Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to Off-by-none, my weekly newsletter that focuses on all things serverless. You can also follow me on TwitterGithub and Facebook.


My Latest Posts:

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #24

Serverless will become the default computing paradigm of the Cloud Era…

Welcome to Issue #24 of Off-by-none. I’m glad you’re here! 🤘🏻

Last week we looked at how we could use serverless to deal with third-party API quotas, watched some helpful videos, and introduced “Serverless Stories.” This week, we geek out on a recent UC Berkeley paper about serverless, share some more great stories and use cases, and discuss how SaaS providers should be thinking about serverless integrations.

So much to get to this week, so let’s get to it. 🏎

When you get excited by an academic paper that says serverless is the future… 🕺💃

Cloud Programming Simplified: A Berkeley View on Serverless Computing is a new paper recently published by the University of California at Berkeley. For those of you that don’t want to read all 20 pages, here’s a quick synopsis: “Serverless computing will become the default computing paradigm of the Cloud Era, largely replacing serverful computing and thereby bringing closure to the Client-Server Era.”

If you’re interested in the details, I highly suggest reading the entire paper as it gives both a realistic look at the current limitations, but also points out how they could be (and most likely will be) solved. I wrote a recent post called Stop Calling Everything Serverless that pointed out (similar to this paper) that cloud providers monitored how their customers used virtual machines and built additional services to make those use cases better, faster, and easier. The same is true for serverless environments, with the ecosystem and available suite of services getting better each day.

The paper points out other important advantages that serverless has over (what they call) serverful architectures, and helps to clarify how modern FaaS implementations are superior to previous generations. It also notes that container technologies, like Kubernetes, are “a technology that simplifies serverful computing” and that the economies of cloud scale will eventually “diminish the importance of such hybrid applications.” This is noteworthy as we start to look at computing at the edge, and how that will affect application design.

And while there are obviously still limitations, the paper suggests advancements such as faster ephemeral and durable storage, lower startup times, and better coordination between functions, will eventually solve current system challenges. The paper also suggested introducing access to more cores, sharing of computation graphs, and collocation of functions to solve some of the networking problems and throughput issues.

The bottomline is that the cloud business is growing by 50% year-over-year, and 24% of serverless users are using the cloud for the first time. Serverless adoption is only going to grow, and as limitations get innovated out of existence, the need for serverful computing and the underutilization associated with it, are going to become less relevant. The paper doesn’t give a suggested timeline, but Forbes has some 2019 Serverless Computing Predictions.

When you’re looking for some serverless innovations and announcements… 🗣

Epsagon announced One-Click Serverless Monitoring, which lets you instrument your Lambdas functions without any configuration changes. This is the perfect use case for Lambda Layers, and it looks like they are monitoring updates to configurations, which will ensure that the layer is added on every deployment. Enforcing monitoring compliance without developers having to do anything is a huge advancement.

Dashbird announced their new incident management platform, a new component that lets you set alert conditions based on Lambda metrics. Reducing notification fatigue is a helpful way to make sure real issues are identified and addressed quickly. You can read about it in their public changelog (which I just realized they had). They also announced that they are now an AWS Advanced Technology Partner, which is pretty cool.

A new article, Lumigo: End-to-End Serverless Monitoring and Troubleshooting, gives a great overview of Erez Berkner and Aviad Mor’s new serverless observability company. There are several providers in this space now, but they’re all trying to do things a little differently. A helpful video is included with the article that shows how Lumigo deals with transaction reporting.

And congratulations to Serverless, Inc. for winning a Technology of the Year award from InfoWorld. The year’s best in software development, cloud, and machine learning highlights the Serverless Framework for being an outstanding tool that has had a massive influence on the adoption of serverless technologies. 🏆

When you feel the need to add an extra deadbolt to your serverless applications… 🔒

Hillel Solow makes the case for serverless, but points out several Serverless Computing Security Risks & Challenges. But who’s responsible for securing your serverless applications? Hillel suggests that we make it everyone’s problem by creating closer relationships with other teams in your organization.

In Serverless Computing: ‘Function’ vs. ‘Infrastructure’ as-a-Service, Ory Segal does a great job calculating the drop in security responsibilities when moving to FaaS solutions. Not all the requirements are created equal, but this is a fairly good estimate. I’d much rather be responsible for less than half of the security components versus the roughly 92% required using the IaaS approach.

Ed Moyle discusses the security implications of serverless cloud computing with a particular focus on CloudFlare Workers. While segmentation attacks and Rowhammer concerns are certainly valid in a containerized world, I think most cloud providers have a pretty good handle on this.

Puresec did some ethical hacking and took down a newsletter’s Lambda-backed signup form. Serverless Security And The Weakest Link (Or How Not to Get Nuked by App-DoS) documents how they did it (and graciously points out that it was not Off-by-none 😉). While Puresec did a good job anonymizing the victim, he was proud to take ownership (hint: it rhymes with “Maury Schwinn”). Even though this was a bit of fun, the community working together like this is a great way to learn and make our applications safer.

It was only a matter of time before McAfee jumped into the serverless security realm. The Exploit Model of Serverless Cloud Applications is a high-level overview of possible threats to your serverless applications. This picture looks scarier than the reality. Key thing to remember is that the cloud provider is handling the vast majority of network and infrastructure security for you. TLDR; Use best practices to write secure apps, scan your dependencies, and protect your secrets. Do this and your serverless applications will likely be more secure than traditional ones.

Where to go for some awesome serverless events… 🗓

IOpipe is hosting a Stories of serverless in the wild with Saks Fifth Avenue at the Serverless Seattle Meetup on February 22, 2019. Always fun to hear real world problems being solved by serverless.

Stackery also has a webinar coming up tomorrow entitled New serverless workflows, build faster than ever before. Great opportunity to brush up on your (or learn some) infrastructure-as-code skills.

And we are getting into the ServerlessDays season with several events coming one after another. Hamburg is this week, followed by Austin in just 10 days. Boston is four weeks away (and recently announced an amazing agenda), Amsterdam is in late March, and Atlanta has a crazy three-day event planned, with Zürich right on its tail. Also Tel Aviv was just announced and scheduled for June 4, 2019. Looks like you’ll need to choose between that and NYC. 🗽

Also, don’t forget that the Serverless Architecture conference in The Hague, Netherlands is being held from April 8th to the 10th. I’m actually giving two talks now, so that should be a lot of fun. There are plenty of great speakers, so be sure to get your tickets soon.

When you’re looking for some encouraging Serverless Stories… 👂

How We Moved Towards Serverless Architecture highlights the struggles that a team encounters when transitioning to serverless. Pravash Raj Upreti reviews the technologies his team used, some advantages and disadvantages of using serverless, and the choices they made in order to launch their first serverless application.

In Serverless Event Sourcing in AWS (Lambda, DynamoDB, SQS), Dom Kriskovic explains the serverless architecture used to build Beenion. He uses the CQRS pattern along with DynamoDB to capture and distribute events. I don’t agree with all of the choices, but this article does a great job exposing the tough decisions that need to be made.

Serverless GitLab Runner Builds on Lambda gives a developer’s account of experimenting with using Lambda to executed GitLab builds, inherit IAM permissions, and use additional binaries and its dependencies to execute things like terraform during the build. There some Lambda Layer experiments in there as well.

Joshua Toth built a serverless Node.js, AWS native, Serverless, IoT, FinTech project. Lots of really good information in here about the different technology choices made. Plus, the realization that the velocity of a serverless project was “mind-blowing.” 🤯

Antonio Terreno tells us about the Startup Pre-series A tech choices you can’t compromise on. Great story about a small company using serverless to build and iterate quickly. Now they have a team of 20 people.

When you’re looking for real-world serverless use cases… 🔍

While the Berkeley paper argued that certain machine learning tasks might be too much for serverless right now, Michael Hart and the team over at Bustle has news for them. In Massively Parallel Hyperparameter Optimization on AWS Lambda, they explain how they used the concepts from the Asynchronous Successive Halving Algorithm paper and applied them to text-classification with Lambda. This is a really great read and an amazing use case.

Renato Byrro from Dashbird discusses Building a Serverless News Articles Monitor that can be used to extract article data in a structured format. They also made it open source for you to use.

Generating thumbnails is a common use case given for serverless, but what about generating complex PDFs? Marc Mathijssen came up with a way to do this using the power of Apache FOP in a .NET world using Azure Functions.

Nader Dabit takes us through Building Chatt – A Real-time Multi-user GraphQL Chat App in his recent post. The code is also open source, so not only is this a good use case, but also a helpful template to get you started with serverless.

What to do if you’re craving some good serverless reads… 📖

Alex DeBrie put together the Complete Guide to Custom Authorizers with AWS Lambda and API Gateway for you, and it is an awesome resource. Anyone who has played around with custom authorizers is sure to have some of their own war stories, so having this as a reference could be a lifesaver (metaphorically speaking).

Gojko Adzic introduces us to BaDaaS and the future of cloud integration. He explains that there is a new pattern called “Business action deployment as a service” (or BaDaaS), that allows service providers to offer application components that interact directly with FaaS services instead of passing data through webhooks. Twilio is already doing it, and last week we mentioned Braintree’s serverless payment functions initiative. Pay attention SaaS providers, a new standard might be emerging.

The New Stack’s How Serverless Platforms Could Power an Event-Driven AI Pipeline is another take on how to bring machine learning into the serverless world. It rightly suggests that “event-driven artificial intelligence (AI) can lead to faster and smarter decisions” and will take a “hybrid architecture structure that takes the best of serverless and combines it with stateful database stores” in order for it to be applied successfully. Obviously we need a database to store training data, but I think we’ll see more serverless alternatives to this sooner rather than later.

If you’d rather not read, you can watch Marcia Villalba talking about Serverless with Ben Kehoe. Another insightful interview featuring someone definitely worth listening to.

Finally, Cory Schimmoeller says that Using AWS Amplify feels like cheating, and he may be right. This is a good overview of how simple it is to use Amplify and the CLI to connect to your AWS backends.

What to do if you’re new to serverless… 🐣

Have no fear, Toby Fee from Stackery takes you through the Anatomy of a Serverless App. This post explains the three layers of a serverless application (business logic, building blocks, and workflow dependencies) and acts as a great primer for the newly initiated.

Serverless Computing 101 is another overview of what serverless computing is, how it works with other resources (or BaaS), and highlights some use cases. Not all the “demerits” are created equally, but certainly gives you something to think about.

Eric Sales De Andrade helps you answer if serverless is right for your next application in Should I go “Serverless” — How to choose the right solution for Your Product and Business. Like most of these types of posts, the pros and cons are laid out for you. But my suggestion, just go serverless. 😉

When you want to get hands-on with some serverless how-tos and tutorials… 🛠

Yan Cui gives us the lowdown on AWS Lambda and Secret Management in a recent post. Should you choose Parameter Store, Secrets Manager, or HashiCorp’s Vault? Yan walks you through the when, why and how.

Many people associate the terms “machine learning” and “artificial intelligence” with lots of math and complexity that make them seem unapproachable. But the reality is that powerful ML and AI services are readily available and easy to integrate with your applications. James Beswick show us how to build a serverless Twitter bot using sentiment analysis so that you can automatically like positive comments on your tweets. And it’s much easier to do that you probably think.

Debugging Chronicles: Missing Lambda Invocation is more of a tip (and a warning) from Davide de Paolis. TLDR; make sure you pass the Authorization header for every request that is using Congito with API Gateway. 🤦🏻‍♂️

Optimizing your Node.js lambdas with Webpack and Tree shaking is a great post by Erez Rokah that shows you how to use Webpack to remove unused modules when packaging your Node.js files for deployment to a serverless environment. He gives an example of reducing his deployment package from 740.6kB to 6.6kB.

If you’re using the .NET runtime, it might be helpful to know How to Unwrap an AggregateException Thrown by AWS Lambda. Zac Charles shares the secret of setting the right environment variable. He also shared how to make .NET AWS Lambda Functions Start 10x Faster using LambdaNative, a handy Lambda Layer that you can use.

If you’re working with Azure, David Pallmann has a full tutorial on how to build a Document Search Engine using Azure Functions and Cosmos DB.

Julian Tellez from DAZN gives us some tips for Handling complexity in lambda functions using his Lambcycle middleware component for AWS Lambda.

If you still haven’t played around with Lambda Layers yet, Eric Johnson’s Working with AWS Lambda and Lambda Layers in AWS SAM post is an awesome overview to get you started (or take you even further down the rabbit hole).

And why not combine the power of WebSockets, Machine Learning, and Translation services to build a better chat application? Danilo Pocci gave a recent presentation called Serverless real-time apps: Let’s build a “positive” chat that does just this. The architecture is all in the slides, plus you can check out the demo here.

Finally, if you are building Large (Java) Applications on Apache OpenWhisk, James Thomas has some very helpful tips and tricks for you.

When you’re wondering what AWS has been up to… 🧙‍♂️

Keeping up with AWS announcements is a full-time job in itself, never mind figuring out when CloudFormation adds support for a new feature. AWS CloudFormation: 2018 in review documents all the new features added to CloudFormation in 2018. And if you really want to stay current with new information, their release history page is always up-to-date.

Speaking of CloudFormation support, you can now Automate WebSocket API Creation in Amazon API Gateway Using AWS CloudFormation. Expect support in other serverless frameworks to be added soon.

Amazon SNS Message Filtering Adds Support for Multiple String Values in Blacklist Matching, which is actually much more exciting than it seems. Filtering messages at the broker level dramatically simplifies (and reduces costs for) pub/sub implementations. Having the ability to add several items to the blacklist is a very handy feature.

AWS also announced an open source project for Deploying a personalized API Gateway serverless developer portal. Using this project, you can make your API Gateway APIs available to your customers by enabling self-service discovery of those APIs. They can then use the portal to browse API documentation, get API keys, test published APIs, and monitor their own API usage. Another thing you don’t need to worry about. 👍

I’m not a .NET guy, so I didn’t even know there wasn’t support for this already. In any case, AWS X-Ray SDK for .NET Core is Now Generally Available, so good news for those utilizing that runtime.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Aleksandar Simovic (@simalexan). Aleksander is the co-author of Serverless applications with Node.js, a core team member for Claudia.js, and an AWS Serverless Hero. He has done a tremendous amount of work on Jarvis, an Alexa skill that allows you to create serverless applications using only voice commands, which is pretty cool. He also has 20 applications published to the Serverless Application Repository that you can use to get started with serverless quickly. Aleksandar continues to make valuable contributions to the serverless community, and we’re all lucky to have him!

Final Thoughts 🤔

There are so many amazing things happening with serverless right now, and this recent Berkeley paper is so incredibly encouraging. There is certainly a place for containers and servers right now, but it’s important to remember that today’s limitations are tomorrow’s opportunities, and the cloud providers all see the writing on the wall. Expect more and more advancements that address these limitations, and soon, serverless will in fact become, the default computing paradigm.

I hope you enjoyed this issue of Off-by-none. I love hearing feedback and suggestions so I can keep making this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And don’t forget to share this newsletter with your friends and coworkers who are interested in serverless. I’d really appreciate it.

Until next time,
Jeremy

Off-by-none: Issue #23

The State of Serverless…

Welcome to Issue #23 of Off-by-none. It’s so great to have you all here! 🤗

Last week we looked at recent investments into the serverless ecosystem, highlighted some serverless events, and offered some thoughts for picking a database for your next project. This week we’re going to look at how we can use serverless to deal with third-party API quotas, watch some helpful videos, introduce “Serverless Stories”, and so much more.

It’s been another really busy week for serverless, so let’s get right to the good stuff. 🚀

When your third-party API imposes quota limits… 🙅‍♂️

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

One way in which our serverless applications can be limited, is when using third-party APIs that enforce quotas. In my new post, Throttling Third-Party API calls with AWS Lambda, we look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Not only is this solution extremely robust and flexible, it’s also very cost effective (like < $2/mth).

When AWS has a slow week… 🐌

I’m sure the AWS teams are all working hard on their next big releases, but in the meantime, they managed to release a few interesting serverless-related updates.

Speaking of state management, AWS Step Functions are an excellent way to add orchestration to your serverless workflows. Now you can Develop and Test AWS Step Functions Workflows Locally, which is a pretty cool feature. Integration testing in the cloud is still necessary, but the more we can do locally, the better.

And for more local testing goodness, Amazon DynamoDB Local Added Support for Transactional APIs, On-Demand Capacity Mode, and 20 GSIs. For many of us that use DynamoDB, these features for the local version are a welcome addition. Uber cool feature: track and return the capacity units consumed by your queries. 👍

Not so serverless, but perhaps “server-less”, is the announcement that AWS Ops Automator v2 now features vertical scaling. Unfortunately, most of us still have to use servers for some of our workloads. But this new vertical scaling feature lets you increase instance sizes instead of simply adding more instances. Scaling up instead of scaling out can be much more cost effective (plus it uses Lambda to do the work 😉).

When you’re looking for innovations in serverless… 👩‍🔬

Epsagon introduced their new Issues Manager that allows you to easily track issues in your serverless applications, identify trends, and quickly jump to Trace Search to troubleshoot them.

IOPipe now enables auto-tracing of HTTP/S calls by default, giving you insight into what external (and internal) API calls are being made and how long they take. You can read all about this new feature at The Secret Life of HTTP(S) Calls in a Serverless World.

Braintree, the payments service, is Introducing Serverless Payment Functions. According to this, “developers will be able to use Braintree to write and deploy serverless functions to instrument their transaction lifecycles, enable 3rd party connections, hook into existing business processes, streamline data exports, and more, all via Braintree tooling.” Not quite sure how this will all work yet, but could be an interesting approach for other SaaS companies to allow for more seamless serverless integrations.

CloudFlare introduced the Workers Cache API, which now lets you modify the REQUEST and RESPONSE objects from within your workers. This is similar to the functionality that Lambda@Edge provides, which is very cool functionality for many use cases.

And Google announced that Cloud Firestore has gone GA. Cloud Firestore is Google’s answer to DynamoDB, but they’ve sprinkled in a handy little feature that lets you export data directly to BigQuery to do additional analysis. Nice way to reduce a data replication step.

What to do if you prefer Prime Video over the Kindle store… 🍿

Good news, the serverless community has been busy producing some really helpful and interesting video content.

Chris Munns and AWS take you on a Deep Dive into AWS SAM and the SAM CLI, plus another Deep Dive Into Lambda Layers and the Lambda Runtime API. Lots of great information packed into these sessions.

James Hood from AWS also shows us how to Accelerate Serverless Development Using AWS SAM & the AWS Serverless Application Repository. This is an excellent intro to Nested Applications, which can be a very handy feature.

Alex Ellis’ talk from GOTO 2018 is now available. Serverless Beyond the Hype is a great talk that starts by giving you an overview of the serverless landscape, and then gets into the nuts and bolts of what makes OpenFaaS different from alternatives such as Knative. If you’re a member of the “serverless on top of containers” crowd, you’ll enjoy this.

The team at Epsagon held a webinar with plenty of insights into Serverless Monitoring in Practice. Interesting look at how complex tracing can be, and what companies like theirs are doing to make it easier.

Our friend Marcia Villabla released two more re:Invent interviews. In the first interview she is Talking about Serverless with Forrest Brazeal, another AWS Serverless Hero and all around serverless expert. She then talks about building AWS communities with Martin Buberl.

I also discovered this site (thanks to Corey Quinn) that organizes a collection of AWS re:Invent videos and podcasts of past and current breakout sessions. Plus they’re searchable, which is really helpful. And if you missed re:Invent last year, you can sign up for the on-demand version of AWS Innovate re:Invent Recap 2018.

Where to look for some interesting serverless use cases… 🕵️‍♀️

I love seeing people apply serverless in new and interesting ways. Below is a handful of nifty little use cases that will hopefully inspire you to do something amazing. 😉

In Lord of the Patch — Story of the PatchBot, Vladyslav Cherednychenko from About You, explains how his team used AWS Lambda to automate vulnerability scans on their EC2 cluster.

Maxime Preaux built a simple Serverless Mailchimp Subscription service using Webtask.io, but you could easily apply this to other providers.

If you’d prefer that your applications do more listening, Apoorva Dave walks us through Building your own Alexa Skill from scratch. I think voice control is only going to become more prevalent, so my advice: start thinking about how your apps can leverage it to create better user experiences.

How to build a Serverless Twitter bot demonstrates another great serverless use case. Lorenzo Tenti builds one using the Serverless Framework, Python and Lambda. Bots are another useful tool when done correctly, and running them on serverless makes a whole ton of sense.

Maybe more of a tool rather than a use case, but Running Jenkins Pipelines in AWS Lambda is possible with a tool called Jenkinsfile-Runner-Lambda. This might be one of those square peg, round hole situations, but Carlos Sanchez points out that “it could make sense to run Jenkinsfiles in Lambda when you are building AWS related stuff.” Maybe, but I think the point is that Lambda is a potential fit for any type of automation.

Finally, Sam Breed (aka Baby Wolfman) created a Lambda WebSocket chess ♟ demo. Could your next MMO be 100% serverless? Might be worth thinking about.

When you’re looking for some encouraging Serverless Stories… 🏆

I’ve been speaking with several people lately about new voices in the serverless community. While I try to recognize people that create helpful content and companies that are innovating in the space, we tend to get stuck in our own echo chamber. This week I’m introducing “Serverless Stories” (or maybe Serverless Voices 🤔), that shares posts from people who are just starting out with serverless or have been adopting serverless in their organizations. I think there is a lot to learn from these folks, especially for those of us trying to foster and build the community. I’d love to know your thoughts on this.

My Serverless Story is a short read that outlines a developer’s foray into the serverless world. It’s interesting to hear their thoughts on the cost of API Gateway, the limited interfaces into managed services (as opposed to traditional methods), and how they believe that it’s not ready for latency-sensitive workloads.

Jordan Finneran wrote a post about Going Serverless where he discusses the migration of an Express.js app. Lack of tooling, reliance on a single provider, cold starts, and of course, event-driven architecture, are his top concerns.

In Lessons learned from launching TubeStats: a completely serverless service, Joshua Khan talks about the execution timeout limits of AWS Lambda functions and how they built their own state management component to overcome it. Interesting takeaway here: he didn’t use Step Functions for orchestration because of “unfamiliarity” and wanting to get “something launched” as soon as possible.

In part 2 of Dirty Old Code, Pierre Bails discusses the process his company used to move their monolithic Ruby on Rails application to a serverless infrastructure. Interesting step-by-step approach which could be a useful template for other companies looking to make the switch.

When you’re looking for some insights into the state of the serverless ecosystem… 📈

John Demian says that Businesses are overcoming challenges with serverless and that “2019 will be the year of serverless.” He points out that cost and speed of development continue to be the motivating factors for companies to push for adoption.

Likewise, TechRadar points out that 2019 will be A year of reckoning for digital transformation. Key takeaway here is the prediction that serverless will be central to a company’s success.

Then there are stories like this: Developers find cautious optimism for serverless platforms. There is a lot of FUD here that purports that tools don’t work as expected and that the developer learning curve is causing problems. 🤦🏻‍♂️

This doesn’t seem to be stopping investment into the space, however, especially since a new report says that Global Serverless Architecture Market Share will Hit USD 18.04 billion by 2024. Serverless is still new, and it has its share of challenges, but the market is growing, and every day implementation gets easier.

The 2019 Microservices Ecosystem by Tobias Kunze is a great read that outlines all the major players and gives some insights into how they all fit in to the larger ecosystem. Serverless is mentioned, of course, but the vast majority are supporting containers and other types of “server-full” approaches.

Why Amazon’s AWS Cloud Business Will Continue to Grow is another interesting piece that gives a bit of insight into AWS’s growth strategy. While they continue to grow their virtual machine business with EC2, they are also supporting container management, and obviously, serverless. More interestingly (which we saw at re:Invent), AWS is saying, “if you don’t want to come to the cloud, we’ll bring the cloud to you.” Support for On-prem, along with the multitude of other offerings, is helping to build up the cloud computing market for all providers.

And speaking of growing the cloud market, a recent piece titled Capital One’s public cloud strategy at odds with industry, points out the benefits of using a public cloud versus a private one. Perhaps most importantly for a bank, the combined security expertise of public cloud providers supplies the trust needed to let Capital One focus on other parts of their stack.

When you’re finally ready to abandon WordPress… 🤬

In case you missed it, generating static sites is all the rage nowadays, and for good reason. I’d venture a guess that 99.9999% of all website traffic are simple GET requests to essentially static pages. Serving those pages up from an edge location cache makes a whole bunch of sense. But whether you’re looking to go fully-static, or leverage new features to reduce your dependencies on servers, there are plenty of options available.

A Greater Gatsby: Modern, Static-Site Generation by Toby Fee answers all your Gatsby-related questions.

If you’re not ready to go fully static, try Going serverless with React and AWS Amplify. Peter Mbanugo walks you through creating a single page app that uses GraphQL to power your dynamic features.

Adam Henson points out that You Might Not Need Server Side Rendering. But what about SEO? Adam does a pretty good job answering why not.

On the other hand, Dan Quackenbush would probably disagree. He talks about how Caching SPAs for SEO with Lamdba@Edge actually increased their crawl rate by 900%.

And let’s not forget that AWS can help you move ALL THE WAY up the stack in some cases. So What AWS service should you use to publish a web site?  Adrian Hall might have the answer for you.

When serverless security shows up on your cloud audit questionnaire… 🔐

Chris Tozzi outlines some Serverless security best practices for cloud dev and ops teams. Pretty standard stuff, but it seems that best practices need to be repeated over and over again.

If you want a really in-depth look at serverless security, you can now watch the Foundations of AWS Lambda Security webinar that Ory Segal and I did, on-demand. Lots of really good stuff in there.

We talked about adding voice control to ours apps a bit earlier, but how do we secure those, especially if they control sensitive internal components?  Aravind Kodandaramaiah from AWS shows us how to Secure and distribute Alexa skills with Alexa for Business. Which, besides the security aspect, could also make for some great internal tooling for your business.

While this story isn’t about serverless, it is a cautionary tale about being a little too paranoid when it comes to security. Digital exchange loses $137 million as founder takes passwords to the grave is an example of failed redundancy. Be smart about your secrets management, even if you think you’re invincible.

When you need the right tool for your serverless job… 🔨

Remember that time you were asking for more serverless frameworks? Well, here you go. Meet TyX, a TypeScript-based serverless backend framework designed for deployment into AWS Lambda.

If you want some more TypeScript, try IFTO: A simple debugging module for AWS Lambda (λ) timeouts.

OPTASY points out the 6 Best Serverless Plugins to tailor the Serverless Framework to your project-specific needs.

If you’re using Lambda@Edge to do redirects, middy-reroute can make your life a lot simpler.

And if you need to debug your serverless applications, Yan Cui shows us how to do it with Dashbird.

StackShare announce their Top 50 Developer Tools of 2018. There were some nice serverless mentions in there including Architect, OpenWhisk, CloudFlare Workers and AWS CloudFront.

What to do if you’re an audiophile, but also love serverless… 🔊

A recent episode of the ThoughtWorks Podcast does some Diving into serverless architecture.  Mike Roberts offers some of his insights.

The Cloudcast: A Serverless Look Ahead for 2019 features special guest, Paul D. Johnston, chatting about the current state of serverless, how to economically think about functions, and areas where serverless needs to improve.

In Diving into Data with Amazon Athena, Simon Elisha shares how Amazon Athena can give you powerful SQL querying capabilities over text files in your S3 buckets. If you’re not familiar with Amazon Athena, you seriously need to check it out.

When you want to get hands-on with serverless tutorials… 👨🏻‍💻

Here is an insanely complete, and step-by-step guide to building a full-stack application using AWS Lambda and React-native.

Binaris also has a Full Stack Tutorial with Serverless & React that includes all the code you need to get up and running in no time.

Yan Cui offers a quick Lambda optimization tip that can speed up HTTP API calls from your serverless applications. TLDR; enable HTTP keep-alive.

For those of you that might be interested in Connecting to AWS DocumentDB from a Lambda function, this post will walk you through it in painstaking detail.

Step Functions can be a bit confusing, but in AWS Step Functions – Doing Serverless is Easier Than You Think, the team at Thundra gives you the all basics.

James Beswick teaches us How to add file upload features to your website with AWS Lambda and S3.

Richard Freeman, PhD, has a great tutorial for Building a Serverless Microservice CRUD RESTful API with MongoDB.

Another thing that can trip you up is Configuration management for serverless AWS applications. Marcin Z-Pa has some thoughts on how to make it easier for you.

If you’re a GitLab CI user, Forrest Brazeal will show you How to set up multi-account AWS SAM deployments.

And finally, if you’re interested in Migrating an Express App into AWS Lambda the Easy Way, this post will give you some practical tips.

Where to go for some interesting serverless reads… 📚

Finding Serverless’ Hidden Costs is an important reminder that pay-per-use can lead to costly mistakes if you aren’t properly monitoring your serverless functions.

In AWS SLA: Are you able to keep your availability promise?, Andreas Wittig show us how to use the new AWS SLAs to calculate our own SLAs. Key point is to make sure you account for other variables besides just AWS’s promises.

Debunking Serverless Tropes by Ryan Marsh has a bit of fun at serverless naysayers’ expense. It made me laugh. 😀

🔥 Multi-region serverless backend — reloaded by Adrian Hornsby is an updated version of his old post on the topic. This time he discusses how the new Global Accelerator service works to eliminate DNS caching for better DR. Highly recommended read for anyone building out a serious, highly-available serverless application.

Raoul Meyer’s AppSync: Basically GraphQL as a service, is a good overview of what AppSync is and provides a few examples to help you get your head around it.

The Top 7 Takeaways from our 2018 Serverless Shows is a look back at Protego’s podcast episodes from last year. They had some great guests with some very good insights.

Nuweba published their Top Serverless Resources You Should Know About. A good list for those interested in staying current with what’s happening in the serverless world.

In Why DevOps Engineers Love AWS Lambda, Ran Ribenzaft from Epsagon gives us a number of great Lambda use cases for automating DevOps processes. These types of practical use cases are a great way for companies to get started with serverless.

Think you can run Kubernetes better than a cloud provider? Think again. Matt Asay argues that building your own Kubernetes cluster is a waste of valuable time. This is based off of a great Twitter thread from Ben Kehoe.

On Infrastructure at Scale: A Cascading Failure of Distributed System by Dan Woods, isn’t really about serverless, but I thought it highlighted some interesting challenges that arise from running distributed systems.

When you want to try something other than AWS… 🤷‍♂️

Ride the Serverless Wave with DigitalOcean’s One-click Droplet shows you how to get OpenFaaS up and running in DigitalOcean with just one click (sort of).

Azure Functions now has moves like Swagger (sorry, bad joke). Introducing Swagger UI on Azure Functions show you how to use a few services to generate your own API docs.

The Mixology Playbook: Kubernetes and Serverless is a well-written piece that talks about the values of a hybrid approach. While I believe there is room for a lot of players at this point, I think serverless (in whatever form it ends up taking) will ultimately win the war.

Hey Google, help me use Cloud Functions is another piece that points out how voice automation could be used to enhance a user experience. Susie Coleman works for the Guardian’s Voice Lab, which is trying to bring the “Guardian’s voice” to Google Assistant. If you’re not thinking about voice automation for your app, you might miss out on a huge opportunity.

Anchal Bhalla teaches you how to Build a Serverless App with Facial Recognition using IBM Cloud Functions. Simple tutorial, but it shows you how powerful some of this stuff is.

And last but not least, Simona Cotin shows us how to use the Azure Resource Manager to write Infrastructure as code for Serverless APIs using just a bit of JSON.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is James Beswick (@jbesw). James is a developer, author, AWS-Certified builder, and cofounder of Indevelo, a consulting firm that builds products on AWS. He’s also a speaker, a blogger, and an active member of the serverless community. He recently launched Ask James About AWS, a video series that walks you through a number of common AWS tasks. Through his writings, videos, and talks, James is helping to spread the benefits of serverless, as well as providing useful insights and education to those looking to adopt the cloud. Thanks for what you do, James!

Final Thoughts 🤔

I’ve had a number of really interesting talks with people over the last few weeks about the overall state of serverless. There is a tremendous amount of innovation, lots of great use cases emerging, and new people joining the community every day. However, we have a long way to go before serverless becomes top of mind. We need to continue to encourage collaboration between everyone in this space so that we can educate and spread the word.

Speaking of spreading the word, there are a number of ServerlessDays events coming up that are a great way to support and expand the community. ServerlessDays Boston just announced an amazing speaker lineup, and Hamburg and Austin are right around the corner. I hope you all get a chance to attend one of these events.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Off-by-none: Issue #22

Investing in the future of serverless…

Welcome to Issue #22 of Off-by-none. I’m so happy you’ve joined us this week! 😁

Last week we looked at ways to scale your serverless apps, highlighted some recent innovations, and examined how serverless and the cloud is affecting the IT landscape. This week, we look at some recent investments into the serverless ecosystem, highlight some upcoming events, help you pick the right database for your next project, and share plenty of great serverless resources and reads.

There is so much happening in serverless right now! Let’s get to it. 💥

When you see people jumping on the serverless investment train… 🚂

This past week, Lumigo raised an $8M seed round to help manage serverless operations. I love seeing companies that are focusing on serverless raising money. It means that investors are seeing the value, which means they can see a market for it, which means that more companies will begin to invest in serverless technology, which means more options, which means great adoption, and ultimately, world domination… Okay, maybe I pushed that a bit too far.

Torsten Volk recently posted the Top 10 VC investments in serverless startups in 2018: $33M for Twistlock, $15M for Pulumi, $11M for Solo.io, $7M for Puresec, $10M for Serverless Inc., $5.5M for Stackery, $5M for CloudZero, $4.1M for Epsagon, $2M for IOpipe, and $2M for Protego Labs.

I really hope to see companies like this succeed and continue to push the limits of serverless!

When you’re trying to think of some useful serverless use cases… 🤔

Authentication at Edge with StackPath by Jason Byrne is an interesting look at how his company is attempting to eliminate an extra round trip to authenticate requests.

Centralized Logging System for Lambda Functions walks you through the process Mohamed Labouardy and the team over at Foxintelligence followed to deliver near real-time feed of logs from CloudWatch to ELK.

CloudFetch released an open source project called cloudquery that lets you turn any website to serverless API, including support for single-page applications.

Ricardo Trindade shows us a super simple way to create Slack Notifications via AWS Lambda and SQS. Great example of how you can add serverless to your existing workflows to reduce the complexity of your “serverfull” systems.

Our data lake story: How Woot.com built a serverless data lake on AWS is a great article that shows how Woot.com was able to reduce their operational costs by 90%. Plus, it’s a great use case that you can apply to your business straight away.

When your database selection process is down to eeny meeny Dyna-mo… 🤷‍♂️

You’re not alone. Choosing the right database for your application isn’t always easy. AWS has a great post that shows you How to determine if Amazon DynamoDB is appropriate for your needs, and then plan your migration. DynamoDB is an excellent choice for many different types of workloads, but it’s not right for everything.

If you do choose DynamoDb, getting started with writing interactions can be a bit overwhelming. You might want to check out Begin Data: DynamoDB made ridiculously easy!

Another often confusing concept is figuring out How to calculate a DynamoDB item’s size and consumed capacity. Zac Charles has got you covered in his recent piece.

Sasidhar Sekar from Hotels.com has a great piece about creating Efficient Indexes in DynamoDB. It’s the fifth post their DynamoDB series and definitely worth checking out.

Of course, if you want to push serverless data to the extreme, you can always Analyze and visualize nested JSON data with Amazon Athena and Amazon QuickSight. Mariano Kamp’s piece is incredibly useful.

When serverless observability just keeps getting better… 🕵️‍♀️

Thundra now supports observability for .NET functions. For those of you that thought (or were hoping) that C# was dead, Microsoft has news for you. Azure Functions is gaining a tremendous amount of popularity, and where there’s Microsoft, there’s .NET. Learn more by ready Sarjeel Yusuf’s post about Monitoring .NET Lambda Functions with Thundra.

If you want to learn a bit more about Serverless Observability Fundamentals, check out Christina Wong’s post about Breaking down your options when collecting data from AWS Lambda.

And Epsagon, another amazing observability platform, just released their public changelog. I really like this type of radical transparency, especially when you’re trusting companies like this to support your applications. They also initiated a fun Twitter contest. Export a picture of your architecture from Epsagon and tweet #ThisIsMyEpsagon to win a prize.

When you’re looking for deep thoughts on serverless… 🤓

Julian Friedman has a really interesting post titled What comes after Serverless? In it he argues that there is a “Deployless” future, where we’ll skip passed code repos and staging environments, and essentially just edit code. It might seemed a bit far-fetched, but it is worth a read.

From Servers to Serverless recounts Avner Braverman’s journey through infrastructure and cloud innovation. Interesting read with some good history and insights into why serverless is so powerful.

NoOps in a serverless world is an interesting piece that talks about shifting IT’s focus from operations to outcomes. The authors point out that in a 2018 Deloitte global CIO survey, 69% of respondents identified “process automation and transformation” as the primary focus of their digital agendas. NoOps is still a ways off, but as the authors argue, serverless is a powerful tool for companies to reduce their operational overhead.

Sujith Reddy Komma argues the PRO’s & CON’s of Serverless Architectures. It’s a fairly simple list, but I’ve included it because his “cons” are quickly being solved thanks to observability startups, multi-region deployments and SLAs. And the cost argument is starting to get a bit old (at least to me). Need to figure TCO, not just your services bill.

And speaking of costs, The Great Serverless Cost Debate: Serverless ≠ Costless is a great piece by John Demian that explains the cost benefits of going serverless. He makes the extremely salient point that “Running back-end operations is a business in itself.” For larger companies, this may be fine, but for smaller ones looking for a competitive advantage, it’s probably not a business you want to be in.

If you’re looking for more reasons to go serverless, Ryan Jones from Serverless Guru’s piece, Serverless Impact — Developer Velocity explains how serverless speeds up developers and lets them accelerate the delivery features faster.

Greg Simons also wrote about the added benefits of serverless. In Serverless; it’s more than a FaaS, he outlines a number of reasons why serverless is much more than just hype. Plus, there was a nice mention in there. 👍

9 trends to watch in systems engineering and operations from O’Reilly Media touches on a few interesting topics. They waver on whether Knative will become the standard (I don’t think so), the importance that cloud security will play in both automation and DevOps culture, and, of course, AIOPs, because we don’t have enough buzzwords right now.

They also noted that the “serverless craze is in full swing,” with a growth of over 17% from 2017. Erez Berkner, CEO & co-founder of Lumigo says, “2019 could be serverless’ breakthrough year.”

Of course, security should always be top of mind when deploying services to the public cloud. Serverless And The Evolution In Cloud Security, How FaaS Differs From IaaS is a great piece by Ory Segal from Puresec that will give you a side-by-side look so you know what you’re responsible for.

If you’re looking for some visuals, check out How to Fold a Fitted Sheet by Joe Emison from Monktoberfest 2018. If you don’t take away a higher meaning from it, at least you’ll know how to fold a fitted sheet.

Also, Slobodan Stojanovic was interviewed on the The Serverless Show talking about The Importance of Open Source & Community Involvement. Always love listening to Slobodan.

Finally, The Rise of “No Code” by Ryan Hoover isn’t about serverless, but it makes some interesting points about the people who are becoming makers. Thanks to products that allow “non-developers” to build MVPs (or even full-scale working applications), everyone is becoming a maker. What does this mean and how does it affect an IT world that is already being eaten up by automation? Something to think about.

When you’re looking to up your Lambda Layers game… 🚀

Ever wanted to publish your Docker containers as Lambda Layers? Well, now you can with aws-lambda-container-image-converter. This should open up some people’s imaginations.

Serverless Anything: Using AWS Lambda Layers to build custom runtimes by Ben Ellerby shows you how to use layers to build a custom PHP runtime. Sure, we’ve seen this before, but this piece provides an important reminder: “Don’t forget to terminate your large EC2 instance.” 😉

AWS already created a custom Rust runtime for us, but Doug Tangren took it a step further and built the serverless-rust plugin for the Serverless Framework. Love this type of community support!

Just recently, Gojko Adzic gave us some utility Lambda Layers for FFmpeg, SOX, Pandoc and RSVG. Nathan Glover used them to create Serverless Watermarks. Very cool.

When you’re trying to simplify your serverless development… 👩‍💻

Serverless, Inc. announced the release of Serverless Framework v1.36.3. Lots of enhancements and bug fixes in this one.

Brian Leroux published Introducing Architect 5.0: fully serverless WebSockets. More great updates and, of course, support for WebSockets.

And it seems that more frameworks are emerging everyday. Osiris is a new library for building and deploying serverless web apps on AWS. Haven’t spent much time with it, but give it a look.

I also came across the functional-typescript project, a TypeScript standard for rock-solid serverless functions. Looks pretty interesting.

And Eslam Hefnawy created a project called backend.js. It’s a super light module that lets you import your Lambda functions into the browser as a backend library. Not sure what I’d do with this, but kind of a cool concept.

Where to go to find some great serverless events… ✈️

If you’d like to go sans travel, there are a number of webinars scheduled to up your serverless game.

Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository is on January 31. This is a good opportunity to learn more about SAM and how to reuse your serverless components.

Trend Micro also has a webinar on the 31st to help you Make Sense of the Cloud, Containers, and Serverless. There are some promises of security principles in there, a topic I’m always interested in.

If you’re in the area, or just feel like taking a trip, Serverless, Inc. is running a Serverless workshop on March 1 in San Francisco. Lots of topics covered in here for the serious serverless professional.

AWS is running a Serverless Solution Provider Day in London on February 12th. There will be three great talks by three great companies: Epsagon, Stackery and Puresec. Definitely worth the visit.

Serverlessconf announced that it is coming to the east coast this fall. Exact location and date to drop in February. 🤞 for Boston. 😉

Serverless Computing London 2019 announced that their call for papers is now open. This was a great conference last year, so no doubt it will be amazing again.

The Serverless Architecture Conference in The Hague, Netherlands is running from April 8th through the 10th. Lots of great speakers, plus yours truly will be giving a talk about Serverless Microservice Patterns for AWS. Definitely looking forward to this one.

And don’t forget ServerlessDays Cardiff, Hamburg, and Austin are all coming up. Plus ServerlessDays Boston will be announcing speakers later today!

When you’re looking for some good serverless tips and tricks… 💡

Tom McLaughlin wrote a post titled, AWS Lambda And Python Boto3: To Bundle Or Not Bundle With Your Function. Quite a bit of research went into finding out that “you should not be using the AWS Lambda runtime’s boto3 and botocore module.” If you’re developing serverless apps with Python, take a few minutes to review this post.

Subscribe SQS to a SNS topic in another AWS account with CloudFormation, and gotchas! is another time-saver provide by Yan Cui. It’s a common pattern to connect to services from other accounts, and configuring it correctly with CloudFormation is with Yan’s help.

Danielle Heberling from Stackery gives us some Chaos Engineering Ideas for Serverless. Unit tests and integration tests are a necessity for serverless applications, but testing failures in distributed systems is a surefire way to make sure your systems are resilient and can handle different types of failures.

When you realize that serverless is much bigger than just AWS… 🤯

The Serverless360 team put together the Top 15 Azure Serverless Blogs of 2018. Lots of interesting posts here.

Doug Stevenson from Google answers Firebase & Google Cloud: What’s different with Cloud Functions?

An introduction to Azure Durable Functions: patterns and best practices is a great introduction to some common patterns that you can use in Azure. Only caveat, the examples are in Java. 😬

Serverless on Google Cloud Platform: an Introduction with Serverless Store gives a bit of background on serverless, event-driven computing and how it all fits together with Google Cloud Platform. There is also a link to download the Serverless Store demo app.

IBM Cloud Functions is raising the memory execution level to 2Gb to better handle Monte Carlo methods, genetic algorithms, map-reduce, and a host of other combinatorial optimization and operations research algorithms that lend themselves to running in a serverless environment.

Getting started with Custom Dockerfiles for Node.js for Serverless Functions will show you how to us the Fn project to build functions that you can run on Kubernetes.

And if you’re looking for better secrets managment, Unifying Secrets for OpenFaaS will point you in the right direction. Hint: don’t check them into source control.

Finally, if you’re interested in doing more serverless computing at the edge, Taking a look at Cloudflare Workers might be worth your time.

When the teams at AWS are forced to listen to “We can’t stop, we won’t stop” by Miley Cyrus on constant repeat… 👩‍🎤

AWS Introduced Python Shell Jobs in AWS Glue. Now you can leverage your Python skills to build things like serverless ETL tasks without learning Apache Spark.

TLS Termination for Network Load Balancers has also been added. Not applicable for serverless yet, but it could just be a matter of time.

The AWS CloudFormation UpdateReplacePolicy Attribute allows you to specify an update policy to delete, retain, or create a snapshot of old resources once the new ones have been created. Handy feature for automated serverless deployments.

The AWS Amplify CLI now supports IAM roles including MFA flows, which is a nice way of adding some extra security to the set up process.

AWS Cloud9 Supports AWS CloudTrail Logging now. So if you’re using that as your IDE, CloudTrail can track configuration changes to your environment.

Amazon Cognito Announces 99.9% Service Level Agreement, which is nice. Serverless authentication out of the box, now with guaranteed uptime.

And if you’re using Elasticsearch to handle analytics or full-text searches, you’ll be happy to hear that Amazon Elasticsearch Service doubles maximum cluster capacity with 200 node cluster support. And they announced support for Elasticsearch 6.4.

Also, be sure to check out Jerry Hargrove’s visual notes for AWS AppSync.

When you’re looking for spirited serverless discussions on Twitter… 🍿

@rakyll had some thoughts on Kubernetes being about “never having to wait for your cloud provider for a feature because you can build it yourself.” Ben Kehoe and some others whole-heartedly disagreed.

Paul Johnston posted that “Relational databases are the swiss army knife of databases”, meaning that there are likely better choices, especially for your serverless projects. The Internet did what the Internet does best and generated a lot of opinions. Very interesting thread.

Not to be outdone by others, I too sparked a heated discussion around Event Injection in your serverless apps. There was some candid feedback, and perhaps my point of “developer responsibility” was lost a bit in my wording. However, even though event injection existed before Lambda wasn’t the point, it’s still something to be aware of, especially those that are new to event-driven architectures.

The good news about the above discussion is that it actually highlighted some confusion around the “47” service integrations that Lambda has. Ajay Nair thought this was “good feedback”, so hopefully we’ll get some better documentation out of it. Silver linings. ☁️

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Brian Leroux (@brianleroux). Brian is the co-founder of @begin, a serverless application platform that promises “Serverless in seconds.” He’s also working on the open-source Architect project, another powerful framework for building and deploying serverless applications. Brian is a regular speaker, blogger, and always welcome voice in the serverless community.

Final Thoughts 🤔

When I first started this newsletter almost six months ago, I was scouring the web each week trying to find interesting and relevant serverless content. Now every week I have to narrow down the list, and there are still over 75 links in this week’s issue alone!

I love serverless, and I love how more and more people are embracing it, experimenting with it, and seeing how it can transform the way they are building applications and their businesses. Erez from Lumingo said 2019 could be the breakout year for serverless. With all this momentum, I think he could be right.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

See you next week,
Jeremy