Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to my weekly newsletter, or follow me on TwitterGithub and Facebook.


My Latest Posts:

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

25 Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting.. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of 25 people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Audio Version

Continue Reading…

Event Injection: A New Serverless Attack Vector

As more and more developers and companies adopt serverless architecture, the likelihood of hackers exploiting these applications increases dramatically. The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. There has been a lot of hype about #NoOPS with serverless environments 🤥, which is simply not true 😡. Many traditional applications are frontended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. With serverless, these all go away. 😳

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #11

After this, there is no turning back

Welcome to Issue #11 of Off-by-none. I’m happy that you’re here! 🙌

Last week we recapped ServerlessNYC and talked quite a bit about serverless adoption. This week we’re going to point out some more resources for those getting started, as well as offer up plenty of options if you’re looking to take the red pill and go down the serverless rabbit hole. 🐇

Here we go! 🕺

What to read when you want to amp up your serverless knowledge… 🔈

Danilo Poccia has written a free ebook, Agile Development for Serverless Platforms. This book is over 100 pages and has a great section on architectural patterns. There is plenty to learn from this free resource and it is well worth a look. 📖

The team over at Financial Engines wrote a guide to help us with managing disaster recovery with DynamoDB. AWS DynamoDB: Backup and Restore Strategies looks at both Point-in-Time Recovery and On-Demand Backups. Lots of useful information here including configuration and pricing. 👨🏻‍💻

Finally, Thundra published a great piece that shows us how to Debug AWS Lambda Node.js Functions in Production Without Code Change. I really like the idea of automated instrumentation as it cuts down the burden on developers and keeps your code a bit cleaner. It can also ensure we don’t lock ourselves in to a specific software vendor. 📈

When you want to get started with serverless… 🏋️‍♂️

There have been a lot of new “Getting Started with Serverless” posts this week. I really like that more people are starting to create this type of content. The more that’s out there, the more likely someone is to come across it and get to that serverless “aha” moment. If you’re new to serverless, here are a few posts to get you started:

And don’t forget that the #NoServerNovember Challenge (hosted by Serverless, Inc.) is still going on. These challenges will give you something interesting to work on and let you go beyond the standard “Hello World” tutorial.

When you’re not ready to give up RDBS with serverless… 🤓

In our inaugural issue we introduced the serverless-mysql package with my Managing MySQL at Serverless Scale post. David Zhang (@Zigzhang) has taken this even further and created a five part series to help others get started. In his first post, Serverless & RDBS (Part 1) — Set up AWS RDS Aurora and Lambda with serverless, David lays out some background, then gives you full examples to get you up and running.

He’s also published Part 2 (Set up EC2 instance to securely connect to your Aurora DB) and Part 3 (Set up database migrations with umzug) with the final two parts (Set up continuous deployment to migrate database with CircleCI and Set up local development environment with serverless-offline and Docker) coming soon. These are sure to be helpful guides for anyone looking to build serverless apps with RDBS backends.

Of course, re:Invent is right around the corner, so let’s hope we get HTTP endpoints for RDS! 😬

When you feel like there are a lot of conferences… ✈️

Speaking of re:Invent, it is less than two weeks away! 🎉 This is the first year that I’m attending so I’ve been looking for tips like this and this. I’m excited for some of the sessions I’m attending and will be at several events as well. If we haven’t connected already, please contact me so we can meet up.

In other conference news, Serverless Computing London is happening right now and it is chockfull of great speakers. Follow their Twitter feed to see some snippets from the event. Some of the slide decks have been posted as well, so check those out. I was looking at Timirah James’ Function Composition in a Serverless World talk, good stuff. Hopefully we’ll see the videos posted soon. ⚡️

Also, ServerlessDays BOSTON finally has a date! The event is scheduled for March 12, 2019 at the Microsoft New England Research & Development Center. More information about our call for papers and sponsorship opportunities is coming soon. 🎊

When you realize that AWS has no plans to slow down their serverless innovations… 🚀

AWS has released several new features recently that could have a profound impact on our serverless applications. Some of these are pretty exciting. Now just imagine what they are going to announce at re:Invent! Here are just a few of the recent updates:

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex Casalboni (@alex_casalboni). Alex is an AWS Technical Evangelist, Serverless champion, co-organizer of ServerlessDays Milan and the serverless meetup there, contributor to serverless open source projects, and a regular conference speaker spreading the serverless gospel. He also helps coordinate ServerlessDays conferences around the word, including helping me and the Boston team. Thanks for all you do, Alex!

Final Thoughts 🤔

As much as I still worry that serverless adoption will be slower than I had hoped, the amount of innovation and new faces in the community is really encouraging. I’m already aware of a few announcements planned for re:Invent, but I also know that there will be a ton more. Other cloud providers are also pushing serverless innovations, and I expect Google and Azure to be announcing new things soon as well.

Serverless still has a long way to go, but all of these new tools, platforms, cloud provider features, conferences, and enthusiasm from the community, is helping to expose this paradigm to a much larger audience. I’m going to continue to write and promote it as much as I can, because there is little doubt in my mind that this is the future of application development.

I hope you’ve enjoyed this issue of Off-by-none. Feedback and suggestions are always welcome and appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some great serverless apps and spread the word. 📣

See you next week,
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it! 😉

Off-by-none: Issue #10

Do you hear what I hear? 👂

Welcome to Issue #10 of Off-by-none. Thanks for joining us! 👍

Last week we talked about how serverless was starting to gain quite a bit of momentum with things like the announcement of more tools and conferences. However, my attendance at the ServerlessNYC conference was a bit of an eye-opener for me. I spoke with a lot of people about a “serverless bubble” (although echo chamber is probably a better way to describe it). I knew that the serverless community was still relatively small, but have we gotten to the point where we’re just feeding the community and not doing enough to expand it?

This week we’re going to explore the topic of serverless adoption and offer up some resources to help companies and developers get started with this amazing technology. Let’s go! 🏎

When you realize you might be in a serverless echo chamber… 🙉

I posted this tweet a couple of days after the ServerlessNYC conference and I got quite a bit of feedback. There were several people pushing back on the idea, but I think many of those who did are in the “serverless echo chamber” themselves. There was a lot of discussion here that needs to be boiled down and researched a bit more, but I think it is clear that there are a number of factors that are hampering serverless adoption. I’d love to know your thoughts on this, so please weigh-in on the Twitter thread, or send me a note.

When you’re sad that you missed ServerlessNYC… 🗽

It really was a great event. But cheer up, my friend, there’s no need for #FOMO. I’ve put together a recap of the event with all the key takeaways and lessons learned.

TLDR; Kelsey Hightower made you rethink the barriers to serverless adoption, Jason Katzer told us that unlimited still has limits, Gwen Shapira gave us new ways to think about serverless data flow, Ben Kehoe made us adopt a new serverless native mindset, Tyler Love showed us that serverless can easily handle billions of requests, Chase Douglas filled some gaps for us in the serverless development lifecycle, and an open source serverless panel told us we need to work on standardization.

When you realize that serverless is more than functions… 🎉

Epsagon recently launched their distributed tracing product for serverless applications, and decided to kick it off with a star-studded webinar (plus me 🤣). But seriously, Shannon, Nitzan and Ran are doing some great things around serverless observability. This discussion, with insights from Yan Cui and Corey Quinn, was really interesting. You can watch, listen, or read it here.

Speaking of webinars, Forrest Brazeal is hosting an AWS Online Tech Talk called Serverless Workflows for the Enterpise on November 14, 2018 at 12pm ET. This will focus on how to seamlessly build and deploy serverless applications across multiple teams in large organizations. Should be a great intro for enterprises looking to adopt serverless.

When you’re still on the fence about adopting serverless… 🎓

7 tools that ease serverless adoption outlines a few of the tools we’ve been talking about for a while. While this isn’t an exhaustive list, the article does give recommendations for the three major areas of serverless applications: development, monitoring and security. There are a lot of other tools out there (like the Serverless Framework) that can help you jump into the serverless waters, but this is a good list to get you started. ⚡️

Ben Kehoe was interviewed by the Wall Street Journal about serverless computing requiring a shift in mindset. I like the way Ben thinks about serverless, especially when he says things like, “Your developers should care about solving business problems and not solving technology problems, but we’ve been solving technology problems for so long that that’s what we tend to care about first.” (🎤 drop)

Another key component to adopting a tech like serverless, is to make sure that developers can leverage their existing skills. Programming language options are a big piece of that. Yan Cui’s new AWS Lambda Programming Language Comparison post gives us a great overview of supported languages and the pros/cons to think about when choosing a serverless runtime. ⚖️

Finally, security tends to be a sticking point (especially with SysAdmins) when it comes to adopting serverless (and the cloud in general). Luckily for us, Ory Segal at PureSec has put together some AWS Security Best Practices for AWS Lambda. Serverless gives us the ability to develop applications that are more secure and more resilient if designed properly. Also check out my Securing Serverless: A Newbie’s Guide for an overview of serverless security in general.

When you discover the meaning of Occam’s razor

“The simplest solution tends to be the correct one.” I’ve talked to a lot of people this past week about serverless adoption, and it wasn’t surprising to hear what the use case was for most early adopters. According to The New Stack, 73% of people using serverless are using it for HTTP REST APIs and web applications. This was echoed by many of the people I spoke with, and also evident from a number of candidates I recently screened that had listed “serverless” as one of their skills.

It seems that “migrating an Express.js app to Lambda with a [pick your favorite database] backend” is how most people tend to get started. Of course, migrating a monolith to a serverless function might not be the best (or most efficient) use of serverless (read Yan Cui’s: AWS Lambda — should you have few monolithic functions or many single-purposed functions?). However, it is familiar enough to lower the bar for adoption. But once we’ve taken that step, how do we start optimizing our applications?

There are a ton of options, and I know that many people (including myself) love GraphQL. AWS even has their AppSync service that can make building GraphQL endpoints much easier, but like everything managed, it comes with a cost. Plus, sometimes our APIs go beyond simple CRUD operations and we need something more expressive, powerful, and familiar. If you’re looking for an alternative, check out the open source Lambda API project.

It’s an alternative to Express.js, Koa, Restify and other Node.js web frameworks, and is built specifically for serverless applications. There are a lot of built-in features to get you up and running fast, plus support for things like middleware, logging, and much more. We’re always looking for contributors, so please give it a try and help us make adopting this type of serverless use case even easier.

When you finally have a reason to try serverless… 👩‍💻

Serverless, Inc. (creators of the fabulous Serverless Framework) are hosting the #NoServerNovember Challenge this month. Every week they will be releasing a series of serverless challenges that will help experienced users level up, and brand new users get started. If you’ve been wanting to try serverless, these challenges will give you something a little more interesting to do than following a “hello world” tutorial. Plus there’s some swag in it for the winners.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Soenke Ruempler (@s0enke). Soenke is the co-founder of , a cloud and serverless consulting firm in Hamburg, Germany. He’s also an organizer for  as well as the . He recently shared his slides from his talk at code.talks last month. Serverless vs. (Backend) Developers is a really interesting look at the state of serverless adoption and provides some great insights for serverless 🥑s to change the way they are advocating.

Final Thoughts 🤔

As much traction as serverless has gained, there is a loooooong way to go. Information Technology is a multi-trillion dollar market and public cloud computing is only a tiny fraction of that. According to Chris Munns, “MOST cloud is still VM. On prem most compute is still bare metal. Containers adoption at scale is still so so so tiny.” So where is serverless in all this?

Lots of people are experimenting with containers, but the vast majority of companies and developers are still using traditional architectures (on-prem or cloud-based VMs) to build their applications. It’s very possible that serverless could completely leapfrog containers in terms of adoption if it evolves to support both startup and enterprise use cases. Is the echo chamber that is the serverless community making the case to help expand serverless adoption, or are we simply feeding on our own hype? I’d love to know your thoughts.

I hope you enjoyed this issue of Off-by-none. Feedback and suggestions are always appreciated and help to make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Now go spread the word by telling your friends about serverless. See you next week! 👋

Thanks again,
Jeremy

Off-by-none: Issue #9

Live from ServerlessDays NYC!

Welcome to Issue #9 of Off-by-none. Thanks again for being a part of this! 🙌

Last week we discussed the role of DevOps with serverless teams and how #NoOps is definitely not a thing. This week we’re live from ServerlessDays NYC, so if you’d like to follow along, register for the Live Stream. There are amazing speakers all day long starting at 9am ET. I’ll be doing some live tweeting as well. 😉

The awesome serverless news continues to roll in, including the recent general availability announcements of two new serverless observability platforms, Epsagon and Thundra. Plus, I heard a rumor about a new AWS Lambda feature being announced at re:Invent that is blowing my mind. 🤯 Unfortunately, I can’t tell you about it, because, you know, NDAs. 🤐

Lots of great serverless content this week, so let’s jump in!

When there ain’t no party like a JS Party… 🎉

If you want to listen to me talk a lot (and I mean a lot) about serverless, check out last week’s episode of the JS Party podcast! Kevin Ball, Nick Nisi, Christopher Hiller and me chat for over an hour about all things serverless. We go deep into the role of microservices and how serverless nanoservices are changing the way we build and deploy distributed software. We also talk about the business case for serverless, including the effect on developer efficiency and total cost of ownership. Give it a listen.

When you feel like trading Stephen King for the latest serverless novella… 🤓

The team over at The New Stack has put together an incredibly comprehensive Guide to Serverless Technologies ebook. The New Stack is no stranger to producing some really great serverless content, but this compendium goes above and beyond your typical post. Like all things nowadays, there’s some sponsorship in there, but it’s also loaded with insights and case studies from industry experts. Covering everything from how serverless changes our approach to software development, to how companies can adopt and manage it, this book is worth the read.

When you’re looking for some light serverless reading… 📚

PureSec published an AWS Lambda Security Quick-Start Guide that helps you map the new OWASP Cloud-Native Top 10 Project risks and challenges to an AWS Lambda Security Model. I’m happy to see security practices starting to mature around serverless applications, and the work PureSec has done (including Ory Segal’s recent account of hacking a Lambda function) is making all of us safer. 🔒

Also, you know serverless is going mainstream when there’s an article about it in the Wall Street Journal that’s almost gets the specifics right. Serverless Computing’s Innovative Approach to Software Development is the WSJ’s attempt to explain serverless and its benefits to a wider audience. The problem comes with a few statements such as this: “Such a cold start latency might not be acceptable for certain applications. However, if the function is frequently invoked, there’s a good chance that a previous invocation is still around and the delays will be significantly shorter.” There’s also a good chance that when this type of inaccurate information gets broad distribution, it hurts adoption. FYI, this isn’t how cold starts work. 🤦🏻‍♂️

Still not sure about cold start latency? The New Stack recently reported that Business Logic Is a Leading Technical Use Case for Serverless. But that actually ranks third on their list with HTTP REST APIs and web applications coming in first with an overwhelming 73% of respondents utilizing this use case. I’m not a fan of cold starts either, but they have such a tiny impact that they are mostly unnoticeable.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ben Kehoe (@ben11kehoe). Ben is a Cloud Robotics Research Scientist at  who is using serverless technology to presumably make Roombas self-aware 🤖. He’s an AWS Serverless Hero, a regular conference speaker (including today at ServerlessDays NYC), and an occasional blogger. Ben is also a frequent podcast guest (like here and here). I chose Ben this week because he’s actually started a new podcast with Kas Perch (aka @nodebotanist) that’s all about serverless. It’s called ServerlessTalk and is available via Spotify. Looking forward to the next episode!

Final Thoughts 🤔

Serverless is exploding! More content, more tools, more use cases and more adoption. I’m excited to be at today’s ServerlessDays NYC event to hear “case studies and lessons learned from actual serverless implementations.” The more this type of information is shared, the more serverless is demystified. If you’re interested in attending a conference like this, check out the ServerlessDays website for an event near you. If you’re in the Boston area, follow @ServerlessBOS on Twitter, or join our new meetup to get announcements regarding ServerlessDays Boston (coming early next year).

I hope you enjoyed this issue of Off-by-none. Your feedback and suggestions help me make this newsletter better each week, so please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Now go build some amazing serverless apps. See you next time! 👋

Cheers,
Jeremy

Off-by-none: Issue #8

No need to ask, he’s a smooth (dev) operator 👨🏻‍💻

Welcome to Issue #8 of Off-by-none. I’m so glad you’re here for another serverless conversation! 🎉

Last week we discussed what 15 Minute Lambda Functions Tells Us About the Future of Serverless and why the business value of serverless is such a huge win for developers and companies. This week I want to focus on how serverless changes the “Ops” side of the DevOps equation. I have a few thoughts, plus there’s a lot of good stuff out there for us to learn from.

Here we go!

When you want to listen to a bunch of smart people (and me) talk about serverless… ⚡️

If you’re not busy at 2pm ET today, go sign up for Epsagon’s More than Functions webinar. Yan Cui, Corey Quinn, Ran Ribenzaft, and I will be talking about the future of serverless observability, the challenges, and the importance of monitoring your entire application and not just your functions. Should be an interesting conversation.

When you just want to cozy up with a cup of coffee and a good book (about serverless)… ☕️ 📖

Aleksandar Simovic and Slobodan Stojanović‘s book, Serverless Applications with Node.js, made it onto the list of the 18 Best New Node.js Books To Read In 2018. Lots of useful information in there, and congrats to them!

Also, Tom McLaughlin just published a new ebook: “Serverless DevOps: What do we do when the server goes away?” He does a great job outlining how serverless has changed the role of DevOps in organizations and how teams can adapt. If you are planning on migrating some of your apps to serverless, or are building new greenfield apps on serverless, this 80+ page book is worth the read. You can download the book for free.

When you want to read even more about serverless and DevOps… 👩‍💻

NewRelic published a great post earlier this year outlining 6 Priorities for Ops in a ‘Serverless’ World. The only thing they left off the list was “observability”, which could be a full-time job for large serverless deployments.❗️

James Governor’s post, “Serverless and the the death of devops”. Can you not?, was written well over a year ago, but is still an excellent read refuting the #NoOps myth. 💻

Finally, it’s good to know that even though DevOps needs to adapt to serverless deployments, there are plenty of tools being developed to help us out. The New Stack has provided a list of 7 Essential DevOps Tools to Maintain Serverless Operations. I’m not sure you can go wrong with any of these. 🛠

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Tom McLaughlin (@tmclaughbos). Tom is the founder of ServerlessOps, a consulting firm that helps organization with their DevOps transformation and AWS cloud adoption. He’s also a vocal advocate for serverless and a regular speaker at conferences like DevOpsDays. Not only is his company’s blog a great source for serverless content, but this week he published the ebook we mentioned earlier, Serverless DevOps: What do we do when the server goes away? This book is a gift to the serverless community. It’s well organized and loaded with ideas, answers, and practical advice for any team looking to adopt serverless.

Final Thoughts 🤔

I’ve spent (or wasted, perhaps) thousand of hours configuring, patching, and automating servers and application deployments. 15 years ago, when I owned my own web hosting company, I would drive an hour to our datacenter at 2 am to swap out a bad hard drive or memory chip. 10 years ago, I would remote terminal in and swap a VMware image to another blade server or rebalance the RAID on my SAN. 5 years ago I would log in to the AWS Console and launch a new instance from a snapshot or run a CloudFormation template. Today, I configure a YAML file and type a few commands into my terminal window.

There has been this continuous evolution over the years as we’ve migrated our applications and infrastructures to the cloud. It started with a clear separation of concerns between system engineers and application developers. As part of this transition, system engineers became less about the hardware and more about configuration, automation, and operational management. The DevOps culture saw operations people move closer to the application stack, not only planning infrastructure, but also helping optimize applications to run in these new environments.

Now, with serverless, the configuration is fairly minimal, and a vast majority of the operational components are handled by the cloud provider. This has moved developers closer to the infrastructure, giving them freedom to push applications into production without much help from operations at all. However, this freedom is a bit of a double-edged sword. Most developers aren’t operations people and lack important foundations in security, scalability and application resiliency. Distributed applications (especially serverless ones) add new layers of complexity that we can’t expect our developers to master.

So is operations going away in a serverless world? I really don’t think so. While it’s certainly true that more adaptation will be required of them, we still need people to do things like plan and handle disaster recovery, configure and optimize managed services/databases, analyze tracing reports, replay failed events, and monitor overall system health. Sure they may need to jump in and help code once in awhile, but to rely on only developers to navigate and support the complexity of serverless cloud-based applications, IMO, would be taking a huge risk.

I hope you enjoyed this issue of Off-by-none. Your feedback and suggestions are always most welcome. Contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and how you’d like to contribute to Off-by-none. Your input helps me make this newsletter better each week.

Go build some great serverless apps (and support them with Ops people 😀). Hope to see you all next time!

Take care,
Jeremy