Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to my weekly newsletter, or follow me on TwitterGithub and Facebook.


My Latest Posts:

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

25 Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting.. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of 25 people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Audio Version

Continue Reading…

Event Injection: A New Serverless Attack Vector

As more and more developers and companies adopt serverless architecture, the likelihood of hackers exploiting these applications increases dramatically. The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. There has been a lot of hype about #NoOPS with serverless environments 🤥, which is simply not true 😡. Many traditional applications are frontended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. With serverless, these all go away. 😳

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #7

Livin’ in the (serverless) future 🤖

Welcome to Issue #7 of Off-by-none. I’m excited to have you here! 🙌 Let’s talk about serverless.

Last week we talked about the future of serverless now that institutional investors are starting to get behind some related startups. This week I want to talk about a recent announcement from AWS that sheds even more light on what the future of serverless holds and why it will become the dominant force in cloud computing.

Let’s get started!

Why incremental changes can actually mean very big things… 🐘

Last week AWS announced that Lambda functions can now run up to 15 minutes. They also introduced the new “Applications” menu in the Lambda Console. On their own, these may seem like small improvements to AWS’s Lambda compute product. However, in my new post, What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I argue that these announcement actually tell us a heck of lot more.

There are many arguments against serverless (some of them are even valid 😉). But these improvements give us insights into the ongoing battle to create a new kind of near limitless compute layer, one that could handle just about any use case. These are very exciting times.

When you realize that serverless might be more about business value… 📈

Every once in a while, someone will articulate something in a way that pretty much anyone (even company executives 😬) can understand. The Business Case For Serverless is a brilliant piece by Forrest Brazeal that should be sent to every C-level executive at your company. This piece covers everything from the total cost of ownership fallacy to the weak vendor lock-in argument. I also love how it doesn’t introduce serverless as an “all-or-nothing proposition”, but instead, can be adopted over time by using something like the Strangler Pattern.

When you’re looking for some serverless brain candy… 🍭

James Beswick’s (@jbesw) new post, Postcards from Lambda @ the Edge, is an exciting (and potentially sobering) look into the magical space that is Lambda@Edge. With all the recent buzz about Cloudflare Workers, it’s been easy to forget that AWS has had this for quite some time. The term “multi-region” is generally enough to induce panic attacks in many a developer. Lambda@Edge might be a good first foray into this uncharted (and mostly undocumented) territory. 👨‍🚀

Serverless DevOps: Why Serverless For Operations People is another great read where Tom McLaughlin thoroughly discuses how serverless makes teams more efficient by handing off operations to the cloud provider. Not only does this reduce operational costs, but it gives your team more time to solve business problems (you know, the things that actually make you money). 🤑

And Yan Cui is at it again, detailing some Common Node8 mistakes in Lambda. Node8 means access to async/await, but there are several ways in which we can (and most likely will) misuse this powerful new feature. This post is a must read for Node.js developers using serverless. 👩‍💻

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Forrest Brazeal (@forrestbrazeal). I already mentioned Forrest’s amazing piece, The Business Case For Serverless, but Forrest is also a man on a (serverless) mission. As a Senior Cloud Architect at Trek10, Inc., an AWS consulting firm, Forrest works with real-world customers solving real-world serverless problems. But rather than keeping all that learning to himself, he is constantly sharing it with the community. Whether it be through his talks at conferences, his “Serverless Superheroes” blog series, his regular hosting of the Think FaaS podcast, or his FaaS and Furious cartoons, Forrest is doing great work to educate the masses about the benefits of serverless. And he’s also an AWS Serverless Hero.

Final Thoughts 🤔

For the last several years I have seen the same list of arguments against serverless: vendor lock-in, steep learning curve, not suitable for long running tasks, cold starts, poor logging, lack of observability, hard to test locally, response latency, etc.

Many of the above are valid concerns, but most are merely due to the fact that serverless is still in its infancy as a compute platform. Technical challenges aside, if we look beyond arbitrary limits, recycled cloud-based virtual machine arguments, and the semantics we use to describe it, we’ll see that something entirely new is being invented here. Serverless (or service-full) technology will continue to mature, and soon there will be little left to argue about.

How was this issue of Off-by-none? Feedback and suggestions are always appreciated. Contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and how you’d like to contribute to Off-by-none. Your input helps me make this newsletter better each week.

Go build some great serverless apps. Hope to see you all next time!

Best,
Jeremy

Off-by-none: Issue #6

The future (of serverless) is so bright, I gotta wear shades 😎

Welcome to Issue #6 of Off-by-none. I’m glad you’re here! 😉

There’s a lot to get to this week, but first… I need your help. 🙏

As I said from the beginning, this newsletter is a bit of an experiment. My goal was to create something different than your typical list of recent articles to read. I wanted to bring inspiration, along with a “curriculum” of sorts, that we could use to build on our serverless knowledge and explore new techniques to become better developers and product people. My hope was that feedback from the community would help drive the discussion and that we could explore these paths together.

I’ve received lots of great feedback (which I’m very grateful for), and I’ve incorporated that feedback into each new issue. However, I want to push this further. I want to know your questions, your insights, your successes, and your failures. Send me your posts, your videos, your tweets, your books, your courses, your case studies, or simply one sentence that shares something you’ve learned about serverless. I want Off-by-none to be a conversation that promotes serverless and encourages others to adopt it. Your participation, even something small, will go a long way!

And now, back to today’s issue…

When you’re overwhelmed by the re:Invent event catalog… 🎓

A group of AWS Heroes released their picks from the re:Invent event catalog.  Marcia Villalba’s Adopting Serverless and Eric Hammond’s Advanced Serverless guides are chockfull of great sessions. I’ll be at re:Invent this year as well, so please be sure to connect with me so we can meet up.

When you just can’t get enough serverless content… 📚

If you want to get super technical, Ory Segal over at PureSec had a chat with Jeff Foristal (aka Rain Forest Puppy) about serverless security. You might remember Jeff as the guy who first documented SQL injection and the Poison NULL byte. Certainly worth the read if you’re serious about the future of serverless security.

Christophe Bougère put together a list of Serverless framework tips and tricks. He’s created a lot of boilerplate code to make his life easier, which you can definitely borrow to make your life easier. He heavily embraces the monolithic approach, leading to very large services (which I’m not a fan of), but there are plenty of great takeaways.

Seth Vargo, a developer advocate over at Google, wrote a great piece that explores Secrets in Serverless. This topic continually surfaces as vendors release more tools to deal with this issue and developers become more aware of the security risks associated with it.

When people are willing to bet $7M on the future of serverless… 💰

Last week, PureSec raised $7M in a Series A round led by Square Peg Capital. This is a huge deal for us serverless fanatics out there. Not just because this has allowed PureSec to offer a Free Tier of their serverless security platform, but because this shows the continued commitment that institutional investors are willing to make in the serverless space. This follows an institutional investment into Stackery, who raised $5.5M earlier this year. There are a lot of serverless startups that are still working off their seed rounds, so it will be interesting to see what happens with more investors looking to jump on the serverless bandwagon.

What to think when all your circles are suddenly empty… 🤷‍♂️

Alphabet is shutting down Google+ after data from over 500,000 user accounts were inadvertently exposed to third-party developers. Google says the security issue didn’t meet the threshold needed to notify users, but clearly the privacy issue, coupled with the fact that nobody uses Google+, has made the decision to shutter the service much easier.

I mention this because companies (and consumers) are getting more savvy about privacy. These types of news stories, along with the daunting requirements of GDPR, make it more difficult for smaller companies to comply with regulations and user expectations. Google also announced that Gmail Add-Ons will soon require “third-party security assessment that will cost them about $15,000 to $75,000.” Serverless applications and the robust security of cloud vendors will help startups enhance their security posture if best practices are embraced. Something worth exploring more.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Yan Cui (aka @theburningmonk). Yan is a staple in the serverless community. He’s an AWS Serverless Hero, his Production Ready Serverless course is one of the most comprehensive available, and his blog is a treasure trove of serverless content. Beyond all that, he is a regular speaker at serverless conferences, sharing information and insights directly from working in the serverless trenches. His posts and conference talks always dig deep into advanced topics, which helps those that are well beyond the “build your first serverless app” stage and are ready to take it to the next level.

Final Thoughts 🤔

There’s so much to learn and explore when it comes to serverless that it can often seem overwhelming. However, the serverless community is filled with a number of really helpful people who love serverless and the potential it brings. With new serverless starts up getting funding and more and more people starting to share their experiences with this technology, I’m looking forward to a very bright future for serverless!

I hope you enjoyed this issue of Off-by-none. Feedback and suggestions would be greatly appreciate so that I can continue to make this newsletter better. Contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and how you’d like to contribute to Off-by-none.

Go build some great serverless apps. Hope to see you all next week!

Until next time,
Jeremy

Off-by-none: Issue #5

It’s nobody’s fault but mine

Welcome to Issue #5 of Off-by-none. I really appreciate you being here! 🙌

Last week we took a more in-depth look at how we can use traditional microservice patterns and adapt them to our serverless applications. An Introduction to Serverless Microservices was the first in a series of posts to demonstrate the power of serverless microservices and how they can be implemented.

There are a lot of topics to cover, but I consistently get questions about how to handle errors in distributed systems. This is especially significant with serverless architectures since functions are ephemeral and observability is less than ideal. I’m working on a new post on this topic that I’ll share soon.

In the meantime… ⏰

When you’re looking for a good serverless read… 📖

The Case of the Broken Lambda by Vicki Boykis is an interesting read that turns debugging a Lambda function into a modern Sherlock Holmes mystery. The issue described is very specific, but there are some valid lessons in here.

Speaking of debugging, Investigating spikes in AWS Lambda function concurrency by Ian Carlson, Principal Solutions Architect at AWS, is another great read. This post gives you some useful strategies for tracking down issues caused by errant code or upstream scaling that can exacerbate concurrency issues.

Finally, Adnan Rahić published A crash course on Serverless with AWS — Image resize on-the-fly with Lambda and S3. Interesting use of Docker to package binaries for a Lambda function. This is a great example of how the Lambda runtime environment can support much more complex use cases.

When the idea of “serverless” relational databases piques your interest… 🕵️‍♂️

Aurora Serverless has been generally available for almost 2 months now. I was really excited when it came out and published Aurora Serverless: The Good, the Bad and the Scalable which goes into quite a bit of detail regarding cost and performance. I notices that AWS is hosting some webinars this week that might be interesting to those who want to explore this technology in more depth. You can register here for a live session or to get the replay when it’s available.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Paul Johnston (@PaulDJohnston). Paul was one of the co-founders of ServerlessDays (formerly Jeff), a senior developer advocate for serverless at AWS, and a serial CTO that has embraced serverless in all his recent endeavors. I really like the way Paul thinks about serverless, and while his occasional blog post is always worth the read, I’ve found myself spending a lot of time lately watching some of his conference talks. Like this one and this one and definitely this one.

One of the things I like so much about Paul is that he’s opinionated. I don’t always agree with some of his opinions 😉, but I definitely like how he makes his case for serverless and how it should be done. With best practices still emerging in serverless, I think it’s important for new developers to have some sort of framework to start with. Agree or disagree, Paul continues to put his ideas out there.

Final Thoughts 🤔

I’ve spent a lot of time this past week continuing to work on our serverless microservices at AlertMe. I’ve been immersed in this for the last few months, and through that process, some of my thinking has evolved a bit. I’ve discovered so many nuances, complexities, and workarounds, that I’ve had to stop a few times to build tools (like serverless-mysql) to encapsulate some of them. While these are obviously helpful, I feel like some of this tooling is starting to bog down the simplicity that is (or was) serverless. My boilerplates are getting a bit out of hand, which is something to think about.

I hope you enjoyed this issue of Off-by-none. Please send me feedback and suggestions to make this newsletter better. Contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or even how you’d like to contribute to Off-by-none.

Go build some great serverless apps. Hope to see you all next week!

Take care,
Jeremy