Product Guy, Serverless Advocate & Startup Veteran

My name is Jeremy Daly. I appreciate the visit. 👍 I’ve been managing the development of complex web and mobile applications for businesses across the globe for over 20 years. I’m currently the Chief Technology Officer at AlertMe, but I always keep myself busy with several side projects and consulting clients. I’m also an AWS Serverless Hero.

I write a lot about serverless and I like to share thoughts and stories about programmingproduct managemententrepreneurship and productivity. Sometimes I’ll write reviews or have random thoughts that I need to get out of my head. I also like to post a how-to article every once in a while. Feel free to jump in to one of the categories above, view all my posts, or view my latest posts below.

If you want to keep up with what I’m working on, you can follow me on TwitterGithub and Facebook.

Also, if you’re interested in serverless, please subscribe to Off-by-none, a weekly newsletter that focuses on all things serverless, and be sure to listen to Serverless Chats, a weekly podcast that discusses all things serverless.


My Latest Posts:

🚀 Project Update:

Lambda API: v0.10.5 Released

Lambda API v0.10.5 has been released to fix a few minor bugs around ALB query string decoding and TypeScript definitions. Plus a new feature that allows you to disable error logging. Read More...
🚀 Project Update:

Serverless MySQL: v1.5.3 released

This update includes a number of fixes from the community including exporting the escape function, standardizing quotations in a maintenance query, and adding a retry on PROTOCOL_CONNECTION_LOST errors to resolve the zombie cleanup race condition. Read More...
🚀 Project Update:

Serverless MySQL: v1.5.2 released

Added a retry for another error that is resetting connections (this should fix the issues in #57 and #62) as well as some minor documentation and dependency updates. Read More...
🚀 Project Update:

Data API Client: v1.0.1 Released

There was an issue with batch records via standard queries versus those wrapped in transactions. v1.0.1 includes a patch that checks the arguments and conditionally flattens the array for proper handling in each context. Read More...

Takeaways from AWS re:Invent 2019’s Amazon DynamoDB Deep Dive: Advanced Design Patterns (DAT403)

AWS re:Invent 2019 is a wrap, but now the real work begins! There are hundreds of session videos now available on YouTube. So when you have a few days (or weeks) of downtime, you can dig in to these amazing talks and learn about whatever AWS topics you fancy.

I was only able to attend a few talks this year, but one that I knew I couldn’t miss in person, was Rick Houlihan’s DAT403: Amazon DynamoDB deep dive: Advanced design patterns. At the last two re:Invents, he gave similar talks that explored how to use single-table designs in DynamoDB… and they blew my mind! 🤯 These videos were so mind-bending, that they inspired me to immerse myself in NoSQL design and write my How to switch from RDBMS to DynamoDB in 20 easy steps post. I was hoping to have a similar experience with this year’s edition, and I WAS NOT DISAPPOINTED.

As expected, it was a 60 minute firehose of #NoSQL knowledge bombs. There was A LOT to take away from this, so after the session, I wrote a Twitter thread that included some really interesting lessons that stuck out to me. The video has been posted, so definitely watch it (maybe like 10 times 🤷‍♂️), and use it to get started (or continue on) your DynamoDB journey.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.3 Released

Lambda API v0.10.3 has been released to fix a few minor bugs around route prefixing and base64Encoding (thanks @Sleavely and @btakita), and to add a whitelist for headers on error cases (@hussfelt). Read More...

The Dynamic Composer (an AWS serverless pattern)

I’m a big fan of following the Single Responsibility Principle when creating Lambda functions in my serverless applications. The idea of each function doing “one thing well” allows you to easily separate discrete pieces of business logic into reusable components. In addition, the Lambda concurrency model, along with the ability to add fine-grained IAM permissions per function, gives you a tremendous amount of control over the security, scalability, and cost of each part of your application.

However, there are several drawbacks with this approach that often attract criticism. These include things like increased complexity, higher likelihood of cold starts, separation of log files, and the inability to easily compose functions. I think there is merit to these criticisms, but I have personally found the benefits to far outweigh any of the negatives. A little bit of googling should help you find ways to mitigate many of these concerns, but I want to focus on the one that seems to trip most people up: function composition.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.2 Released

Lambda API v0.10.2 has been released to add additional TypeScript support (@maxmellen), fix an issue with multiValueHeaders containing a null value (@stawecki), and support for overriding console.log for logging output (@Sleavely). Read More...
🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…

Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…

A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…

How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…

Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…

Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…

Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…

15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…

Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…

5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…

Serverless Consumers with Lambda and SQS Triggers

Update November 19, 2019: AWS announced support for SQS FIFO queues as a Lambda event source (announcement here). FIFO queues guarantee message order, which means only one Lambda function is invoked per MessageGroupId.

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…

Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…

10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…

Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…

How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…

How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…

Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…

Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #77

Monoliths versus Microservices…

Welcome to Issue #77 of Off-by-none. Thanks for joining us! 🙌

Last week, we looked at the new Serverless Lens for the Well-Architected Framework Tool. This week, we have a few posts that explore the pros and cons of microservices versus monoliths, plus plenty of excellent content from the community.

Serverless Stories 📖

Modern monitoring for microservice & serverless architectures
Understand Lambda & container-based applications in a truly unified platform. Epsagon’s automated, end-to-end tracing enables full visibility into your production in minutes without needing to install an agent. Try free today. Sponsored

Migrating to a serverless contact management backend
This is a great post from Emily Shea that perfectly captures how serverless can allow you to build something quickly, prove its value, and then enhance it as your feature requirements grow. The first version of her architecture shows a heavy reliance on SendGrid to handle the undifferentiated processes of contact management and email delivery. But as more features are needed, the architecture evolves to support functionality that can provide unique business value to her app. There are a lot of really good lessons to be learned from her overall approach.

Why the ‘WHY’ matters more than the ‘WHAT’ in Serverless!
Sheen Brisals is getting tired of endless serverless definitions, and instead wants to focus more on “why” we should be building applications with it.

Serverless and the RDS Data API: A journey to deployment
Chris Buonocore recounts his team’s all-too-familiar story of spiking database connections with Lambda functions connecting to RDS. They migrated to the RDS Data API and learned some lessons along the way.

Serverless Use Cases 🗺

Building a static serverless website using S3 and CloudFront
Sometimes it’s those little nuances that really get you. Sander Knape points out a very important factor to consider when hosting static sites with S3 and CloudFront.

Using AWS Lambda to Create a MongoDB Connection Proxy
Interesting approach here by the team at Webiny. The DB connection / FaaS concurrency issue is a real problem, but introducing another layer of Lambda functions seems like more overhead than it’s worth. I’d suggest using the same approach as serverless-mysql and managing connections using db.serverStatus().connections to get the current usage.

Saga Patterns inside Step Functions world
The team at Chaos Gears points out some standard practices for implementing Saga patterns with Step Functions. Interesting subtext in here about using Step Functions for communicating across distributed components/microservices, a topic I recently debated with Yan Cui.

Introducing Multi-Region Asynchronous Object Replication Solution
If you need to replicate S3 objects to different regions automatically, this new AWS Solution gives you everything you need to make it happen.

Serverless Concepts 🏗

Serverless Framework: Warming up AWS Lambda to avoid “cold start”
I appreciate the content from Michele Riso, but as someone who has written the Lambda Warmer package, I can tell you that the pitfalls of this approach are grave. AWS now has an official solution to this problem with Provisioned Concurrency (so does Azure). So, if you really need to reduce cold starts (which in many cases you don’t), then take a look at some better, non-blocking solutions.

Tagging Traces in Distributed Applications
Monitoring distributed applications is hard. So any time there are features that give you the ability to both trace transactions, and classify them with tags to make it easier to investigate issues, I’m going to be a fan.

7 ways to do async message processing in AWS
Paul Swail has a great article that shows you seven different ways to send messages asynchronously between Lambda functions when building serverless applications. Lots of these are standard ways, but as he mentions at the end, you should consider using Step Functions if you have complex workflows that require lots of guarantees and rollbacks.

DynamoDB Transactions: Use Cases and Examples
Everything you’ve ever wanted to know about DynamoDB Transactions (and even some things you probably didn’t 😉). Alex DeBrie has another excellent in depth post that will show you how transactions work, when you should use them, and when you should be aware of their performance impact.

Amazon Builders’ Library in focus #7: Going faster with continuous delivery
In the seventh installment of Amazon Builders’ Library in focus series, Mike Roberts of Symphonia picks out the key insights from the article Going faster with Continuous Delivery by Mark Mansour. This is an excellent analysis with lots of lessons for teams looking to build and release quality software faster.

Enhancing Distributed Tracing with Business Context
As with Epsagon’s tagging features, Thundra provides a similar functionality. Great stuff for understanding your distributed workloads.

Building a serverless URL shortener app without AWS Lambda
Brilliant series of posts by Eric Johnson. I can almost guarantee that the built-in features of the cloud are much more secure, resilient, and reliable than any Lambda code you or I could write. This doesn’t mean we never need Lambda, but if you can evolve certain apps to reduce its synchronous usage, there are a lot of performance gains to be had.

Where do you store secrets for AWS Serverless apps?!?
George Mao breaks down the Ease of Use, Level of Security, and Cost associated with the different approaches to secrets storage on AWS.

The Serverless Chats Podcast
Geek out on everything serverless! Each week, Jeremy Daly, serverless advocate, AWS Serverless Hero, and Off-by-none founder, chats with another serverless champion to explore and do a deep-dive into specific topics in the serverless space. Sponsored

Serverless Tutorials 👷‍♀️

Painless AWS Chalice Application Debug
If you’re building your serverless applications with AWS Chalice, this post from Alex Gelman will show you how you can speed up your workflow and debug your applications locally.

Promotion Pipelines
As I’ve said before, I really like what the Serverless Framework Pro is doing with CI/CD. In this post, Gareth McCumskey shows you how to “kind of” build promotion pipelines using a Gitflow strategy. I’m still waiting for actual promotion pipelines that reuse immutable artifacts, but I realize that it’s a more difficult problem to solve.

Ensuring Usernames are Unique in Your AWS Amplify App
This seems like a really roundabout way to do username checks with AWS Amplify, but as of this writing, nobody has challenged it yet.

Building a Serverless JAMstack ECommerce Store with Gatsby & AWS Amplify
Nader Dabit walks you through the building blocks needed to build a completely serverless, JAMstack ecommerce store using a static site generator and AWS Amplify.

Create PDF using PdfKit on Serverless AWS Lambda with Layer
Crespo Wang shows you how to package PdfKit into a Lambda Layer and then use it to manipulate PDFs with your Lambda functions.

Serverless Security 🔒

Keeping your Lambda functions safe with Joi
I really like what Tal Bereznitskey has done here to validate events being passed into Lambda functions. Event injection is a real thing, so having a standard way to sanitize those events can really up your security posture.

Serverless Reads 🤓

What’s next for serverless architecture?
This is an excellent article by Brecht De Rooms that lays out the evolution of cloud computing and how eventually the edge will be the source of both compute and dynamic data. For those of you that are still holding on to the idea of monoliths, this is a good read for you. If edge is in fact the future of distributed applications, then the monolith is not going to hold up.

How Serverless Impacts Design: Gojko Adzic at DDD Europe
It’s always great to hear Gojko Adzic’s perspective on serverless. This article is a nice recap of his talk at DDD Europe and links to his slides as well.

How to avoid turning microservices into distributed spaghetti code
Interesting post by Matt Asay. There has been a lot of talk lately about the value of monoliths versus microservices, particularly around the notion that most “microservices” are ending up as just distributed monoliths. This is likely an education and organization problem, but if you build a tightly coupled network of services, you’re going to feel the pain of that very quickly.

Comparing Serverless and Containers: Which is Best?
“Containers are a more secure technology that can help support long-term cloud infrastructure.” If you feel like reading another Containers vs. Serverless post that’ll make you want to bang your head against a wall, please click here.

Ask the Expert: Serverless: Public cloud’s second wave
Great post by Tim Wagner about the architectural shifts in cloud computing and how serverless is clearly becoming the new norm for developing cloud-based applications. He touches on some of the main pain points that have slowed serverless adoption, but also points out the hybrid approach taken by services like Fargate and Cloud Run that help with the inevitable transition.

The Serverless Supremacy
I’m glad Sven Al Hamad had the time to write this post, because I’m very much so in agreement with him. It wouldn’t be another day on the Internet without DHH defending his approach to application architecture. I’ve been doing this for a very long time, and I’ve never seen anything as promising as serverless and (properly designed) microservice architectures. Nothing is a panacea, and that most definitely includes Ruby on Rails and its monolithic approach.

For the A/V enthusiast… 🍿

Episode #36: The Cloud Database Landscape with Suphatra Rufo
In this episode, I chat with Suphatra Rufo about how enterprises are migrating data to the cloud, why the cloud database market is shifting to NoSQL, and the hybrid database strategy that companies need to adopt.

Choosing the right Infrastructure as Code framework – between CloudFormation, SAM, CDK and Amplify
Marcia Villalba shares a brief description of CloudFormation, AWS SAM, AWS CDK, and AWS Amplify, and then shows you when and where you should use each of them.

New from AWS 🆕

Configure fine-grained data access with Amazon Elasticsearch Service
Until there is a serverless Elasticsearch service, we are still required to provision our own managed ES clusters. Setting up a new cluster for each service is expensive and a major pain, so giving us more control over who can access what in a shared environment is a very cool feature.

Amazon MSK increases the default broker limit per cluster to 30 brokers
If you are using Amazon Managed Streaming for Apache Kafka for your workloads and you need 30 brokers, good for you! That is some serious throughput.

Amazon Cognito User Pools service now supports case insensitivity for user aliases
Hmm, I wonder if this helps solve the Amplify unique username issue from the post we mentioned earlier?

AWS CloudFormation StackSets introduces automatic deployments across accounts and regions through AWS Organizations
I really like what AWS is doing with StackSets, so having additional automation built in is a nice improvement.

Amazon Rekognition now detects text in videos, and lets you filter results by region, bounding box size and confidence score
I remember when I built a service that used an open source OCR tool to attempt text detection in images. It was pretty terrible, and it took me a very long time to do it. If I had a tool like Rekognition back in the day, who knows what the impact would have been if I had all that extra time to work on things that actually mattered to the business.

You can now restore Amazon DynamoDB table backups as new tables in other AWS Regions
I can see this being a handy feature, especially if you are running multi-region rollups through a single region pipeline.

Serverless Tools 🛠

Essential Open Source Serverless Code Libraries
Erez Berkner points you towards several open source libraries to use with your serverless applications. And thanks for the Lambda API mention.

LearnServerless.dev
Jeremy Thomerson is putting together an online training course to teach you how to build a serverless REST API on AWS. I’m not sure if there is a cost associated with this, but you can sign up for the mailing list to get more info.

DynamoDB Pricing Calculator
Simple web-based tool for forecasting DynamoDB costs.

Make a serverless Express API with OpenJS Architect
Another way to migrate an existing Express API to serverless is now available via Architect’s Express migration middleware.

Thoughts from Twitter 🐦

I’ve been in a cave over the past few months working in silence. I’ve become much more aligned with “why” I started @serverlessgurux. One of the biggest reasons, empowering the community and giving back equally. Based on this, you will find 100% free templates, docs, training videos, deep dive articles, podcast episodes, meetups, webinars and so on all free. ~ Ryan Jones
Ryan has done some great work with serverless, so if you’re interested in checking out all the work he’s contributed, give his site a look.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

February 20, 2020 – The Complete Guide to Observability (webinar)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville 🗣

March 19, 2020 – ServerlessDays Zürich

March 24, 2020 – ServerlessDays Helsinki 🗣

March 27, 2020 – ServerlessDays Hamburg 🗣

April 6, 2020 – ServerlessDays Boston

April 20, 2020 – ServerlessDays Auckland

April 23, 2020 – ServerlessDays Vienna

April 24, 2020 – ServerlessDays Paris

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ajay Nair (@ajaynairthinks). Ajay is the Director of Product for Lambda at Amazon Web Services, which means he’s your guy for all things AWS Lambda. Ajay’s role is instrumental in driving the serverless product strategy at AWS and he leads a team of amazing individuals that keep propelling the product roadmap forward. Thank you Ajay for your work bringing the serverless features we need to life! 🙌

Final Thoughts 🤔

I spent the end of last week in Wales at the ServerlessDays Cardiff event, and it was a really great showing of serverless enthusiasts and newcomers to the community. The overall community is still relatively small, but seeing so many engaged developers, and listening to others talk about how serverless is having a hugely positive effect on their development processes, makes me think all this nonsense of monolith versus microservices is just a bunch of background noise. If you’ve yet to experience the power of serverless, I can understand your skepticism. But a new world order is coming, and spoiler alert, it’s not going to be monolithic Rails apps running on Heroku. 🤷‍♂️

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Until next time,
Jeremy

P.S. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Off-by-none: Issue #76

Building Well-Architected Serverless Applications… 🔭

Welcome to Issue #76 of Off-by-none. I’m glad you’re here! 🙌

Last week, we shared the results from Datadog’s serverless survey and loaded up on our DynamoDB knowledge. This week, we’ve got the new Serverless Lens for the Well-Architected Framework Tool, plus plenty of awesome content from the community.

The Well-Architected Framework Tool (now with extra serverless)! 🎉

The Well-Architected Framework was developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. This is based on five pillars that include operational excellence, security, reliability, performance efficiency, and cost optimization. It was meant to provide a consistent approach to building and evaluating architectures that will scale over time.

The Serverless Application Lens was released some time ago (and has since been updated), and is a great resource for following the best practices from both AWS and the community. However, the Well-Architected Framework Tool, which guides you through evaluating and improving your application, didn’t incorporate these evolving serverless principles. Until now! Check out this blog post that explains how to use the AWS Serverless Lens in the AWS Well-Architected Tool. I think this will not only help people develop better serverless applications, but will be a great guide for those just starting with serverless.

Serverless News & Announcements 📣

AWS Heroes united!
Couple of bits of news here. For one, Ant Stanley (AWS Serverless Hero and ServerlessDays Founder) has launched a new training platform called Senzo. And, Yan Cui is the first one to participate with his “Production-Ready Serverless” workshops.

Serverless Stories 📖

Serverless Framework with Terraform: a firsthand experience
Joel Barna argues that a hybrid approach to managing your serverless apps and AWS infrastructure is the way to go. There are certainly good reasons to manage shared infrastructure separately (and Terraform’s a good choice), but when it comes to deploying serverless apps, tools like the Serverless Framework and SAM are hard to beat.

Using Python and AWS Lambda to send Automated Emails
Indra Teja outlines the steps he took to create a serverless process to automate customized emails. There’s some good bits it there if you’re implementing something similar, but most of all, I appreciate that the experience was documented.

Lessons learnt using Serverless Lambda Functions
Sometimes real world implementations don’t meet the hype. Swapnonil Mukherjee explains some serverless lessons he learned and argues for a container-based approach instead. Is he right about all this? The teams developing serverless tech should take a good look at stories like this.

My first technical conference talk at the superlative inaugural Serverless Days Belfast
Glenn Horan has a nice recap of ServerlessDays Belfast, plus some tips for first time conference speakers. If there is one thing that the serverless community values, it’s the acceptance of new ideas and perspectives. So thanks for stepping up and submitting to the CFP, Glenn. It was a great talk.

Serverless Concepts 🏗

Shenanigans of Serverless- part 1
Shardul Aeer points out some of the nuances of API Gateway and how it interfaces with Lambda. There are workarounds (as he outlines) for many of these, but his ultimate point is that serverless is “not as simple” as some people make it out to be. I totally agree, and things are only going to get more complex in the future.

Serverless Side Rendering
If you have an afternoon free, take a look at Adrian Smijulj’s post about pre-rendering HTML for SEO in serverless environments and how Webiny is handling it. It is a long and in-depth post, but after reading it, you’ll walk away an expert on the subject.

A Guide to Preview Deployments with Serverless CI/CD
I really like what the team at Serverless, Inc. is doing with the Serverless Framework Pro, and the newly released “Preview Deployments” are another home run. Fernando Medina Corey walks you through how this feature works and how it can make testing your serverless applications much easier.

Azure Durable Functions
If you’re venturing into the Microsoft Azure world, Durable Functions can make building stateful workflows a lot easier. Asim Nazir explains all the details for you.

What Vending-Machines Have to Do With Your Microservices Architecture
Renato Byrro explains why vending machines are like Finite-State Machines and how they relate to your microservices architecture. It may not be the most apt analogy, but the point is well taken.

Dynamodb Streams — handy and tricky as well
This post points out some of the “gotchas” when using DynamoDB Streams, particularly the case of my-function-is-not-catching-the-error-correctly-so-I-will-keep-trying-forever issue. Of course, these are typically because of coding errors, not that you ever make any of those. 😉

Serverless and chaos engineering, is it possible?
I’m a big fan of chaos engineering (if only we all had the time to utilize it). Emrah Samdan gives a good overview of what it is and how we can apply it to our serverless applications. There’s a small pitch for Thundra in there, but I will say, the service does make the process much easier.

Serverless Tutorials 👷‍♀️

Serverless and CloudFormation: Rebuilding the Wild Rydes App
What do you do if you want the AWS Wild Rydes app tutorial to be done with IaC? Build it yourself, that’s what Kiki Morgan did.

Using AWS Lambda to scale Image Processing
Probably one of the most iconic serverless use cases, and for good reason. This tutorial will walk you through the implementation.

How to Migrate from Amazon RDS Aurora or MySQL to Amazon Aurora Serverless
Aurora Serverless is great for the right type of workloads. Shouki Souri walks you through migrating your existing cluster to its serverless counterpart.

Handling SQS partial batch failures in AWS Lambda
Brett Andrews shows you how to deal with partial batch failures when polling SQS messages with Lambda. He shows you the easy way first, and then digs into the underlying mechanics.

Serverless Reads 🤓

The What, Why, and When of Single-Table Design with DynamoDB
Alex DeBrie has an excellent post about the benefits and downsides of Single-Table Designs. I offered some commentary on the “downsides”, but the post is definitely a must read for all you DynamoDB fans.

FaaS Providers in 2019, What are my Options?
This is a good roundup by the team at Fauna. I think there is a lot more that goes into a “FaaS” decision, including what other supporting services are available in order to build out your application, but the detail here is great.

How to Know When a Cloud Computing Trend Has Come to Its End
Serverless is on this list, which I obviously don’t agree with (especially considering the massive uptick over the last year), but it just goes to show how out-of-touch some holdouts are. The equation of “serverless” with “FaaS” is still astounding to me, but this is the battle we must continue to fight.

For the commuter… 🚎

Serverless Chats – Episode #35: Advanced NoSQL Data Modeling in DynamoDB with Rick Houlihan (Part 2)
I continue my conversation with Rick Houlihan about NoSQL Data Modeling. We discuss why you likely don’t want to use LSIs, when sharding is necessary, the benefits of denormalization, how to efficiently store large document deltas, and much more.

New from AWS 🆕

DynamoDB global tables are now available in the Asia Pacific (Mumbai), Canada (Central), EU (Paris), and South America (Sao Paulo) Regions
I usually don’t include region-based rollouts, but DynamoDB global tables are very cool. If you’re building a multi-region application, don’t ignore how powerful these things are.

Use the new Amazon CloudWatch metrics for Amazon DynamoDB Accelerator (DAX) to gain more insights into your DAX clusters’ performance
DynamoDB is getting more and more popular, but I think people overlook DAX because DynamoDB is so fast. However, if you have a high velocity read application on cacheable data, DAX is an awesome solution to speed up your app and likely lower costs. Plus it is a “write-through” cache, so it automatically handles updating the cache on misses.

Amazon Cognito User Pools service now supports logging for all API calls with AWS CloudTrail
Amazon Cognito User Pools now supports logging for all of the actions listed on the User Pool Actions page as events in CloudTrail log files, making it easier for developers to record all actions taken by a user, role, or an AWS service.

New Desktop Client for AWS Client VPN
AWS has been making it easier to connect to your VPCs, so this is another nice addition. This should simplify working with certain services locally.

AWS AppSync releases integration with AWS X-Ray and GraphQL Info object support
You can now enable AWS X-Ray for your APIs in AWS AppSync, making it easier to trace and analyze user requests as they travel through the APIs to the backend data sources.

AWS CLI v2 is now generally available
So this is pretty cool. I don’t know what I like more, the new wizards, or the autocompletion of resource names.

Amazon RDS Data API now supports AWS PrivateLink
While it’s probably a cheaper (and more secure) alternative to NATs, I really wish there was a cleaner way to deal with these types of service integrations.

Introducing content filtering for Amazon EventBridge
This has been available for awhile, but maybe they just got around to announcing it. Anyway, this is an amazing addition. You can now filter based on numeric ranges, the existence or absence of attributes, string prefixes, and ‘anything-but’ comparisons. Plus rules can include multiple filters to create complex combinations in a single event pattern. Very cool stuff.

Serverless Tools 🛠

Dynobase – Professional GUI Client for DynamoDB
Great new tool that’s been launched by Rafal Wilinski. There are a ton of cool features in here, so if you’re into DynamoDB, give it a look.

Thoughts from Twitter 🐦

Last week I converted my site(s) to #serverless… my estimated monthly cloud bill went from many money, to no money. This week I dine on the finest ramen. ~ Nathan Glover
Even if serverless is still not perfect for everything, the static site revolution is upon us. I still need to find time to do this for my blog, but if you’re not at least thinking about, you’re behind the times.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

February 12, 2020 – Remote debugging of live AWS Lambda functions (Workshop at ServerlessDays Cardiff)

February 13, 2020 – ServerlessDays Cardiff 🗣

February 18, 2020 – Controls for Managing Events in Serverless Applications (webinar)

February 20, 2020 – The Complete Guide to Observability (webinar)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville 🗣

March 19, 2020 – ServerlessDays Zürich

March 24, 2020 – ServerlessDays Helsinki 🗣

March 27, 2020 – ServerlessDays Hamburg 🗣

April 6, 2020 – ServerlessDays Boston

April 20, 2020 – ServerlessDays Auckland

April 23, 2020 – ServerlessDays Vienna

April 24, 2020 – ServerlessDays Paris

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is James Hood (@jlhcoder). James is a Senior Software Developer at Amazon, where he’s the tech lead of the AWS Serverless Application Repository. His role within AWS has helped propel the serverless movement, not just with SAR, but also as a contributor to SAM (the Serverless Application Model). Thank you, James, for your continued work on serverless! 🙌

Final Thoughts 🤔

I’m just about to jump on a plane to speak at ServerlessDays Cardiff, but before I go, I wanted to mention the Serverless Community Survey that I’m working on. I was hoping to launch it today, but we’re still finalizing a few things. If you have any feedback, please feel free to send it my way. I’m really looking forward to getting it out there and seeing the results.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Until next time,
Jeremy

P.S. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Off-by-none: Issue #75

The State of Serverless… 🚩

Welcome to Issue #75 of Off-by-none. It’s great to have you here! 👍

Last week, we shared exciting news about several serverless companies that were recently funded, plus highlights from ServerlessDays Belfast. This week, we’ve got excellent serverless survey results from Datadog, some mind-blowing DynamoDB knowledge bombs, plus plenty of content from the community.

If you’re curious about the current state of serverless… ✋

Datadog just released The State of Serverless 2020 report. There is a ton of really interesting insights from their customers’ cloud usage in there, especially the fact that half of them are using AWS Lambda. The report doesn’t break down use cases or the percentage of serverless workloads, but it does point to the fact that many large enterprises (and container users) are starting to implement Lambda functions. This is certainly encouraging for the future of serverless adoption. There has already been some great commentary on this, so I’ll leave further analysis to Chris MunnsFintan Ryan, and Paul Swail.

Serverless News & Announcements 📣

Announcing Serverless CI/CD
CI/CD with serverless applications has oft been an exercise in creativity, leading to some cobbled together monstrosities that would put Mary Shelley to shame. 🧟‍♂️ I did some early testing on the new CI/CD feature in Serverless Framework Pro, and I was very impressed.

Serverless Stories 📖

Scaling to Billions of Requests – The Serverless Way at Capital One
Excellent post by Vijay Bantanur and the team over at Capital One about how they’ve built out their streaming systems using serverless components. Lots of useful information in here, and also a nice proof point for the big data use cases.

How I built Heimdall, an open-source personal email guardian.
This project by Fabian Terh captures just how powerful serverless really is. His system utilizes cloud storage, email protocols, and event-driven compute, all without setting up, maintaining, or paying for servers. I’d also guess that this system costs pennies a month, and the fact that it was built and deployed in just over a week, shows how quickly we can prototype complex systems without massive investments in infrastructure.

Serverless Small Business Expense Tracker
While my typical advice would be to buy a solution like this, Anupam Mahapatra decided that building his own solution was a better choice. I will say, Google App Scripts is pretty cool, so if you use Google for Business, and you’ve got some automation tasks to do, definitely give it a look.

Building a Serverless Solution in AWS for $0.07
While this post doesn’t go into a lot of detail about the inner workings of his application, Rob Larter does reiterate the fact that prototyping solutions like this are fast and inexpensive. The better point, even if it starts to receive a boatload of traffic, it’s already build to handle that scale.

Serverless Architecture: Is It Actually Possible?
Another story of a development team moving to serverless and seeing a 90% cost reduction. There are so many stories like this, and almost all of them have some great tidbits of info in there that the cloud providers can learn from.

Serverless Use Cases 🗺

Starting out with data puddles, then we’ll think about data lakes
Awesome post by Adam Clark that outlines Comic Relief’s strategy for migrating to a serverless data lake. Best piece of advice in this article that should apply to most engineering decisions: “Sure, knitting’s fun for some people, but you’re on the company’s time, go buy the jumper from the store and don’t waste your time knitting a shitty one.” #truth

Creating a global data set: using serverless applications and deep learning
Here’s a good use case for you, using a serverless pipeline to analyze satellite imagery to locate mangrove forests. Ciaran Evans has a great post that outlines what his team did, and how they have been evolving their application to provide for more control and execution insights.

Custom caching strategy using Cloudflare Workers
Here is a deceptively simple use case by Akash Agrawal. One of the great features of Cloudflare Workers (and other edge-computing platforms) is the ability to manipulate the caching based on different attributes of the request as opposed to relying on simple caching strategies. Lots of very cool things that can be done with this.

Serverless Concepts 🏗

AWS – Serverless services on AWS
I think we sometimes take for granted how much we know about a specific topic when we’re so deeply immersed in it. So for those that want a quick rundown of some popular “serverless” AWS products, Ashish Patel has put together a list for you.

Best Practices Guide for Local Prototyping of Serverless Applications
Difficulty testing locally is a common complaint amongst serverless developers. Oftentimes people create a patchwork of local mocking solutions that seldom create parity with cloud environments, which can make local testing even more unreliable. Chase Douglas outlines a few best practices for working locally and highlights some of Stackery’s options to make things easier.

How to analyse and aggregate data from DynamoDB
Michael Bahr does a good job here laying out two popular aggregation use cases for DynamoDB Streams. There are several approaches to calculating aggregates with DynamoDB, and there likely is no one-size-fits-all solution. But hopefully, seeing posts like this will give you some ideas to optimize your own methods.

Introducing AWS CDK with a real life Lambda and API gateway example
Alexander Fortin gives a great overview of the AWS CDK and hits on some of the pros and the cons. He also references the discussion I had with Yan Cui on Serverless Chats about why we’re not particularly sold on it yet. But love it or hate it, it’s clear that many developers are finding it useful. And that’s not a bad thing.

Amazon Builders’ Library in Focus #6: Implementing Health Checks
Yan Cui shares his notes on the Amazon Builders’ Library in part six of his series. There are some interesting lessons here concerning health checks, something we need to think about when accessing “not-so-scalable” dependent systems from our serverless applications.

Serverless Tutorials 👷‍♀️

Use Cloudflare JavaScript Workers to Deploy your Static Generated Site (SSG)
Ernesto Freyre shows you how to use a static site generator and Cloudflare Workers to automate the deployment of your static website. He also throws in some great tips for easily performing rollbacks and handling SPAs.

Whitelist IP Address in Serverless Framework
Billy Dharmawan presents you with a quick and easy way to whitelist IP addresses in API Gateway.

Developing on AWS Lambda (Part 1): NodeJS and the AWS SDK
George Mao shows you how to handle asynchronous calls to the NodeJS AWS SDK in this quick tutorial.

Building your own SMS Serverless API
Jorge Luis Vargas shows you how to build a simple Twilio clone to send SMS messages from your serverless applications.

Cloud Security 🔒

Adopting serverless? Awesome! But have you thought about how to keep it secure?
Fernando Cardoso outlines the five main security concerns of serverless, including misconfiguration, application layer protection, dependency tracking, monitoring and logging, and writing secure code.

Cyberattacks Are Changing: Here’s How
Despite the overwhelming amount of FUD around cybersecurity, there are still things that we actually need to worry about. Third-party dependency poisoning, DDoS/DDoW, misconfigurations, and human mistakes (e.g. phishing) are not going away. The cloud is handling most of the perimeter and network security for us, but while the sky might not be falling, it’s wise to take a look up every once in a while.

Serverless Reads 🤓

Serverless Has Evolved in 2020
While there’s no masking his pitch for Stackery here, I think Tim Zonca makes a number of extremely important points in this posts. As someone who reads A LOT of posts and articles about serverless, it’s frustrating to me to see the same old tired arguments from the past repeated over and over again. The technology has moved passed that, and it’s time for the holdouts to realize that they’re still living in the last decade.

Building a developer community
Though this article isn’t focused on serverless, I think Alex DeBrie makes a lot of points that will affect the serverless ecosystem. Serverless is moving rapidly, and keeping up with the changes might as well be a full-time job. This is exacerbated by the fact that lots of serverless content is spread across the Internet and not organized very well. If you are building serverless tools and services, heed Alex’s advice, otherwise you’re going to leave a lot of people behind.

What Does A Robust Serverless Architecture Look Like?
Aphinya Dechalert argues that a robust serverless architecture requires that “the structure of code rests on a developer’s ability to create isolated solutions for a bigger picture,” which I think I agree with. She also points out the need for implementing permanency between triggers to avoid transient data loss, which I’m not 100% sure is necessary given the failure modes in the cloud. Either way, there are some interesting takes in here.

Narrowing the gap between serverless and its state with storage functions
Reading academic papers can be a bit, well, academic. Luckily for us, Adrian Colyer breaks it down and helps explain the intricacies of physically collocating storage and serverless compute.

For the audio/visual crowd… 📽

Serverless Chats Podcast – Episode #34: Advanced NoSQL Data Modeling in DynamoDB with Rick Houlihan (Part 1)
In this episode, I chat with Rick Houlihan about the use cases for NoSQL, why single table designs are so powerful, ways to model relational data with GSIs, and so much more in PART 1 of this two-part conversation.

Build with DynamoDB – Ep 13: Single-Table Design Pros and Cons
If you didn’t get a chance to see Rick Houlihan and Alex DeBrie go head-to-head in the live cage match on Twitch, it’s definitely worth the watch. There were no folding chairs being smashed, but the discussion about DynamoDB modeling was plenty interesting.

New from AWS 🆕

Amazon Managed Cassandra Service now supports ordering clauses in CQL queries and AWS CloudTrail logging
Friends don’t let friends manage their own Cassandra ring. So if you’re still a Cassandra fan, make sure you check out MCS.

Amazon Redshift now supports per-second billing
So this is pretty cool. Now if we can just get Lambda functions to support per-millisecond billing, we can break out the champagne. 🍾

Serverless Tools 🛠

Run your own conf, the serverless way
If you’re looking to build your own conference app, take a look at this new open source starter project.

Thoughts from Twitter 🐦

Did you try running machine learning workloads (inference, training) on AWS Lambda? I’d love to get your feedback on what worked, what not, which tools you used (or built). Thank you! #Serverless #MachineLearning ~ Danilo Poccia
We have seen several articles that discuss ML use cases in Lambda, so we know that some things are possible. I’m curious to see what Danilo will do with this data he is compiling, because I’m sure it’ll be extremely useful. If you have your own experiences, please share with him.

Not so much for failures, but maybe for general #serverless we utilize the SPRITE framework I just made up: 😉 S – Single responsibility, P – Principle of Least Privilege, R – Repeatability of Deployments, I – Isolation of Environments, T – Tracing and Observability, E – Event-driven ~ Jeremy Daly
This was in response to a post by Tom McLaughlin about a threat model around serverless. My post was a bit tongue in cheek, but the discussion on this thread is very interesting. It might be time for the community to collaborate on something like this.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

February 6, 2020 – Troubleshooting Serverless APIs (webinar)

February 12, 2020 – Remote debugging of live AWS Lambda functions (Workshop at ServerlessDays Cardiff)

February 13, 2020 – ServerlessDays Cardiff 🗣

February 20, 2020 – The Complete Guide to Observability (webinar)

February 21, 2020 – ServerlessDays Rome

February 27, 2020 – ServerlessDays Nashville 🗣

March 19, 2020 – ServerlessDays Zürich

March 24, 2020 – ServerlessDays Helsinki 🗣

March 27, 2020 – ServerlessDays Hamburg 🗣

April 6, 2020 – ServerlessDays Boston

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Dr. Donna Malayeri (@lindydonna). Donna is a Product Manager for Google Cloud Run, and a member of the Knative Steering Committee, which governs the Knative Project. Donna’s serverless experience extends back even before her role at Google though. She previously worked for Microsoft, and served as Senior Program Manager of Azure Functions. The community is lucky to have her expertise in product management for developer-facing technologies, her PhD from Carnegie Mellon, and all her past experience, tirelessly working to make serverless even better. Thank you, Donna! 🙌

Final Thoughts 🤔

It’s great to see real usage data from Datadog’s State of Serverless report, but I’m even more curious about serverless use cases, workload percentages, tools being used, etc. I’ve been working on a Serverless Community Survey that I hope to launch next week with help from the team at Nuweba. I’m still accepting feedback on it, so please feel free to send your thoughts my way.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Take care,
Jeremy

P.S. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.