Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.

My Latest Posts:

🚀 Project Update:

Lambda API: v0.10.2 Released

Lambda API v0.10.2 has been released to add additional TypeScript support (@maxmellen), fix an issue with multiValueHeaders containing a null value (@stawecki), and support for overriding console.log for logging output (@Sleavely). Read More...
🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #55

A better way to model DynamoDB? 🤓

Welcome to Issue #55 of Off-by-none. Thanks for being here! 👋

Last week, we reviewed some very encouraging news about cold starts in Lambda. This week, we look at a new way to model our DynamoDB data, share lots of exciting serverless news, and of course, we have lots of amazing content from the serverless community.

Lots to get to, so let’s get right to it. 👍

Serverless News & Product Announcements 🚀

Stackery Appoints Tim Zonca as Chief Executive Officer
I really love what Stackery is doing. If their new CEO can help accelerate them into the enterprise marketplace, I think this will make a huge impact on serverless adoption.

Optimizely Announces Performance Edge, Enabling the Industry’s Fastest Web Experiments
This is super interesting. Optimizely (the company that lets you easily run A/B tests) has launched a new service that runs at the edge using CloudFlare workers. Multivariate testing has long been a use case for edge computing, but seeing it productized is a big step forward.

Anthos simplifies application modernization with managed service mesh and serverless for your hybrid cloud
I’m really not sure what Google’s calculation is with Anthos, but they seem to be pushing full steam ahead on giving people alternatives to using their cloud platform. 🤷‍♂️

Zenoss Launches Serverless Monitoring for Google Cloud Environments
Zenoss (remember them) is now offering monitoring for Google Cloud’s suite of serverless compute options.

Monitor and debug all serverless errors
The Serverless Framework continues to get better. This time introducing the context.captureError(error) method to capture errors without needing to fail an entire Lambda function. While failing a function makes sense sometimes, user facing functions often require a custom error to be returned. This is a great way to get the error information you need, without affecting the user experience.

How to use Serverless and Twilio to automate your communication channels
The Serverless Framework is killing it lately. Now you can deploy Twilio functions as well. I’ve said before that SaaS providers providing native code execution environments could open up a lot of use case. Now it’s super easy with the Serverless Framework.

LambdaSharp 0.7 “Geminus” is out!
This release focuses on ease of use, sharing modules, and seamless upgrading. Great tool for building serverless C# Lambda functions on AWS with CloudFormation.

IOpipe Named a Cool Vendor in Performance Analysis by Gartner
Good to see vendors in the serverless space getting recognized for the great work they are doing. Congrats to IOpipe!

Lambda@Edge support now available
This is another awesome update to the Serverless Framework. There are still some quirks with deploying and removing Lambda@Edge functions, but this added support certainly makes it easier.

Announcing the RabbitMQ extension for Azure Functions
I’ve had less-than-fantastic experiences with RabbitMQ, but I know many people that have had better luck. I do think this is an interesting way to migrate existing workloads to serverless by tapping into your app’s RabbitMQ channels. Any time you make it easier to adopt serverless, I’m all for it.

Serverless Stories 📖

Use Serverless AWS step functions to reduce VPC costs
Kevin van Ingen has a great piece that explains how his team was able to cut costs dramatically by removing their NAT Gateway and parallelizing their Lambdas with Step Functions.

Serverless Web Application – Example Architecture
Ahmed Mansour gives us some insight into how he build a recent serverless project.

Serverless Use Cases 🗺

Doing Rollups of AWS S3 Server Access Logs
Here’s a useful use case from Douglas Muth. Use a Lambda function to roll up S3 access log files. He even wrote an app for you.

Generate AWS STS credentials: The portable way
There are some security considerations with this approach, but using Lambda to quickly generate STS credentials for teams is another interesting use case.

When you want to learn some advanced Serverless concepts… 🏗

Serverless Cost Containment
Rowan Udell has a great piece that outlines some of the cost traps that serverless developers can get caught in. Many of these are easily mitigated, but the first step is knowing that they exist.

Distributed Tracing: Manual Vs. Automatic
Nitzan Shapira presents two different approaches to implementing a distributed tracing solution: Manual and Automatic. Automatic has its drawbacks, especially around flexibility. But personally, I’d rather choose a tool that gets me 80% there without needing to do any extra heavy lifting.

Taking Serverless to the Next Level
Danilo Poccia is always taking serverless to the next level. In this presentation he covers everything from IaaC to automating deployments to event-driven microservices. There are a lot of slides here, but definitely worth taking a look to understand these fundamentals.

12 New Features of AWS Amplify
AWS Amplify is on the development bullet train. The project is moving fast and releasing new features constantly. Nader Dabit outlines 12 new features that have been released over the last few months.

Invoking one Lambda function inside another (Sync-Async)
Mahfuzul Alam outlines a way to do function composition by making asynchronous calls to downstream Lambda functions. Under the right circumstances, this can work well, but be careful about synchronous invocations, especially attached to a synchronous request from a client. It might be necessary, but this creates a lot of coupling. There are generally better ways to achieve this.

The best reason to use DynamoDB streams is…
Yan Cui points out the fact that using DynamoDB streams eliminates the need to update the state of two separate systems (DynamoDB and Kinesis), which eliminates the need for distributed transactions. IMO, this model works really well within a microservice, but if you are generating events for use across service boundaries, I think the distributed transactions are worth the added complexity.

Why you should use temporary stacks when you do serverless
Yan also explains two ways that you could use temporary CloudFormation stacks when doing serverless and why you would want to. Feature branches and integration tests are the highlights here, and while there are always pros and cons, it is definitely something you should consider.

If you’re just getting into serverless… 🐣

What’s the friction with Serverless?
This is a great post for teams thinking about going serverless or for teams that have started but are hitting a brick wall. While serverless promises “writing just your business” logic, there is a lot more to it, especially having knowledge of the other managed services available to you. This shouldn’t discourage you, but it’s important to know what you’re up against.

What Front-End Developers Need to Know about Serverless Databases
Dan O’Donnell gives you some of the pros of working with “serverless” databases.

Serverless Computing and the Trend to Asset Lean
While this analogy is not new, I like how Aater Suleman compares Uber to serverless by describing the parallels between each phase in the evolution of car ownership to hailing a driver from a ride-share app.

Serverless Tutorials 🏗

How to include SNS and Kinesis in your e2e tests
SNS and Kinesis are common components in our event-driven serverless applications. However, testing them can be a bit tricky. Yan Cui walks you through some ways to accomplish this.

Building an Event-driven Pipeline in AWS Using Serverless
Kyle Galbraith shows you how to build an event-driven pipeline using S3 and Lambda. It’s also a good intro to event-driven architecture.

Shifting Your Node Express APIs to Serverless
John Papa’s incredibly thorough tutorial on converting your existing Express apps over to Azure Functions.

GO AWS Development with Serverless Application Model-SAM to start functions locally
Yunus Kılıç’s third article on building and deploying serverless functions with SAM and GO.

How to test a serverless API using AWS serverless Gradle test runner
If I’ve said it once, I’ve said it a million times (I think I said this last week too), I’ve never seen two deployment pipelines that look the same. This example focuses more on the API testing side of things, but as you will see, they have their own unique process.

.NET Core serverless CI/CD on AWS using CodePipeline and CloudFormation
Kaveh Azad gives you a complete CI/CD solution for .NET Core apps using AWS CodePipeline. The CloudFormation template is included, so you could adapt this for other runtimes as well.

How to build HTTP REST APIs with AWS + Serverless Framework
Here is a simple tutorial (in Java) for how to build and deploy a serverless API.

Part 2: How Far Out is AWS Fargate?
Go with Lambda when you can, but if you need containers, Fargate is a much simpler alternative to the likes of Kubernetes for container orchestration and management. Michael Lavers shows you how to deploy a simple Flask app to demonstrate how easy it is to get started with Fargate.

How to Create a REST API with Azure Functions and the Serverless Framework – Part 1
The Serverless Framework has made some significant improvements to the serverless-azure-functions plugin, so building on Azure is even simpler. Check out this tutorial to see how you can use the framework to build your first REST API using Azure Functions.

Serverless Security 🔒

Automating AWS Guard Duty Enrollment
Dane Fetterman wrote a tool to help you enroll a member account in AWS Guard Duty on a master account. The scripts run as Lambda functions, kicked off by a Step Function that lives behind API Gateway.

Simple Voice-Command SQL Injection Hack into Alexa Application
And here I thought ordering 100 rolls of toilet paper from your friend’s Alexa was a vulnerability. I think this is an interesting attack vector, though it likely requires some pretty bad coding on the backend. Ultimately, voice-enabled devices translate your commands into text to be processed. Taking the same precautions as you normally would should be more than enough to mitigate this kind of vulnerability.

A Purple-Team View of Serverless and GraphQL
Abhay Bhargav has a presentation on serverless security and how you probably want to manage your own serverless GraphQL endpoints (instead of using frameworks). There are other solutions out there for serverless GraphQL (namely AWS AppSync), but this presentation does outline a number of risks to be aware of.

How Are Serverless Applications Attacked?
Serverless is, by default, a lot more secure than traditional infrastructures, or even self-managed cloud architectures. However, it bears repeating that the vast majority of vulnerabilities now fall on the quality of the application code. Having a good system in place to provide AppSec in the serverless world is probably insurance worth having.

Serverless Reads 🤓

Loud Narrative on Cloud Native
I love a good rant. Raman Sharma has some thoughts (and criticisms) on some common definitions of “Cloud Native”.

Applying Code-Splitting to AWS Lambda
Running experiments to find new and interesting ways to optimize serverless is a hobby of mine too. Matt Tyler played around with code-splitting in Lambda, and although I don’t think this would create a worthwhile optimization, the idea was definitely worth pursuing.

Review: Amazon Aurora Serverless – A cloud-native and production-ready relational database?
Andreas Wittig gives his review of Amazon Aurora Serverless. This article outlines some of the benefits and limitations, and for the most part I agree. However, I do think the pricing is justified given the Multi-AZ availability and failover support that comes out of the box with Aurora Serverless. In order to achieve this with provisioned Aurora, you’d need to set up multiple instances which actually costs you more.

A top Microsoft cloud exec says that the company wants more customers to try out serverless computing, the ‘best way to do compute’
It looks like Microsoft is going all in on serverless too! Microsoft Azure CTO, Mark Russinovich, explains why serverless is the future of cloud computing. “We don’t want customers to stay out of the best way to do compute, and serverless is the best way to do compute.” I’d have to agree. 😉

Serverless September Content Collection
#ServerlessSeptember is in full swing, and Jan Schenk has put together a collection of all the great posts the Azure community is providing.

Tips and tools to achieve a serverless DevOps workflow
Kurt Marko outlines some of the basics of CI/CD and what the evolution of serverless means for your DevOps workflows.

Exclusive Research from Sumo Logic Reveals Multi-Cloud on the Rise and Open Source Technologies like Kubernetes is Disrupting the Modern Application Stack
This multi-cloud thing is not surprising to me, especially since I assume enterprises are more likely to hedge their best against the public cloud. Maybe this make sense for enterprises, but if you’re a startup or a mid-size company, I really think you’re handicapping yourself by going this route.

When you’ve got a long commute… 🚗

Serverless Chats – Episode #14: Serverless CI/CD for the Enterprise with Forrest Brazeal
In this episode, I chat with Forrest Brazeal about the CI/CD challenges facing enterprises, how to take a pragmatic approach to building pipelines for your serverless projects, and what tools are available to help you.

The Serverless Smarts Podcast – Ft. Erez Berkner, Visibility and Serverless Security
In the latest edition of the Serverless Smarts Podcast, Hillel Solow is joined by Erez Berkner from Lumigo to discuss visibility as a means to achieve better security, who is responsible for security – cloud provider or cloud customer, and edge computing in serverless.

Aleksandar Simovic AWS Serverless Hero Interview at Serverless Days Belgrade 2019
AWS Serverless Hero Aleksandar Simovic shares his thoughts on serverless during an interview at Serverless Days Belgrade.

Danilo Poccia AWS Principal Evangelist Interview at Serverless Days Belgrade 2019
Danilo Poccia talks about how to get started with serverless, its major benefits, and what some AWS customers are doing with it.

When you’re curious what the AWS devs have been up to… 👷‍♀️

Introducing NoSQL Workbench for Amazon DynamoDB — Now in Preview
This has definitely got some promise. I played around with it a bit and there are definitely some quirks (like I couldn’t figure out how to create a Local Secondary Index through the GUI), but I think this will go a long way to helping people create data models with DynamoDB. Read more about it here.

Announcing AWS PrivateLink support for Amazon Rekognition
Great update for everyone stuck in a VPC, though I still think the pricing for a NAT Gateway works out better if you need to access multiple services like this.

New Quick Start deploys clickstream analytics on the AWS Cloud
I really like these Quick Starts that AWS is putting out. You certainly don’t need to follow them exactly, but having the reference architecture out there is super helpful.

AWS Marketplace Makes It Easier to Deploy Lambda Functions with AMIs
You can now deploy your AMI-based solutions along with Lambda functions that interact with them, all with one CloudFormation template.

Serverless Tools 🛠

SAMWise (Beta)
Erik Peterson from CloudZero decided to build a SAM wrapper that makes deploying serverless applications easier. Inspiration struck while watching Lord of the Rings.

Not really a “serverless” tool, but reducing dependencies in your serverless functions is always a good idea to minimize package sizes and third-party vulnerabilities. If you’re building with Node.js, these handy native solutions can save you from leaning too heavily on your favorite utility libraries.

Noiiice Blog
Noiiice is a fully serverless blog platform with server-less side rendering. All services run on Amazon Web Services. The webapp is a Nuxt.js app served from a Lambda function using serverless-http through API Gateway.

If you really love managing Cassandra rings and needing an entire team to keep it up and running, as opposed to the fully-managed DynamoDB platform, here is a tool to help you easily take a step backwards. 😬

Thoughts from Twitter 🐦

#StrangeButTrueCloudFacts… (a thread) ~ Forrest Brazeal
Forrest provides us with nine interesting #StrangeButTrueCloudFacts. He ends his thread with an announcement of a book deal. Congrats to him!

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

September 18, 2019 – Our Serverless Journey – Dev Team Retrospective (Webinar)

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

September 20, 2019 – Serverless Transformation: An Online Panel Discussion

September 26, 2019 – Increasing Serverless Development Velocity (Webinar)

October 2, 2019 – Deep Dive on Amazon EventBridge (Webinar)

October 3, 2019 – How to Leverage Serverless to Optimize for Cost and Performance (Webinar)

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

October 30, 2019 – Retail at the Scale of Serverless with AWS – Webinar

February 27, 2020 – Serverless Nashville – The CFP is now open!

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Peter Sbarski (@sbarski). Peter is the VP of Content at A Cloud Guru, an AWS Serverless Hero, and he runs Serverlessconf (which is happening in NYC this October, BTW). Plus, he wrote a book about Serverless architectures on AWS, he’s a frequent speaker himself, and he’s one heck of a teammate for live Twitch coding challenges. 😉 The team over at A Cloud Guru is doing some amazing work helping to teach people about the cloud and serverless, and Peter is one of the driving forces behind it. Thanks for all you do, Peter (and we’ll take down Munns at re:Invent)! 🙌

Final Thoughts 🤔

Lots of really interesting things happening in the serverless ecosystem. It’s encouraging to see serverless shops like Stackery pushing forward with a new CEO and IOpipe getting recognized by Gartner. Plus, the Serverless Framework has been rapidly releasing features as part of their new full-lifecycle approach, as well as making a ton of improvements to their Microsoft Azure plugin. And speaking of Azure, there has been a huge push for serverless from Microsoft lately that is also great for the community. The more exposure it gets, results in faster adoption, faster innovation, and hopefully, more tools to make serverless even easier to use.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #54

Where have all the Cold Starts gone? ❄️

Welcome to Issue #54 of Off-by-none. Thanks for joining us! 👍

Last week, we celebrated our one year anniversary. This week, we’re investigating some very encouraging news about cold starts in Lambda. Plus, we have lots of amazing serverless content from the community.

There’s plenty to get to, so let’s jump right in. 💥

Serverless News & Product Announcements 🚀

Announcing improved VPC networking for AWS Lambda functions
This is HUGE! AWS is now leveraging Hyperplane to provide NAT capabilities from the Lambda VPC to customer VPCs. The reduction in cold start times is amazing!

Introducing the Newest AWS Heroes – September 2019
Yay! There are four new serverless heroes: Chase Douglas, Ran Ribenzaft, Gojko Adzic, and Prashanth HN. Congrats to all of you!

Manage your Serverless apps through GitHub
You can now manage your Serverless deployments almost entirely from your GitHub repo with’s new feature.

Excited to Announce the Serverless Transformation Newsletter
There is a new serverless newsletter in town. Ben Ellerby is launching the “Serverless Transformation Newsletter” to help develop and share best practices in the Serverless development community.

Fast WordPress Sites with Bluehost & Cloudflare Workers
Bluehost is going to add Cloudflare Workers to speed up WordPress sites. I was really hoping that a better, entirely serverless alternative would have come along to make this unnecessary. 🤷‍♂️

Serverless Stories 📖

Neosperience Cloud journey from monolith to serverless microservices with Amazon Web Services
Excellent post by Luca Bianchi that details Neosperience’s evolution to serverless microservices. He also makes a great point about iteration and the flexibility that microservices provide: “evolving your architecture through Time, requires your code being able to support changes every time a new wave of innovation hits the ground.”

I Believe in Serverless First and so Should You
Greg Farrow talks about why his team at ResponseTap decided to go serverless and why you should too.

My learnings from running the Azure Functions Updates Twitterbot for half a year
Marc Duiker explains what he learned by running a serverless Twitterbot over the last 6 months. Lots of interesting information in here that applies to other cloud providers as well.

Go-ing serverless
Eduardo Almeida set out to learn Go, and ended up stumbling into serverless along the way. His first time experience wasn’t great, which seems to be a common occurrence.

Serverless Use Cases 🗺

Serverless Step Functions with Callback
Callbacks in Step Functions are super handy. Chris Shenton outlines his use case and shows how to restart a Step Function once all the fan-out processing is done.

Sending a Weather Forecast with an AWS Lambda and Twilio
This is a simple app by Andrew Evans, but herein lies the power of serverless. Think about all the little tasks you could automate away.

Challenges and Opportunities of Amazon Serverless Lambda Services in Bioinformatics
I haven’t read this whole thing. But it looks important. 😉

Deploying Mozilla DeepSpeech models to AWS Lambda using Serverless
Lukas Grasse shows you how to install and run Mozilla DeepSpeech on AWS Lambda. There are some size limitations with the models, but the use case is exciting.

Prediction with TensorFlow and Cloud Run
ML and AI is all the rage, so Guillaume Blaquiere decided to install TensorFlowServing on a container and deploy it using Google Cloud Run.

When you want to learn some advanced Serverless concepts… 🏗

Serverless architecture diagram shows a new side of server-side
Interesting diagram from Fred Churchville on the differences between a traditional “server-side” application and one that is serverless. There is more happening with serverless and SSR, and of course, SPAs can work just fine with APIs running on traditional architecture, but this is a good way to look at it.

AWS Data API for Amazon Aurora Serverless
Goran Opacic has a great piece that explains how easy it is to run a Serverless Lambda SQL powered web site in production and deploy the entire architecture using CDK. There are some good references in this article as well. 😉

Deploying a Web API on AWS Lambda: Difference between API Gateway and Application Load Balancer
This is a short post that compares ALB with API Gateway when being used with Lambda functions. Very useful info here.

Three AWS API Gateway Features to Manage and Control the Invocations of its Targets
Lior Shalom highlights a few features of API Gateway that let you define throttling, manage API keys, and add performance gains by using caching.

AWS Lambda VPC Upgrades with HyperPlane
Austin Huminski from IOpipe explains why the AWS Lambda VPC upgrades are such a big deal, and how you can configure a Lambda function to access RDS in your VPC.

If you’re just getting into serverless… 🐣

15 things I’ve learned doing serverless for a year and a half
Great article by Paul Heintzelman that includes 15 things that every serverless developer (new and old) should definitely learn and understand.

Choosing the right cloud provider
Ben Ellerby helps you choose a cloud provider for your serverless projects. TLDR; He suggests AWS.

Why does serverless matter?
We’ll let the “there are still servers in serverless” comment slide. This is a good article that outlines why serverless is different than PaaS, and more importantly, what value it brings to your business.

An Introduction to Azure Functions
AWS Lambda isn’t the only game in town. Check out John Matthew’s introduction to Azure Functions to see what Microsoft offers for FaaS.

Serverless Tutorials 🏗

Create Serverless API for HTML Scraping
If you do need to scrape an HTML page, using the cheerio package seems like a great option.

Richard Boyd is back with a post that describes how to build CDK Constructs using test-driven development and the AWS CDK Asserts Library.

Building a Simple Serverless WebSocket with Stackery and AWS
The team at Stackery shows you how to build a simple serverless WebSocket in Amazon API Gateway that can directly communicate back to the client. This uses the Stackery Canvas, so you don’t even need to write any CloudFormation.

Netlify Dev + Serverless Functions + MailChimp Subscribe Form Tutorial
Matt Gregg shows you the power of Netlify with this simple tutorial.

Moving from Lambda ƛ to Azure Functions <⚡>
I’ve had decision makers ask me “how hard is it to move to a different cloud provider?” way too many times. Whatever the reason maybe, it’s always a good idea to understand what other options are out there. Jeremy Likness has a post with some videos that will show you what a migration from AWS to Azure might look like.

Create a Reddit Bot with Node.js on AWS Lamba
Raz Ali shows you how to create an application in Reddit and use an AWS Lambda function to connect to it. This is just a starting point, but lots of use cases for these types of applications.

How to build a website from scratch under the AWS free tier (Part I : FrontEnd) & (Part II : BackEnd)
Anas El Mhamdi’s two part series will give you a good overview of how to set up your front end static hosting along with a fully dynamic serverless backend.

Testing Serverless Services
Vincent Claes gives you a detailed run through of testing your Python serverless applications. There is some local mocking in there (which lots of people prefer) for unit testing, but I’m a big fan of adding some integration tests using real cloud resources too.

Serverless Security 🔒

How to store your AWS Lambda secrets cheaply without compromising scalability or security
Timothy Jones has an interesting way of encrypting secrets for serverless applications without the need for expensive solutions like Secrets Manager or rate-limited Parameter Store calls.

How To Handle HIPAA Compliance with Serverless Security
Need to make sure you serverless applications are HIPPA compliant? Check out this great post by Trisha Paine from Protego.

Serverless Reads 🤓

Q&A With Gojko Adzic on the Book Running Serverless
Newly crowned AWS Serverless Hero, Gojko Adzic, gives a great overview of his new book, Running Serverless.

Why Does Developing on Kubernetes Suck?
“When I’m writing software… Kubernetes has only made things harder.” Nuff said.

AWS Lambda Cold Start Language Comparisons, 2019 edition ☃️
For those of you that continue to worry about cold starts, perhaps this will be encouraging: “The improvement over the last 16 months is the most astounding and surprising find. There are massive improvements across the board, with cold starts becoming reasonably inexpensive and non consequential. NodeJS is now the most performant language, improving 74.6% or 638ms in just 16 months.”

How to Get Over the Serverless Integration Hump
Srinath Perera opines on the future of serverless and discusses the need for an integration language above and beyond programming languages to ease the transition for enterprises.

The Rise of the Serverless Architect
Nick Gottlieb nails it: “A Serverless Architect is a developer who takes this lifecycle focused view and often personally owns at least part of every stage of the Serverless Application Lifecycle. They don’t simply write functions — they implement business results while thinking through how the code that delivers those results will be developed, deployed, tested, monitored, and secured.”

17 Reasons NOT To Be A Manager
This really has nothing to do with serverless, but it is such an important piece for anyone who is a software developer. If you love coding and the rush you get when solving problems and building solutions for them, think long and hard about becoming a manager.

Many Uses of Serverless Observability – Part I
Emrah Samdan explains why observability is an important (if not necessary) part of serverless application development.

Is Serverless the end of Ops? DevOps vs NoOps… NativeOps.
Ben Ellerby has another great post that discusses how “Ops” changes as we move to serverless. I’m not sure “NativeOps” will catch on, but it’s worth a shot.

AWS AppSync with Serverless Lambda only solution
I have to agree with Barend Bootha that “VTL is a terrible place to put any business logic.” I know there are those that would argue, and for certain things it makes sense, but I’m still trying to wrap my head around what service owns the data when working with AppSync. It seems to add a lot of unnecessary coupling to the mix.

When you’re tired of reading… 🎧

Episode #13: Managing a Serverless Engineering Team with Efi Merdler-Kravitz
In this episode, I chat with Efi Merdler-Kravitz about moving your team to serverless, running and growing your serverless development team, and managing roles and specializations in serverless environments.

How Bustle Leverages AWS Lambda to Help Editorial Teams Scale
Bustle has been way out in front with its adoption of serverless and has been using it at massive scale for quite some time. This short video gives you a quick overview of what they’ve built with it. Michael Hart is not in the video, but it’s still worth a watch.

Go Time #96 : Serverless and Go with special guest Stevenson Jean-Pierre
Special guest Stevenson Jean-Pierre discusses serverless in a Go world. What is serverless, what use cases is serverless good for, what are the trade offs, and how do you program with Go differently in the context of serverless?

When you’re wondering what AWS has been up to… 👷‍♀️

Introducing Analyzing Text with Amazon Elasticsearch Service and Amazon Comprehend
This out of the box solution deploys an end-to-end solution for extracting insights from unstructured data such as customer calls, support tickets, and online customer feedback. Then it adds it to Elasticsearch and lets you visualize it with Kibana. Definitely worth checking out the reference architecture to see how it might fit in with your application.

Amazon QuickSight Announces Favorites, Anomaly Alerts and More
I’ve only played around with QuickSight, and have never used it for a production application. But there is definitely something there, and some of these new features look like there is more value to come.

Announcing General Availability of Amazon Quantum Ledger Database (QLDB)
It’s here! AWS’s fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log ‎owned by a central trusted authority. More from Jeff Barr here.

Serverless Tools 🛠

I’ve often joked about this as well. Sure there’s a lot more to it, but comparing FaaS to a modern day “cgi-bin” (just one that scales infinitely and has automatic fault tolerance and failover built in) is a fine comparison to me.

Thoughts from Twitter 🐦

I use a serverless platform and never have to think about a load balancer. (Hell, for a while I didn’t even really know what a load balancer was! No joke.) Who am I? Someone who values productivity. ~ Dr. Donna Malayeri
Speaking of modern day cgi-bins, Dr. Donna Malayeri makes a really good point with this tweet. Load balancers are undifferentiated heavy lifting that developers shouldn’t need to care about. Serverless gives you that.

2 weeks ago I turned 30 years old, and 6 years of AWS — Today, with tears of happiness, I’ve officially got promoted to Principal. ~ Heitor Lessa
We love Heitor and everything he does for serverless, AWS, and the community. Congrats to him for this well-deserved promotion.

Serious question: Why is kubernetes so much more popular than the cloud vendor based FaaS services? Given that FaaS saves you *so much effort and maintenance* (I have experienced this) I don’t see the value *except* on prem. Note: no “because it’s better” responses. ~ Paul Johnston
Paul Johnston has no problem poking the proverbial Twitter bear, and this time it sparked a really interesting (and illuminating) debate. Lift and shift is much easier than rearchitecting for serverless. I’m not sure there is a middle ground here, so perhaps K8s will have it’s run for the foreseeable future.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

September 13, 2019 – Serverless Days Belgrade

September 18, 2019 – Our Serverless Journey – Dev Team Retrospective (Webinar)

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

September 20, 2019 – Serverless Transformation: An Online Panel Discussion

September 26, 2019 – Increasing Serverless Development Velocity (Webinar)

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

October 30, 2019 – Retail at the Scale of Serverless with AWS – Webinar

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ben Ellerby (@EllerbyBen). Ben is a Serverless Architect and Advocate at Theodo UK. He’s also a regular conference speaker, serverless blogger, and editor of the new Serverless Transformation newsletter. As serverless continues to gain adoption, having people like Ben producing well-written content and sharing it with the community, helps to make serverless more accessible for everyone. I’m looking forward to seeing what he does next. Thanks, Ben!  🙌

Final Thoughts 🤔

The news about VPC Lambdas this week was very exciting. Seeing a cold start drop to 933 ms from 14.8 seconds is game changing. I know many people will continue to argue that 933 ms of latency is still too high, and that is true for certain applications. But since cold starts affect such a tiny percentage of your invocations, a few random 1 second round trips will seem like normal network blips for web-facing applications. 15 seconds was noticeable (hard to argue with that), but 1 second? Not so much. Exciting times ahead.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Thanks again,

Off-by-none: Issue #53

Has it already been a year?

Welcome to Issue #53 of Off-by-none. I’m so happy you joined us for this special issue! 🙌

Last week, we recapped the AWS Developer Influencer Summit and learned how to simplify publishing Lambda Layers. This week, we’re obviously celebrating our one year anniversary, so we’ve got some surprises for our loyal readers. And, of course, we have plenty of serverless content from the community.

There is so much to get to this week, so let’s get this party started. 🕺💃

It’s our party and we’ll give stuff away if we want to… 🍾🎉🎁

That’s right, we’ve got swag, and we want to give it to YOU! We’ve looked at the stats, and we’ve reviewed the creepy OPEN and CLICK data that Mailchimp collects, and it seems that many of you are very loyal readers. You’ve shared the issues on social media, encouraged others to sign up, submitted articles and suggestions, and helped to make the newsletter better each and every week. Some of you have even been here since the very beginning!

So as a proper thank you for spending (so much of) your time reading and sharing this newsletter, we’ll be sending swag bags to a whole bunch of you! We’ll reach out in the next few days to get your T-shirt size (oops, did I just give that away?) as well as a mailing address for shipping. I wish we could send gifts to everyone, but we’re still just a little community newsletter. Hopefully, with your continued support, we’ll keep growing this amazing community and help give the gift of serverless to everyone! (and maybe T-shirts)

Serverless News & Product Announcements 🚀

SAM v1.14.0 Release: API Key Authorization and API Resource Policies Support
This release includes the first step in supporting ApiGateway API Keys and Usage Plans in SAM as well as the first of two proposed changes to add support for ApiGateway resource policies.

Architect 6.0: Ruby, Python, and CloudFormation
Architect 6.0 now generates CloudFormation instead of using API calls to create AWS infrastructure. There are some other cool features, too, like writing zero-config Gatsby apps with the ability to augment them with dynamic runtime-powered routes.

Open-source serverless framework wants to pave the way towards serverless 2.0
“What we are missing is support for long-lived virtual stateful functions, a way to manage distributed—durable and ephemeral—state in a scalable and available fashion, ways to co-locate processing and data, and options for choosing the right consistency model for the job.” But are we missing those things? Or are we just too comfortable with the old way of doing things?

Lambda Layer Management with the IOpipe CLI
IOpipe’s new CLI lets you manage their no code instrumentation of your Lambda functions through your command line.

Making it easier to manage custom domains
Managing your custom domains in Seed is now a lot more easier and far more reliable.

Serverless Stories 📖

Serving my serverless personal website
Jordan Matelsky migrated his personal website to S3 and found some challenges using some serverless services. It’s an interesting story, and in my experience, indicative of what many first time users of these services face. This needs to be easier.

Let’s create a serverless notification system with Amazon API Gateway
This is sort of a story and tutorial wrapped up into one. In this post, beSharp will explain how they took a serverless approach to refactoring their notification system with realtime communications using API Gateway’s WebSocket support.

Building a truly global e-commerce platform
This is an interesting article that shares how Pim Vernooij and his team built out a e-commerce platform using AWS Lambda and API Gateway.

Building a Gitlab pipeline for serverless aka containerizing the Serverless Framework for the win.
If I said it once, I’ve said it a hundred times, I’ve never seen two serverless CI/CD pipelines that look the same. Similar, sure, but there’s always something different in every one I see. Here’s how Paul Heintzelman and his team does it.

Serverless at scale
Mathias from Freetrade shares how their move to serverless a year ago has benefited them, what they’ve learned, and what challenged them along the way. Still plenty of work to be done, but these stories are always encouraging.

How we made the return process more efficient thanks to an IPA beer notification hack
This is a fascinating look at how Daniel Wellington (the watch company) used Lambda and Amazon Rekognition to speed up their warehouse return process. Interesting to see real world problems being solved by serverless.

Serverless Use Cases 🗺

Serverless Data Extraction with AWS
This is a nice use case that grabs files from an S3 trigger, processes them with Lambda and Textract, then saves the data back to an S3 bucket.

Getting Started with Serverless Angular Universal on AWS Lambda
Here is an interesting way to develop and deploy an Angular application on AWS Lambda using Angular Universal for server-side rendering.

AWS Step Functions Gains Callback Patterns to Resume Paused Workflows
Steffen Opel has a nice overview of the new Step Function Callback Patterns that AWS released earlier this year. There are a lot of useful patterns here, so it is definitely worth understanding how these work.

Building Serverless IoT Systems from Node-RED to AWS Lambda
IoT is another one of those perfect use cases for serverless. In this post, Sarjeel Yusuf gives a quick overview of how you can use AWS IoT to route incoming messages from your Node-RED MQTT broker to an AWS Lambda function.

Handling medium size files with Lambda
Great post by Gratus Devanesan that uses file streaming, Lambda, and SQS to build a serverless MapReduce architecture. As he states, this probably won’t work for really large (like 100GB) files, but would make sense for “medium size” files.

AI Automated dubbing : Building an end-to-end Youtube audio translation platform using AWS serverless architecture
How’s this for an interesting use case? Ramsri Goutham uses AWS Transcribe, Translate, and Polly to automatically translate audio in video files

AWS serverless scraping: randomising your ip.
Hmm, I’m a bit torn by this one. On the one hand, sometimes I need a good script to do some “crawling” of website data. On the other hand, there is a reason why sites block scraping bots. No matter how you feel, Pablo Voorvaart has a quick and dirty solution for you.

When you want to go deep on some serverless concepts… 🏗

How to use the power of CloudFormation custom resources for great good
Yan Cui has a great post that explains how you can include a custom resource’s Lambda function in the same CloudFormation stack that uses it.

There is (at least in my mind) a clear understanding that Kubernetes is NOT serverless. However, if a provider is managing that for you, and you’re simply running Knative on top of it, well, that’s a different story. This piece by Scott Weiss gives you some more details on Knative.

Kafka, RabbitMQ or Kinesis – Solution Comparison
This is a great post by Nitzan Shapira that scores these three message systems based on a number of factors including ease of setup and maintainability. Spoiler alert: Kinesis comes out on top, but mostly because it is so “hands off” in terms of ongoing maintenance. FYI, I’ve worked with RabbitMQ extensively (including for a current project), and I would definitely rate that lower than the other two as well.

Debugging Distributed Systems Using Logs
We get it! Epsagon is amazing! 😉 But seriously, all these observability tools that do distributed tracing are really very powerful and make debugging serverless applications much easier. If you’re not convinced, Ran Ribenzaft’s post gives you some good insight into why things can get very difficult without one of them.

Awfully Thorough Guide to Choosing the Best Serverless Solution
Ilya Kritsmer looks at serverless orchestration services from Google and IBM. According to this post, the options are really thin and aren’t ready for prime time. He doesn’t mention GCP’s AppEngine or IBM’s AppConnect, but I haven’t done enough with them to have an opinion.

If you’re just getting started with serverless… 🐣

How to configure the AWS CLI to your local environment?
The AWS CLI is a very powerful tool in your serverless development arsenal. This quick post from Suthar Prashant will get you up and running in just a few minutes.

Ask the expert: AWS serverless challenges and how to overcome them
Marko from opines on some of the challenges of serverless and what you can do to work around them. There’s some architecture notes in here as well.

Serverless in AWS: Lambda vs. Fargate
Keilan Jackson gives a good overview of the differences between Lambda and Fargate and when you might use one over the other.

A shared-nothing approach to serverless microservice ecosystems on AWS
This is a good post by Kaveh Azad that might help you wrap your head around building loosely coupled serverless microservices. The shared nothing approach often makes people uncomfortable. One word: “denormalization”. 😉

Serverless Tutorials 🏗

Creating a serverless REST API with Node.js, AWS Lambda, API Gateway, RDS and PostgreSQL.
Giuseppe Picciano gives you a complete walk through for building a serverless API with a PostgreSQL backend. Great example of creating single purpose functions and using a database abstraction layer (though you might eventually want to roll your own). For production, use Parameter Store for your database secrets, and you’re good to go.

Express in AWS Lambda
So, I’m not a huge fan of using Express.js with Lambda, simply because there is way too much overhead involved. However, what I like about Ashiq Sultan’s post, is how he uses his lambda.js file as a port to his Express app. This allows him to run/test his app independently, but also invoke it through API Gateway. There’s some interesting hexagonal architecture thinking there.

Migrate a Simple SAM Application to the Serverless Framework
What if you start with SAM, but then decide to use the Serverless Framework instead? Fernando Corey has got you covered with this complete migration guide.

Scalable image classification with ONNX.js and AWS Lambda
Nico Axtmann gives you a quick tutorial (along with the git repo) on how to use Lambda and ONNX.js. If you want to up your serverless machine learning game, this might be a good start.

Multiple Environments with AWS Amplify
Jan Hesters teaches you how to use Amplify’s env command to implement either sandboxes or shared environments to help teams collaborate on Amplify projects.

Serverless Security 🔒

Going Serverless? Common Serverless Security Issues and Best Practices
As I was reading Aaron Chichioco’s post on serverless security, my first thought, was that it didn’t really make sense in the context of AWS. However, if you are running your own K8s cluster, or using some other provider that is rolling their own serverless stack, some of these threats could be very real.

Serverless Reads 🤓

Modern applications at AWS
Ever wonder how AWS builds their own modern applications? This post from Werner Vogels outlines the approach that AWS takes to build highly scalable services that allow for rapid development and releases.

Beyond The Browser: Getting Started With Serverless WebAssembly
The promise of WebAssembly in the browser fascinates me, but using it to power serverless functions? That’s just crazy talk. Robert Aboukhalilich has a great article that shows just how real this is.

Don’t get locked up into avoiding lock-in
Gregor Hohpe has a brilliant article that analyzes lock-in and how we can make better decisions about it using simple models. Do yourself a favor and just read this.

Serverless computing innovations will drive the next great evolution in storage
Though I find Grant Gumina’s predictions about adoption to be a bit pessimistic, I think he’s right about the technology hurdles with regards to adding state to serverless applications. However, this might just be the point. There are benefits to statelessness, so perhaps rethinking design patterns would eliminate the need to fill the deficiencies he points out? 🤔

Why doesn’t anyone weep for Docker?
So, this isn’t really about serverless, but I found the article interesting. Matt Asay does a great job of pointing out the challenges that all open source technology companies face. How do you monetize your work while still embracing the community? I’d venture a guess that “building your own cloud” is likely not the best approach.

Self-Serverless: Why Run Knative Functions on Your Kubernetes Cluster?
Two Knative articles in one newsletter!?! I know what you’re thinking, but if you’ve been paying attention, you’ve noticed that LOTS of enterprises are adopting Kubernetes. Layers and layers of abstraction seem counterproductive to me. But K8s may be the hybrid cars of cloud technology. Sure it bridges the gap for awhile and makes you feel good about yourself, but ultimately you’ll realize that it was just a ploy by Big Oil to keep us hooked on fossil fuels, and now we have all these dead batteries lying around. I think I got off topic there, but maybe you get my point.

Choosing a cloud DBMS: architectures and tradeoffs
Adrian Colyer recaps “Choosing a cloud DBMS: architectures and tradeoffs Tan et al., VLDB’19” in The Morning Paper. His key takeaways note that the database is less important than the storage format. I’ve been playing around with Athena lately, and I agree that it wins hands down.

How Serverless Computing Is Reshaping the Business World
If you’re trying to convince your boss to let your team go serverless, send them this article from BOSS Magazine.

Migrating legacy apps to serverless platforms doesn’t have to be painful
Not an entirely accurate article as most limits can be raised and there are other ways to share data across functions. But the overall sentiment seems right. Lots of “peripheral” use cases for serverless that can compliment an existing software stack.

When you need something to listen to on your commute… 🎧

Serverless Chats – Episode #12: Reducing MTTR in Serverless Environments with Emrah Şamdan
In this episode, I chat with Emrah Şamdan about discovering problems before they cause issues, what constitutes signals of failure in serverless applications, and how we can be better prepared to respond to incidents.

When you’re curious what the AWS devs have been working on… 👷‍♀️

Now forward traffic between a local and remote port using Session Manager
I really love the work being done with this. You still need to have an EC2 instance running behind the scenes, but using Session Manager to control access, PLUS being able to do port forwarding now, is so much easier than VPNs and previous workarounds. More info here.

AWS X-Ray Now Supports Amazon SQS
This is another great feature that should help you get more observability out of the box from AWS. Tracing headers are sent automatically with the AWS SDK if your functions are X-Ray tracing enabled. Looks like there is still some work required to recover the tracing context when receiving messages, but it seems fairly trivial.

Take the AWS Certified Cloud Practitioner Exam in Your Home or Office 24/7
“You’ll need a reliable internet connection, a webcam, and a quiet, private place to test.” I haven’t had a “quiet, private place” since my first kid was born 13 years ago. But for those of you that can find some peace and quiet, this is probably easier (and less stressful) than the alternative.

Lower Threshold for AWS WAF Rate-based Rules
According to AWS, this lets you protect against low-volume brute force logins, scrapers and more. I also like the use case for rate limiting per-user API calls. Throw this in front of an ALB and now you have automatic quota management without API Gateway.

Serverless Tools 🛠

A SAR app to propagate CloudFormation tags to unsupported resources
CloudFormation tags don’t automatically propagate to some resource types, including CloudWatch log groups. This is especially frustrating if you want to include them in your cost monitoring. Yan Cui and the team at Lumigo have you covered with this new SAR app.

s3redirect – A #Serverless and #Databaseless URL Shortner
Ric Harvey created a full fledge serverless and databaseless application that allows users to create a tiny URL by creating “Web Site Redirects” using Amazon S3, Lambda and Cloudfront.

Thoughts from Twitter 🐦

TIL the first automobiles were described as “horseless”, like the first cellphones were called “wireless phones”. Good reminder that terms describing transformational transitions often describe the absence of something, till the durable description inevitably emerges. #serverless ~Ajay Nair
Interesting way to think about the term “serverless” from Ajay. It may not be the best name, and people love to argue semantics, but what it describes is a way of building software that has completely changed the way I approach solving problems. So, yeah, pretty transformational if you ask me.

Following the news around a certain large tech company’s conference this week and their numerous k8s announcements furthers my view that #serverless is the future of things. (a thread) ~ Chris Munns
“k8s is the last hill for traditional Ops/IT to die on. Above that on the stack is basically all things serverless.” Preach.

I’m amazed what people will put up with to be 100% X (where X might be #serverless or $onlyOneLanguage, merely as examples but widely applicable). And then I remember how easy it is to think everything neatly fits in this one perfect box. ~ Susan Potter
Valid point. Most things don’t fit neatly into a box, and serverless is no exception. There are plenty of use cases that containers are better suited for, but imagine if one day, everything could be serverless?

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

September 4, 2019 – Serverless Done Right (webinar)

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

September 20, 2019 – Serverless Transformation: An Online Panel Discussion

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is YOU. I don’t want to get all sappy here, but I cannot express how important you all are to the community. You are the bloggers that write amazing serverless content. You are the open-source creators and contributors that build tools and frameworks to make serverless better every day. You are the companies and developers that are working to bring new products into the serverless ecosystem. You are the people that fuel serverless innovation with your ideas, your curiosity, and your feedback. Without all of you, there would be no serverless community, and no place for me to share my ideas. And for that, I thank all of you. 🙌

Final Thoughts 🤔

So much has happened with serverless since I started this newsletter last September. It’s mind-boggling just how far we’ve come in only a year. And I’m more excited about the future of serverless now than I’ve ever been. This last year has also given me the opportunity to meet so many amazing people from the serverless community. It has been an honor, and a gift, and I am eternally grateful for all the support I’ve gotten from all of you. I’m looking forward to another year of Off-by-none, and I hope you are too.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Thanks again,

Off-by-none: Issue #52

The future of serverless looks amazing… 🔮

Welcome to Issue #52 of Off-by-none. I’m so glad you’re here! 😉

Last week, I was at the AWS Developer Influencer Summit, learning how AWS is planning on taking serverless to the next level, as well as them eagerly listening to our (extensive) feedback. This week, we’ll give a quick recap of the event and then learn how publishing Lambda Layers might be a lot easier than we thought. Plus we have lots and lots of amazing content from the serverless community.

We’ve got plenty of great serverless content, so let’s get right to the good stuff. 👊

When you realize that AWS PMs really want your feedback… 📝

Last week I was honored to be a part of the first AWS Developer Influencer Summit in Seattle. It was a small group of about 70 people that came from all corners of the world. There were AWS community heroes, partners, and other independent voices that came together to learn what AWS was working on, and more importantly, to give our feedback. It was a great mix of serverless peeps, container folk, data wizards, developer tool jockeys, and ML/AI gurus. All sharing ideas and thoughts on how AWS can make their products and services better.

I wasn’t sure what to expect, but it turned out to be an incredibly rewarding experience. I spoke with several PMs from a number of different serverless teams, and I have to say, the future of serverless at AWS looks absolutely amazing! Not only that, but I got to hang out with some of the brightest minds in serverless, beat Chris Munns in the first live Twitch Serverless Challenge 😉, and then have the honor of losing the championship to Alex Casalboni‘s team (which Chris just happened to be on as well 🤨).

When you figure out that publishing Lambda Layers is easier than you thought… 🍰

So another crazy thing that happened at the AWS Developer Influencer Summit, was during one of the open discussions. The topic of Lambda Layers came up, and while many of us were complaining about working with them, Gojko Adzic literally blew our minds. He was then nice enough to blog about his solution…

Publishing Lambda Layers using SAR  🤯
So this is just flat out amazing. Lambda Layers are incredibly useful for sharing dependencies and compiled binaries, but the ability to use semantic versioning, or replicate them to other regions, always seemed like a massive inconvenience. Gojko Adzic brilliantly points out that these problem all go away if they are published as part of a SAR app. This is a must read if you are working with Lambda Layers.

How to include Serverless Repository apps in serverless.yml
And if you are wondering how to include a SAR (Serverless Application Repository) app in your Serverless Framework project, Yan Cui has a great post that will show you how.

Serverless News & Product Announcements 🚀

Zero instrumentation observability for AWS Lambda
The new Invocations Explorer provided by the Serverless Framework is a nice add-on to the observability features they’ve been launching lately. Very cool stuff.

Devs invited to bake ‘Run on Google Cloud’ button into git repos… By Google, of course
This is an interesting idea. “When you click the Cloud Run Button to deploy an application, it packages the application source code as a container image, pushes it to Google Container Registry, and deploys it on Cloud Run.” Hey, AWS! Maybe you should think about something like this.

Complete guide to AWS Step Functions
Yan Cui’s “Complete guide to AWS Step Functions” has been updated with more content and is now available for 50% off. I would suggest you take advantage of this offer while you can.

Introducing a better way to use Lumigo
Lumigo has joined the ranks of other observability companies and made it super simple to auto instrument your Serverless Framework projects with their tools. Simply install the new plugin, add your Lumigo token, and you’re off to the races.

Stay aware about your serverless stack with Thundra reports!
I like these proactive type reports that I get from some other observability tools. Glad that Thundra is now providing them as well.

Startup Rockset Adds SQL to DynamoDB
I have not tried Rockset yet, but this new feature appears to tie into DynamoDB streams to offer near realtime access to a SQL interface. I’ve often done this myself, but I think that since the use case is getting so popular, Rockset is smart to capitalize on it.

Serverless Stories 📖

How we reduced our API calls by 50%
Chad Dalton outlines a pretty slick way to eliminate OPTIONS API calls by using CloudFront to consolidate the host domain and use a custom origin to forward requests to the API. You could also minimize this by using the Access-Control-Max-Age CORS header, but that’ll only get you part of the way there.

Serverless, Cognito, and Custom Resources
Pei Deng has some criticisms of serverless and CloudFormation. I don’t disagree that IAM and CloudFormation can overcomplicate things sometimes, but the tooling is getting better, and there are lots of resources out there to help. With that being said, this type of experience with serverless means we still have quite a bit of work to do.

Serverless Use Cases 🗺

The new way to create, develop and deploy Twilio functions
I’m a big fan of services like Twilio functions. I love the idea of SaaS providers allowing customers to write applications that interact with their services directly within their systems, making things like transformations and triggers more customizable. I worry that there is a risk of disparate business logic across platforms, but being able to build deployments into your pipelines will go a long way to solving these issues.

Log forwarding from S3 to ES on AWS using Lambda & Serverless Framework
Log shipping is a fairly popular use case. Deepthi Nalla outlines her method of getting S3 files to Elasticsearch with the help of Lambda.

Serverless session handling for load-balanced PHP applications
Implementing DynamoDB as a shared session store for load-balanced PHP applications from Christian Burger is an interesting use case. It certainly is a step towards serverless, and it’s a heck of a lot better than sticky sessions.

Tracking team mood with Mood-o-Meter app
Do you know if you team is in good spirits? Slava Guzenko created a simple serverless application that can track your team’s mood with just a single click. I think that small, standalone services like this are great use cases for serverless because a) they cost basically nothing to run, b) they are always available, and c) they are independent of other resources, so they never affect critical applications in your stack.

When you want to explore some advanced serverless concepts… 🏗

A Minimum Viable CloudFormation Template
If you’ve ever looked at a 2,000 line CloudFormation template and started experiencing vertigo, then you’re not alone. Adam Johnson takes a slightly different approach to testing CF templates, which is quite simple, but also very powerful.

Building a CI/CD pipeline for Serverless apps
The team at has been producing content like it’s nobody’s business lately. They’ve compiled all their recent serverless CI/CD tips into a single post for you.

Serverless on GCP
So for all you Google Cloud fanatics, Tyler Treat does an excellent job outlining and differentiating all the serverless compute options available in GCP. I particularly like his advice at the end: “This is why we usually suggest starting with the highest level of abstraction possible and dropping down if and when needed.”

AWS Lambda or AWS Fargate: The Step-by-Step Guide to Choosing the Right Technology
Excellent post by Illia Saveliev that will help you make the choice between Fargate and Lambda. I personally don’t consider Fargate to be “serverless”, but there are certainly circumstance where you would need something other than Lambda. I think this article does a good job outlining the limits so you make the proper tradeoffs.

For the serverless newbie, we’ve got your back… 🐣

Serverless 101
While there is some debate as to whether or not serverless apps “cost us nothing”, Dorian Machado gives you a really quick intro with some quick concepts and tools to get you started.

How to create your first AWS Lambda function in two easy steps
If you are looking for a very basic intro into how Lambda functions work, this quick post by Mariano Calandra will get you up and running with your first function in a matter of minutes.

Serverless Deployment with AWS SAM
If you want to start your serverless journey with an IaC (Infrastructure as Code) approach, then Olawale Olaleye’s post will give you a quick start using SAM (the Serverless Application Model) from AWS.

Serverless – Hello World
And if you want to use IaC with a framework that isn’t SAM, Dorian Machado has a quick “Hello World” tutorial using the Serverless Framework.

Serverless Tutorials 🏗

A simple event-sourcing example with snapshots using Lambda and DynamoDB
Very interesting post from Yan Cui about using DynamoDB to store an immutable ledger of events that can be used to recreate the current state of your application. The noteworthy part is using periodic snapshots to minimize the aggregate creation, which can be cumbersome in serverless applications without using a caching mechanism.

Build An AWS Serverless Application using SAM
If you have a few spare hours and want to go through a very thorough tutorial on how to build a serverless application with SAM, check out Hongbo Liu’s post.

Refactoring to Amazon DynamoDB
Want to get all that pesky relational data into DynamoDB tables? This post walks you through some data modeling with DynamoDB and shows you how to transfer existing data from a SQL Server database using AWS Glue.

Turn your AWS S3 data into insights you always wanted
This is a quick intro to AWS Athena, which is quite an amazing piece of technology. If you need to store and query event data, take a look at Athena.

Easily Deploy A Serverless CDN With Serverless Components
Serverless Components are small bits of functionality that are prepackaged to make deploying serverless solutions simpler. This post outlines how to create a global-scale CDN with just a few lines of configuration.

Serverless Security 🔒

Somebody else’s problem? Don’t rely on cloud service cybersecurity
This isn’t specific to serverless, but I think the article makes some very good points. It’s true that the underlying infrastructure for cloud providers is very secure, but there are still things cloud practitioners (including serverless developers) need to keep top of mind when deploying their applications. Security was, is, and will always be the most important piece of your application.

Nine AWS Security Hub best practices
And speaking of cloud security, AWS Security Hub is another really powerful tool that can help create more secure environments and applications. This post outlines nine best practices that should give you some ideas of how you can use it in your accounts.

Serverless Reads 🤓

Sleepless In Seattle
Richard Boyd, Cloud Data Engineer at iRobot, and tormentor of Ben Kehoe with AWS CDK stickers, was also at the AWS Developer Influencer Summit last week. He has recapped his experience for you and shared some of what he learned.

Hybrid nano-services and the rise of functional server-less dynamic architectures
Andrew L’Homme has an interesting thought piece on using systems to automatically compose serverless functions to minimize latency across network boundaries. There is a lot of work being done in this area, but whether this happens dynamically, or people do it manually, there is value and optimizations in pre-packaging serverless workflows.

Serverless architect emerges as in-demand job role
This is a good summary of Wisen Tanasa’s post from a few weeks ago. There is little doubt in my mind that companies will start embracing serverless, even if it is only for peripheral workloads. But either way, understanding the concepts outlined in this post will certainly put you in a better position.

Is Serverless Right Now For Your IT Organization?
I like to include interesting articles, even I don’t fully agree with them. Sherri Douville’s piece argues that serverless limitations, from a CIO’s perspective, makes it a “Good Experimental Option For Variable Workloads”, but not for critical ones. I do agree that we should pick the right tool for the job, but I would argue that many mission critical jobs are better off running serverless.

Yan Cui Interview
In this short interview with Yan Cui (aka theburningmonk), we get to hear some of his thoughts on the benefits and weaknesses of serverless, as well as his advice for serverless newbies. He also mentions “Off-by-none” as one of his favorite resources for learning more about the serverless ecosystem (which is much appreciated). 🙌

AWS Architecture Monthly (Cloud Computing)
So this is something I just found this week. Each month there is a selection of the best content around cloud architecture from AWS, and this month was all about serverless. There are a lot of good videos and articles in here.

Let Your Product Define Your Technology, Not Your Technology Define Your Product
This is sort of an advertisement for a software development company, but I really like the approach they take when building products and solutions for their customers. It doesn’t necessarily matter what technology is used to solve a problem, the key is to be flexible and adaptable to the problem. As this piece notes, serverless takes care of the basics, allowing the team to focus on solving domain problems instead. This flexibility can go a long way as the project grows and adapts.

AWS re:Invent 2019: Serverless Session Guide
Is it already time to start thinking about session choices at re:Invent? We’re still three months away, but planning ahead is never a bad idea. If you want some advice, as well as some serverless session options, this post from IOpipe has you covered.

Recession-Proof Your AWS Cloud
It is certainly possible to spend your way to failure if you let your AWS bill get out of control. The Serverless Guru points out some tools and tricks to make sure you eliminate unnecessary costs and optimize your existing services.

The Dark Side of AWS Lambda
Though the title sounds ominous, Adam Link was simply a victim of AWS limits. As he notes in the piece, this can easily be solved with plugins or clean up functions. The serverless-prune-plugin is a staple in all my projects.

Kubernetes Workloads in the Serverless Era: Architecture, Platforms, and Trends
Okay, so I debated whether or not to include this article, because it’s basically just a puff piece for Kubernetes. However, after speaking with an industry analyst the other day, this ridiculous notion of multi-cloud is actually a thing. And because of that, and some of the serverless limitations mentioned in this piece, adoption is suffering at enterprise companies. It’s worth the read, if only to understand the momentum of K8s.

When you’d rather watch the movie instead of read the book… 🍿

Serverless Chats – Episode #11: Serverless Security in the Real World with Hillel Solow
In this episode, I chat with Hillel Solow about what’s different with security in serverless, which attack vectors are actually being targeted, and how we can significantly increase our security posture with good coding practices.

Best serverless video tutorials
If you like watching tutorials, the Dashbird has compiled a big long list of serverless videos for you to binge on a Friday night.

SynchroNet: Extending User Automation and Amazon WorkSpaces Provisioning with AWS Step Functions
Learn how SynchroNet uses a lightweight, serverless, event-driven architecture to ensure that the right user personas get the right workspace resources every time by automating Amazon Workspaces provisioning.

Some new Serverless Architecture videos from John and Mike
Here are two great serverless talks from Mike Roberts and John Chapin over at Symphonia.

When you finally make the Seattle coffee = AWS dev productivity connection… ☕️

Amazon Transcribe now supports speech-to-text in Russian and Chinese Mandarin–Mainland
Now if they can only get Amazon Transcribe to support English! 😂

Amazon ElastiCache announces online vertical scaling for Redis Cluster mode and improves scaling non-Redis Cluster mode
Um, this is pretty darn cool. I know several people (including me) that use Redis quite a bit in our stacks. A simple change to the instance size without losing data is very useful.

Amazon SQS Now Supports Tag-on-Create
Tagging, tagging, tagging! I really love how useful tags are in AWS, so it’s nice to see more first class support. The fact that you couldn’t do this in the past always boggled my mind.

Introducing AI-Powered Health Data Masking
This service helps healthcare organizations identify and mask health data in images or text. I find the move to focus on solutions for specific verticals to be an interesting approach. It provides out of the box solutions, but also lays the foundation for other creative use cases.

Amazon Forecast Now Generally Available
Amazon Forecast is a fully managed service that uses machine learning to deliver highly accurate forecasts. It is based on the same technology used at and might just add a bit of sophistication to your applications with little effort. You can read more about how it works here.

Serverless Tools 🛠

ddbsizemetric – Lambda Custom Resource that emits a metric on the size of your DynamoDB Tables
Richard Boyd published some AWS CDK constructs for Python and Node that lets you emit DynamoDB table storage sizes.

keithrozario/Klayers – A collection of AWS Lambda Layers for Python 3.7
If you’re looking for precompiled binaries for your Lambda Python projects, check out this great collection from Keith Rozario.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

August 29, 2019 –  ServerlessDays Melbourne

August 29, 2019  Serverless Framework : What’s New Demo (webinar)

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rebecca Marshburn (@beccaodelay).  Rebecca is probably the most influential person in serverless that you’ve likely never heard of. That’s because she is a Product Marketing Manager for Serverless at AWS who works behind the scenes to wrangle and coordinate all the AWS Serverless Heroes. Since I first joined the program, she has been instrumental in helping with conference talks, travel, content, promotion, encouragement, and so much more! If it wasn’t for Rebecca, I’m not sure we’d be able to do the work that we do. Last week’s AWS Developer Influencer Summit was just another example of the valuable work that Rebecca does to help guide the future of serverless and make it easier for those in the community to learn and provide feedback. Rebecca, you are awesome! Thank you so much for all the ways you make us (and the community) better.  🙌

Final Thoughts 🤔

Listening to all the awesome feedback from some of the smartest people I’ve ever met, and having the teams at AWS be so excited by it, was very encouraging. The future of serverless is very bright, and I can’t wait to see what AWS does with the feedback it received. I have a feeling that the announcements at re:Invent are going to change the way people think about serverless.

Also, don’t forget that next week Off-by-none turns ONE YEAR OLD! We might have a few surprises for you as well as some special thank yous for you, our loyal readers! 🎉🎂🎁

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #51

Live from the AWS Developer Influencer Summit… 🤓

Welcome to Issue #51 of Off-by-none. Thanks for being here!

Last week, we welcomed Oracle to the brave new world of FaaS and shared a ridiculous amount of serverless content. This week, I’m at the AWS Developer Influencer Summit, learning about how AWS plans on making their serverless offerings better, and giving our feedback. But have no fear, we’ve got plenty of great serverless content to share this week.

There is a lot of great content to get to. So let’s get right to it. 👍

Serverless News & Product Announcements 🚀

Announcing the general availability of Python support in Azure Functions
Python support for Azure Functions is now generally available. You can now develop Python 3.6 apps to run on the cross-platform, open-source Functions 2.0 runtime.

Seed only deploys the services that have been updated
This is a great new feature from the team over at Monorepos are great for small to mid-size projects, but using it to deploy multiple Serverless projects can be a pain. This new update should solve that issue.

Protego Serverless Security Announces Integration with Splunk and Slack
This is a helpful new feature. Security teams and operations can now get security posture data, security events, and tasks sent straight to their favorite alerting platform from Protego.

Serverless Programming Cookbook
If you’re interested in building serverless applications on AWS with Java, the Serverless Programming Cookbook is available for free.

Debugging the Node.js 10 runtime on AWS Lambda with IOpipe
The Node.js 10.x runtime in AWS Lambda is getting better, but it’s still not perfect. But at least you can monitor it with IOpipe’s new update.

Serverless Stories 📖

Amazon Prime Day 2019 – Powered by AWS
While I’m glad Jeff Barr got a great deal on a new monitor, I’m more interested in the fact that across the 48 hours of Prime Day, there were 7.11 trillion calls to the DynamoDB API, peaking at 45.4 million requests per second. I’m betting your traffic is lower than that. 😉

Killing Trees with Lambda Functions
This is an extremely thorough and well thought out piece by Shea Kelly that outlines his organization’s serverless journey. Could make a great roadmap for people looking to get started.

How We Built a Serverless Progressive Web App with Cloudflare Workers
Krayx is a personal finance application to gain insights into your finances, and was built entirely using CloudFlare Workers and WebAssembly. That’s pretty interesting.

Serverless Use Cases 🗺

Automating AWS infrastructure workflows with the Serverless Framework
This is a great post by Bernat Ràfales that shows three different ways his organization utilized Lambda functions and native AWS infrastructure to add automation to their existing stack. All of these are a great way to start your serverless journey.

AWS Lambda as form submit handler
Form handling is a classic use case for serverless. Nickolay Laptev outlines this use case in a way that’s much more complex than it needs to be, but the general idea is correct.

How to put EC2 instances to sleep automatically
Dave Macdonald uses Lambdas in a similar way to shutdown unneeded EC2 instances at night. This post also contains a complete tutorial to get you up and running (or shutting down) in no time.

Serverless Transactional Email Setup with Analytics using AWS SES, Glue, Athena, QuickSight
Pratik Bhopal outlines some ideas for building a serverless email component for sending transaction emails. He then uses Athena and QuickSight to add some performance reporting.

If you’re interested in learning some advanced serverless concepts… 🏗

SQS and Lambda: the missing guide on failure modes
There seems to be a lot of confusion around subscribing Lambdas to SQS queues. Yan Cui wrote this piece to clear some things up.

Tracking API Gateway metrics in Serverless applications
Debugging errors with API Gateway and Lambda functions can be an arduous task. Alex DeBrie identifies three major visibility issues and explains how the new full lifecycle Serverless Framework is making it easier for you.

What is the right way to do rollbacks in Serverless apps
You might think that rollbacks in serverless would be very similar to those in more traditional systems. Frank from points out why this isn’t always the case.

What you gonna do when failures come for you?
Karol Junde explains how using Step Functions and implementing the SAGA pattern can help you add more resiliency to your serverless applications.

Common Design Patterns in Distributed Architectures
This is a great article by Nitzan Shapira from Epsagon about four patterns that can be used with our distributed applications.

Why you should use a manual approval step in a Serverless CI/CD pipeline
More sound advice from I’d love to live in a world of continuous deployment, but having that manual approval step has saved me a few times in the past.

Deploying a monorepo Serverless app with interdependent services
I’m always wary of creating too much coupling between serverless services, but this is a common technique. In circumstances like this, I usually deploy a separate service with just an SNS topic. This way, services are dependent on a single higher level abstraction, instead of each other.

When are Cold Starts a Problem?
Ido Neeman gives a complete breakdown of what causes cold starts, what factors impact them, and how the cloud providers compare.

If you’re just starting your serverless journey… 🐣

10 Things I Wish I Had Known About Serverless
I feel like there have been a lot of these posts lately, but nonetheless, worth the read if you’re starting with serverless.

The time for serverless is now – tips for getting started
Chris Wahl shares his experiences getting to grips with serverless technology, what he learned throughout the process, and whether, ultimately, serverless is something worth considering. TLDR; It is.

The traits of serverless architecture
Wisen Tanasa has a great piece that outlines six different “traits” of serverless applications and how we need to understand them to build better serverless applications.

Why is Serverless Architecture becoming popular for App Development?
This is a bit of a lengthy piece, but if you’re looking for a general overview of the serverless paradigm, as well as some pros and cons, this might be a good read. And, yes, we know there are servers in serverless.

Serverless Tutorials 🏗

The difficulty with monitoring AWS Lambda functions (and how to solve it)
Gareth McCumskey outlines some of the difficulties of monitoring Lambda functions and shows how the Serverless Framework’s new monitoring capabilities can help you.

How to deploy only the updated services in a monorepo Serverless app
The team at adds a bit more context to the difficulties of deploying multiple services in a monorepo. In this post, they offer two great strategies for handling this yourself (that is, if you don’t want to use their product).

Uploading objects to S3 using one-time pre signed URLs
Eetu Tuomala had some ideas for creating one-time pre-signed URLs for S3. This is an interesting approach, that he’ll walk you through.

Rest Api Just with ApiGateway and DynamoDb
API Gateway Service Integrations are incredibly powerful and allow you to skip using a Lambda function altogether. Rafael Campana gives us a quick and dirty intro. Be sure to heed his advice about securing your API.

Serverless – PDF Generation
Jose Santos outlines how to configure a Serverless application to generate PDF reports.

Serverless PHP using AWS Lambda
More helpful tips for serverless PHP fans. Jacques Fu shows you how to use bref to setup a serverless Laravel project on AWS Lambda.

Callbacks with AWS Step Functions
Using callbacks to control Step Function executions opens up lots of really handy use cases. Ross Rhodes Shows you how to set them up using the CDK.

Adding serverless functionality to existing applications
James Beswick walks you through deploying applications and components using the Serverless Application Repository (SAR). He also shows you how to build your own. Why reinvent the wheel if you don’t need to?

Using callback URLs for approval emails with AWS Step Functions
If you want another great example from SAR, let Ben Kehoe walk you through using the sfn-callback-urls SAR app to generate one-time-use callback URLs through a call to either an Amazon API Gateway or a Lambda function.

Good to Go: Getting Started with AWS Lambda and Go
Using Go with Lambda is fast. If you’re interested in how you can get started, this piece from Ran Ribenzaft with give you a good primer.

Serverless Security 🔒

Severe Truth About Serverless Security and Ways to Mitigate Major Risks
I don’t think that Roman Sachenko is trying to scare you, but he does make several really good points about serverless security. I don’t think serverless apps are more “porous”, as he puts it, but this is definitely worth the read.

Serverless Reads 🤓

Lambda vs Lambdas
This is a great piece by Sheen Brisals that calls attention to the dilemma that we face every day as serverless developers. While the single responsibility principle makes a ton of sense, the practicality of its implementation often leaves us hitting a performance brick wall.

Why You Should Double Down On Serverless Infrastructure
Jesse Moore argues that serverless allows an individual or a company to focus its entire efforts on its Unique Selling Proposition (USP), and he’s not wrong.

Mono- or Multi-repo?
This isn’t specific to serverless, but it is always interesting to hear other people’s experience with mono vs multi-repos. John Clarke adds his perspective.

FaaS is Key to DevOps Efficiency
I think that DevOps is a great onramp for serverless adoption. There are so many things that can be automated (or re-automated) with Lambda functions. Mike Duensing only scratches the surface here, but I definitely like the angle.

When you prefer multimedia experiences… 📽

Episode #10: Testable Serverless Applications with Slobodan Stojanović
In this episode, I chat with Slobodan Stojanović about why testing is important, how it changes with serverless, and how to make our applications more testable using hexagonal architecture.

Upload a file to S3 using Amplify | Serverless
In this video, Marcia Villalba shows us how to upload a file to S3 from a React app using AWS Amplify library.

Serverless v Containers
World renowned serverless hero and aspiring rapper, Forrest Brazeal, brings us the latest song to take over the tech/cloud/serverless rap world. Watch and listen as Forrest leads you through three minutes of artisanal, eloquently crafted english in this beautiful yet raw masterpiece. 🎤

When you’re wondering what AWS is building… 👷‍♀️

Amazon Athena now supports querying data from Amazon S3 Requester Pays Buckets
With this release, Athena workgroup administrators can configure workgroup settings to allow members to reference S3 Requester Pays buckets in queries.

AWS App Mesh now supports routing based on HTTP headers and specifying route priorities
AWS App Mesh now supports HTTP header-based routing to manage traffic between services, in addition to the previously available path prefix based and host based routing capabilities.

Serverless Tools 🛠

horike37/serverless-apigateway-service-proxy: Serverless Framework plugin that supports the AWS service proxy integration feature of API Gateway
Make building service integrations easier with this Serverless Framework plugin. It now supports an S3 proxy as well.

lambci/node-custom-lambda: A custom runtime for AWS Lambda to execute functions in Node.js v10.x or v12.x
If, for some reason, you need to use Node.js v12.x, the node-custom-lambda runtime has been updated with v12.8.1.

Thoughts from Twitter 🐦

Recently, there seems to be a trend of dumbnification of AWS services to make it easier for newcomers, while making good design harder. This is not a good trend. ~ @bjorg
Sometimes over simplifications can create constraints. I’m curious about your thoughts on this.

What would you consider are the “best practices” and “anti-patterns” of using the @goserverless framework? e.g. using * for IAM perm is definitely an anti-pattern! #serverless #aws #awslambda ~ @theburningmonk
Interesting discussion here. There are so many ways to accomplish things, but certainly we are getting to a point where rights and wrongs are becoming more understood.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

August 22, 2019 – We are the AWS Serverless Heroes – Ask the Experts

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Sheen Brisals (@sheenbrisals).  Sheen is a seasoned software engineer and AWS Certified Solutions Architect that is architecting and guiding engineers building serverless ecommerce solutions at LEGO (yes, that LEGO). Sheen has been speaking at serverless conferences around the world and spreading LEGO’s serverless success story. Recently, he’s written some blog posts that are highlighting the serverless purity versus practicality issue that so many developers and companies are facing. These are the types of stories that others need to hear and cloud providers need to address. Thanks for your continued insights and contributions, Sheen!  🙌

Final Thoughts 🤔

I’ve only been at this AWS Developer Influencer Summit for a few hours, but it is abundantly clear that AWS is committed to upping their serverless game. If you have any questions or feedback that you’d like me to pass on to the team, just let me know.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next week,