALBs, Lambda functions, and the Serverless Framework.

AWS Step Functions — why you should use them.
A bit of a tutorial as well, but a good post by Keith Coughtrey that shows the value of Step Functions in a real-world application.

Using Lambda Layers for Better Serverless Architecture
Renato Byrro from the Dashbird outlines a few use case for Lambda Layers.

Querying your AWS Cost and Usage Report using Amazon Athena
Did you know you can query your Cost and Usage report data with Athena? Erin Carlson shows you how to set up this powerful use case.

If you’re interested in learning some serverless basics… 🏗

Understanding the Different Ways to Invoke Lambda Functions
Lambda functions are event-driven, and there are multiple ways to invoke them. George Mao breaks them down for you.

Which AWS Lambda programming language should you use?
John Demian gives you a rundown of the different runtimes supported by AWS Lambda, along with their benefits and community support.

Benchmarking AWS Lambda runtimes in 2019 (part I)
Speaking of performance, Tai Nguyen Bui runs a number of experiments to show how each runtime performs.

If you’re just starting your serverless journey… 🐣

Understanding Serverless: Tips and Resources for Building Servicefull Applications
Excellent piece by Christopher Paton that gives a great overview of serverless and clears up some misconceptions that have developed over time.

An enterprise guide to serverless computing
Kathleen Casey has compiled a number of TechTarget articles about serverless. If you’re jumping in, this might be a good starting place.

Serverless Cloud Computing: Introduction, Emergence, Limitations, and Challenges
This piece gives a good introduction to serverless (FaaS + BaaS), along with some of its advantages in modern application development.

Serverless computing: 5 things to know about the post-container world
Not sure we’re quite ready for a post-container world, but Bernard Golden outlines several things that might make you rethink choosing containers.

Serverless Tutorials 🏗

Dynamic image resizing with Ruby and Serverless framework
Everyone loves to use serverless to resize images! 😂 Here’s how to do it with Ruby and the Serverless Framework.

Handle AWS lambda error with API gateway integration using Typescript in a clean way
Albert Gao shows you an interesting way to wrap all your Lambdas with a higher-order function to consistently handle your errors.

Leveraging external data in Lambda@Edge
Achraf Souk guides you through some common patterns and options for reading external data in Lambda@Edge functions.

Serverless APIs for Machine Learning models
James Thomas figured out how to run MAX models on IBM Cloud Functions and expose them as serverless APIs.

How to Create Secure Internal APIs on AWS without VPCs
Eoin Shanaghy shows you how to set up internal APIs with proper authentication controls. Not a huge fan of Lambdas calling Lambdas through an API Gateway, but there are some benefits here.

Crash Course on Fan-out & Fan-in with AWS Lambda
Renato Byrro has been quite prolific as of late, and in this piece, shows you how to build a Fan-out/Fan-in process with Lambda.

Monitoring Your AWS Lambda Pipeline with Automatic Notifications
Shawn Cochran shows you how to set up CloudWatch Metrics and alarms on your Lambda functions.

Using the Data API to interact with an Amazon Aurora Serverless MySQL database
Marcilio Mendonca gives you the basics of the Data API and eight examples of queries you can run against your Aurora Serverless databases.

In Depth Guide to Serverless APIs with AWS Lambda and AWS API Gateway (Part 1)
Always love a good in depth guide. Kay Ploesser has all the steps necessary to get started with building a serverless API with Lambda and API Gateway.

AWS Lambda with Node.js: A Complete Getting Started Guide
Samuel James’ guide goes even further and gives you everything you need to know to build your first serverless application with AWS.

Globally-distributed Serverless Application in 100 Lines of Code. Infrastructure Included!
Mikhail Shilkov has a great piece for Azure and Pulumi fans.

Serverless Security 🔒

9 in 10 Serverless Apps Are In Deep Trouble In Frontend Security
Renato Byrro is back again, this time with some advice for storing tokens correctly on the frontend, to securely connect to your serverless backend.

Who is really responsible for cloud security?
Thought-piece by Lionel Snell on how the nature of security in the cloud is changing, and more importantly, who bears the responsibility.

From Shift Left to Shift Up: Securing Containers and Serverless Architectures
Interesting piece by Tsvi Korren that encourages DevOps to “shift left” and “shift up” to start integrating security best practices earlier in the development stage and put a greater emphasis on application security in the cloud.

strong_password v0.0.7 has been yanked, as it contained malicious code. Make sure to downgrade if you run it in production. ~ Tute Costa via Twitter
Not specific to serverless, but just another example of how popular third-party modules can be compromised.

Serverless Reads 🤓

The Promise and Perils of Serverless Computing
I always appreciate other people’s take on serverless as it’s interesting to see how they frame the advantages and disadvantages. This post by Krishnan Srinath points out the “security” and “vendor lock-in” FUD that are commonly spread. I did find his take on “services sprawl” to be valid.

Serverless Impact — Less Overhead
Ryan Jones from Serverless Guru discusses the superpower of serverless that lets a new hybrid developer build massively scalable applications without worrying about the underlying infrastructure.

The Nature of Serverless
Rodrigo Estrada’s piece is a bit hard to follow in spots, but overall offers a number of subtle points about the underlying asynchronous nature of serverless.

How serverless computing saves time and money
Ooh, a post on InfoWorld about serverless. They even pulled a quote from one of my blog posts about Aurora Serverless.

For members of the A/V Club… 🎥

Serverless Chats – Episode #4: Serverless Development Workflows with Chase Douglas
In this episode, I chat with Chase Douglas about how serverless applications change our development workflows, what a local development process looks like, and some tools we can use to help make our lives easier.

DiscoPosse Podcast – Ep 81: AWS Outposts and Serverless Twitter Thread Chat with Ben Kehoe (ben11kehoe)
Eric Wright is joined by Ben Kehoe to explore the advantages and challenges of cloud-owned features and which will be important to cloud ops and cloud developer teams everywhere.

Erez Berkner interview at Cloud Expo
The Lumigo CEO talks about serverless, observability, the applications people are building, and what some of the challenges are.

When you’re wondering what AWS has been working on… 👷‍♀️

Amazon DynamoDB now supports deleting a global secondary index before it finishes building
This is a nice update, especially for development workflows when you’re experimenting with different indexes.

AWS CodeCommit Now Supports Resource Tagging
You can now group and find repositories with a common tag as well as define AWS Identity and Access Management (IAM) permissions based on tags.

AWS Amplify Console Updates Build image with SAM CLI and Custom Container Support
The Amplify Console launched several updates to the build service including SAM CLI and custom container support. Custom containers allow developers to swap out the default container with their own build environment.

Thoughts from Twitter 🐦

Loving what @GunnarGrosch did on “Serverless chaos” using the Injection library I built. Got inspired by his feedback so merged his code and added a bunch of functionality: StatusCode, Exception and of course Latency injection!! Thanks mate! ~ Adrian Hornsby
Some good collaboration between Adrian and Gunnar. The more tools we have, and the better we understand how chaos engineering applies to our serverless applications, the more resilient our services will be.

Dear @awscloud, I am a real fan of AWS CloudFormation & Serverless implementation, could we please have the CloudFormation’s 200 resources limit removed. Please a humble request from a #AWS fan. #awswishlist #Serverless ~ Srujal Kachhela
This seems like a pretty straightforward request, but it started an interesting debate. Nested stacks are an eloquent solution.

To me, serverless is about the Developer Experience (DX). If these words are in the conversation, we aren’t talking serverless IMO. And I don’t think it has anything to do with how you pay for it. #serverless ~ Paulo Arruda
I liked this tweet from Paulo. Make sure you click through to see the attached image.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications, with a surprise 😉)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Gojko Adzic (@gojkoadzic). Gojko is a partner at Neuri Consulting LLP, an author, and frequent speaker at software development conferences around the world. His new book, Running Serverless: Introduction to AWS Lambda and the Serverless Application Model, is now available on Kindle and in paperback (and it’s really good). Besides his other open source serverless work,  he’s also one of the co-authors of Claudia.js, a serverless deployment framework for Lambda and API Gateway. Gojko continues to do a ton of work for the serverless community, and it is much appreciated!  🙌

Final Thoughts 🤔

It’s been another busy week with lots of interesting things happening in the serverless space. The Serverless Chats podcast is going strong with FOUR episodes already available. Plus we have some more amazing guests coming up, so stay tuned (or subscribe) for those. If you’re going to the AWS Summit New York, please be sure to stop and say “Hi!” and grab some stickers from me.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next week (or maybe at AWS Summit New York),

Off-by-none: Issue #44

re:Inforcing Serverless Security 🔒

Welcome to Issue #44 of Off-by-none. It’s so great that you’re here! 😎

Last week, we recapped ServerlessDays Milan and shared some great serverless reads. This week, we talk a bit about the inaugural edition of AWS re:Inforce and look at the broader AWS security ecosystem. And, as always, we have some amazing content from the serverless community.

Before we get started, Serverless, Inc, is running a State Of Serverless Community Survey. If you get a chance, fill it out and share your experience. It’s always great to see the results. Lots more stuff to get to this week, so let’s get right to it! 🎯

When you want to re:Inforce your serverless security… 🔐

This past week was the inaugural AWS re:Inforce conference. I was only able to make the second day, but from what I saw, it was very well-attended and quite successful. There were some great serverless security talks (like Securing Enterprise-Grade Serverless Applications – SDD401 with George Mao) and several others on more general AWS cloud security products and services. You can find all of the sessions in this post: Re:Inforce 2019 wrap-up and session links.

I also gave a Dev Chat titled Serverless Security: Best practices and mitigation strategies that sparked several post-talk discussions with lots of great questions. It was really quite eye-opening putting together a talk on serverless security. There was so much content to cover, with so many intersecting and overlapping AWS products and services, that I found it difficult to limit the talk to just 30 minutes (I actually went over by a few minutes 😬). But I found myself really just skimming the surface of a very complex subject.

This is something that we really need to think about as we develop our serverless applications. Even though the cloud providers are handling most of the heavy-lifting for us, there are still some important security requirements that must be properly implemented by developers. Many of these aren’t new, but as developers get closer to the infrastructure and start deploying their applications directly, not having an Ops person looking over their shoulder could possibly affect your overall security posture. Something to think about and train your developers on.

Serverless News & Product Announcements 🚀

Serverless Framework v1.46.0 – Extended ALB configurability, Support for external Websocket APIs, Local plugins via relative paths & more
The Serverless Framework has a new release, this time adding support for ALB conditions, shared WebSockets, and a new local plugin component.

Stackery CEO steps down as serverless technology startup seeks new leader for its next phase
Nate Taggart is stepping down to bring in an experienced CEO to grow the company. I’m a big fan of Stackery and their team, and I think this shows their true dedication to the serverless community. There is a real opportunity here to build a company that’ll be a major player in the cloud market. If they continue to focus on serverless, this will help to grow and better define the serverless ecosystem. Something about rising tides. ⛵️😉

Serverless Stories 📖

Mistakes we made adopting event sourcing (and how we recovered)
Nat Pryce has a great piece that outlines what his team learned when building an event-sourced application. Couple of big takeaways include the difference between event-sourced and event-driven architectures, and the benefits of using a hexagonal architecture for separating and testing business logic.

How this New South Wales transport agency built an analytics platform on AWS
Interesting story about a government agency implementing serverless to not only create a better service, but to save money as well.

Serverless Development Workflow
Guilherme Waess outlines his serverless development workflow for us. He needs a better way to deal with secrets, but overall a good approach.

Lambda Dependency Management using Serverless Plugins
Navarasu Muthu discusses the process his team at Francium Tech used to manage Python dependencies using the serverless-python-requirements plugin for the Serverless Framework.

How to SSR in a serverless environment and make your visitors 400% happier!
Sven Al Hamad walks you through how Webiny implemented SSR with serverless to speed up page loads.

Serverless Use Cases 🗺

How to customize verification emails in Amazon Cognito? Use Lambdas!
This is a great use case. Use Lambda to customize emails sent from Cognito. Very cool.

Dynamic image resizing with Python and Serverless framework
This is one of those very common use cases that is “perfect” for serverless. Here’s another look at it using Python and the Serverless Framework.

Configuring user creation workflows with AWS Step Functions and AWS Managed
This is a really great automation workflow that can make everyone’s lives easier. One configuration change can kick off a whole series of events, and using Step Functions, we get retries and orchestration out of the box.

Step Functions as an ad-hoc scheduling mechanism
And speaking of Step Functions, Yan Cui goes into more detail about some of the benefits (and problems) with using Step Functions as a scheduling mechanism. The suggestion from David Wells to use DynamoDB TTLs alongside Step Functions is quite ingenious.

If you’re thinking about going serverless… 🤔

Serverless. You Keep Using That Word. I Do Not Think It Means What You Think It Means.
Hmm, did Allen Helton see my meme from ServerlessDays Milan? Anyway, here is another attempt at a comprehensive “definition” of serverless.

Serverless Microservices in a Team
Gareth McCumskey outlines a few best practices for teams building serverless microservices using the Serverless Framework.

AWS Lambda: how to share code between functions in a monorepo
A common question for those structuring their serverless applications. Yan Cui has some suggestions if you’re going down the monorepo route.

AWS Lambda – 7 things you might not know
John Demian from Dashbird outlines the top seven reasons AWS Lambda is a powerhouse your business should consider.

Deconstructing Serverless Computing Part 4: Developing to infinity and beyond!
In the fourth part in his series, Lucian Toader discusses some things you should keep in mind when it comes to serverless development.

Make Data Acquisition Easy with AWS & Lambda (Python) in 12 Steps
Shawn Cochran gives you a brief introduction to AWS Lambda and building a fully serverless data pipeline using Python.

Serverless Tutorials 🏗

Getting Started with Lambda and Application Load Balancers
In this post, Gavin Lewis runs some experiments with ALBs using Lambda targets and discovers some use cases along the way.

How to create a highly scalable serverless GraphQL data-driven app in minutes
Gerard Sans teaches you how to build a GraphQL data-driven serverless app using Angular, AWS Amplify and AWS AppSync.

humank/EventStormingWorkShop: EventStorming workshop
A hands-on workshop that contains topics such as DDD, event storming, and specification by example. It uses Lambda, API Gateway, DynamoDB, X-Ray, and CloudWatch.

Building AWS Amplify Customized Authentication Forms for Serverless Vue.js
Wataru Oguchi’s tutorial is from the perspective of someone without a lot of AWS experience, but finds that AWS Amplify abstracts most of that away.

AWS Serverless App: Continuous Integration and Deployment
In this post, you’ll learn some steps to add continuous integration and deployment (CI/CD) to your serverless project.

Building Serverless Data Lake with AWS Glue DynamoDB and Athena
Yi Ai shows you how to build a serverless data lake solution using AWS Glue, DynamoDB, S3 and Athena.

Getting Started with AWS SES
Usama Yousuf walks you through the process of sending emails and creating configuration sets to publish email events  like bounces, complaints, deliveries, sent emails, etc.

Building a real-time gaming leaderboard with Amazon ElastiCache for Redis
While this may not seem particularly “serverless”, it is a really great solution that still uses API Gateway and Lambda to power the API.

Increasing real-time stream processing performance with Amazon Kinesis Data Streams enhanced fan-out and AWS Lambda
Excellent post by Eric Johnson that shows you how to deal with huge volumes of streaming data.

Serverless Security 🔒

How to never have a public S3 bucket
Teri Radichel shows you how you can implement automated governance to prevent people from making mistakes when setting up S3 buckets.

Managing Secrets and Output Variables With Serverless Framework Enterprise
Maciej Skierkowski from Serverless, Inc. shows you how to protect your secrets using the new features of the Serverless Enterprise Framework.

Top 10 Security Blog posts in 2019 so far
Since we are talking about security in this issue, I figured I’d include this post from AWS that outlines their most popular security posts from this year.

Serverless Reads 🤓

How to FaaS like a pro: 12 uncommon ways to invoke your serverless functions on AWS [Part 2]
Alex Casalboni outlines four more uncommon ways to invoke Lambda functions. My favorite from this group is Aurora triggers. Interesting way to build event-sourced applications.

Chaos Engineering — Part 1
An amazing post by Adrian Hornsby that walks you through the art of implementing Chaos Engineering.

How to Design Your Serverless Apps for Massive Scale
George Mao has a short post on how to use intermediary buffers to compensate for downstream services that don’t scale as well as Lambda.

Analyzing the Cost of Your Serverless Functions Using Faast.js
Kyle Galbraith discusses some of the benefits of Faast.js, an open source project that streamlines invoking serverless functions.

Tackling API Gateway Lambda performance issues
Matt Billock from Lumigo outlines some of the performance pitfalls of API Gateway and how you might be able to get around them.

The Annoying State of Lambda Observability
Luke Demi from Coinbase outlines his frustrations with AWS’s current native observability offerings for Lambda functions.

AWS Lambda nodejs10.x = FIXED
The release of the NodeJS 10.x runtime for AWS Lambda was not without issues. And thanks to Michael Hart pointing out these problems, it appears that they’ve now been fixed!

When you prefer an audio/visual experience… 🎧

Serverless Chats – Episode #3: Serverless GraphQL using AWS AppSync with Marcia Villalba
In this episode, I chat with Marcia Villalba about the benefits of building applications with GraphQL, how to use AWS AppSync to build serverless applications with it, and some best practices for using it in your projects.

Deploying AppSync Using The Serverless Framework
Speaking of AppSync, Luke from Serverless Guru kicks off a video series on deploying it using the Serverless Framework.

Experimenting with chaos engineering in serverless applications
And speaking of Marcia Villalba, she has another video that completes her series on hunting for errors in serverless apps. In this video, she shows you how to create experiments for performing chaos engineering in your serverless applications.

Cloud Unfiltered – Ep84: The Serverless Framework, with Nick Gottlieb
Nick Gottlieb talks about the Serverless Framework, and the state of serverless.

When you want to know what the devs at AWS have been building… 👷‍♀️

Amazon API Gateway Now Supports Tag-Based Access Control and Tags on WebSocket APIs
You can now give permissions to WebSocket resources at various levels by creating policies based on tags.

Amazon CloudWatch Events Now Supports Amazon CloudWatch Logs as a Target and Tagging of CloudWatch Events Rules
You can now use CloudWatch Logs to store, monitor, and analyze CloudWatch Events that are triggered in your environment. Very meta.

Introducing Amazon EC2 Instance Connect
Amazon EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). While I would definitely prefer to never have to SSH to a machines, I still have plenty that I need to, so this is a great feature.

AWS Security Hub is now generally available
AWS announced the general availability of AWS Security Hub, a new security service that provides customers a comprehensive view of both their compliance with the security standards and their high priority AWS security alerts, or findings. Not specific to serverless, but a great way to get an overview of your security posture.

AWS Control Tower is now generally available
Managing multiple accounts in AWS has become the standard for environment isolation, so having a new tool to implement all your guardrails and policies automatically was much needed. It only works for new accounts (with no organization) right now, but they also announced plans to provide support for migrations as well.

Serverless Tools 🛠

Func.Farm – Browser extension to create serverless functions from snippets
This is an interesting Chrome extension that allows you to create functions in multiple languages and in multiple clouds right from your browser.

Releasing AWS Lambda Haskell Runtime v2
The Agile Monkeys have an update to their Haskell custom runtime for Lambda.

Reduce Complexity and Quickly Search Amazon CloudFront Logs in Amazon S3
Chaosearch looks like an interesting tool that allows you to search through preprocessed CloudFront access logs. Haven’t tried it yet, but I like tools that solve common serverless problems.

Common Serverless Errors
This is a great resource put together by the team over at It lists the most common Serverless Framework AWS errors and how to fix them.

Thoughts from Twitter 🐦

I don’t assign required reading very often, but it’s time for another. If you are responsible for any AWS account(s), set aside 45 minutes and watch this recent AWS #reInforce presentation by @bjohnso5y about Attribute-Based Access Control (ABAC). ~ Eric Hammond
Eric’s recommendation is spot on. This session from re:Inforce on Attribute-Based Access Control is definitely worth the watch. Brigid Johnson does an excellent job presenting this very powerful and flexible access control method.

The future of #serverless is not stateful compute. It’s computeful state. ~ Ben Kehoe
Ben offers another glimpse into how he thinks about the future of serverless. Having changes in state drive collocated computations could be an interesting way to solve a number of latency problems with current models.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 9, 2019 – Epsagon: Modern Apps on AWS: Challenges and Solutions (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Nader Dabit (@dabit3). Nader is a Senior Developer Advocate at AWS that works with projects like AWS AppSync and AWS Amplify. He produces a mountain of content, including several great posts on Amplify, serverless, and GraphQL, as well as hosting the GraphQL Patterns Podcast, regularly speaking at conferences, and authoring both React Native in Action and (the soon to be released) Full Stack Serverless books. Nader’s focus is more on the mobile side, but his writing, teaching, and contributions to the serverless ecosystem are incredibly helpful and very much appreciated. Thanks for what you do, Nader! 🙌

Final Thoughts 🤔

It’s been a busy few weeks, and the serverless community and ecosystem are going strong. My biggest takeaway from this week is to stress the importance of cloud security when building your serverless applications. It’s not just about application security best practices, but also about understanding proper configuration, secrets management, scalability behavior and much more. Serverless makes it very easy for us to build, deploy and tests applications quickly, and even though these applications are much more secure by default, spending some time to learn best practices should be a mandatory investment.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next time,

Off-by-none: Issue #43

Buongiorno from ServerlessDays Milano! 🇮🇹

Welcome to Issue #43 of Off-by-none. I’m so glad you joined us! 🙌

Last week, we looked at some frameworks that are making serverless easier. This week, we recap an amazing ServerlessDays event in Milan, we have some great serverless reads, and we have plenty of serverless content from the community.

There is a ton to get to this week, so let’s get started! 🏎

ServerlessDays Milan 🇮🇹

This past Friday was the third installment of ServerlessDays Milan, and it was a really great show. I started the day off by giving my Stop Calling Everything Serverless! keynote, followed up by a great talk from Andreas Grimm about authentication in the serverless world. Next up was the one and only Danilo Poccia talking about Diving deep into the event-driven side of serverless. This was definitely one of my favorite talks.

There was then a number of rapid fire lightning talks from Ran Rib of Epsagon, Marcia Villalba (Developing Serverless applications with GraphQL), Soenke Ruempler from Superluminar (Serverless vs. Organizations), and Farmin Farzin. Ory Segal gave an excellent talk about serverless security, including a number of great examples and a live demo. Victoria Bernard then gave us some Dev life hacks using serverless.

The highlight of the show might have been Gunnar Grosch’s talk about Performing chaos in a serverless world. The talk was great, of course, but the best part was when Gunnar purposely simulated a projector failure (to make the point that “everything fails all the time”) and Alex Casalboni jumped up to try and fix it. The MTTR from the ServerlessDays organizers was impressive. 😉

Bret McGowen from Google admitted that Kubernetes was really hard, but also introduced us to an interesting billing model for Google Cloud Run. Sheen Brisals pronounced that “Serverless was Definitionless” and then walked us through the serverless journey of Finally, Guillermo Rauch didn’t disappoint with an engaging closing keynote. He concluded that “serverful schedules, and serverless is scheduled.” I really like that definition. Even though it focuses on the execution model, it’s a great way to think of it.

Overall it was a great day. The organizers did a fantastic job, the speakers discussed a diverse set of topics, and the crowd was amazing. I’m looking forward to the videos coming in the next few weeks.

Serverless News & Product Announcements 🚀

ServerlessDays Tokyo and ServerlessDays Istanbul were announced!
Add two ServerlessDays events to the list that are happening this year. Istanbul on October 3rd and Tokyo on October 22nd.

What’s New in IOpipe for Python 1.8?
IOpipe’s new release adds a bunch of features to make auto-tracing more configurable, plus trace decorating, context for WSGI interfaces, and new event types.

Recent Developments in monitoring AWS Lambda in Python
Thundra has also added some enhancements to their Python support including distributed tracing support and automatic tracing for SqlAlchemy, Elasticsearch, and MongoDB.

Aqua Security releases new version of its cloud native security platform
Aqua 4.2 introduces advanced runtime protection for serverless functions, providing security teams with the ability to detect and prevent potential misuse and abuse of cloud-based serverless functions.

Serverless Stories 📖

Fun with AWS Lambda Layers and Serverless
Barend Bootha recounts his experience with Lambda Layers, and gives you a few tips to avoid deploying functions with missing versions.

Building a full Node.js website in the FaaS world: Serverless Framework + AWS Lambda
Yoram Griguer gives you a bunch of lessons learned from building with serverless at Biogen and why they don’t regret their choices.

From a high traffic monolithic app to serverless
The story of how Skyscrapers evolved a classic, high traffic, monolithic application to a serverless architecture using AWS Lambda, DynamoDB and Kinesis.

Serverless Use Cases 🗺

Building a PDF Generator on AWS Lambda with Python3 and wkhtmltopdf
Here’s a very hand use case from Richard Keller that uses the wkhtmltopdf binary with Lambda to create a highly-scalable PDF generator.

Empirically test and measure queries from Amazon DynamoDB
Ryan Meyer walks us through a really interesting way to intercept, track, and measure calls to a DynamoDB table for the purpose of performance analysis, refactoring legacy queries, or root cause analysis.

How to build a dynamic message of the day with AWS Lambda
In this simple use case, Chris Blackwell shows you how to create a basic templating system using S3 and personalization using Lambda.

Lightweight Serverless API Using AWS Lambda and ALB
Regis Wilson from Driven By Code explains how he built a simple serverless API using ALBs with Lambda targets. If you don’t need the heavy lifting of API Gateway, this might be a good (and cheaper) option for you.

If you’re thinking about going serverless… 🤔

How to convince your boss to go serverless
“In simple terms, one should clearly explain why going ‘Serverless’ is no longer an option, but a priority.”

Meet the Family: The “Other” AWS Serverless Services
Serverless != FaaS. Yan Cui introduces Serverless newcomers to the other “serverless” services that AWS has to offer.

Containers or Serverless: Which one to choose?
Alex Miranda gives some of his thoughts on the container versus serverless selection process. While he admits he doesn’t have a lot of experience with serverless, I think this goes to show the knowledge gap that needs to be filled.

Serverless 101: A Comprehensive Guide
Maybe not entirely comprehensive, but there are some good details in here about the history of serverless.

Serverless Tutorials 🏗

How to use Google Sheets Data as JSON in your front end, So simple.
If you need a quick and easy place to provide JSON to your front end (or backend), Google Sheets makes it surprisingly simple.

Save Money With AWS S3 Static Web Hosting
Simple step by step guide by Keith Miller to set up static web hosting with AWS S3.

Four Steps for Debugging your Content Delivery on AWS
Achraf Souk  show you how to configure alarms for delivery issues, and how to troubleshoot them using AWS tools and services like the CloudFront console, Athena and CloudWatch Logs Insights.

Using AWS Services from different regions using Serverless Architecture
Interesting workaround for dealing with regions that don’t support all AWS services.

URL Shortener + Tracking solution using Nexmo Messaging and AWS Serverless
Simple URL Shortener and click-tracker from Enrico Portolan.

Serverless Security 🔒

Serverless Computing from the Inside Out
Interesting article from Joe Vadakkan. He argues that the biggest “serverless” risks don’t stem from the technology itself, but from an organization’s response to the rapid adoption.

Amazon S3 consistently raises the bar in data security
Just a gentle reminder from AWS that S3 is really secure, if it’s in the right hands, that is. 😜

Best practices for secrets management in serverless applications
Here are a few tips from Snyk to keep your serverless secrets secure.

Serverless Reads 🤓

Serverless is a Doctrine, not a Technology
Paul Johnston has another great thought piece that tries to explain what serverless is. At first, it was a mindset, then “Cloud 2.0”, and now a doctrine. But, I really like the way he thinks about this stuff, and an evolving definition will be commonplace for quite some time.

Choosing a Database for Serverless Applications
Alex DeBrie wrote this excellent piece that discusses several database options for your serverless applications. Definitely worth the read if you’re thinking about building a serverless app.

In the cloud, beware of sharp edges, for there are many
Really great post by Ryan Green about understanding the limits imposed by cloud providers. Some of them can be raised, but many are hard limits that require changes to your implementation.

Forget monoliths vs. microservices. Cognitive load is what matters
Not specifically for serverless, but this is an interesting piece that argues that organizations should be using the team’s cognitive load as the guiding principle for the effective delivery and operation of modern software systems.

Solving Cold-Start disturbs serverless’ definition and it’s okay
Maxime Rouiller argues that just because Azure Premium Functions don’t scale to zero, doesn’t mean they’re not serverless. I actually argued for something like this in the past (but now I think there are better solutions than pre-warming).

When you’d rather just Netflix and chill… 🍿

Serverless Chats – Episode #2: Building Resilient Serverless Systems with Nitzan Shapira
In this episode, I chat with Nitzan Shapira from Epsagon about building resilient serverless applications, what can go wrong with serverless, and what we should do to make sure our applications are working as expected.

Serverless chaos demo – Latency injection into Lambda function
Walk-through of the serverless chaos engineering experiment Gunnar Grosch performed live at ServerlessDays Milano 2019. Latency injection into AWS Lambda function!

Serverless Smells – Think FaaS Podcast
Forrest Brazeal talks about developing an intuition for serverless designs that just don’t feel quite right.

Hillel Solow, CTO & Co-Founder at Protego, discusses all the latest topics in cloud-native and serverless with Eoin Shanaghy, CTO of fourTheorem, in this four part episode of the Serverless Show:

When you want to know what AWS has been working on… ⚙️

Amazon CloudFront announces seven new Edge locations in North America, Europe, and Australia
Four in the US, two in Europe and one in Australia. Capacity in each of the new cities has been doubled to serve the growing number of user requests.

Announcing Enhanced Lambda@Edge Monitoring within the Amazon CloudFront Console
Debugging Lambda@Edge used to be a nightmare, but this release from AWS might just change all that. Imagine being able to see all your edge locations and Lambda@Edge functions in one place! Wish granted.

Amazon API Gateway Adds Configurable Transport Layer Security Version for Custom Domains
You can now enforce TLS v1.2 on API Gateway. I can’t even remember how many times I’ve seen this request on a security audit. Good stuff.

Use IAM access advisor with AWS Organizations to set permission guardrails confidently
I haven’t looked into this extensively, but my initial impression is that it’s a good idea. Being able to review last accessed info and add guardrails to restrict unneeded access should be very powerful. Let’s just hope not too powerful to break some existing service with infrequent access patterns. There’s some more info in this post.

Introducing Service Quotas: View and manage your quotas for AWS services from one central location
This service could come in might handy, especially as you start to scale up your applications. More details are available in this post.

AWS Lambda Console shows recent invocations using CloudWatch Logs Insights
Hmm, I figured this was coming, but there is a long way to go before CloudWatch has parity with the likes of Epsagon, Thundra, IOpipe, etc.

Introducing Amazon QuickSight fine-grained access control over Amazon S3 and Amazon Athena
I have never used QuickSight, but I hear good things. Maybe this will make it a more attractive option now that you can get precise with data permissions?

Amazon DynamoDB now supports up to 25 unique items and 4 MB of data per transactional request
Transactions are an awesome feature of DynamoDB, and now that you can have 25 items, I think this could open up a number of new use cases. But not to maintain relational data models! (As Rick Houlihan says, “Don’t do that!”)

Serverless Tools 🛠

Serverless App to Speed up all your Lambda Functions
Yan Cui (with support from Lumigo) has published the new optimized-aws-sdk layer to enable HTTP keep-alive by default. There’s also a SAR app to make sure that all your functions have it automatically applied.

FFmpeg, ImageMagick, Pandoc and RSVG for AWS Lambda
Gojko Adzic has updated his Lambda Layers to support Amazon Linux 2.

Rocketsam: A CLI made to build and deploy microservices in AWS
This is a new serverless deployment tool that takes a slightly different approach to deploying your serverless applications.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 25-26, 2019 – AWS re:Inforce. (I’m doing a Dev Chat on Serverless Security on Wednesday afternoon)

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 9, 2019 – Epsagon: Modern Apps on AWS: Challenges and Solutions (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Gunnar Grosch (@gunnargrosch). Gunnar is a Cloud Evangelist and Co-founder at Opsio in Sweden. He is also a co-organizer of ServerlessDays Stockholm and AWS Community Day Nordics, and an organizer of serverless meetups and AWS User Groups. I really enjoyed Gunnar’s Performing chaos in a serverless world talk from ServerlessDays Milan. This type of practical advice is extremely important to spread to the community. Thanks for all your organizing efforts, Gunnar, and thanks for the great content.  🙌

Final Thoughts 🤔

Milan was an absolute blast. It is really great to see such an engaged community all around the world. Thanks again to the organizers for inviting me to talk. It was great to see all the familiar faces and to meet a bunch of new ones.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Take care,