Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you’d like to get updates, please subscribe to my weekly newsletter, or follow me on TwitterGithub and Facebook.


My Latest Posts:

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: A New Serverless Attack Vector

As more and more developers and companies adopt serverless architecture, the likelihood of hackers exploiting these applications increases dramatically. The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. There has been a lot of hype about #NoOPS with serverless environments 🤥, which is simply not true 😡. Many traditional applications are frontended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. With serverless, these all go away. 😳

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #20

Let’s get hands-on…

Welcome to Issue #20 of Off-by-none. It’s great to have you here! 🤘🏻

Last week we sifted through quite a bit of serverless content to start the new year. This week we’re going to get a bit more hands-on, and dig into some useful applications of serverless that we can start using right now. We also have some more insights into the future of serverless, plus some really compelling research regarding TCO of serverless infrastructures.

We’ve got a bunch of stuff to get to today, so let’s get into it! 👇

When your downstream systems aren’t infinitely scalable… 😳

There is an ongoing debate about the “serverlessness” of certain services and downstream systems. While that may be a useful exercise from an operational perspective, from a practical standpoint, the bigger issue has to do with scalability. It is likely that most of the services that make up your serverless applications will not scale as well as Lambda. This can create significant pressure on downstream services during heavy traffic spikes, sometimes resulting in unplanned downtime. So what can we do when certain parts of our application simply can’t scale?

An extremely useful pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple queues to “buffer” events so that we can throttle processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that calls a third-party API, this pattern would be a great fit.

In my new post, How To: Use SNS and SQS to Distribute and Throttle Events, I walk you through how to automate this and add it to your serverless applications. Full working code examples are provided and explained, so give it look, and see if this would be right for your application.

When you want more serverless use cases… 🙋‍♀️

Last week I shared some interesting serverless use cases that I came across. I think it’s helpful to see how other people are using serverless, and then be able to apply some of those ideas to your own systems. Here are a few I found this week.

Creating A Serverless Answer For eCommerce  shows us how a team created a completely serverless ecommerce system and the resulting benefits. The quote at the end of the article may seem a bit obvious to those of use who live and breathe serverless, but it sums up the business case quite nicely: “By moving to a Serverless solution, businesses can achieve an affordable solution that will rapidly scale up and down with demand, removing wasted resources and expenditure during down times, while ensuring you’re able to handle larger peak volumes whenever they occur.”

Bob Thomas shows us how and why KYD joined the serverless train. There are some great insights into why they went serverless as well as some code examples for CI/CD with Gitlab.

There are plenty of third party ESPs to choose from, but Vinicius Kiatkoski Neves gives us a complete walk-through and shows us how to send e-mails through AWS SES and Lambda.

When serverless security should be your #1 concern… 🔒

Marcia Villalba is back with another great interview from re:Invent. This week she is Talking about Serverless Security with Ory Segal.

Speaking of Vegas and serverless security, I came across this talk from Erez Yalon at BSides called Serverless Infections. It has some really good security tips in there, plus there are some demos that show how hackers can both infiltrate and exfiltrate your serverless functions.

And don’t forget that Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Make sure you signup to see how the OWASP Top 10 applies to your serverless applications.

When you want to build serverless apps on something other than AWS… ⚡️

I’m a big AWS fan, and with 70% of the serverless market, it’s hard to ignore. But others continue to make strides in the space, and lots of developers are utilizing the service offerings of other cloud providers. Here are few interesting resource I came across this week that do serverless sans AWS.

Serverless Notes is a site dedicated to helping developers build applications on Azure. They’ve recently launched there Azure Serverless Tips series with helpful bits of information from technology leaders and experienced people, all in one place.

Another great resource is the Azure Serverless Community Library. Think of it a bit like the AWS Serverless Application Repository. I browsed through these and there are A LOT of covered use cases already built for you.

And if you’re using the Microsoft cloud and you need to Scale Azure Functions to Make 500,000 Requests to Weather.com in Under 3 minutes, David Barkol has you covered.

And let’s not leave Google out! Wassim Chegham wrote a great post called Building Your Next Serverless Application: The Complete Guide. It is an in-depth, step-by-step, code included walk-through that’s a great resource for those working in the Google Cloud.

When you think about the future of serverless… 🔮

Nate Taggart from Stackery has some predictions for Serverless in 2019. According to him, we can look forward to monolith conversions and executive buy-in, but will face resistance from the IT-Industrial complex.

Ben Moore from ChannelLife New Zealand reports that KBV research predicts the Serverless architecture market to reach $14B by 2024. That’s a compound annual growth rate of 23.4%. 🐨

Adrian Colyer has some thoughts on the Serverless computing: one step forward, two steps back paper that was released recently. Lots of us saw the paper as highly critical of serverless, especially since it focused on use case that were not a good fit. Adrian has a bit of a different perspective on this.

And whenever we look at the future, it’s always helpful to take look at the past. Our friends over at Thundra have a nice post that recaps their journey in 2018. It is really exciting to see companies in the serverless space growing up and being successful. There are so many opportunities in the serverlesss space, and Thundra is just one example.

When you’re finally thinking about migrating to serverless… 🤷‍♂️

Ready to move all your applications to a serverless architecture? Yan Cui says Not so FaaS! He points out that there are lots of viable use cases for serverless, but that user experience should trump everything else. TLDR; don’t try to fit a square peg into a round hole, even if the square peg is serverless. 😜

The team at Nuweba has put together a serverless ebook to help you understand The Top 4 Challenges In Serverless. Handy little guide if you’re new to the serverless world.

There’s also an interesting interview with Red Hat’s Michael Hausenblas on learning to walk before running into a Serverless mess. There are some good points in here about the operations culture changing as well as pointing out a few places where serverless might not make sense.

And if you are planning on going serverless, the biggest culture shock will most likely be with observability, or the lack thereof. The team over at Epsagon has an upcoming webinar that will explain Serverless Monitoring in Practice. Definitely worth a look.

What to do if you can’t let go of your Ruby or PHP framework… 👋

Are you a Ruby on Rails developer that is feeling left out by this whole serverless thing? Check out Jets: Ruby Serverless Framework, and see if that gets you excited.

What about all the PHP fans? I’ve heard that Laravel is doing some work to make the framework more serverless, but in the meantime, Rob Allen will show you how to run Serverless PHP on AWS Lambda. AWS also has a post that can help you as well.

When you’re curious if serverless will actually reduce your costs… 💰

Remember that Serverless computing: one step forward, two steps back paper that we previous mentioned? Well it also got Yan Cui fired up. He tells us why You are thinking about serverless costs all wrong and points out that TCO (total cost of ownership) is the better metric to evaluate costs.

Kevin O’Hara shared a typical #AWS bill for a startup building their MVP primarily on serverless technology like Lambda. Production APIs, static sites, databases, and messaging all for under a few bucks a month. This is not uncommon.

Mark Schwartz had some recent thoughts on Switching Costs and Lock-In that are worth reading. However, the new Generating Value Through IT Agility and Business Scalability with AWS Serverless Platform report is definitely worth a skim. Some of the highlights include a 33% increase in developer productivity, 18% increase in applications/logic created, and an over 200% increase in the number of features. Add to this massive drops in unexpected downtime and MTTR, 60% lower operations costs, and a 53% reduction in infrastructure and hardware costs over a five year period. This is some great data if you’re trying to make the serverless case to the higher-ups.

When you’re looking for some interesting serverless reads and resources… 📚

Your Quintessential Guide to AWS Athena is just that. No need to be paying for RedShift if you store your data correctly in S3.

Mike Roberts and John Chapin over at Symphonia created a lambda-benchmarking project that generates and saves benchmarks for cold start latencies of the AWS Lambda service. It will be really interesting to see these latencies decrease as AWS continues to optimize for them.

And Ray Camden has a new article about Adding Serverless Functions to Your Netlify Static Site. I think I’ve read most of Ray’s books, so it will be awesome if he becomes a serverless advocate too!

When you get overly excited about AWS announcements…🗣

There was an AWS Fargate Price Reduction – Up to 50%. This is thanks to the Firecracker virtualization technology they announced at re:Invent last year. Good news for those of you that still need containers.

AWS also announced Amazon DocumentDB (with MongoDB Compatibility). I wouldn’t suggest building greenfield on it, but if you are moving an existing workload, this could make your managing a MongoDB cluster nightmares go away.

Speaking of migrating MongoDB, AWS Database Migration Service Now Supports Amazon DocumentDB with MongoDB compatibility as a target. Live migrate right from your replica sets or sharded clusters.

And AWS Step Functions Now Supports Resource Tagging, which is pretty cool. The more you tag the better. Read How To: Tag Your Lambda Functions for Smarter Serverless Applications for a bunch of reasons why.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Heitor Lessa (@heitor_lessa). Heitor is a Specialist Solutions Architect at AWS that focuses on serverless. Beside being an all around nice guy and serverless expert, Heitor is the host of the Build on Serverless Twitch series. The first season featured a number of great guests with lots of hands-on, real-world serverless problem solving. Season 2 is in the works, so be sure to RSVP so you can learn more best practices while watching Heitor and his guests build a Serverless Airline App from scratch. Great stuff!

Final Thoughts 🤔

I realize that this newsletter keeps getting longer every week. Maybe I’m looking too hard for serverless content, or maybe there is just a lot more of it out there. Either way, I feel like it is getting a little unwieldy. There is obviously a lot of information to share each week, but I don’t want it to be too overwhelming. Should I cut this down a bit? Do you like all this content? Should I add more!? I’d love to hear your thoughts on it.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

See you next time,
Jeremy

Off-by-none: Issue #19

Starting off the new year with a serverless bang… 💥

Welcome to Issue #19 of Off-by-none. I’m so glad you’re here to talk about serverless! 🙌

Last week we reminisced about 2018 and laid out some plans for the new year. This week we’ll sort through all the serverless content that people created over the holiday break. Plus we look at some serverless use cases, share some upcoming webinars, and give you links to plenty of great talks to keep you busy for awhile.

We’ve got a lot to get to today, but before we jump in, I wanted to share that Lambda API v0.10 was released. Lambda API is a lightweight web framework for your serverless applications. It’s open source, fast, free, and now supports seamless integration with ALBs. v0.10 also added support for multi-value headers and query string parameters, plus new method-based middleware and much more. I’d love for you to check it out and send me feedback.

Okay, back to our regularly scheduled program. Here we go! 🚀

When you’d rather just sit back and watch some serverless videos… 🍿

ServerlessDays Milan 2018 released videos of all the talks from their event in October of last year. Lots of really great talks in here from Yan Cui, Ian Massingham, Danilo Poccia, and many more.

Serverless Computing London has also released some additional videos including Mikhail Shilkov’s Performance Tales of Serverless, Nate Taggart’s Rethinking Testing For Serverless, and Guy Podjarny’s Serverless Security: What’s Left To Protect?

Heitor Lessa announced that the second season of Build on Serverless is going to be about “Building a Serverless Airline App from scratch + leading practices applied.” This is a fun (and educational) thing to watch. You can (and should) RSVP on Twitch.

Also, Marcia Villalba released the first video in her Serverless Interviews series which just so happens to feature yours truly. So if you want to see me ramble on about serverless for 15 minutes while admiring the view of the Mirage in the background, this video is for you.

When you want to learn more about serverless security… 🔒

The team over at Protego created a Damn Vulnerable Serverless Application and donated it to OWASP so that you can learn what not to do when building serverless application. You can read more about it here. Now we have this AND the Serverless GOAT project that PureSec donated last month. These are both great resources to see how easily serverless vulnerabilities can be exploited and what to do to protect your application.

If you’re interested in discussing the OWASP Top 10 and how they apply to serverless applications, Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Lots on information to cover, plus an interactive Q&A session at the end. Should be fun. 😉

What to do when you’re ready to use Lambda Layers… 🍰

Injecting Chaos to AWS Lambda functions using Lambda Layers by Adrian Hornsby, introduces us to a great use case for Layers. Werner said it best, “Everything fails all the time.” Using Chaos Engineering to test the resiliency of your distributed cloud applications is a great way to ensure that when things do fail, that your application will handle those issues gracefully and minimize the blast radius.

Gojko Adzic and his team created some public layers so you can now use FFmpeg, SOX, Pandoc and RSVG with your AWS Lambda projects. One more thing you don’t have worry about.

And if you want to take a Deep Dive Into Lambda Layers and the Lambda Runtime API, sign up for this webinar hosted by Chris Munns, Principal Developer Advocate at AWS. It’s scheduled for January 31, 2019 at 2pm ET.

When you’re having trouble choosing the right database for your serverless app… ⚖️

Alex DeBrie posted a tweet mentioning Rick Houlihan’s Match Your Workload to the Right Database (DAT301) talk at re:Invent. If you thought his Advanced Design Patterns for DynamoDB (DAT401) talk was amazing, prepare for another mind-blowing experience watching this one. Lots of practical advice to help you choose the right backend for your workload. 🤯

Speaking of DynamoDB, Forrest Brazeal from Trek10 spent his holiday break resurrecting the Northwind database from the annals of MS Access and teaches us how to convert it to NoSQL. From relational DB to single DynamoDB table: a step-by-step exploration is a great guide that shows us both the pros and cons of attempting to move relational workflows to DynamoDB. If you’re thinking about moving to NoSQL, please take a few minutes to read this.

When you’re wondering what AWS has been up to… Δ

AWS announced the Amazon API Gateway Service Level Agreement, which may have you scratching your head thinking, don’t all AWS services have SLAs? Just ask Scott Piper from SummitRoute. He put together an AWS Service Support table that shows just how few AWS services actually have them. Something for the 2019 #AWSwishlist.

The AWS Toolkit for Visual Studio Code project seems to be coming along nicely as well. Whether you just want to try it out, or contribute in some way, it’s pretty cool to see AWS developing more things like this out in the open.

They also keep making strides with Nested Applications. If you’d like to learn more, there is a Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository webinar scheduled for January 31, 2019.  It’s hosted by James Hood, Sr. Software Dev Engineer at AWS, so you know it’s going to be good.

When you’re looking for some sample serverless use cases… 🔍

I love finding people that are applying serverless to new and interesting use cases. Whether they are solving complex workflows, or just a simple function that accomplishes a single task that makes your life easier, seeing the broad application of serverless is quite fascinating. Here are a few I found this week.

Building a serverless data analytics pipeline by Rodrigo Reis shows us a simple, but effective way to capture a stream of web events. They use an SQS queue and reserved concurrency to help throttle requests to their Elasticsearch cluster, which is both simple, and a great approach at their stage. They’re also smartly using IOpipe for observability.

Blog URL to PDF to Amazon Kindle by Dhaval Nagar outlines a simple app for automatically sending blog posts to a Kindle. There are probably multiple ways that this type of workflow could be used.

Serverless Function to Sync Data from a Database to Google Spreadsheet is another simple workflow that would be perfect for marketing teams, sales, or your billing department. No need to build interfaces for reporting data when there are already tools that people are familiar with.

If you want to get a bit more complex, check out How to build a React chat app with AWS API Gateway WebSockets, Custom Lambda Authorizer. Lots to chew on here, but if you’re heading down the WebSockets path, this is a good resource for you.

When you just want some interesting serverless content… 🤓

Save time and money with AWS Lambda using asynchronous programming by James Beswick provides some great tips for handling synchronous calls in your serverless functions. Also be sure that you Don’t overpay when waiting on remote API calls either.

Mike Vizard predicts the Battle Over Serverless Computing Frameworks to Heat Up in 2019. There is a lot of discussion in this piece about other companies (read: NOT AWS) embracing Knative and other open source “serverless” middleware to power their FaaS solutions. I think this goes to show how popular serverless is becoming and the thrashing that’s going on to catch up with AWS. I’m not sure this is going to play out the way these companies think it will.

There’s a new serverless framework called BAM! I haven’t used it yet, but let’s just add this to the list.

Jerry Hargrove continues to create more Cloud Diagrams & Notes for our viewing pleasure. His AWS Lambda and Aurora Serverless ones are awesome.

Yan Cui shows us how to perform Error Handling in AWS Lambda With Wrappers. He talks about the need for middleware in our serverless applications and how we can use it to capture errors and help us debug our systems.

Speaking of debugging, Hamit Burak Emre over at Thundra shows us how to Debug Your Python Functions Locally. Step-by-step debugging in Lambda functions with breakpoints? Yes, please.

Finally, Slobodan Stojanović, author and serverless wizard, answers the question, “What do you use for scheduling AWS Lambdas?” His answer gives us cron jobs and delayed triggers, all without servers to manage or maintain. 👍

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Farrah Campbell (@FarrahC32). Farrah is the Ecosystems Manager at Stackery, a visual tool for building serverless applications. Farrah has become another positive voice in the serverless community, helping to organize ServerlessDays Portland and other workshops, and an ever present figure at conferences helping to spread the serverless word. She was also recently featured as a Serverless Superhero in How serverless is breaking down barriers in tech. Diversity in tech has always been a challenge, so it’s great to have people like Farrah as part of the serverless community working to make it more inclusive.

Final Thoughts 🤔

Week #1 of 2019 is in the books, and if this is any indication, it is going to be a banner year for the serverless community! There has already been a ton of great serverless content so far, plus Paul Johnston pointed out that there are EIGHT ServerlessDays conferences between now and April 11th. One of which is Boston, so be sure to buy your tickets soon! I know I’m excited.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Off-by-none: Issue #18

Happy (Serverless) New Year! 🎉

Welcome to Issue #18 of Off-by-none. It’s 2019, and it’s going to be a great year for serverless! 🙌

Last week we looked at the new WebSocket support for API Gateway, saw some more serverless love from startups, and I argued that we should Stop Calling Everything Serverless! This week we’re going to reflect back on 2018, I’ll share my 2019 plans for Off-by-none, and we’ve got plenty of great stories from the community.

Let’s jump right in. It’s going to be another busy year! 👨🏻‍💻👨🏻‍🔬👨🏻‍🎨👨🏻‍🏫

When you need to look back so you can look forward… 🔭

2018 was quite a busy year. Being the CTO of a startup certainly keeps my to-do list full, plus I consulted for several additional companies in the serverless space. However, my passion for creating, writing and helping out others (or at least trying to) is too powerful a force to keep contained.

Even though I have been blogging for quite some time, last year was when I started writing almost exclusively about serverless. I also spent time working on some open source projects and thinking about new ones I’d like to create. I thought it would be a proper exercise to look back at all the things I worked on last year, reflect on what was helpful, and then plan to do more of that in 2019.

In January, I launched the first stable version of Lambda API and then wrote How To Build a Serverless API with Serverless, AWS Lambda and Lambda API. Soon thereafter, I created Securing Serverless: A Newbie’s Guide to capture some serverless security best practices for those just starting out.

Then I shared some tips on How To: Manage RDS Connections from AWS Lambda Serverless Functions as well as How To: Stub “.promise()” in AWS-SDK Node.js. I weighed in on Solving the Cold Start Problem and proposed some additional solutions with How To: Optimize the Serverless Optimizer Plugin. I also came up with a list of 10 Things You Need To Know When Building Serverless Applications.

I did some more security research and wrote about Event Injection: A New Serverless Attack Vector and then shared 5 Reasons Why Your Serverless Application Might Be A Security Risk. I ran some experiments using Serverless Consumers with Lambda and SQS Triggers as soon as AWS announced support. I also started to share serverless microservice concepts and published Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices.

In July, I met Chris Munns for the first time and wrote 15 Key Takeaways from the Serverless Talk at AWS Startup Day. This gave me more insight into the cold start issue, so I created the open source package, Lambda Warmer, so you could Optimize AWS Lambda Function Cold Starts. I then shared some thoughts on Thinking Serverless (Big and Small) and why serverless is great for workloads of all sizes.

As I converted several workflows over to serverless applications, I started making use of tags to keep things organized. I captured my best practices in How To: Tag Your Lambda Functions for Smarter Serverless Applications. The more I wrote about serverless, the more people I found in the community, so I published my list of Serverless Peeps You Need To Follow. 😃

I put together a guide on How To: Add Test Coverage to your Serverless Applications, and then wrote a fictional story called A Tale of Two Teams, about two startups that made vastly different technology choices (serverless versus containers). It was fun to write and there was a lot of interesting feedback. Next up was Aurora Serverless: The Good, the Bad and the Scalable, an in-depth look at AWS’s new “serverless” MySQL database offering.

In August I published Serverless Microservice Patterns for AWS, which is a really handy resource. It eventually made its way to #7 on Hacker News and crashed my site. FYI: WordPress does not scale. Speaking of scaling, I created a solution for Managing MySQL at Serverless Scale with the open source serverless-mysql NPM package. I’ve been using it in production ever since.

In September I launched Off-by-none! It’s been quite a bit of work, but all of your feedback has been incredibly encouraging (more on this later). I then shared a piece called Serverless Security: Locking Down Your Apps with FunctionShield, and wrote up An Introduction to Serverless Microservices. In What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I shared some thoughts about AWS’s new execution limits and why it’s an important step forward.

I also shared some Takeaways from ServerlessNYC 2018, took a first look at the Aurora Serverless Data API, and then spent a week in Las Vegas for AWS re:Invent. My re:Capping re:Invent: AWS goes all-in on Serverless post explains why AWS is lightyears ahead of other providers in the serverless space. I also shared a serverless tip so you Don’t overpay when waiting on remote API calls, and I finished up the year with my Stop Calling Everything Serverless rant.

I’m exhausted just thinking about all that, but at the same time, I’m super excited for 2019. I received a tremendous amount of constructive feedback, met some really amazing people, and learned a ton in the processes. I’ve got plenty of content planned for this year, most of which will be highly practical so that you can apply the concepts straight away. I’m also working on a course or two, plus some other creative ways to talk about and explore serverless applications and the methodology used to build them. I’m hoping you’ll find all of this useful.

When you’re wondering what’s next for Off-by-none… 🧙‍♂️

When I first launched Off-by-none, it was a bit of an experiment. I wanted to create a sort of “un-newsletter”, something that was more interactive than just some links to recent articles, blog posts, and handy tools. Don’t get me wrong, I love getting my weekly newsletters, and there are plenty of good ones to choose from, but I still think we can do something even bigger and more helpful.

Don’t worry, I’m still going to write the weekly newsletter, but in the next couple of weeks, Off-by-none will be launching its own site. This new site will host archives, resources, and plenty of additional ways for the community to interact, contribute, and help steer the conversation. I’m really excited about this and the possibilities it creates. I still believe that Off-by-none is about working together to build better cloud-based products, so I’m hoping this new site will open it up to a bigger audience and help to expand the serverless community.

When you’ve heard enough about me and just want some good serverless content… 📚

Gal Bashan over at Epsagon wrote The Hitchhiker’s Guide to Serverless. Earlier this year we talked quite a bit about the serverless echo-chamber and how foreign some of these concepts are to those that are new to serverless. Gal outlines a number of key components that make up serverless applications and explains what they are and when to use them.

Getting started with AWS Lambda Layers for Python is a new post from Adrian Hornsby that lays out the basics for harnessing the power of Lambda Layers. Lots of really good stuff in here.

I also came across Contemporary Views on Serverless and Implications by Subbu Allamaraju the other day. Subbu is an engineer with Expedia and wrote this really interesting piece about the differing views of serverless and the conflicting nature of the term. Another piece that shows just how much further we have to go to bring serverless to the masses.

Syed Jaffry, a solutions architect at Amazon Web Services, wrote a really great article regarding Best practices for securing sensitive data in AWS data stores. When we’re building serverless applications (or any application in the cloud), understanding how to keep sensitive data secure is extremely important. This piece gives you an overview of some general security patterns that you can use. Definitely worth the read.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erik Peterson (@silvexis). Erik is the Founder and CEO of CloudZero (@cloudzeroinc), a startup that helps you monitor your cloud computing costs. Erik has been building on AWS for over a decade, he’s a frequent speaker at conferences and meetups, and is a regular contributor to the CloudZero blog. He’s a big proponent of #FinDevOps, which is all about leveraging cost as a first class metric when designing serverless systems. Serverless applications generally have a lower TCO than most traditional applications, so it’s good to have people like Erik think through how cost affects our organizations up and down the value chain.

Final Thoughts 🤔

Last year was quite a whirlwind. There were so many amazing advancements in the serverless space, that it’s hard to keep track. AWS announced a number of new services that will be available in 2019, plus I’m hoping that other cloud providers will continue to invest heavily in this space as well. I’m thinking that 2019 is going to be a very good year for the serverless community. ⚡️

I plan on producing lots of serverless content this year, plus I’m co-organizing ServerlessDays Boston on March 12, 2019, and I hope to do some speaking as well. I look forward to spending 2019 with all of you!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none even better.

Here’s to 2019, 🍾🥂
Jeremy