Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to Off-by-none, my weekly newsletter that focuses on all things serverless. You can also follow me on TwitterGithub and Facebook.

My Latest Posts:

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #33

Serverless doesn’t take vacations… 🏝

Welcome to Issue #33 of Off-by-none. It’s great to have you join us! ☀️

Last week we were at the Serverless Architecture Conference in The Hague, Netherlands. This week, we’ll take a quick look at Google Cloud Run, see how serverless makes for better vacations, and, of course, share some amazing content from the serverless community.

Always plenty to get to, so here we go! 😎

When you can’t take your servers on vacation with you… ✈️🍹

This week I’m actually taking a vacation with my family. Besides writing this newsletter (and the occasional need to check Twitter), I’ve been able to disconnect myself from a number of production workloads that I’m responsible for. While I’ve worked for (and often work with) larger organizations that have redundant Ops staff, I always love the challenge and thrill of working with small startups.

One of the challenges that comes with these types of companies, is the need for a small team to share managing and maintaining the infrastructure (and generally on a budget). For people like me, this typically means that I’m “on call” no matter where in the world I may be. However, over the last ten years or so, as I (and others) have moved to the cloud, the increasing number of managed services has reduced the level of worry dramatically.

For the last 4+ years, I’ve been moving more and more workloads to managed services and AWS Lambda for compute. Now, as I lay on the beach, typing this newsletter on my phone, I can’t remember the last time I had a major outage that required my (or any of my team members’ immediate attention). I’m certainly not saying that Ops work goes away, but for startups and small teams, it’s nice to know that we can spend some worry-free time with our families instead of babysitting our servers.

When people are getting excited about Google Cloud Run… ☁️🏃‍♀️

Google recently announced their new Cloud Run service at Google Next. This service allows you to run stateless HTTP containers on a fully managed environment or in your own GKE cluster. TechCrunch’s article, Google Cloud Run brings serverless and containers together, will give you a bit more context.

I had several “thoughts” on this, but Ben Kehoe beat me to it with his post, The Good and the Bad of Google Cloud Run. I agree with Ben in that GCP is “providing people with a system that is going to make them complacent with traditional architecture, and not push them to gain the immense benefits of shifting (however slowly) to service-full architecture…” This seems to be so difficult for people to grasp, but it is spot on.

So is Google Cloud Run really “serverless” if it abstracts away most of the underlying infrastructure but still requires you to configure and maintain containers? I’m not convinced, but according to Paul Johnston’s New Definition of Serverless, it just might be.

Serverless Product Announcements 📢

Get alerts to PagerDuty and VictorOps with Epsagon
You can now get notified for any alert directly to your incident management tool. Both PagerDuty and VictorOps are supported.

Protego Labs Bolsters Serverless Security Solution with Support for Amazon Web Services Fargate
“Whether they are functions or containers, if they are small narrow-purpose workloads, optimizing configuration, and applying behavioral defense within the workloads significantly reduces serverless application attack surfaces.”~ Hillel Solow

Serverless Use Cases 🗺

Automated AWS Resource Cleaner
Servian had a bunch of unused AWS resources costing them money, so they built a tool (using Lambda) to help automatically clean them up.

How to defend games against DDoS attacks
If you’re building any type of application exposed to the web, being able to mitigate a DDoS attack is important. AWS already adds protection for a number of these attacks, and this post explores the architecture decisions you can make to best utilize these capabilities.

The Future of Serverless is… Functionless?
Developers seem to feel more comfortable when they can write some code, but in many cases, Lambda functions aren’t even necessary. Chase Douglas from Stackery discusses this in more detail and provides some demo-api-integrations that you can try out yourself.

If you’re just starting out with serverless…

Observability Without Having to Break the Bank
It’s important to capture metrics for your serverless applications, but logging every detail could get expensive. Yan Cui shows us how intelligent sampling with Thundra might be a better solution.

3 tips for serverless success in 2019
Richard Seroter of Pivotal shares 3 tips on what you should do in 2019 before you start using serverless products.

Put your serverless computing knowledge to the test
Taking this quiz won’t earn you any type of serverless certification, but if you’re new to the technology, perhaps this quiz will help to confuse you even more. 😉

Serverless Stories 📖

Migrating authentication from Express.js to API Gateway using a Lambda Authorizer
Part 6 of Paul Swail’s Decision Journal. This time he needs to implement an authentication and authorization mechanism with API Gateway using the same auth logic as their legacy API counterparts.

Building an AWS Serverless ML Pipeline with Step Functions
Rafael Felix Correa recounts how OLX Group used ML and Step Functions to consistently deliver meaningful recommendations to their customers.

Introducing Fenrir: How Coinbase is Scaling Serverless Applications
Coinbase built Fenrir, an AWS SAM deployer that is a reimplementation of the sam deploy command as an AWS Step Function.

Designing a modern serverless application with AWS Lambda and AWS Fargate
Nathan Peck discusses his use of AWS Lambda, AWS Fargate, and the AWS Cloud Development Kit to update his project.

Using AWS Serverless Technology as an Enabler for Cloud Adoption
This post describes how BJSS leveraged the AWS Serverless Platform and an innovative delivery approach to build a new ecommerce system for a major UK retailer.

How clean-architecture solved so many of our Serverless problems
Ewan Valentine solved a number of local testing problems by using a combination of dependency injection and a “delivery” interface for all his serverless functions.

Serverless Tutorials 🏗

Creating a Chat App with Serverless, WebSockets, and Python: A Tutorial
Lance Goodridge gives you a full walk through complete with Serverless Framework configurations and code snippets.

Upload files to AWS S3 using pre-signed POST data and a Lambda function
A simple pre-signed URL is all you need to allow users to upload data directly from their browsers into S3.

Invoking AWS Services from AppSync HTTP Resolvers
Yes, you can call AWS services without invoking Lambda functions. Yi Ai shows you how to use an HTTP resolver to send an email with SES.

Serverless API with ReactJS
Quick and easy tutorial that will show you how to create a simple ReactJS app with a serverless backend.

Serverless Security 🔐

AWS Security Maturity Roadmap
Scott Piper’s opinionated, actionable, guide to using AWS securely in 2019.

Key Differences in Security, Management for Serverless vs. Containers
Sonya Koptyev from Twistlock points out how security for functions and containers differ.

Serverless Reads 🤓

A Detailed Overview of AWS API Gateway
Alex DeBrie takes you through how requests are processed with API Gateway, and what happens at each step along the way.

How to know with whom your Lambda is talking?
Kirill Kolyaskin is a bit paranoid, but probably for good reasons. This post looks at how one might gain some better observability into HTTP communications to and from Lambda.

Serverless != microservices
Perhaps it should be “Serverless does not have to equal microservices” instead. Ersin Akinci does make a few good points, especially with regards to over complicating simple workflows.

The Fargate Illusion
Lee Briggs says that Fargate isn’t “easier” than Kubernetes, it’s just different. More importantly, “whichever way you choose is going to have operational overhead.”

Automating Apache OpenWhisk Releases With Serverless
James Thomas explains how he used serverless functions to automate release candidate verification for the Apache OpenWhisk project.

When you’re curious what’s happening at AWS… ⚙️

Sitting in the room with the entire Lambda PM + DA team talking about 2020. What do YOU want AWS to build?
Chris Munns and the team are looking for Lambda ideas.

Amazon Elasticsearch Service adds event monitoring and alerting support
The Amazon Elasticsearch Service now provides built-in event monitoring and alerting, enabling you to monitor the data stored in your domain and automatically send notifications based on pre-configured thresholds.

Periodic Table of Amazon Web Services (HTML Version)
Jerry Hargrove went above and beyond and created an HTML version of his incredible Periodic Table of AWS, complete with links to all the product pages. Very cool.

Upcoming Serverless Events 🗓

April 17, 2019 Serverless Observability Workshop presented by AWS and Epsagon.

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless present by Stackery

April 25, 2019ServerlessDays Helsinki.

April 25, 2019 – Mastering Amazon DynamoDB ACID Transactions: When and How to Use the New Transactional APIs

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ran Ribenzaft (@ranrib). Ran is the co-founder & CTO at Epsagon (@epsagon). Not only has his team built a killer product to make monitoring and tracing your serverless applications easier, but lately he has been hosting webinars like it’s nobody’s business. He always shares something interesting, whether in a webinar, or on the Epsagon blog. Thanks for your continued commitment to the serverless community, Ran!

Final Thoughts 🤔

Things are moving very fast in the serverless world, including the continued push to call every new service “serverless.” I also came across an interesting point in another article that observed that serverless “best practices” seem to be a moving target. Microservices, nanoservices, monoliths, containers, or direct service integrations with no functions at all? If anything, the noise is overwhelming, and I think this makes it harder for those looking to adopt serverless.

The technology will continue to mature, and more best practices will continue to emerge and evolve. But I tend to be of the mindset that it’s hard to make really bad decisions when building with serverless. So my advice, just go out there and build. Learn the basics, and take heed from others’ experiences, but in the end, there is no “right way” to “do serverless” right now. Some ways will work better than others, but do what works for you and your team, and adapt over time.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

See you again next week,

Off-by-none: Issue #32

Live from the Serverless Architecture Conference… 🌷🌷🌷

Welcome to Issue #32 of Off-by-none. I’m so happy that you’ve joined us this week. 🎉

Last week we looked at the Serverless Enterprise Framework and explored a few serverless security trends. This week, we’re live at the Serverless Architecture Conference in The Hague, Netherlands (🌷 lots of tulips).  There have been a number of great speakers so far, and since this is my first international speaking engagement, I’m hoping all goes well.🤞 Either way, we still have plenty of amazing content to share from the serverless community.

But before we begin, I want to give a shout out to friend-of-the-newsletter, and all around great guy, James Beswick. He recently announced that he joined the AWS Serverless team as a Developer Advocate. He will be an extremely valuable resource to all you serverless fans out there. He’s one of the most passionate serverless people I know, so I’m excited to see what kind of energy he’ll bring to AWS. Congrats, James! 👏👏👏

Every week seems to bring new and exciting serverless announcements, articles and projects, so let’s get going! 🔥

Serverless Product Announcements 📢

Announcing the Azure Functions Premium plan for enterprise serverless workloads
Pre-warming serverless functions? What kind of nonsense is this? But seriously, I’m actually glad that AWS has pushed to eliminate the problem completely, rather than taking this approach. Though I think many AWS customers would still pay for something similar.

New Serverless Plugin for IOpipe Monitoring and Observability via AWS Lambda Layers
If you’re using the Serverless Framework to build, deploy, and operate your applications on AWS Lambda, you can now use this new plugin to instrument your serverless applications with IOpipe.

Nginx Brings API Management to Application Platform
Nginx Unit is a polyglot application server for different programming languages including Python, PHP, Perl, Ruby, Go and JavaScript, that can be brought up to just run an event and then be brought down again. Hmm. 🤔

Aqua Security gets $62M to boost its container security platform
$62M in new funding to help companies protect container-based, cloud-native and serverless applications from malware and malicious attack. 💰

Serverless Edge Computing with EdgeEngine
Create dynamic scripting layers that sit in front of all StackPath services to create a customized delivery experience for end-users. Sound familiar? (cough, CloudFlare)

Serverless Use Cases 🗺

How to FaaS like a pro: 12 uncommon ways to invoke your serverless function (Part 1)
Yes, Lambda can do more than just respond to an API Gateway request. Alex Casalboni gives us four great Lambda use cases using Amazon Cognito, AWS Config, Amazon Kinesis Data Firehose, and Amazon CloudFormation.

Deploying Serverless WordPress sites
Well, if you have to use WordPress, deploying it as a static site is at least a good compromise. I’ll allow it. 😉

Chaining Serverless Functions for Stateful Workflows: AWS Step Functions using Adapter Pattern
Interesting approach to implementing Step Functions with an “adapter” function in between steps.

Using Serverless Reapers to Lower Your AWS Bill
Use Lambda to clean up unused resources in your AWS accounts. Don’t fear the reaper. Blue Oyster Cult would be so proud. 💀

Translating Speech in Real-Time with Your Browser and the Cloud
Anthony Chu shows us how to use Microsoft Azure Functions, the Azure Cognitive Services Speech SDK, and the Azure SignalR Service to build a speech translation application.

Amazon DynamoDB: Ad tech use cases and design patterns
DynamoDB allows ad tech companies to achieve a high request rate (millions of requests per second), low and predictable latency, and reliability without having to invest resources in database operations.

If you’re just starting out with serverless… 🚼

You’re Clouding — But are you Clouding Properly?
If you’re not fully taking advantage of serverless, then Abner Germanow might disagree with you.

A Node.js introduction to Amazon Simple Queue Service (SQS)
Derek Woods shows you how to set up an SQS queue, send a message, and process it with a worker. Learn to embrace asynchronous operations for more stable applications.

Best Practices for AWS Lambda Container Reuse
Angela Razzell shows you how to optimize warm starts when connecting AWS Lambda to other services.

Serverless cloud – Is it for everyone?
Daniel Kroening, a professor of Computer Science at Oxford University, argues that the best way to adopt a serverless strategy is to weave it into existing setups. I don’t disagree.

If you’re looking for some tools to automate your stack… 🤖

Serverless by Design
This tool by Danilo Poccia is absolutely amazing. Thanks to Ory Segal for pointing it out to me.

Serverless Apps to Automate Chores Around CloudWatch Logs
Yan Cui and Lumigo published some more apps in the Serverless Application Repository that let you auto-subscribe log groups and update retention policies.

Jeremy Edberg created a handy little script that will automatically create and stub functions just by reading your serverless.yml file. Very cool.

Serverless Tutorials 🏗

How to Build a Real-time Collaborative Markdown Editor with React Hooks, GraphQL & AWS AppSync
This post will walk through everything from creating the API, writing the client code, and deploying a custom domain.

Profiling database and API calls in Alexa Skills
Are your Alexa skills behaving correctly and answering quickly? Thorsten Hoeger shows you how to monitor each invocation of your skill function and trace calls to databases and third parties with Thundra.

Invoke AWS services directly from AWS AppSync
AWS AppSync now supports calling AWS services via HTTP data sources with auto-generated sigV4s. Josh Kahn shows you an example of how to implement long-running queries.

Create a metric math alarm using Amazon CloudWatch
I love math. Javier Martin shows us how to use metric math to create an error rate expression that only triggers CloudWatch alarms when a percentage of failed Lambda functions reach a certain threshold.

Serverless Security 🔐

The Evolution of Application Security In The Serverless World
Ory Segal sits down with Amit Klein to talk about how the move to serverless architectures, microservices, and the heavy reliance on cloud services, are changing the application security world.

[Whitepaper] Don’t think serverless security, think application security
The team over at Nuweba put together a whitepaper that debunks a lot of the FUD around serverless security. They stress that application level security is what really matters.

Expanding the PureSec API – Secure Your Functions Programmatically
PureSec recently made some updates to the PureSec API, which they say makes it easier than ever to automate the protection of your serverless applications.

Who’s on your Starting Lineup?
Maybe not the best analogy, but I think the point that Protego was trying to make has some merit.

Serverless Reads 🤓

My 2 year stint in micro serverless with AWS
Aphinya Dechalert outlines the lessons learned when switching from an EC2 -styled set up, to a serverless architecture that utilized Lamdba, API Gateway and S3.

OverSketched Newton: Fast Convex Optimization for Serverless Systems
OverSketched Newton is a randomized Hessian-based optimization algorithm to solve large-scale smooth and strongly-convex problems in serverless systems. 😳 (I got a headache just reading the abstract, but Ben Kehoe found it fascinating.)

How Should You Organize Your Functions in Production?
Yan Cui argues for single-purpose functions with fine-grained security controls. You should listen to him.

AWS AppSync Serverless GraphQL Real-Time Reference Architecture
Ed Lima really likes AppSync, and he wants you to as well. This post outlines two architectures that will help you achieve millions of real-time requests per day.

More Memory, more Cores? No
Does AWS Lambda grant you more cores with more memory? Björn Raupach ran an experiment and was apparently disappointed.

6 Ways Azure Beats AWS in the Cloud
This held my interest up until the point where it mentions multi-cloud.

For the Visual Learner… 🎥

Marcia Villalba (pronounced VI-SHALL-BA  😉) added a couple of videos to her FooBar Serverless monitoring series. Checkout the new videos covering the Dashbird and Epsagon.

Serverless Architectural Patterns and Best Practices
Sascha Möllering’s GOTO conference talk was recently published to YouTube. This was pre-re:Invent, so there are a few things missing, but overall, just a very informative serverless talk. You all know I’m partial to serverless patterns. 😀

When you’re curious what the teams at AWS have been working on… ⚙️

John Darrow on Twitter: “SHUTDOWN ABORT the last Oracle database running Amazon Fulfillment!”
AWS shutdown their final Oracle database instance, and apparently it was a big deal. The video shows the team’s enthusiasm, but what’s missing is the followup video of them beating that Oracle piñata to death.

Amazon DynamoDB drops the price of global tables by eliminating associated charges for DynamoDB Streams
You are no longer billed for streams resources used by global tables for replicating changes from one replica table to all other replicas.

Amazon CloudWatch Launches Search Expressions
Create dashboards that update automatically as new resources are created that match the search query, providing up-to-the-minute visibility with reduced operational overhead.

AWS Serverless Application Repository is Now Available in the EU (Paris) and EU (Stockholm) Regions

AWS Amplify Console Now Supports Deploying Fullstack Serverless Applications with a Single Click
“You can now deploy entire projects (including the front end & backend) for your Gatsby, Vue, React, Angular or JS apps with a single click!” ~ Nader Dabit

Amazon Elasticsearch Service announces support for Elasticsearch 6.5
New support for auto-interval date histogram, conditional token filters, and early termination support for min/max aggregations. And don’t forget that you can do in-place version upgrades.

Amazon CloudFront enhances the security for adding alternate domain names to a distribution
Now, only those with authorized access to your domain’s certificate can add your domain to a CloudFront distribution as an alternate domain name.

Amazon Comprehend now support KMS encryption
AWS customers that work with highly sensitive, encrypted data can now easily enable Comprehend to work with this encrypted data via an integration with the AWS Key Management Service.

Upcoming Serverless Events 🗓

April 10, 2019 – The Serverless Architecture Conference is in full swing in The Hague, Netherlands. Tomorrow I’m giving two talks and speaking on a panel.

April 11, 2019ServerlessDays Zurich.

April 17, 2019 Serverless Observability Workshop presented by AWS and Epsagon.

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless present by Stackery

April 25, 2019ServerlessDays Helsinki.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Danilo Poccia (@danilop). Danilo is a Principal Evangelist for Serverless at AWS Cloud and the author of AWS Lambda In Action. Danilo speaks at just about every conference you can imagine and has somewhere close to a billion presentations on serverless, several of which you can find the videos for. His GitHub account is loaded with amazing serverless goodies, and his Twitter feed is always updated with serverless news, product releases, and other industry buzz. I’ve been a big fan of Danilo’s work for quite some time, but after discovering his Serverless by Design project, he just got elevated to a whole new level. I think he takes the title from Chris Munns for the hardest working man in serverless. 🏆

Final Thoughts 🤔

Every day that I’m part of this amazing serverless community, I become more and more passionate about the future of cloud computing. All of these conferences are great for sharing ideas and spreading the word, but now I’m hearing these stories of developers and organizations embracing serverless and excelling with it. Not just saving money, but building better systems faster, and focusing on core business value rather than wasting time on the things that don’t matter. This is having a huge impact on software development, and seeing this potential is the reason why I started writing this newsletter. Even if you start small, the path to serverless will start generating an immediate return.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Until next time,

Off-by-none: Issue #31

Serverless goes enterprise… 🚀

Welcome to Issue #31 of Off-by-none. It’s great to have you here. 🙇‍♂️

Last week we looked at Event Fork Pipelines and explored the security model of Lambda. This week, the Serverless Framework goes Enterprise, we look at some serverless security trends, and share more great content from the serverless community.

Plenty happening with serverless this past week, so let’s get right to the good stuff!

Serverless Product Announcements 📢

Announcing Serverless Framework Enterprise: The Total Serverless Solution
I’m a HUGE fan of the Serverless Framework, and the new features launching with the Serverless Enterprise Framework are a great addition to help make deploying serverless applications easier AND safer. Insights, Secrets, and Safeguards, are three very useful services (that I’ve seen first hand) that should streamline your serverless development process. launches its managed Elasticsearch service
Also a huge fan of Elasticsearch, but even when using AWS’s managed service, there is still the issue of provisioning. is trying to change that by scaling ES automatically and bringing the cost down using some sort of innovative caching. Serverless Elasticsearch would be a useful addition to the ecosystem.

Serverless Use Cases 🗺

Consume a RabbitMQ message from AWS Lambda
Curtis Strain’s last post was about publishing messages to RabbitMQ. This time he shows us how to consume them. And yes, I actually have a need for this. 🤦🏻‍♂️

A Serverless application to clean up old deployment packages
Yan Cui teamed up with Lumigo and created a Serverless Application Repository service called Lambda-Janitor that will clean up all those old deployment packages to keep you under the limit.

Building a Fully Serverless Realtime CMS using AWS AppSync and Aurora Serverless
There are a lot of people building content management solutions with serverless, and Yi Ai is joining in the fun. A CMS is a great use case for serverless, especially given the extremely infrequent computing power needed.

A Smart Service to Keep AWS Lambda Warm
Renato Byrro from Dashbird is continuing to pull the thread on warming Lambdas. This post takes an interesting approach by positing a predictive algorithm that could better understand concurrency models. Using CloudWatch metrics to make better decisions, hmm, that’s a novel idea. 😉

Building CICD pipelines for serverless microservices using the AWS CDK
Paul Swail has another installment in his Migrating a Monolithic SaaS App to Serverless series. This time he’s building out a CI/CD pipeline using AWS CDK to configure the infrastructure.

Uploading images to AWS from remote devices securely via Rest API using AWS
It’s perfectly plausible that you’d need images (or other files) uploading from remote devices, Sandip Pradhan will show you how to do it securely.

For the Serverless newbie… 🆕 🐝

Serverless computing: 6 things you need to know
Jeffery Hammond from Forrester Research gives an excellent interview explaining what serverless is and why it is so important.

Serverless Technology Overtakes Cloud Computing
If you need to convince your boss that your company should be adopting serverless, point them to this CIOReview article. It’s a nice little executive summary that lays out the benefits in just a few paragraphs.

Compare AWS Lambda to Azure, GCP serverless platforms
There are a lot of “serverless” offerings out there, but the big three are still dominating the market. This piece by Chris Moyer lays out some of the differences between them.

Comparing Nuclio and AWS Lambda
If you like comparisons, check out Yan Cui’s piece that looks at how the open-source Nuclio project compares to Lambda. Yan recommends exploring Nuclio if you are looking for a serverless platform that isn’t tied to a specific cloud provider.

When’s the right time to go serverless?
I say, RIGHT NOW! But according to Chip Childers, serverless is still in the “pre-chasm” phase, which means best practices and tools still haven’t evolved yet. While I believe that is true to some extent, the market is catching up very quickly.

Fullstack Serverless
Kurtis Kemple is realizing the power that managed services stitched together with FaaS and frontend frameworks can bring.

Don’t Code If You Don’t Have To When Serverless
Tom McLaughlin of ServerlessOps also had an “aha” moment when he realized he could wire PagerDuty directly into CloudWatch and didn’t need to write (and support) more code. Take a look at your serverless functions and try to figure out what doesn’t need to be there. I bet there’s more than you think.

Serverless Tutorials 🏗

Orchestrating backend services with AWS Step Functions
If you need to compose several reusable functions together, AWS Step Functions is the way to go. Jay Dadhania gives a great overview and walks you through setting up workflows to pass your state from step to step.

Mastering Java Cold Starts on AWS Lambda — VOLUME 1
Serkan Özal goes into an insane amount of detail trying to reduce Java cold starts in Lambda. If you’re a Java shop, more power to you. My advice if you’re going serverless, switch to another language with lower start up times.

How to send text messages from your static site using Netlify, Twilio and serverless functions
Static sites with serverless backends are all the rage, and rightfully so. Stefan Judis has an in-depth post that takes you through the process of connecting all the pieces.

Creating a Serverless Cron Job in AWS
We’ve highlighted many ways to run cron jobs in AWS in the past, some more complex than others. Henry Williams lays out a simple process for you.

Building a Reliable Serverless Application in a Weekend
Mohit Cheppudira shows you how to build a full-blown (reliable) serverless application using Google Cloud.

Serverless Security 🔐

Serverless, shadow APIs and Denial of Wallet attacks
In this podcast, Doug Dooley makes a great point about the number of serverless APIs being published, likely unbeknownst to the enterprise. With developers having the ability to launch more services without needing support and guidance from a traditional Ops team, it does beg the question of how we should be keeping track of all these things.

The Serverless Cloud Security Model: A Point Of View
Great piece that lays out a serverless security model based on a validated and battle-tested reference architecture. Definitely worth taking a look at if you’re interested in serverless security (as we all should be).

Local Policy Updates – Keep Your Functions Secure Anywhere (Even In a closed VPC)
Local Policy Updates let you use the PureSec CLI tool to fetch the latest security policy and enforce it on your function during the CI/CD process, eliminating the need to to call the PureSec service at runtime.

Amazon Web Services sharpens its focus on cloud security
This SiliconAngle story recaps last week’s AWS Summit, and gives a good summary of why AWS is continuing to focus on cloud security.

Understanding Amazon DynamoDB encryption by using AWS Key Management Service and analysis of API calls with Amazon Athena
It’s important to understand security controls available within DynamoDB, and this piece Sai Sriparasa and Prahlad Rao outlines best practices, and shows you how to perform audits.

Serverless Stories 🌎

Building, automating and deploying serverless microservice infrastructures
Here’s how the Fender engineering team built out their new Fender Play service using AWS and serverless. It focuses on the build process, but there are some interesting takeaways in here.

ServerlessDays Hamburg Retrospective
Thinking about running a ServerlessDays conference, or maybe just going to one? This is a great look at just how much has to happen to put on one of these incredible events.

Load testing Serverless with Serverless at Comic Relief
Adam Clark lays out how his team load tested their serverless applications (and legacy applications) using Serverless Artillery in the lead up to Red Nose Day 2019.

Monitoring & Debugging Serverless Applications for Red Nose Day 2019
In this post, Adam Clark gives a run through of the debugging, alerting and tools used to provide insight into their serverless applications.

Why we migrated opensource inboxkitten (77 million serverless request) from Firebase to Cloudflare workers & CommonsHost
Eugene Cheah explains the title of this post.

Serverless e-commerce: lessons learned
Riccardo Ferrazzo wanted to be the “good son,” so he built his mother’s business a serverless e-commerce site. Here’s what he learned.

Serverless Reads 🤓

The Everything Guide to Lambda Throttling, Reserved Concurrency, and Execution Limits
Kerri Rapes lays out the details of the Lambda concurrency model and why you should care.

Just how expensive is the full AWS SDK?
Some more details on cold starts and a few ways to optimize your code to minimize them.

What does AWS-SDK v3 mean for node.js Lambda?
TLDR;  Using AWS-SDK v3 allows you to significantly reduce the size of your Node.js Lambda functions.

Amazon Aurora: design considerations for high throughput cloud-native relational databases
If you really want to know how Aurora works behind the scenes, take a look at this in-depth post by Adrian Colyer.

Current options to deploy a Serverless blog
Veer Abheek Singh did some research and found several options for deploying a serverless blog.

Will it scale? Let’s load test geohashing on DynamoDB
James Beswick and Richard Boyd teamed up to load test James’ DynamoDB-based geohashing service. There are some interesting findings in here (like write less code and introduce fewer moving parts).

For a little April Fools’ fun, the Kroonenburgs decide to adopt servers and eventually establish a sanctuary for rescue servers in the countryside. “It’s going to be a nice, quiet server farm.”

Breaking down the Monolith. Considering Serverless!
Harish Kumar gives you some thoughts on why serverless is a good choice, but more importantly, where you should start.

TypeScript Is a Perfect Choice for Serverless
This is just a short post that documents Arseny Yankovsky’s realization that Java is way too heavy for serverless functions. I included it because I want everyone to realize this.

For the Visual Learner… 🎥

AWS X-Ray for Serverless Applications | Serverless Monitoring
Marcia Villalba shows us how to easily instrument a Serverless Framework application with AWS X-Ray.

Visual Notes for Amazon SNS
By Jerry Hargrove. Enough said. 😉

When you’re wondering what AWS has been working on… ⚙️

Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience
Remember that API Gateway Serverless Developer Portal thing AWS launch a while ago? It just got better.

Application Load Balancers now Support Advanced Request Routing
ALBs are pretty sweet, and now you can use things like query parameters and HTTP methods to manipulate routing. Couple this with AWS Lambdas as the backend, and suddenly this starts to feel a bit like API Gateway. Very cool stuff. Here’s how to use the new features and some use cases for them.

The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available
You can now download the AWS Toolkit from the Visual Studio Marketplace with support for node.js. It also supports Visual Studio 2019. It’s good to see everyone playing nicely together.

Create Alexa Experiences for Your Organization with Blueprints
Still not familiar with Alexa private skills? Now these voice-powered capabilities for Alexa have a couple of blueprints to get you voice-enabling your business processes in no time.

Upcoming Serverless Events 🗓

April 8-10, 2019 – The Serverless Architecture Conference in The Hague, Netherlands.  I’m giving two talks, so I hope you’ll join us.

April 9, 2019ServerlessDays Atlanta. This one is combined with DevOps Days and Map Camp.

April 11, 2019ServerlessDays Zurich.

April 25, 2019ServerlessDays Helsinki. The speakers have all been announced!

The CFP for DevOpsDays Boston 2019 is now open.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Richard Boyd (@rchrdbyd). Richard is a Cloud Data Engineer at The iRobot Corporation who used to work on Robotics and Alexa at Amazon. Now he’s jumping into the serverless community by posting really interesting articles on his blog (, engaging on Twitter, and collaborating with others. I love hearing new serverless voices and perspectives, and Richard is a very welcome addition to the community. Looking forward to seeing more from him. 👏

Final Thoughts 🤔

The last two weeks have been very busy for me, but we finally have the new AlertMe serverless article processing system up and running in production. Lots of interesting lessons learned there, so perhaps, at some point I’ll share all the details. There is always more to do, but our architecture makes extensibility extremely easy. I’m really looking forward to iterating on the live service.

Don’t forget that next week I’ll be speaking at the Serverless Architecture Conference in The Hague, Netherlands. I’m giving two talks, Serverless Microservice Patterns for AWS and Building resilient serverless Systems with non-serverless Components. I hope to see some of you there. Please come and say “Hi” if you get a chance. I’ve got plenty of “Off-by-none” stickers to give out.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Hope to see you soon (maybe in The Hague),

Off-by-none: Issue #30

Introducing Event Fork Pipelines… 🍴

Welcome to Issue #30 of Off-by-none. I’m glad you could join us. I know this is a bit late this week. I’ve been working on the launch of AlertMe’s new serverless article matching system, and it’s been a lot of work. Should be live first thing tomorrow, so I’m looking forward to that.

Last week we recapped some of my favorite things from ServerlessDays Boston, and then we face-palmed on some more talk of #NoOps. This week, we’re going to look at the new Event Fork Pipelines, explore the underlying security model of Lambda, and serve up some more amazing content from the serverless community.

Lots of great serverless stuff to get to, so let’s right jump in! 🤘🏻

When you feel like a pattern is starting to emerge… 👽

AWS announced “Event Fork Pipelines” in this Enriching Event-Driven Architectures with AWS Event Fork Pipelines post. The post outlines a suite of new open-source Nested Applications that can be easily plugged into your SAM templates or launched directly from the Serverless Application Repository into your account. I highly suggest reading the post so that you understand what each of the three pipelines can do, but I wanted to take a minute and highlight the underlying pattern that makes these pipelines possible.

The diagram below is showing the “event fork pattern”, or what I’ve called the Distributed Trigger or Distributed Queue pattern in the past. This has become a very common pattern (I’ve been using it more and more myself lately) because the reliability of SNS to SQS is insanely high. SNS will literally try 100,010 times to deliver a message to SQS for up to 23 days, making it the perfect buffer to not only throttle events, but to increase their durability as well. Lambda functions are subscribed to the underlying SQS queues that then process the events and move on.

Reference architecture using Event Fork Pipelines (credit AWS)

The benefits of these repeatable patterns expose a larger architectural design for your serverless applications. It’s not new, but for many, it is a different way to think about how data flows through your (now distributed) system. I really love how AWS has productized these patterns to make it easier for people to just plug them into their applications. If you plan on building a resilient and scalable serverless system, this is how you should be designing your event workflows and pipelines.

Serverless Product Announcements 📢

A serverless search engine for Data Scientists and Developers emerges
We’re seeing more and more use cases for data science using serverless tech. Now there’s a new service from Rockset that allows developers and data scientists to ingest all the popular semi-structured formats and automatically turn them into fast SQL tables.

Serverless Use Cases 🤓

The Lazy Programmer’s Guide to Web Scrapers
Need to automatically grab and aggregate some data every time a resource is updated? Anna Spysz from Stackery wrote up a nice little post about how they use serverless to generate their public changelog.

Build a voting website that doesn’t crash under load (in under an hour)
Need to build an app that has lots of spiky traffic and unpredictable load? James Beswick says, “Sounds like a job for serverless.”

Playing with Perl-based Lambda functions
If you have any Perl scripts lying around (maybe check your cgi-bin), then why not move them to a Lambda function? Well, maybe not. But if you really want to, Andy Powell will show you the way.

Analyze URL paths to search individual elements in Amazon Elasticsearch Service
S3 is great place to drop your files, but it isn’t searchable. This great post from Jon Handler will show you how you can use Elasticsearch to map and index your blob storage.

Location-based search results with DynamoDB and Geohash
James Beswick’s prolificacy brings us another great post that shows us how to create geospatial searches using DynamoDB and Geohashes. Bonus points for mentioning the Haversine formula. 🌎

Using SAM for a small-business website
George Kampanos built a globally-distributed, serverless website for his dad’s restaurant. It not only costs them $0 per month to run, but it also gave him time to make some great GIFs for the blog post.

Train your own chatbot in AWS lambda
If you want to build a serverless chatbot service equivalent to what AWS Lex and Dialogflow offer by using “Snips NLU” and some Python, check out this post by Alex Yu.

Thin Status Monitoring
Service status pages are a must for any SaaS business, and Kev Jackson show us how serverless is perfect for creating highly-available dashboards for you and your customers.

For the Serverless newbie… 🚼

How to warm your lambda function properly
Woonki Moon has some thoughts on what’s the best way to avoid cold starts, if you’re super worried about them. Psst, you probably don’t need to worry about them.

Can We Solve Serverless Cold Starts?
Renato Byrro from Dashbird also shares some insights on cold starts. He even mentions my Lambda Warmer package that can make your life easier if you really, really, really need to keep your functions warm. But again, you probably don’t.

How do You Structure Your Code When Moving Your API from Express to Serverless function
This is actually a really common question. John Papa throws out some best practices for setting up your serverless applications using Azure. Plenty of concepts in here that translate across providers.

Understanding Lambda Concurrency
Another common question. Pubudu Jayawardana shows you some limitations you need to consider when running lots of Lambda functions simultaneously.

AWS SDK Timeouts for Lambda
Did you know the AWS SDK has a default timeout of two minutes? Thomas Michael Wallace gives you some tips to grab a bit more control.

Your first dead simple RESTful API with node.js and serverless
Let Jarett Engdahl walk you through setting up a serverless API using the Serverless Framework and deploying it to AWS.

The AWS Serverless Tools You Can’t Live Without
Peter Swain outline five serverless tools he can’t live with out. TLDR; you need a CDN, framework, observability tool, NoSQL database, and tools to help with local development.

Serverless Tutorials 👷‍♀️

I can serverless, and you can too!
I feel like we’ve already mentioned a few of James’ posts this week, but if you want to learn how to be a great product manager AND use serverless, his stuff is always great.

How and Why to Use CloudFormation Macros
Alex DeBrie has another great post that gives you the what, why, and how of CloudFormation macros. These can come in very handy when building your serverless applications.

Making Terraform and Serverless framework work together
What do you do when you need to share resources like VPCs, SQS queues and RDS databases across multiple serverless applications? Yan Cui gives us some good reasons to use Terraform in combination with Serverless to manage your AWS infrastructure.

AWS Lambda layers with .NET Core
Another “how-to-create-a-lambda-layer” post, but this time Norm Johanson shows us how to do it with .NET Core.

How to Run 1000s of AWS Lambda functions each minute
Ivan Klishch outlines a number of solutions for running Lambdas to process high concurrency workloads.

Amazon Cognito for Alexa Skills User Management
Learn how to set up an Amazon Cognito user pool and how to use it to perform authentication for both your Alexa skill and a webpage.

Serverless Stories 📖

Jerry Hargrove (aka awsgeek) on Twitter…
“This weekend I was rendering a 3D scene with Blender on EC2. Per frame GPU render time was about 6 seconds, back of napkin math said the job wouldn’t finish for 32 hours. While I waited, I switched to AWS Lambda & the same job finished in 11 minutes. 11 minutes!”

A lookback at ServerlessDays Cardiff
Matthew Lewis helped co-organize the first ServerlessDays event in Wales, and somehow lived to tell the tale. 😂 I know how much work it is to plan a conference like this, but this retrospective is sure to help others along the way.

The Journey to 90% Serverless at Comic Relief
Excellent post by Adam Clark that outlines his company’s journey to serverless.

Deploying API Gateway as a proxy in front of a legacy API
Part three of Paul Swail’s “Serverless Migration Decision Journal.”

Handling thousands of image upload per second with Amazon S3
Asdullah Siddique outlines the solution that uDroppy used to handle the high-volume of image processing needed to serve their customers.

Serverless Reads 👓

Security Overview of AWS Lambda: An In-Depth Look at Lambda Security
AWS recently published a whitepaper that does an awesome job of digging into all the nuts and bolts of Lambda. If you ever wondered about the isolation model or the Invoke Data path, it’s all in here. Key point for me was that as of March 2019, Lambda is compliant with SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, and many more. I get a lot of questions about that. This is definitely worth the read.

Security in Serverless. Step by step
Speaking of serverless security, Kirill Kolyaskin outlines a number of important factors for making sure your serverless applications are secure.

Concurrency and Isolation in Serverless Functions
Mikhail Shilkov explore the execution concurrency models of three FaaS offerings and the associated trade-offs.

Benchmarking Lambda’s New Custom Runtime for .NET Core
Zac Charles is at it again with another great post. This time he’s testing out the new Amazon.Lambda.RuntimeSupport library for using newer versions of the .NET runtime.

When you’re wondering what AWS has been building… 🛠

AWS Config Adds Support for Amazon API Gateway
You can now use AWS Config to record configuration changes to Amazon API Gateway. Definitely useful for operational troubleshooting, audit, and compliance use cases.

Setting permissions to enable accounts for upcoming AWS Regions
You can now control access to enable and disable new AWS Regions for your AWS account with IAM permissions. So when you give your developers keys with star permissions that inadvertently get checked into source control, hackers can only exploit one region.

Amazon Rekognition Launches Enhanced Face Analysis
This release features improved accuracy for gender identification, emotion detection and attributes such as “EyesOpen”.

Upcoming Serverless Events 🗓

March 29, 2019ServerlessDays Amsterdam is this Friday. You can still get 50% off ticket prices by using the Off-by-none discount code.

April 2, 2019 – James Beswick is giving his Scared Serverless talk at the Southern Maine AWS User Group.

April 8-10, 2019 – The Serverless Architecture Conference is from April 8-10th in The Hague, Netherlands. And don’t forget that I’m speaking.

April 9, 2019ServerlessDays Atlanta. This one is combined with DevOps Days and Map Camp.

April 11, 2019ServerlessDays Zurich.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Nitzan Shapira (@nitzanshapira). Nitzan is the co-founder and CEO at Epsagon (@epsagon). Not only is he leading the team that built an amazing distributed tracing product that helps you monitor and troubleshoot your serverless application, but he’s also active in the serverless community. You can find him publishing articles on his blog and the Epsagon blog, plus you’re bound to see him speaking at a conference somewhere. Nitzan is also an organizer for ServerlessDays Tel Aviv, which takes place on June 4th of this year. He also gave me a great “I see dead functions” shirt at ServerlessDays Boston 😃. Thanks for all you do Nitzan!

Final Thoughts 🤔

It was an extremely busy week for me and the team at AlertMe as we are getting ready for a big internal launch, but I’m glad I was able to stay plugged in to all the serverless happenings. The Event Fork Pipelines announcement and the Security Overview of Lambda are really important (IMO) to the continued push for serverless adoption. Transparency and education is what the serverless community is all about, and it’s great to see AWS’ and others’ commitment to that.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍


Off-by-none: Issue #29

You can “serverless” too…

Welcome to Issue #29 of Off-by-none. It’s an honor to have you join us! 😊

Last week we were live at ServerlessDays Boston! This week, we’ll recap some of my favorite things from the Boston event, we’ll address some more #NoOps nonsense, and, of course, we’ve got plenty of great content from the growing serverless community.

There is a ridiculous amount of stuff to get to today, so buckle your seatbelts, and let get going! 🏎

When you’re wondering how ServerlessDays Boston went… 💥

It was “wicked” awesome! Seriously, as one of the organizers, I couldn’t have hoped it had gone any better. We had over 200 people attend, and other than a small snafu with the coffee being a bit late in the morning, the day went really well. The speakers were amazing, and thanks to Ann Guilinger’s live tweets, many were able to follow along even if they weren’t at the event. Ashish Addepalli also wrote a great follow up entitled, Learnings after a day at Serverless Days Boston. It’s loaded with some great takeaways.

And while all of the speakers were amazing, there were two talks in particular that really stood out to me. The first was by Ben Kehoe of iRobot. His talk, Applying the Serverless Mindset to Any Tech Stack, further pushed the idea that serverless is not about the technology you use, but instead about the focus on business value it enables. He wrote a brilliant followup piece, Serverless is a State of Mind, which I suggest you all read. Ben says to adopt the serverless mindset, and continue to move your organization up “the serverless ladder.”

The second talk I really appreciated was James Beswick‘s, Scared Serverless – What we learned after quitting servers for a year. As James told the story of his consulting firm transitioning clients to serverless architectures, and all of the roadblocks, small wins, set backs, and ultimate successes they had, you could tell that it resonated with audience. Whether you were a hardcore serverless veteran, or someone simply looking to get started, his message was refreshing, because it showed how powerful serverless ultimately is, but also that it will take time (and effort) to get there. This is highly reflective of my journey to serverless, and more real world talks like this are what people making the leap need to hear.

The videos of all the talks will be posted soon!

When you keep seeing #NoOps… 🤦🏻‍♂️

I recently came across two articles that continue to push the idea of NoOps. A NoOps state of mind and Make your existing solution tastier with serverless salt: NoOps, are both examples, IMO, of over-hyping that is detrimental to the serverless movement. While I certainly agree that moving to serverless dramatically reduces your operational overhead, there is still a significant amount of work to configure, monitor, and understand your infrastructure. That takes expertise and experience.

Both of the above articles ultimately admit that serverless isn’t actually NoOps, but instead a step towards it. And as Jamie Andrews points out in his piece, Why Serverless needs Ops, operational problems don’t go away in serverless, they become a lot more specialized. As organizations start forming serverless teams, understanding the skills necessary to staff them, is ultimately what we need to be exploring. Setting the right expectations for organizations will go a long way to successfully adopting serverless.

When you hear that serverless websites are the next big thing… 📰

Static Site Revolution: Top Websites Built with Gatsby
Sorry WordPress, but it looks like your days might finally be numbered (well, not really). Static site generators that are hosted on CDNs are becoming extremely popular, and this article outlines a few big sites that are taking advantage of the benefits.

Quickstart: Serve static websites serverless
But static site generation isn’t the only way to create “serverless” sites. Jonas Neustock’s post shows you a very simple way to generate HTML with a Lambda function. Probably not the cleanest (or most efficient) approach, but others are using these combinations to create interesting projects.

Webiny – Serverless CMS
Speaking of interesting projects, Webiny, a new open source “serverless” CMS has been released. There is a lot to unpack with this and from what I’ve seen, it’s packed with features. It appears to be cloud agnostic, but the database is MongoDB, so I think there is more work to be done.

Serverless Product Announcements 📢

Iguazio’s Platform Scales NVIDIA GPU-Accelerated Deployments
If you’re a data scientist that wants to seamlessly convert your research into production-scale ML projects, Iguazio’s recent partnership with Samsung SDS could blow your mind. Yaron Haviv, Igauzio’s CTO, gave me a demo of their platform yesterday and everything from the architecture, to the speed, to the developer experience blew my mind. I’ll be very interested in keeping an eye on their product offerings.

Discovering Issues Visually in your Serverless Architecture with Thundra
Distributed tracing in your serverless applications can be very helpful tool when trying to track down and debug errors. Thundra has added “Architecture” views that lets you visualize all your components along with the connections between them. If you spot an error, you can easily dig deeper.

Serverless Use Cases

Bringing realtime to serverless web applications
Here’s a great use case that is very popular, especially with distributed applications that need to handle some significant backend processing. James Beswick shows us how to handle this with AWS IoT and MQTT. A similar solution with API Gateway WebSockets would also be possible.

Building an Object Detection API with AWS S3, Rekognition and Lambda
Branko Blagojevic gives us a detailed walkthrough for another interesting use case that could process quite a bit of information at scale.

Publish to RabbitMQ from AWS Lambda
Why would you want to publish to RabbitMQ from your serverless application? Unfortunately, I have a use case for this. ☹️ But the good news is that if you are tethered to a RabbitMQ implementation, and you’d like to start migrating parts of it to serverless, you’re in luck.

Route53 Latency Based Routing made easy with Serverless
Sometimes caching at the edge isn’t enough, and we actually need to do more intense compute closer to our users. Route53 has quite a few options to ensure that users are routed to the right region, and this post will show you how to leverage Lambda to build a robust, globally available application.

gRPC to AWS Lambda: Is it Possible?
No, but the team at Coinbase sure gave it one heck of a try. I do like articles like this that try to push the boundaries of serverless. You always learn something new.

If you’re new to Serverless…

“A comparison between client-server and serverless full-stack app architectures”
If you’ve got 30 minutes to kill, this post by Tom Bowden outlines the difference between building a traditional server-based app versus using Amplify to publish something more modern.

How can I turn my Restful API into a Serverless application and deploy it to AWS Lambda Step by Step — Part I and Part II
In this two part series, Fabian Leon Ortega takes you through converting your existing API. This is all done through the console (which you wouldn’t want to do for production), but gives you a good overview nonetheless.

AWS to GCP —Web Applications
A good post by Serverless Guru that shows you how the two cloud providers compare.

My Database: Is it “serverless” An opinionated Checklist
Alexander Magnus Partsch has some opinions on what makes a “serverless” database.

AWS Lambda — Best Practices
It’s always nice to see what others are adopting as best practices. Here’s a list from Sandeepa Hande.

7 things you should know when getting started with Serverless APIs
Simona Cotin has a very detailed post that answers seven important questions when building a serverless API on Microsoft Azure.

Serverless Tutorials 👷‍♂️

How to Build a Member App using Facial Recognition and Serverless
James Beswick walks you through building a highly scalable facial recognition app with just a few lines of code.

How to Test Serverless Apps
Yan Cui has an excellent guest post for Epsagon that outlines the different stages of testing for a serverless application.

Store and Rotate API Keys with AWS Secrets Manager
Zac Charles gives us a detailed post that show you how to use AWS Secrets Manager, and more importantly, how to regularly rotate them.

GraphQL APIs with AWS AppSync: Part onePart two and Part three
Christopher Bartling has a three part series that shows you how to set up GraphQL with AppSync using a DynamoDB backend with Lambda resolvers.

Accelerate your backend development using AWS Serverless GraphQL
A slightly different approach to using GraphQL on AWS by using just Lambda and the GraphQL Apollo library.

Dynamic image resizing with Node.js and the Serverless Framework
The most iconic use case of serverless. But it’s still a good one.

Serverless Stories 📖

Serverless integration testing at Freetrade
Hugh Grigg from Freetrade explains how they do their serverless testing.

Students create NCAA March Madness predictive analysis via Google Cloud
Google recruited students to produce tournament data analysis to illustrate how organizations can take advantage of its different tools for analytics, machine learning and more. Pretty cool.

Serverless Reads 👓

Visualizing Cold Starts
Mikhail Shilkov has a great post that visualizes FaaS cold starts across the big three cloud providers using Google Maps.

Serverless Benchmark 2.0 
Interesting post by Bernd Strehl that introduces the next version of his site that benchmarks five different FaaS providers.

FinDev and Serverless Microeconomics: Part 2 – Impacts
Aleksandar Simovic’s second piece on the economics of serverless. This time he outlines the impact on Finance and Accounting, Product and Engineering, and Strategy.

Why You Can’t Ignore Changes to Monitoring and Logging for Serverless
Nitzan Shapira says when using modern cloud technologies and distributed systems, the mindset of monitoring versus logging has to change.

4 Simple Features That Would Make a Big Difference to Cognito User Pools
Rich Buggy has a few ideas that would make Cognito User Pools even better.

7 checkboxes to compare serverless orchestration services
Interesting interview with a team of researchers who published Comparison of Production Serverless Function Orchestration Systems.

When you’re curious what AWS has been working on… 🛠

AWS recently released an Open Distro for Elasticsearch. There was a companion article, Keeping Open Source Open, that talks about Amazon’s motivations. Of course, open source and cloud providers have been the subject of some recent controversy, and this was no exception. In On “Open” Distros, Open Source, and Building a Company, Elasticsearch creator, Shay Banon, is less than enthusiastic about AWS’s announcement.

AWS Joins the GraphQL Foundation
Speaking of open source, AWS will now be sharing everything they learned from building and operating AppSync and Amplify with the GraphQL community.

Registration for AWS re:Inforce 2019 now open!
If you thought 5 days in Vegas wasn’t enough, then come spend two more in Boston for the first ever AWS security conference.

How to design Amazon DynamoDB global secondary indexes
This is a great post that gives you a number of best practices for working with DynamoDB indexes.

Announcing Amazon Kinesis SubscribeToShard API Support in the AWS SDK for Ruby
AWS continues to improve their Ruby SDK. So good news for all you Ruby warriors out there.

Stories from AWS Serverless Heroes: Who They Are, How They Started, and What They’re Working on Now
Meet some of the AWS Serverless Heroes in this recently released video.

Upcoming Serverless Events 🗓

ServerlessDays Amsterdam is just 10 days away, and the speaker lineup is amazing. If you can make this event, you definitely should. You can get 50% off ticket prices by using the discount code “Off-by-none-fw89”, or just click here to apply the discount.

James Beswick is giving his Scared Serverless talk at the Southern Maine AWS User Group on Tuesday, April 2, 2019.

The Serverless Architecture Conference is from April 8-10th in The Hague, Netherlands. And don’t forget that I’m speaking.

ServerlessDays Atlanta is on Tuesday, April 9th. This one is combined with DevOps Days and Map Camp.

ServerlessDays Zurich is on Thursday, April 11th.

And don’t miss this AWS Serverless Webinar: Unleash Innovation & Build Modern Applications (Four-Part Session) on March 21st.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Joe Emison (@JoeEmison). Joe is the co-founder and CTO at Branch Insurance and the former co-founder and CTO at @BuildFax. He has a number of great articles, including one of my favorites, the Serverless Sea Change. You can also find several of his talks such as Serverless Patterns and Anti-patternsBetter Application Architecture with Serverless, and How to Fold a Fitted Sheet. Joe’s Twitter feed is filled with plenty of serverless insights and he is a valuable voice in the community. Thanks for all you do, Joe!

Final Thoughts 🤔

Thanks again to all the ServerlessDays Boston speakers, sponsors and attendees. It truly was an amazing event thanks to all the wonderful people that made it happen. If you get a chance, I highly suggest attending one of these. The community is flourishing, and being part of one of these events and meeting others that are facing the same challenges as you, is a very rewarding experience.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And please do me the honor of sharing this newsletter with your friends and coworkers who might be interested in serverless. It would be greatly appreciated. 👍

Until next time,