Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to Off-by-none, my weekly newsletter that focuses on all things serverless. You can also follow me on TwitterGithub and Facebook.


My Latest Posts:

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #38

Introducing Serverless Chats… 🎙

Welcome to Issue #38 of Off-by-none. Thanks for being here! 🙌

Last week we looked at a number of exciting updates to the Serverless Framework and the AWS Lambda Node.js runtime. This week, we’re introducing the new Serverless Chats Podcast, we take on some serverless contrarians, and we share a ton of great content from the serverless community.

Another busy week for serverless. So let’s get to it. 💥

When you like chatting about Serverless… 🎙

Talking to other people about serverless is one of my favorite things to do. It seems that no matter whom I talk to, I always learn something new. Whether it’s an unknown product feature, an interesting architectural pattern, or simply a validation of the way I was approaching something, the takeaways are always incredibly helpful. The more conversations I have with smart people, the better I become at understanding the nuances of serverless and the possibilities that come with it. I want to have more of those conversations, and I want to share them with you!

For the last few months, I’ve been working to create a new podcast that will do just that. Today, I am excited to announce Serverless Chats! Each week, I’ll be joined by an expert guest to geek out on all things serverless. We’ll have detailed discussions about serverless architectures, best practices, monitoring and observability, tooling, security, and so much more. I have a number of amazing guests lined up, and I’m looking forward to sharing the first episode on Monday, June 17th.

Serverless Chats serves as a way to bring those in the serverless community together. The podcast aims to introduce serverless newcomers to new ideas and perspectives, and invite serverless veterans into the dialogue and to investigate the nuances of the craft. For more information (and to sign up for the mailing list), visit the show’s website at ServerlessChats.com. You can also follow the show on Twitter at @ServerlessChats. This is going to be a lot of fun, and I’m really hoping you’ll join me and spread the word.

Serverless News & Product Announcements 📢

Registration for AWS re:Invent 2019 is now open!
AWS’s massive developer conference is scheduled for December 2-6, 2019 in Las Vegas. I went last year and it was amazing,  so I’ll definitely be there in 2019 (this time as an AWS Serverless Hero). 😊

Get ready to write — Workers KV is now in GA!
Workers KV is a highly distributed, eventually consistent, key-value store that spans Cloudflare’s global edge. It allows you to store billions of key-value pairs and read them with ultra-low latency anywhere in the world. 😳 Wow.

Collaborating for Serverless Observability on Thundra!
Thundra announced “Team Support” this past week. You now have the ability to collaborate with teammates over your serverless architectures while troubleshooting, debugging, or just monitoring. Great stuff!

Announcing Modules for AWS Lambda – NodeSource
N|Solid for AWS Lambda continuously scans your projects for existing security vulnerabilities, license concerns, code risk and code quality. It also checks packages from the npm registry and computes a score based on a number of weighted criteria.

Serverless Use Cases 🗺

Colorise your cat pics with Serverless!
I can’t think of a better use case for serverless than to colorize pictures of cats. Alex Ellis shows you how to do it with OpenFaaS.

Create Twitter Image Recognition Bot with Serverless and AWS
Maciek Grzybek gives us a complete tutorial for using serverless to recognize images from Twitter.

Tracking and Reminders in AWS Amplify
Jan Hesters shows us an incredibly powerful use case using Amplify Analytics and Amazon Pinpoint to reengage customer based on their app usage. Very, very cool.

Building a Multi Streaming Alexa Skill with the Alexa Skills Kit
Creating voice skills is a perfect serverless use case. Yi Ai shows us how to build a straightforward radio skill with Lambda and DynamoDB.

Building a Serverless Lumen API with AWS Lambda and DynamoDB
PHP on Lambda, sure, but what about using Laravel? Pietro Iglio shows you how to use the Lumen “micro-framework” to deploy your very own Laravel-esque API.

Querying CSV files using S3 Select
This is another really great use case when you need to run simple queries against static files in S3. Dhaval Nagar gives you the basics and shows you a sample Lambda function to access this programatically.

When you’re thinking about going serverless… 🤔

AWS Lambda Pricing: Low, But Unpredictable
In my experience, serverless reduces the TCO of your applications, but this short piece by Katy Stalcup does point out a valid concern. Probably not a big deal for startups, but larger companies might not be as comfortable using the OPEX approach.

3 ways serverless is a game changer
You probably already knew these, but Lee Atchison from New Relic gives you three compelling reasons to go serverless.

How To Create Serverless API Functions With AWS Lambda
If you’ve never used serverless before and you want a really basic “Hello World” tutorial, this should get you started.

Serverless Tutorials 🏗

Enterprise CI/CD on AWS: a pragmatic approach
According to Forrest Brazeal, nobody cares how cool your CI/CD pipeline is. Well, the examples he gives in this post are pretty darn cool. So I care. 😉

Using the Serverless framework to deploy hybrid serverless/cluster workflows
Rustem Feyzkhanov teaches you how to build hybrid workflows using AWS Step functions, AWS Batch, AWS Fargate, and AWS Lambda using the Serverless Framework.

Using AWS CloudWatch Insights to fine tune your Lambda functions
Over provisioning your Lambdas probably isn’t go to break the bank right away, but Kyle Galbraith gives you a few tips on how to optimize the cost, especially once you start getting some significant usage.

Using multiple authorization types with AWS AppSync GraphQL APIs
AWS AppSync now allows you to use multiple authorization types with GraphQL APIs. This post runs through all the technical details of implementing it.

A self-healing Kinesis function that adapts its throughput based on perform
Yan Cui shares how he helped a client create a Kinesis ingestion pipeline that automatically updates its batch size based on current throughput.

AWS SAM + Cloudformation macros, a patch made in heaven
I think I need to create a “Yan Cui” section of my newsletter!  In this post, he shows you how to use CloudFormation macros to customize a SAM template’s behavior. It’s a complex workaround, but sometimes they are necessary.

Building a To-Do List with Workers and KV
What can you do with a massively scalable Key-Value store that’s globally distributed to the edge? Build a To-Do list app, of course!

Serverless Security 🔒

Exploiting Common Serverless Security Flaws in AWS
Chris McQuaid has an excellent post that outlines a number of possible exploits that you should watch out for, and how to mitigate them.

Event-driven Security Remediation with AWS Auto Remediate
Marat Levit and Jay Kim have developed an open source application to perform automatic security remediation based on compliance events from AWS Config. And it’s completely serverless.

Yes, there are security ramifications to serverless computing
I think there are some good arguments in here, but serverless has a default security posture that is very, very good. Application security best practices obviously still apply.

Serverless Authentication with AWS Lambda@Edge & Auth0
Brandon Wallace has a great piece that shows you how Expero uses Lambda@Edge to authorize users at the edge instead of at the API Gateway level. Great use case and an interesting way to separate security from your underlying applications.

Serverless Reads 🤓

The Best of Both Worlds with AWS Fargate
Wow, Fargate has been getting a lot of attention lately. Here’s another post that explains more about the services and how it can fit into your overall serverless solution.

AWS Lambda Node.js 10 Support and Benchmark
Here’s something interesting. Ran Ribenzaft from Epsagon ran some benchmarks against the Node.js 10.x runtime and it’s actually…slower.  Hmm. 🐢

Lambda and Kinesis – beware of hot streams
Yan apparently doesn’t sleep, he just writes amazing blog posts all the time. In this piece, he shows us how Kinesis Analytics can be used to fan out events to specialized streams.

The Urlist — An application study in Serverless and Azure
Burke Holland and Cecil Phillip have launched a new serverless app (The Urlist), and they wrote an excellent piece about how they built it, the challenges they faced, and what they learned. It’s a cool app, too.

Why Serverless Won’t Replace Traditional Servers
This week on Opposing Viewpoints… 😉 For now, yes, there are workloads that serverless doesn’t excel at, but that was true for when the “cloud” first started, too. Serverless has come a long way, and as I have said before, current limitations are just tomorrow’s AWS announcements.

What makes Google Cloud Platform unique compared to Azure and Amazon
Here is another interesting piece worth reading. I personally think Google’s approach to serverless (i.e. containers) is adding too many layers of abstraction. The closer we can get to the metal, the better, at least IMO. I’m also not sure I agree that AWS and Microsoft haven’t approached “cloud transitions” effectively. I’m pretty sure that Amazon Outpost is still a thing.

Thoughts from Twitter… 🐦

Speaking of not loving the way the new nodejs10.x runtime bootstrap JS is written, turns out there’s a bug in it that prevents your handler from ever being called if you have events in the event loop (eg, setInterval). ~ Michael Hart
The release of Node.js v10.x in Lambda has raised a few concerns. Michael’s thread is a great read to see some of the issues (including with the logger) that have been discovered.

Look, I really try to be nice when people make Medium posts that aren’t really accurate because we’re all learning. However, I don’t try as hard when the article is hidden behind a company’s name instead of a particular engineer. This article is bad. ~ Richard Boyd
My mother taught me that whole “if you don’t have anything nice to say” bit when I was a kid, but I have to agree with Richard on this one. This thread points out quite a few misrepresentations made with this post.

It took us 4.5 years, but we finally hit the AWS Lambda code storage limit (75 GB) in one account/region. Unfortunately, the AWS Limit Monitor (AWS Solution) did not warn us, because the AWS Lambda code storage limit is not one of the limits checked by the AWS Trusted Advisor. ~ Eric Hammond
Sorry, Lindsay Lohan, but in this case, the limit does exist. Eric shares the issue he ran into, the possible solutions, and the stellar response from AWS’s customer service to help them resolve the issue.

When you don’t feel like reading… 🍿

Start Right: Automate Your Serverless Application Deployments Using AWS SAM
This is a great video from Eric Johnson that shows you step-by-step how to create an automated CI/CD pipeline.

Using AWS Rekognition from AWS Lambda
Marcia Villalba has another video that shows you how to build a serverless application that uses Rekognition to detect cats. Yes, more cats. 🐈

DevOps Defined – DevOps and the Serverless World
Tom McLaughlin, the founder of ServerlessOps, discusses the future of DevOps and the move to a serverless world.

“Ancient Wisdom” – FaaS and Furious
Forrest Brazeal shares some “Ancient Wisdom” in his latest FaaS and Furious cartoon.

When you want to know what AWS has been up to… 👩‍🚀

AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs
AWS AppSync now supports configuring more than one authorization type simultaneously for GraphQL APIs. For example, you can configure your GraphQL API to authorize some schema fields using OpenID Connect (OIDC), while authorizing other schema fields through Amazon Cognito User Pools and/or AWS Identity and Access Management (IAM).

Amazon Transcribe now supports Hindi and Indian-accented English
This brings the total number of languages and dialects supported up to lucky number 13. 🦇

Amazon SNS Adds Support for Cost Allocation Tags
New SNS tagging support is a great addition. Now you can apply fine-grained monitoring to SNS topics and associate the costs with specific serverless workloads and client applications.

Amazon GuardDuty Adds Two New Threat Detections
GuardDuty is a great way to monitor your AWS accounts for suspicious activity. This new update adds a PrivilegeEscalation alert that can show if an IAM User is granted Administrative Permissions. Super helpful for monitoring IAM roles for serverless deployments.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

May 29, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Eric Johnson (@edjgeek). Eric is a Senior Developer Advocate for Serverless at AWS (no, not the Cliffs of Dover guy), and the proud owner of a glorious goatee. But more importantly, he has been putting out some amazing serverless content lately. You can follow his #ServerlessForEveryone hashtag on Twitter, tune into his Building Happy Little APIs Twitch show, or read some of his excellent posts on the AWS Serverless blog. You can tell that Eric is truly passionate about the products he promotes, and the work he’s been doing to share that passion and knowledge with the community is truly appreciated. Thanks, Eric! 👏

Final Thoughts 🤔

First they ignore you, then they laugh at you, then they fight you, then you win. ~ Mahatma Gandhi

Serverless is eating the software world. In my (and others’) experience, it’s cheaper, faster to develop, and allows you to rapidly deliver new features and value to your customers. Which is what really matters. All without worrying about the underlying infrastructure, the scaling capacity, or the operational overhead. Serverless is not a one-size-fits-all solution, and yes, there are still plenty of edge cases that it doesn’t work well for. But I think that anyone who doesn’t see the writing on the wall will be left behind. There is so much more to discuss, so I hope you’ll join me for some Serverless Chats so we can explore the possibilities together.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

See you soon,
Jeremy

Off-by-none: Issue #37

Your serverless apps just got some major upgrades… 🚀

Welcome to Issue #37 of Off-by-none. It’s so great you’re here! 🎉

Last week we look at how we can create a better local development experience when building serverless applications. This week, we look at a number of exciting updates to the Serverless Framework and the AWS Lambda Node.js runtime. Plus we share lots of great content from the serverless community.

There were a lot of serverless happenings last week, so let’s jump right in. 🦈

Serverless News & Product Announcements 📢

Serverless Framework v1.42.0 Released
There are so many amazing things packed into this version including API Gateway Logs support, enabling Binary Media Type responses, and Request Body Validations.

Azure SQL Database serverless (preview)
Some more information about the new “serverless” Azure SQL Database. Interesting points in here. Take note of what it is “well-suited” for and what it is not.

Stick to your ELK Stack and Continue to Observe your Lambdas
Now you can use your own ELK stack with a new Thundra plugin. I’m a big fan of Thundra’s integration strategy, especially since many companies adopting serverless are still using these other tools for existing workloads.

Epsagon Launches Agentless Tracing and Why That’s Important
This announcement from Epsagon is also extremely interesting. Many of these serverless observability companies started by focusing on the ephemeral compute monitoring problem. But by adopting the broader vision to support “modern” applications in general, I think they are positioning themselves much better.

Serverless Use Cases 🗺

Serverless for data scientists
Mike Williams presents a really well-written (and long) article about using Lambda for a variety of data science tasks. Sure there are limitations, but there are also plenty of great use cases for it as well.

How to Proxy the BigCommerce API Using Serverless Functions and Amazon API Gateway
Using AWS Lambda as a proxy might not always be the best idea, but Brian Davenport has a valid use case for it.

Streaming data analysis with Kinesis
Dhaval Nagar outlines and demonstrates a powerful use case using Kinesis streams and Kinesis Data Analytics.

How to control and record voice calls with Node.js serverless functions
Another use case for Twilio functions. I really like the approach that Twilio is taking. This will (or at least should) become a new standard for providers like this.

When you’re thinking about going serverless… 🤔

Ask the expert: why your business needs AWS serverless
Yan Cui says serverless is scalable and resilient, helps teams respond to business needs faster and more efficiently, and maximizes the return from your most expensive resource: developers.

AWS vs Azure – a quick comparison
Azure is moving fast (though not as fast as AWS), so it might be worth giving it another look. John Demian breaks down the differences.

Serverless Stories 📖

My CloudWatch Logs Are How Old?
Scott Hankinson ran into a fairly common issue with log retention policies. He offers up some solutions as well.

Aggregating Lambda@Edge logs into one CloudWatch log group
This is another common log issue when using Lambda@Edge. Danil Smirnov shows you how he dealt with it, complete with caveats.

Serverless Certifications: The AWS Developer Associate
Yann Stoneman from Serverless Guru shares some tips for prepping and passing the AWS Developer Associate certification exam, based on his own experience.

6 Lessons Learned Sending Mass Emails With AWS Lambda
Interesting look at how Austin Huminski built a mass emailing system that was (almost) 100% serverless. Lots of good patterns mentioned in here.

Serverless Tutorials 🏗

Using AWS Step Functions To Schedule Or Delay SNS Message Publication
Eric Hammond shares a great technique that uses AWS Step Functions’ Wait state to put a delay in front of publishing a message to an SNS topic. All without writing any AWS Lambda code. 👍

Building a REST API with Stackery
The Serverless Guru was blown away by the power of Stackery, and you probably will be too.

How to include Serverless Repository apps in serverless.yml
Simple tip from Yan Cui that shows you how to benefit from SAR apps by using them with your Serverless Framework project.

CloudFormation protip: use !Sub instead of !Join
Yan Cui explains why it’s easier (and less of a cognitive load) to use !Sub instead of !Join in your serverless.yml templates.

GraphQLifying REST
Interesting approach by Nader Dabit that shows you how to put AWS AppSync in front of your existing REST APIs to allow your frontend devs to start working with GraphQL.

How to Handle your Python packaging in Lambda with Serverless plugins
Quick and easy 5 step guide by Amit Joshi.

Build a Twitch Extension With an AWS Serverless Backend
This is a great post that shows you everything you need to know to implement your own Twitch extension using a completely serverless approach.

Serverless Security 🔒

Threat Modeling Serverless
Tanya Janca recounts an informal threat modeling exercise she went through with a colleague. Lots of good questions in here, many of which can probably be solved with the right managed services.

LandMark White drops revenue forecast by $11.5m after data breach
Note to self: Don’t leave your S3 buckets open to the public. 😬

Serverless Reads 🤓

Amazon S3 Path Deprecation Plan – The Rest of the Story
Jeff Barr gives us the inside story behind the announcement to deprecate the path-based access model in S3 buckets. Thanks to all the feedback, old buckets will be backwards compatible.

What AWS Lambda’s Performance Stats Reveal
Great post by Ran Ribenzaft that shares metrics from over 100,000 instances of Epsagon’s monitoring tool. Really interesting to see the most common runtimes, memory configurations, and number of functions per account.

You are wrong about serverless vendor lock-in
Another excellent post by Yan Cui that debunks some of the vendor lock-in FUD. It’s about time to market, not about the highly unlikely situation that will cause you to change cloud providers. Oh yeah, and ORMs are terrible.

Two missing links in Serverless Computing: Stateful Computation and Placement Control
Ion Stoica and Devin Petersohn wrote a very thoughtful piece that addresses (and offers solutions to) some limitations with serverless compute environments.

AWS Fargate: The Future of Serverless Containers
Another post by Ran Ribenzaft that talks about the benefits of Fargate and why it might be the solution you’re looking for (instead of Kubernetes).

Serverless Tools

a-h/dynamocapacity: Compare cost of DynamoDB On Demand versus your current Provisioned Capacity setup.
Nice little Go calculator that will download your DynamoDB stats and give you the cost of provisioned versus on-demand. This could be very useful.

S3 Bucket -> Lambda (AWS Transcribe Audio to Text) -> S3 Bucket
Handy SAR app by Aleksandar Simovic that takes MP3, MP4, WAV, and FLAC audio files, transcribes them to text, and outputs them to an S3 bucket.

AWS Lambda Power Tuning
Here’s another useful SAR app by Alex Casalboni. You provide any Lambda Function as the input, and the state machine will estimate the best power configuration to minimize cost.

hapipal/lalalambda: Serverless functions powered by hapijs
If you’re a hapi fan, you can use this framework to run it on Lambda.

horike37/serverless-step-functions: AWS Step Functions plugin for Serverless Framework
The serverless-step-functions plugin has been updated to support the new workflow execution events for AWS Step Functions.

Thoughts from Twitter… 🐦

In 2018 @comicrelief migrated their donation platform to #serverless – look at the costs! Thanks for sharing @CagsR89 🙏 ~ Danilo Poccia
Incredible cloud cost reduction by switching to a serverless approach. It would be interesting to know how much it saved them in Ops hours as well.

The serverless shift * From Code to Configuration * From High LoC towards Low LoC (preferably zero) * From Building Services to Consuming Services * From Owning Workloads to Disowning Workloads ~ Paul Johnston
Some thoughts on what it means to switch to the serverless mindset. Explanations for each point are in the thread.

An interesting illustration of why limits often lead to long term goodness. The fact that there was a way to achieve the desired results with 230 MB of lesser code means 230 MB less to review, maintain, upgrade, and deploy for the lifetime of the application. ~ Ajay Nair
Great point by Ajay Nair as to why limits aren’t always a bad thing. The same applies to serverless, just because you can’t do it the old way, doesn’t mean you can’t do it.

When you don’t feel like reading… 🍿

Trying different deployment strategies in CodeDeploy: Canary and Linear
Marcia Villalba shows us how to configure CodeDeploy from our Serverless Framework projects using Canary and Linear deployment strategies.

Serving Serverless (Erica Windisch) – Giant Robots Smashing Into Other Giant Robots
Erica Windisch, CTO and co-founder of IOpipe, discusses serverless architecture and how it can make for a clearer user-interaction story.

When you’re curious what cool serverless things AWS has been building… 🕵️‍♂️

AWS Lambda adds support for Node.js v10
You can now develop your AWS Lambda functions using Node.js v10! In addition to leveraging new features (like the V8 6.6 engine performance improvements), Lambda functions written in Node.js 10 run on the latest generation of Amazon Linux, Amazon Linux 2. Sweet.

ICYMI: Serverless Q1 2019
This post recaps all of the amazing things AWS did with serverless during the first quarter of this year. And it is a very long list.

Upcoming updates to the AWS Lambda and AWS Lambda@Edge execution environment
AWS is updating the Lambda execution environment AMI, which, in rare cases, may introduce some compatibility issues. This affects AWS Lambda and AWS Lambda@Edge, so you should read through the post to see if any of your existing functions could be impacted.

Amazon Kinesis Data Analytics now allows you to assign AWS resource tags to your real-time applications
You can now assign AWS resource tags to applications in Amazon Kinesis Data Analytics to easily organize and identify your resources, create cost allocation reports, and control access to resources.

AWS Step Functions Adds Support for Workflow Execution Events
This is a great feature. Step Functions can now automatically deliver event notifications when a workflow starts or completes through CloudWatch Events. This allows you to configure targets like AWS Lambda, Amazon SNS, Amazon Kinesis, or AWS Step Functions to respond to these events.

AWS AppSync Now Enables More Visibility into Performance and Health of GraphQL Operations
You can now better understand the performance of your GraphQL requests and usage characteristics of your schema fields. Plus you can identify resolvers with large latencies and the most and least frequently used fields in your schemas.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner 😊

May 15, 2019 – AWS Developer Happiness – Cloudside Consistency AND Local development speed. Hosted by Stackery

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 21, 2019 – ServerlessDays Milan. The agenda was just released!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erica Windisch (@ewindisch). Erica is the CTO and co-founder of IOpipe (@IOpipes). She’s also an AWS Serverless Community Hero and (of course) a huge proponent of serverless. You can find Erica speaking at conferences and sharing her serverless insights on Twitter, the IOpipe blog, and the occasional podcast. But beyond Erica’s community efforts, her team at IOpipe is empowering companies to more easily adopt and implement this amazing technology. Cloud providers are doing a great job innovating, but having people like Erica and her team constantly pushing the limits, makes for a better overall ecosystem. Thanks for what you do, Erica! 🙌

Final Thoughts 🤔

I feel like I’m repeating myself, but it was another great week for serverless innovations. The Lambda Node.js v10 upgrade is huge. The upgrades to the Serverless Framework are awesome (and much needed). The continued investments from cloud providers, third-parties, and individual developers are pushing serverless forward at a remarkable pace. If you’re overwhelmed, you’re not alone. But it is amazing to watch.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Cheers,
Jeremy

Off-by-none: Issue #36

Developing serverless applications “locally”… 🏠

Welcome to Issue #36 of Off-by-none. It’s nice to see you all again! 👋

Last week we tried to wean ourselves off of our RDBMS addiction, and we explored some interesting serverless use cases. This week, we look at how we can create a better local development experience when building serverless applications. Plus we have a ton of amazing content from the serverless community.

Lots of great stuff to get to this week, so let’s get right to it. 👍

When you’re looking for a better local serverless development workflow… 👨🏻‍💻

The past couple of weeks have seen a number of updates that are trying to make developing and testing your serverless applications easier when working in a local environment. Stackery recently added cloudside support to their local developer tools, and Zeit announced now dev, a tool that performs “hot-reloading” of serverless API backends. These are all great advances, but I’m still a big fan of the Serverless Framework. And unfortunately, their local development experience is still missing a few pieces.

One of those pieces is the inability to seamlessly execute your code locally while accessing cloudside resources. This has been a major issue for me for a very long time (like since November of 2016). The workaround involved using pseudo variables to construct my own service URL or ARN. But this method was error prone and required hardcoding formats for the different service types. More recently, I would export the references in CloudFormation and then use the Serverless Framework cf variable format to load them dynamically. Usually something ugly like this:

So with all the recent hype around local development using cloudside resources, I decided to solve my problem (and maybe yours too) by creating the serverless-cloudside-plugin. With this plugin, you can now use standard CloudFormation intrinsic functions (like !Ref and !GetAtt) in your environment variables. These will automatically be transformed into proper references (like an SQS QueueUrl or an SNS Topic ARN) when executing or testing your functions locally. It even works with serverless-offline and test runner plugins.

If you want to learn more, read my new post Developing Serverless Applications Locally with the “serverless-cloudside-plugin” or check out the plugin on GitHub. I hope it makes your local development experience better, I know it works for me. 😀

Serverless News & Product Announcements 📢

“We recently shaved 1/3 off the p99 on the #awsLambda service’s overhead latency”
Chris Munns took to Twitter to share this pretty exciting announcement about updates that make Lambda functions startup faster. Another benefit of going serverless? Every function you have in production automatically gets these updates.

Serverless Framework Enterprise 0.9.0 – Error Insights
Serverless, Inc. keeps pushing some great new features to their Enterprise Framework. This latest update includes some really great tools that can surface new errors within your applications.

Build 2019: Microsoft, Red Hat develop open-source service for auto-scaling serverless containers on Kubernetes
Yes, there were a lot of announcements from Microsoft this past week. Here’s a good post that summarizes them all for you.

Introducing faast.js
According to the docs, faast.js is “Serverless batch computing made simple.” Actually might be an interesting idea; ephemeral batch jobs using a straightforward framework.

Introducing… CloudFormation extrinsic functions 😉
Yan Cui has a new Serverless Framework plugin that lets you use a number of custom functions anywhere in your serverless.yml as if they’re CloudFormation’s intrinsic functions. Some interesting use cases here.

Serverless Use Cases 🗺

Using CloudWatch and Lambda to implement ad-hoc scheduling
Yan Cui has another great post that shows you a few alternatives to creating serverless cron jobs.

Sharing AWS SNS Topics Across Stages
The engineering team at FloSports needed to decouple their SNS Topics from their serverless.ymls. This is an interesting approach.

Custom geo restriction of AWS CloudFront Distribution using Lambda@Edge
Lots of interesting use case with Lambda@Edge. Here, Rumble Fish used it to modify the behavior of CloudFront based on an IP address blacklist.

Running TensorFlow on AWS Lambda using Serverless
Mike Moritz outlines the process for building a serverless machine learning model.

Serverless “Not Hotdog”
Now you can have your very own Silicon Valley-esque “Hot dog, not hot dog” app. Peter Vanhee shows you how he built a serverless image classifier using fast.ai, AWS Sagemaker and Lambda.

Enterprise use cases for AWS Lambda
Data Lakes, microservices, and disaster recovery are just a few of the serverless use cases for enterprises. Mart Laul from Dashbird breaks these down for you.

When you’re still trying to figure out this whole “serverless” thing… 🤔

Serverless computing pros and cons: 5 benefits and 3 drawbacks
This is a good primer from Brandon Vigliarolo that outlines a few pros and cons of serverless. I wouldn’t quite agree with all of these, but it’s helpful nonetheless.

4 Serverless Myths to Understand Before Getting Started with AWS
To rebut some of Brandon’s claims, Tanusree McCabe from Capitol One has a great article that I whole-heartedly agree with.

Deconstructing Serverless Computing Part 2: the Good, the Bad, and the Time to Market
Lucian Toader does a deep dive on some of the practical use cases for serverless, and where it really shines for organizations.

Serverless Stories 📖

How Mutual of Enumclaw Transformed from AS/400 to Serverless with Confidence
Great story that outlines their approach to moving from an AS/400 and Z-Series Mainframe to running serverless using AWS Lambda.

Building a Text to Speech Converter with AWS Polly
Danielle Heberling spent some time building a serverless text to speech converter. This post shares what she learned during the process.

How I Built A Serverless RSVP Feature With API Gateway, Lambda, and DynamoDB
Emilia Rubio summarizes how she approached building a serverless RSVP feature for her brother’s wedding website and shares a few helpful resources she used.

Go global variable in AWS Lambda
João Reis had a few problems with global variables in his serverless application. His problem was an easy fix, but it might not be obvious to those new to serverless.

Limiting Down Time by “Swapping Stacks” in AWS Lambda Serverless
FloSports shows us another interesting method for minimizing down time with their serverless applications when rerouting traffic between deployments.

Serverless Tutorials 🏗

S3 static site hosting over https with an external domain
Mim Armand gives you “all you need to know and nothing more!”

Combining Terraform and the Serverless Framework Gracefully
Thales Minussi shows you how to build out your shared resources using Terraform, then combine them with your Serverless Framework project.

How to split your serverless.yml with shared resources when you hit the 200 resource limit on AWS CloudFormation
Here is Sharath Prabhal’s simple trick for getting around this limitation.

The Complete Guide to User Authentication with the Amplify Framework
Trying to building your own authentication system when you have Cognito is just nonsense. Nader Dabit gives you the details on everything you need to know about using this service with Amplify.

Automating Serverless framework deployments using Bitbucket Pipelines
Ayush Sharma shows you a simple way to deploy your serverless applications using the Serverless Framework and Bitbucket.

Node.js 6 is approaching End-of-Life – upgrade your AWS Lambda functions to the Node.js 10 LTS
Node.js 6 reached its EOL on April 30th! Liz Parody shows you how you can (and why you should) upgrade your functions to Node.js 10 using a custom runtime. I’m sticking with 8.10 for now.

Serverless Security 🔒

How To Handle Secret Management for Serverless Applications
Pete Hugh outlines the top 3 mistakes and best practices for Serverless Secret Management.

4 Reasons Why CISO’s Need to Have a Plan for Serverless Security in 2019
If you’re a Chief Information Security Officer and your company plans on going serverless, you might want to take a look at this post.

Broken Access Control in Serverless Deployments
According to Protego, over-privileged functions are everywhere, and if the attacker spots the right one, your whole cloud account is in danger.

Serverless Reads 🤓

A Guide to S3 Batch on AWS
S3 Batch is an amazing new service from AWS, and Alex Debrie gives you a complete guide to learn when, why, and how to use it. Check out his plugin for it as well.

Building Serverless Pipelines with Amazon CloudWatch Events
This is an awesome post by Forrest Brazeal that shows you how CloudWatch Events can be used as a serverless message broker similar to SNS. But with nothing to provision, and with similar costs and filtering capabilities.

To VPC or not to VPC? Pros and Cons in AWS Lambda
Yan Cui gives you some advice about using Lambda functions with VPCs. Bottomline, only use them when you have to.

Disaster Tolerance Patterns Using AWS Serverless Services
I love patterns! Ken Robbins has a really great post that outlines a number of patterns and practices to ensure that your service deployments are resilient.

Wide adoption of serverless will be led by tomorrow’s giants, not today’s
Erez Berkner says that soon serverless will be seen as a primary way to develop new applications. That means the next generations of startups will be “serverless first”, ultimately leading to widespread adoption. Makes sense to me.

Using IoT with Serverless to Tackle Global Issues
I really liked this post by Sarjeel Yusuf. IoT can be a powerful tool for social projects. But there are limitations (cost is one) when it comes to being able to collect and process all that sensor data. Sarjeel argues that serverless is a great solution to this problem.

The new AWS X-Ray Analytics feature: How your serverless apps can benefit from it
Nuweba breaks down the new analytics feature of AWS X-Ray and shows you some ways you can use it to get better insights into your serverless apps.

How to Get Real-Time Visibility Into Serverless Apps
Adam Johnson from IOpipe shares some of the challenges he has faced in this industry, along with best practices and technical tips when it comes to monitoring your serverless applications.

Thoughts from Twitter… 🐦

Comments like this are in line with my thinking that k8s is the last hill for traditional IT/Ops to die on. After this more fully managed services and #serverless will dominate. Rough edges today, yes, but so did “cloud” 7 years ago. ~ Chris Munns
Interesting take on a post by Kelsey Hightower. The pace of innovation is absolutely staggering. Serverless four years ago is almost unrecognizable today. And in a very good way.

If you think that building #Serverless Architectures on #AWS is “innovation” and a risky choice maybe you should take a look at this screen by Mai-Lan Tomsen: “Serverless Customers” ~ Sergio Lecuona
I still think building with serverless is “innovative”, but a risky choice it is not. You might recognize just a few of the companies already using serverless in the attached photo.

When you prefer a multimedia experience… 🎞

Deployment strategies for serverless applications: Canary and Linear
In this video, Marcia Villalba talks about the major deployment strategies for serverless applications and how AWS helps you implement them.

Episode 58: The Cloud Is Great, But It Isn’t Perfect | Screaming in the Cloud
Corey Quinn talks robots and serverless with Richard Boyd from iRobot in this episode of his podcast.

When you’re wondering what AWS has been working on… 👩‍🚀

Amazon Aurora Serverless Supports Capacity of 1 Unit and a New Scaling Option
Yup, I totally missed this last week. 🤦🏻‍♂️ Aurora Serverless now supports scaling down to just 1 ACU, which makes it more affordable for low traffic workloads. Check out my updated post on Aurora Serverless to learn all about it and to see how this update changes the math.

Amazon S3 Introduces S3 Batch Operations for Object Management
So S3 Batch is amazing. The use cases for processing existing S3 items is probably infinite. You can check out Jeff Barr’s post for more information on how to use it.

AWS Amplify Console adds support for Incoming Webhooks
This means you can trigger deployments without needing to commit code to a repository, which is perfect for integrating with a headless CMS. Check out this post to learn more about how it works.

AWS Amplify launches an online community for fullstack serverless app developers
This new community site is fully open source, allowing developers to contribute blog posts, videos, sample projects, and tutorials through GitHub pull requests.

Amazon Cognito launches enhanced user password reset API for administrators
The new AdminSetUserPassword API for the Cognito User Pool service lets administrators set temporary or permanent passwords for their end users.

SummitRoute/aws_breaking_changes
Speaking of changes, this new GitHub repo maintains a list of changes announced for AWS that may break existing code. S3 users be warned.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 8, 2019 – Stackery Livestream – AWS Serverless Application Patterns with Jeremy Daly (this should be fun)

May 14, 2019 – PureSec Webinar – PCI Compliance & Serverless: Everything You Need To Know

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner 😊

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan. The agenda was just released!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is James Thomas (@thomasj). James is a developer advocate lead for serverless at IBM Cloud. He’s heavily involved in the serverless community as an organizer for ServerlessDays London (@serverlessldn), a member of the global ServerlessDays committee, and a contributor to the open-source Apache OpenWhisk project (@openwhisk). He’s also a regular conference speaker, active on Twitter, and always updating his blog with interesting serverless posts. Thanks for what you do, James! The community appreciates it. 🙌

Final Thoughts 🤔

It was another great week for serverless innovations. Between S3 Batch (which is amazing), all of the announcements from Microsoft, and, of course, some great new plugins 😉, we are moving closer and closer to mature tooling, powerful frameworks, and battle-tested backend services. The rough edges of serverless continue to get smoothed out, and it’s great to see so many people dedicated to making serverless the “primary way to develop new applications.”

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Until next time,
Jeremy

Off-by-none: Issue #35

I want my, I want my, I want my SQL… 🎸

Welcome to Issue #35 of Off-by-none. It’s great to have you here! 👋

Last week we (re)addressed the serverless versus containers debate and looked at some interesting thought pieces on serverless. This week, we’ll try to wean ourselves off of our RDBMS addiction, explore some interesting serverless use cases, and share an overwhelming amount of content from our amazing community.

There was a ridiculous amount of serverless goodness this past week, so buckle up. There is a lot to get to. 😉

When you just need to say ‘No’ to SQL… 🙅‍♂️

I really love RDBMS, but as we migrate applications to the cloud, or better yet, build them as modern applications, the scaling limitations of RDBMS start to become readily apparent. There’s no doubt that certain use cases require the flexibility of relational table structures, and for small workloads, an RDS cluster would be just fine to accomplish our immediate goals. But in the “serverless” world, thinking in third normal form not only introduces scaling issues, but also adds complexity that could increase costs and unnecessary overhead.

This past week, I started working on a new application design that has a relatively complex data model. Like most developers, I often turn to what is familiar, and easier for me to implement. DynamoDB is an incredibly powerful NoSQL database, and when building a table that requires just a few simple access patterns, it is my go-to choice. But when I need to implement something with lots of relationships, I often (foolishly) fall back to the comforts of MySQL. I mean, I can 3NF the hell out of a data model, as most of us data nerds can. But this time I decided to take a stand, and see if I can go full NoSQL on this one.

I started by rewatching Rick Houlihan’s re:Invent 2018 Advanced Design Patterns for DynamoDB, and then tweeted about it. Apparently others agree that it is one of the best DynamoDB talks out there.

After that I spent some time with Forrest Brazeal’s excellent From relational DB to single DynamoDB table: a step-by-step exploration piece, looked at a few examples from Alex DeBrie’s amazing DynamoDB Guide, and then dug in to AWS’s Best Practices for DynamoDB. Where am I with my table design? Maybe about halfway there. But I’m confident that once it clicks, designing NoSQL tables with overloaded indexes, adjacency lists, and hierarchical sort keys, will become second nature. I’ve got more to do, and I know I’ll make some mistakes along the way, but it will be worth it.

I totally get that it’s hard to let go of our old ways of thinking and to leave our comfort zones. It was this mindset that led me to build serverless-mysql to try and jam the metaphorical square peg of RDBMS into the round hole of serverless. I even gave a talk recently on Building Resilient Serverless Systems with Non-Serverless Components that focused heavily on ways to keep using RDBMS. But now I feel like I have to do better. Not just for me, but for the serverless community. I have to start thinking more “serverlessly” when it comes to designing data models, and I need to make NoSQL my default choice, regardless of how complex the requirements.

I encourage you to join me, but I promise not to judge you if you’re still not ready. It’s taken me a long time to get here myself, and I totally understand the “I’ll give up my relational database when you pry it from my cold, dead hands” mentality. Serverless is a big enough paradigm shift in and of itself, so changing the way we think about data is a big ask. But I’m making the leap now, so I’ll be here to help when you’re ready. I know we can do this together.

Serverless News & Product Announcements 📢

Serverless Framework v1.41 – X-Ray for API Gateway, Invoke Local with Docker Improvements & More
You know I have a soft spot for the Serverless Framework, but this release is big! The new local executions with Docker improvements are amazing, especially the environment variable support and Layers integration.

A Cloud Guru raises $33 million for cloud platform classes and labs
If you were hoping that A Cloud Guru would produce some more serverless content, then I think an extra $33 million in the bank might just make your wish come true. Congrats to them. 💰

New course on AWS Step Functions from Yan Cui
Yan Cui has just released a new course that will make you an AWS Step Functions expert. And if you sign up for Thundra, you can get free access to Yan’s Production-Ready Serverless course.

Epsagon has also been busy. They released a new documentation site, introduced the new Timeline View, and added Support for Express applications.

When We Say “Full Observability”, We Really Mean “Full Tracing”
Thundra just launched their new “Full Tracing” feature. Serkan Özal explains what that means for monitoring and observability in your serverless applications.

Serverless automation using PowerShell preview in Azure Functions
The PowerShell community can rejoice.

Serverless Use Cases 🗺

How we keep running by running a slackbot.
The team at Nordcloud Engineering took their running challenge to the extreme and created their own serverless slackbot.

From AWS Lambda to AWS Athena
Dhaval Nagar shows you a simple use case for querying your data from S3 with Athena and AWS Lambda.

Serverless: Can It Simplify Data Science Projects?
There has been some debate (and criticism) over using serverless for deep learning and data science projects. But according to Yaron Haviv, it’s possible with the right underlying architecture (i.e. Nuclio).

Dynamic blocklist with Twilio
Remember when Twilio introduced functions and I said there would be all kinds of use cases for it? Well, Cohan Robinson has a good one for you.

Scheduling automatic deletion of AWS CloudFormation stacks
AWS resources that automatically delete themselves. A very interesting use case for building up and tearing down demo stacks automagically (sorry, I hate that word too).

Build and automate a serverless data lake using an AWS Glue trigger for the Data Catalog and ETL jobs
Besides winning the award for most buzzwordy title, it’s also a really sophisticated way to build out a completely serverless data lake.

When you want to understand how all this serverless stuff actually works… 👩‍🏫

Introduction to Serverless Monitoring
If you want to discover different ways of achieving observability in stateless, distributed, and event-driven architectures, take a look at this white paper from Thundra.

Serverless Architecture – Why and How It’s a Smart Choice?
Not only a great primer (and case) for serverless, but also a good explanation as to why serverless is not PaaS.

The perfect tech stack
Serverless obviously 😃. But seriously, Levi Nunnink walks you through some thoughts on choosing the right technology and how developer familiarity plays a big role.

AWS Lambda: Solving the cold start problems while accessing DB in VPC.
Vishnu Subramanian mulls over the cold start problem, but offers a few suggestions to overcome it. Let’s hope the ENI solution is coming sooner rather than later.

How Secrets Manager Schedules Automatic Rotations
You’re totally rotating your secrets, right? 😬 Well, for those of you actually following best practices, Zac Charles gives us some interesting information about how auto-rotation actually works.

AWS Lambdas Can Have Shared State
Obie Fernandez walks you through the power of state machines and how AWS Step Functions can help you compose multiple functions.

Getting Started with AWS Lambda Layers
Still unsure about Lambda Layers? Matthew Vielkind’s post explains what they are, their benefits, how to create and use them, and provides some best practices and tips as well.

Introduction to Distributed Tracing
The benefits of modern, distributed cloud applications can make it harder to debug and fix software. Nitzan Shapira gives us an overview of distributed tracing, and how that helps solve this problem.

Serverless Stories 📖

Real Time Lambda Cost Analysis Using Honeycomb
Michael Garski from Fender Engineering shows how they used Honeycomb to analyze CloudWatch logs from Lambda to better understand their function utilization.

Where do you keep credentials for your Lambda functions?
Davide de Paolis walks us through his team’s journey to choose the best way to store secrets in their serverless applications.

A journey into serverless, part 2
Laurent Leconte and the Moonshot-Internet team layout all the tools they used to go serverless and why they chose them.

Scaling Skip: Serverless Architectures
Serverless made it possible to scale Skip with just a small team of engineers using the Google Cloud Platform.

Serverless Tutorials 🏗

Using AWS CloudFormation Macros and Custom Resources with the Serverless Framework
Well this is pretty cool. Who would have thought to use CloudFormation Macros in a serverless.yml file? Yi Ai, that’s who.

Deploying AWS Lambda functions using AWS CloudFormation (the portable way)
Lambda requires your S3 bucket to reside in the same AWS Region as the function, and creating a single template limits you to just one region. This excellent post discusses three patterns to address this problem.

Creating a lambda function with terraform
As I was reading this, I said to myself, “Why the heck would Gabriel Garrido not just use a serverless deployment framework instead?” He sets the record straight at the end.

Use NLog in .Net Core and AWS Lambda
Simple tutorial by Ofoedu Frank Ebuka that shows you how to setup and use NLog with .Net Core in Lambda.

Serverless AWS Lambda Dependency Injection & Simple Dependency Injection In AWS Lambda .net core
Gary Woodfine has some tips for you .NET Core fans out there.

Up and running with Aurora Serverless
Manish Pandit gives you an overview of Aurora Serverless, how to get it set up, and how to connect to it. If you want to dive into the pricing model, check out my article.

Serverless Reads 🤓

How to Serverless Locally: The Serverless Dev Workflow Challenge
If you’ve tried developing a serverless application locally, you’ve probably needed to resort to a number of tricks to test with cloudside resources. The team at Stackery just introduced a pretty cool way to do this.

What happens when you stop doing Serverless apps for a time?
Excellent post by Paul Johnston that addresses the fact that many (if not most) developers out there are still building things the “old way” (i.e. not using serverless or modern cloud app techniques). He also presents some great ideas at the end to help address the problem.

A Brief, Incomplete, and Mostly Wrong History of Serverless
Michael Hausenblas’ title sums up this piece nicely, but still worth the quick read.

Fargate Patterns
Srini Karlekar covers the basics of Fargate as well as lays out several patterns that can be used to utilize Fargate as part of your serverless applications. Very cool stuff.

How Far Out is AWS Fargate?
Speaking of Fargate, Michael Lavers from IOPipes argues that perhaps AWS has been pitching it wrong. There are lots of great use cases for Fargate, and in Michael’s opinion (and mine) it’s a better alternative to Kubernetes.

Thoughts from Twitter… 🐦

“One interesting consequence of ‘Serviceful Serverless’ and ‘Code is a Liability’ philosophies is that the worst ‘refactoring’ projects are a couple days of work at most.” ~ Joe Emison
A spirited discussion about development choices. You need to dig a bit as the conversation is buried in replies.

“If you’re part of the broader @kubernetesio ecosystem, comments like these should be taken to heart.” ~ Sandeep Parikh
I really love the thinking behind this thread. Complexity for complexity’s sake, especially when it doesn’t benefit the end user, is a tiresome and wasteful exercise.

When you prefer a multimedia experience… 🎞

Securing serverless applications with the right IAM permissions
Marcia Villalba has another episode of Foobar, this time she show you how to use IAM permission correctly with your serverless applications.

The Serverless Show, Ft. Ran Ribenzaft
Hillel Solow is joined by Ran Ribenzaft, Co-Founder & CTO at Epsagon, to chat about all things serverless observability and security.

Serverless Tools 🛠

Serverless AppSync Plugin: Top 10 New Features
Develop and test your AppSync GraphQL API locally on your workstation.

laconiajs/laconia: Create well-crafted serverless applications, effortlessly
This is a relatively new serverless application framework. It enforces hexagonal architectures, which should help you choose consistent patterns for your serverless functions.

jeremydaly/serverless-cloudside-plugin: Serverless plugin for using cloudside resources during local development
A new plugin I built to help me with my local development issues. Still needs some work, and I always appreciate feedback.

When you realize that AWS has been incredibly productive lately… 🏃‍♂️

Amazon Elasticsearch Service now offers improved performance at lower costs
New instance types offer superior performance at lower costs compared to previous-generation instances. Now if we can just make it serverless.

AWS AppSync Now Supports Tagging GraphQL APIs
You can now assign tags to GraphQL APIs in AWS AppSync.

New Quick Start sets up serverless CI/CD for the enterprise on the AWS Cloud
This is very cool. Setting this whole process up manually can be a pain, so having this Quick Start CloudFormation template will make life a lot easier.

AWS Systems Manager Now Supports Use of Parameter Store at Higher API Throughput
Run up to 1,000 requests per second for applications that require higher concurrent access to a large number of parameters.

Now you can tag Amazon DynamoDB tables when you create them
Yes, you could tag DynamoDB tables, but you used to have to wait until they were created to do it.

AWS Systems Manager Parameter Store Introduces Advanced Parameters
Advanced parameters enable you to create more than 10,000 parameters, use a larger parameter value size (up to 8 KB) and add policies to your parameter.

AWS specifies the IP address ranges for Amazon DynamoDB endpoints
This was a surprisingly common issue, so being able to lockdown IP address ranges on your local firewalls or in your VPC security groups is very helpful.

Query for AWS Regions, Endpoints, and More Using AWS Systems Manager
This is another common issue, just trying to find information about different AWS regions and their service endpoints. Now this info is all available via the AWS Systems Manager API, for free.

Hello, World! Welcome to the AWS Cost Management Blog.
AWS has launched a new blog to help you understand and control your AWS costs. Let’s hope this doesn’t take business away from Corey Quinn. 😉

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 1, 2019 – Aqua Serverless Security for AWS Lambda

May 1, 2019 – Stackery Livestream – Cloudside Plus Local Development: What should your serverless development workflow look like?

May 8, 2019 – Stackery Livestream – AWS Serverless Application Patterns with Jeremy Daly (yup, that’s me)

May 14, 2019 – PureSec Webinar – PCI Compliance & Serverless: Everything You Need To Know

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner (yes, me again)

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (I’ll be a guest on this episode and on the 29th)

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan. I’m giving one of the keynotes!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Yi Ai (@yia333). Yi is a Lead Application Developer at Neami National in Melbourne, Australia as well as a self-described “aspiring full-stack developer” and a “serverless enthusiast.” Over the last few months, Yi has published several excellent serverless articles on Medium as well as a number of repositories on GitHub. It’s always great to hear from new voices in the serverless space. Thank you, Yi, for taking the time to share your serverless knowledge and experience with the community! I’m looking forward to future articles and projects. 🙌

Final Thoughts 🤔

Wow, this was a long one. Hopefully you haven’t passed out on your keyboard 🤤.

Every week I’m blown away by the amazing things happening with serverless, and the incredible work that the cloud providers, vendors, and developers are doing. It’s such an honor to be part of this amazing community. And I’m glad that you’re all a part of it with me.  🙌

I hope you enjoyed this issue of Off-by-none. Your feedback and suggestions are always most welcome. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

See you next week,
Jeremy