All Posts


Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…


How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…


Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…


re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…


Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…


What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…


Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…


Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…


Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…


A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…


How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…


Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…


How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…


Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…


Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…


15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…


Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…


5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…


Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…


Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…


10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…


Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…


How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…


How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…


Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…


Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…


How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #38

Introducing Serverless Chats… 🎙

Welcome to Issue #38 of Off-by-none. Thanks for being here! 🙌

Last week we looked at a number of exciting updates to the Serverless Framework and the AWS Lambda Node.js runtime. This week, we’re introducing the new Serverless Chats Podcast, we take on some serverless contrarians, and we share a ton of great content from the serverless community.

Another busy week for serverless. So let’s get to it. 💥

When you like chatting about Serverless… 🎙

Talking to other people about serverless is one of my favorite things to do. It seems that no matter whom I talk to, I always learn something new. Whether it’s an unknown product feature, an interesting architectural pattern, or simply a validation of the way I was approaching something, the takeaways are always incredibly helpful. The more conversations I have with smart people, the better I become at understanding the nuances of serverless and the possibilities that come with it. I want to have more of those conversations, and I want to share them with you!

For the last few months, I’ve been working to create a new podcast that will do just that. Today, I am excited to announce Serverless Chats! Each week, I’ll be joined by an expert guest to geek out on all things serverless. We’ll have detailed discussions about serverless architectures, best practices, monitoring and observability, tooling, security, and so much more. I have a number of amazing guests lined up, and I’m looking forward to sharing the first episode on Monday, June 17th.

Serverless Chats serves as a way to bring those in the serverless community together. The podcast aims to introduce serverless newcomers to new ideas and perspectives, and invite serverless veterans into the dialogue and to investigate the nuances of the craft. For more information (and to sign up for the mailing list), visit the show’s website at You can also follow the show on Twitter at @ServerlessChats. This is going to be a lot of fun, and I’m really hoping you’ll join me and spread the word.

Serverless News & Product Announcements 📢

Registration for AWS re:Invent 2019 is now open!
AWS’s massive developer conference is scheduled for December 2-6, 2019 in Las Vegas. I went last year and it was amazing,  so I’ll definitely be there in 2019 (this time as an AWS Serverless Hero). 😊

Get ready to write — Workers KV is now in GA!
Workers KV is a highly distributed, eventually consistent, key-value store that spans Cloudflare’s global edge. It allows you to store billions of key-value pairs and read them with ultra-low latency anywhere in the world. 😳 Wow.

Collaborating for Serverless Observability on Thundra!
Thundra announced “Team Support” this past week. You now have the ability to collaborate with teammates over your serverless architectures while troubleshooting, debugging, or just monitoring. Great stuff!

Announcing Modules for AWS Lambda – NodeSource
N|Solid for AWS Lambda continuously scans your projects for existing security vulnerabilities, license concerns, code risk and code quality. It also checks packages from the npm registry and computes a score based on a number of weighted criteria.

Serverless Use Cases 🗺

Colorise your cat pics with Serverless!
I can’t think of a better use case for serverless than to colorize pictures of cats. Alex Ellis shows you how to do it with OpenFaaS.

Create Twitter Image Recognition Bot with Serverless and AWS
Maciek Grzybek gives us a complete tutorial for using serverless to recognize images from Twitter.

Tracking and Reminders in AWS Amplify
Jan Hesters shows us an incredibly powerful use case using Amplify Analytics and Amazon Pinpoint to reengage customer based on their app usage. Very, very cool.

Building a Multi Streaming Alexa Skill with the Alexa Skills Kit
Creating voice skills is a perfect serverless use case. Yi Ai shows us how to build a straightforward radio skill with Lambda and DynamoDB.

Building a Serverless Lumen API with AWS Lambda and DynamoDB
PHP on Lambda, sure, but what about using Laravel? Pietro Iglio shows you how to use the Lumen “micro-framework” to deploy your very own Laravel-esque API.

Querying CSV files using S3 Select
This is another really great use case when you need to run simple queries against static files in S3. Dhaval Nagar gives you the basics and shows you a sample Lambda function to access this programatically.

When you’re thinking about going serverless… 🤔

AWS Lambda Pricing: Low, But Unpredictable
In my experience, serverless reduces the TCO of your applications, but this short piece by Katy Stalcup does point out a valid concern. Probably not a big deal for startups, but larger companies might not be as comfortable using the OPEX approach.

3 ways serverless is a game changer
You probably already knew these, but Lee Atchison from New Relic gives you three compelling reasons to go serverless.

How To Create Serverless API Functions With AWS Lambda
If you’ve never used serverless before and you want a really basic “Hello World” tutorial, this should get you started.

Serverless Tutorials 🏗

Enterprise CI/CD on AWS: a pragmatic approach
According to Forrest Brazeal, nobody cares how cool your CI/CD pipeline is. Well, the examples he gives in this post are pretty darn cool. So I care. 😉

Using the Serverless framework to deploy hybrid serverless/cluster workflows
Rustem Feyzkhanov teaches you how to build hybrid workflows using AWS Step functions, AWS Batch, AWS Fargate, and AWS Lambda using the Serverless Framework.

Using AWS CloudWatch Insights to fine tune your Lambda functions
Over provisioning your Lambdas probably isn’t go to break the bank right away, but Kyle Galbraith gives you a few tips on how to optimize the cost, especially once you start getting some significant usage.

Using multiple authorization types with AWS AppSync GraphQL APIs
AWS AppSync now allows you to use multiple authorization types with GraphQL APIs. This post runs through all the technical details of implementing it.

A self-healing Kinesis function that adapts its throughput based on perform
Yan Cui shares how he helped a client create a Kinesis ingestion pipeline that automatically updates its batch size based on current throughput.

AWS SAM + Cloudformation macros, a patch made in heaven
I think I need to create a “Yan Cui” section of my newsletter!  In this post, he shows you how to use CloudFormation macros to customize a SAM template’s behavior. It’s a complex workaround, but sometimes they are necessary.

Building a To-Do List with Workers and KV
What can you do with a massively scalable Key-Value store that’s globally distributed to the edge? Build a To-Do list app, of course!

Serverless Security 🔒

Exploiting Common Serverless Security Flaws in AWS
Chris McQuaid has an excellent post that outlines a number of possible exploits that you should watch out for, and how to mitigate them.

Event-driven Security Remediation with AWS Auto Remediate
Marat Levit and Jay Kim have developed an open source application to perform automatic security remediation based on compliance events from AWS Config. And it’s completely serverless.

Yes, there are security ramifications to serverless computing
I think there are some good arguments in here, but serverless has a default security posture that is very, very good. Application security best practices obviously still apply.

Serverless Authentication with AWS Lambda@Edge & Auth0
Brandon Wallace has a great piece that shows you how Expero uses Lambda@Edge to authorize users at the edge instead of at the API Gateway level. Great use case and an interesting way to separate security from your underlying applications.

Serverless Reads 🤓

The Best of Both Worlds with AWS Fargate
Wow, Fargate has been getting a lot of attention lately. Here’s another post that explains more about the services and how it can fit into your overall serverless solution.

AWS Lambda Node.js 10 Support and Benchmark
Here’s something interesting. Ran Ribenzaft from Epsagon ran some benchmarks against the Node.js 10.x runtime and it’s actually…slower.  Hmm. 🐢

Lambda and Kinesis – beware of hot streams
Yan apparently doesn’t sleep, he just writes amazing blog posts all the time. In this piece, he shows us how Kinesis Analytics can be used to fan out events to specialized streams.

The Urlist — An application study in Serverless and Azure
Burke Holland and Cecil Phillip have launched a new serverless app (The Urlist), and they wrote an excellent piece about how they built it, the challenges they faced, and what they learned. It’s a cool app, too.

Why Serverless Won’t Replace Traditional Servers
This week on Opposing Viewpoints… 😉 For now, yes, there are workloads that serverless doesn’t excel at, but that was true for when the “cloud” first started, too. Serverless has come a long way, and as I have said before, current limitations are just tomorrow’s AWS announcements.

What makes Google Cloud Platform unique compared to Azure and Amazon
Here is another interesting piece worth reading. I personally think Google’s approach to serverless (i.e. containers) is adding too many layers of abstraction. The closer we can get to the metal, the better, at least IMO. I’m also not sure I agree that AWS and Microsoft haven’t approached “cloud transitions” effectively. I’m pretty sure that Amazon Outpost is still a thing.

Thoughts from Twitter… 🐦

Speaking of not loving the way the new nodejs10.x runtime bootstrap JS is written, turns out there’s a bug in it that prevents your handler from ever being called if you have events in the event loop (eg, setInterval). ~ Michael Hart
The release of Node.js v10.x in Lambda has raised a few concerns. Michael’s thread is a great read to see some of the issues (including with the logger) that have been discovered.

Look, I really try to be nice when people make Medium posts that aren’t really accurate because we’re all learning. However, I don’t try as hard when the article is hidden behind a company’s name instead of a particular engineer. This article is bad. ~ Richard Boyd
My mother taught me that whole “if you don’t have anything nice to say” bit when I was a kid, but I have to agree with Richard on this one. This thread points out quite a few misrepresentations made with this post.

It took us 4.5 years, but we finally hit the AWS Lambda code storage limit (75 GB) in one account/region. Unfortunately, the AWS Limit Monitor (AWS Solution) did not warn us, because the AWS Lambda code storage limit is not one of the limits checked by the AWS Trusted Advisor. ~ Eric Hammond
Sorry, Lindsay Lohan, but in this case, the limit does exist. Eric shares the issue he ran into, the possible solutions, and the stellar response from AWS’s customer service to help them resolve the issue.

When you don’t feel like reading… 🍿

Start Right: Automate Your Serverless Application Deployments Using AWS SAM
This is a great video from Eric Johnson that shows you step-by-step how to create an automated CI/CD pipeline.

Using AWS Rekognition from AWS Lambda
Marcia Villalba has another video that shows you how to build a serverless application that uses Rekognition to detect cats. Yes, more cats. 🐈

DevOps Defined – DevOps and the Serverless World
Tom McLaughlin, the founder of ServerlessOps, discusses the future of DevOps and the move to a serverless world.

“Ancient Wisdom” – FaaS and Furious
Forrest Brazeal shares some “Ancient Wisdom” in his latest FaaS and Furious cartoon.

When you want to know what AWS has been up to… 👩‍🚀

AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs
AWS AppSync now supports configuring more than one authorization type simultaneously for GraphQL APIs. For example, you can configure your GraphQL API to authorize some schema fields using OpenID Connect (OIDC), while authorizing other schema fields through Amazon Cognito User Pools and/or AWS Identity and Access Management (IAM).

Amazon Transcribe now supports Hindi and Indian-accented English
This brings the total number of languages and dialects supported up to lucky number 13. 🦇

Amazon SNS Adds Support for Cost Allocation Tags
New SNS tagging support is a great addition. Now you can apply fine-grained monitoring to SNS topics and associate the costs with specific serverless workloads and client applications.

Amazon GuardDuty Adds Two New Threat Detections
GuardDuty is a great way to monitor your AWS accounts for suspicious activity. This new update adds a PrivilegeEscalation alert that can show if an IAM User is granted Administrative Permissions. Super helpful for monitoring IAM roles for serverless deployments.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

May 29, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Eric Johnson (@edjgeek). Eric is a Senior Developer Advocate for Serverless at AWS (no, not the Cliffs of Dover guy), and the proud owner of a glorious goatee. But more importantly, he has been putting out some amazing serverless content lately. You can follow his #ServerlessForEveryone hashtag on Twitter, tune into his Building Happy Little APIs Twitch show, or read some of his excellent posts on the AWS Serverless blog. You can tell that Eric is truly passionate about the products he promotes, and the work he’s been doing to share that passion and knowledge with the community is truly appreciated. Thanks, Eric! 👏

Final Thoughts 🤔

First they ignore you, then they laugh at you, then they fight you, then you win. ~ Mahatma Gandhi

Serverless is eating the software world. In my (and others’) experience, it’s cheaper, faster to develop, and allows you to rapidly deliver new features and value to your customers. Which is what really matters. All without worrying about the underlying infrastructure, the scaling capacity, or the operational overhead. Serverless is not a one-size-fits-all solution, and yes, there are still plenty of edge cases that it doesn’t work well for. But I think that anyone who doesn’t see the writing on the wall will be left behind. There is so much more to discuss, so I hope you’ll join me for some Serverless Chats so we can explore the possibilities together.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

See you soon,

Off-by-none: Issue #37

Your serverless apps just got some major upgrades… 🚀

Welcome to Issue #37 of Off-by-none. It’s so great you’re here! 🎉

Last week we look at how we can create a better local development experience when building serverless applications. This week, we look at a number of exciting updates to the Serverless Framework and the AWS Lambda Node.js runtime. Plus we share lots of great content from the serverless community.

There were a lot of serverless happenings last week, so let’s jump right in. 🦈

Serverless News & Product Announcements 📢

Serverless Framework v1.42.0 Released
There are so many amazing things packed into this version including API Gateway Logs support, enabling Binary Media Type responses, and Request Body Validations.

Azure SQL Database serverless (preview)
Some more information about the new “serverless” Azure SQL Database. Interesting points in here. Take note of what it is “well-suited” for and what it is not.

Stick to your ELK Stack and Continue to Observe your Lambdas
Now you can use your own ELK stack with a new Thundra plugin. I’m a big fan of Thundra’s integration strategy, especially since many companies adopting serverless are still using these other tools for existing workloads.

Epsagon Launches Agentless Tracing and Why That’s Important
This announcement from Epsagon is also extremely interesting. Many of these serverless observability companies started by focusing on the ephemeral compute monitoring problem. But by adopting the broader vision to support “modern” applications in general, I think they are positioning themselves much better.

Serverless Use Cases 🗺

Serverless for data scientists
Mike Williams presents a really well-written (and long) article about using Lambda for a variety of data science tasks. Sure there are limitations, but there are also plenty of great use cases for it as well.

How to Proxy the BigCommerce API Using Serverless Functions and Amazon API Gateway
Using AWS Lambda as a proxy might not always be the best idea, but Brian Davenport has a valid use case for it.

Streaming data analysis with Kinesis
Dhaval Nagar outlines and demonstrates a powerful use case using Kinesis streams and Kinesis Data Analytics.

How to control and record voice calls with Node.js serverless functions
Another use case for Twilio functions. I really like the approach that Twilio is taking. This will (or at least should) become a new standard for providers like this.

When you’re thinking about going serverless… 🤔

Ask the expert: why your business needs AWS serverless
Yan Cui says serverless is scalable and resilient, helps teams respond to business needs faster and more efficiently, and maximizes the return from your most expensive resource: developers.

AWS vs Azure – a quick comparison
Azure is moving fast (though not as fast as AWS), so it might be worth giving it another look. John Demian breaks down the differences.

Serverless Stories 📖

My CloudWatch Logs Are How Old?
Scott Hankinson ran into a fairly common issue with log retention policies. He offers up some solutions as well.

Aggregating Lambda@Edge logs into one CloudWatch log group
This is another common log issue when using Lambda@Edge. Danil Smirnov shows you how he dealt with it, complete with caveats.

Serverless Certifications: The AWS Developer Associate
Yann Stoneman from Serverless Guru shares some tips for prepping and passing the AWS Developer Associate certification exam, based on his own experience.

6 Lessons Learned Sending Mass Emails With AWS Lambda
Interesting look at how Austin Huminski built a mass emailing system that was (almost) 100% serverless. Lots of good patterns mentioned in here.

Serverless Tutorials 🏗

Using AWS Step Functions To Schedule Or Delay SNS Message Publication
Eric Hammond shares a great technique that uses AWS Step Functions’ Wait state to put a delay in front of publishing a message to an SNS topic. All without writing any AWS Lambda code. 👍

Building a REST API with Stackery
The Serverless Guru was blown away by the power of Stackery, and you probably will be too.

How to include Serverless Repository apps in serverless.yml
Simple tip from Yan Cui that shows you how to benefit from SAR apps by using them with your Serverless Framework project.

CloudFormation protip: use !Sub instead of !Join
Yan Cui explains why it’s easier (and less of a cognitive load) to use !Sub instead of !Join in your serverless.yml templates.

GraphQLifying REST
Interesting approach by Nader Dabit that shows you how to put AWS AppSync in front of your existing REST APIs to allow your frontend devs to start working with GraphQL.

How to Handle your Python packaging in Lambda with Serverless plugins
Quick and easy 5 step guide by Amit Joshi.

Build a Twitch Extension With an AWS Serverless Backend
This is a great post that shows you everything you need to know to implement your own Twitch extension using a completely serverless approach.

Serverless Security 🔒

Threat Modeling Serverless
Tanya Janca recounts an informal threat modeling exercise she went through with a colleague. Lots of good questions in here, many of which can probably be solved with the right managed services.

LandMark White drops revenue forecast by $11.5m after data breach
Note to self: Don’t leave your S3 buckets open to the public. 😬

Serverless Reads 🤓

Amazon S3 Path Deprecation Plan – The Rest of the Story
Jeff Barr gives us the inside story behind the announcement to deprecate the path-based access model in S3 buckets. Thanks to all the feedback, old buckets will be backwards compatible.

What AWS Lambda’s Performance Stats Reveal
Great post by Ran Ribenzaft that shares metrics from over 100,000 instances of Epsagon’s monitoring tool. Really interesting to see the most common runtimes, memory configurations, and number of functions per account.

You are wrong about serverless vendor lock-in
Another excellent post by Yan Cui that debunks some of the vendor lock-in FUD. It’s about time to market, not about the highly unlikely situation that will cause you to change cloud providers. Oh yeah, and ORMs are terrible.

Two missing links in Serverless Computing: Stateful Computation and Placement Control
Ion Stoica and Devin Petersohn wrote a very thoughtful piece that addresses (and offers solutions to) some limitations with serverless compute environments.

AWS Fargate: The Future of Serverless Containers
Another post by Ran Ribenzaft that talks about the benefits of Fargate and why it might be the solution you’re looking for (instead of Kubernetes).

Serverless Tools

a-h/dynamocapacity: Compare cost of DynamoDB On Demand versus your current Provisioned Capacity setup.
Nice little Go calculator that will download your DynamoDB stats and give you the cost of provisioned versus on-demand. This could be very useful.

S3 Bucket -> Lambda (AWS Transcribe Audio to Text) -> S3 Bucket
Handy SAR app by Aleksandar Simovic that takes MP3, MP4, WAV, and FLAC audio files, transcribes them to text, and outputs them to an S3 bucket.

AWS Lambda Power Tuning
Here’s another useful SAR app by Alex Casalboni. You provide any Lambda Function as the input, and the state machine will estimate the best power configuration to minimize cost.

hapipal/lalalambda: Serverless functions powered by hapijs
If you’re a hapi fan, you can use this framework to run it on Lambda.

horike37/serverless-step-functions: AWS Step Functions plugin for Serverless Framework
The serverless-step-functions plugin has been updated to support the new workflow execution events for AWS Step Functions.

Thoughts from Twitter… 🐦

In 2018 @comicrelief migrated their donation platform to #serverless – look at the costs! Thanks for sharing @CagsR89 🙏 ~ Danilo Poccia
Incredible cloud cost reduction by switching to a serverless approach. It would be interesting to know how much it saved them in Ops hours as well.

The serverless shift * From Code to Configuration * From High LoC towards Low LoC (preferably zero) * From Building Services to Consuming Services * From Owning Workloads to Disowning Workloads ~ Paul Johnston
Some thoughts on what it means to switch to the serverless mindset. Explanations for each point are in the thread.

An interesting illustration of why limits often lead to long term goodness. The fact that there was a way to achieve the desired results with 230 MB of lesser code means 230 MB less to review, maintain, upgrade, and deploy for the lifetime of the application. ~ Ajay Nair
Great point by Ajay Nair as to why limits aren’t always a bad thing. The same applies to serverless, just because you can’t do it the old way, doesn’t mean you can’t do it.

When you don’t feel like reading… 🍿

Trying different deployment strategies in CodeDeploy: Canary and Linear
Marcia Villalba shows us how to configure CodeDeploy from our Serverless Framework projects using Canary and Linear deployment strategies.

Serving Serverless (Erica Windisch) – Giant Robots Smashing Into Other Giant Robots
Erica Windisch, CTO and co-founder of IOpipe, discusses serverless architecture and how it can make for a clearer user-interaction story.

When you’re curious what cool serverless things AWS has been building… 🕵️‍♂️

AWS Lambda adds support for Node.js v10
You can now develop your AWS Lambda functions using Node.js v10! In addition to leveraging new features (like the V8 6.6 engine performance improvements), Lambda functions written in Node.js 10 run on the latest generation of Amazon Linux, Amazon Linux 2. Sweet.

ICYMI: Serverless Q1 2019
This post recaps all of the amazing things AWS did with serverless during the first quarter of this year. And it is a very long list.

Upcoming updates to the AWS Lambda and AWS Lambda@Edge execution environment
AWS is updating the Lambda execution environment AMI, which, in rare cases, may introduce some compatibility issues. This affects AWS Lambda and AWS Lambda@Edge, so you should read through the post to see if any of your existing functions could be impacted.

Amazon Kinesis Data Analytics now allows you to assign AWS resource tags to your real-time applications
You can now assign AWS resource tags to applications in Amazon Kinesis Data Analytics to easily organize and identify your resources, create cost allocation reports, and control access to resources.

AWS Step Functions Adds Support for Workflow Execution Events
This is a great feature. Step Functions can now automatically deliver event notifications when a workflow starts or completes through CloudWatch Events. This allows you to configure targets like AWS Lambda, Amazon SNS, Amazon Kinesis, or AWS Step Functions to respond to these events.

AWS AppSync Now Enables More Visibility into Performance and Health of GraphQL Operations
You can now better understand the performance of your GraphQL requests and usage characteristics of your schema fields. Plus you can identify resolvers with large latencies and the most and least frequently used fields in your schemas.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner 😊

May 15, 2019 – AWS Developer Happiness – Cloudside Consistency AND Local development speed. Hosted by Stackery

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 21, 2019 – ServerlessDays Milan. The agenda was just released!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erica Windisch (@ewindisch). Erica is the CTO and co-founder of IOpipe (@IOpipes). She’s also an AWS Serverless Community Hero and (of course) a huge proponent of serverless. You can find Erica speaking at conferences and sharing her serverless insights on Twitter, the IOpipe blog, and the occasional podcast. But beyond Erica’s community efforts, her team at IOpipe is empowering companies to more easily adopt and implement this amazing technology. Cloud providers are doing a great job innovating, but having people like Erica and her team constantly pushing the limits, makes for a better overall ecosystem. Thanks for what you do, Erica! 🙌

Final Thoughts 🤔

I feel like I’m repeating myself, but it was another great week for serverless innovations. The Lambda Node.js v10 upgrade is huge. The upgrades to the Serverless Framework are awesome (and much needed). The continued investments from cloud providers, third-parties, and individual developers are pushing serverless forward at a remarkable pace. If you’re overwhelmed, you’re not alone. But it is amazing to watch.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍


Off-by-none: Issue #36

Developing serverless applications “locally”… 🏠

Welcome to Issue #36 of Off-by-none. It’s nice to see you all again! 👋

Last week we tried to wean ourselves off of our RDBMS addiction, and we explored some interesting serverless use cases. This week, we look at how we can create a better local development experience when building serverless applications. Plus we have a ton of amazing content from the serverless community.

Lots of great stuff to get to this week, so let’s get right to it. 👍

When you’re looking for a better local serverless development workflow… 👨🏻‍💻

The past couple of weeks have seen a number of updates that are trying to make developing and testing your serverless applications easier when working in a local environment. Stackery recently added cloudside support to their local developer tools, and Zeit announced now dev, a tool that performs “hot-reloading” of serverless API backends. These are all great advances, but I’m still a big fan of the Serverless Framework. And unfortunately, their local development experience is still missing a few pieces.

One of those pieces is the inability to seamlessly execute your code locally while accessing cloudside resources. This has been a major issue for me for a very long time (like since November of 2016). The workaround involved using pseudo variables to construct my own service URL or ARN. But this method was error prone and required hardcoding formats for the different service types. More recently, I would export the references in CloudFormation and then use the Serverless Framework cf variable format to load them dynamically. Usually something ugly like this:

So with all the recent hype around local development using cloudside resources, I decided to solve my problem (and maybe yours too) by creating the serverless-cloudside-plugin. With this plugin, you can now use standard CloudFormation intrinsic functions (like !Ref and !GetAtt) in your environment variables. These will automatically be transformed into proper references (like an SQS QueueUrl or an SNS Topic ARN) when executing or testing your functions locally. It even works with serverless-offline and test runner plugins.

If you want to learn more, read my new post Developing Serverless Applications Locally with the “serverless-cloudside-plugin” or check out the plugin on GitHub. I hope it makes your local development experience better, I know it works for me. 😀

Serverless News & Product Announcements 📢

“We recently shaved 1/3 off the p99 on the #awsLambda service’s overhead latency”
Chris Munns took to Twitter to share this pretty exciting announcement about updates that make Lambda functions startup faster. Another benefit of going serverless? Every function you have in production automatically gets these updates.

Serverless Framework Enterprise 0.9.0 – Error Insights
Serverless, Inc. keeps pushing some great new features to their Enterprise Framework. This latest update includes some really great tools that can surface new errors within your applications.

Build 2019: Microsoft, Red Hat develop open-source service for auto-scaling serverless containers on Kubernetes
Yes, there were a lot of announcements from Microsoft this past week. Here’s a good post that summarizes them all for you.

Introducing faast.js
According to the docs, faast.js is “Serverless batch computing made simple.” Actually might be an interesting idea; ephemeral batch jobs using a straightforward framework.

Introducing… CloudFormation extrinsic functions 😉
Yan Cui has a new Serverless Framework plugin that lets you use a number of custom functions anywhere in your serverless.yml as if they’re CloudFormation’s intrinsic functions. Some interesting use cases here.

Serverless Use Cases 🗺

Using CloudWatch and Lambda to implement ad-hoc scheduling
Yan Cui has another great post that shows you a few alternatives to creating serverless cron jobs.

Sharing AWS SNS Topics Across Stages
The engineering team at FloSports needed to decouple their SNS Topics from their serverless.ymls. This is an interesting approach.

Custom geo restriction of AWS CloudFront Distribution using Lambda@Edge
Lots of interesting use case with Lambda@Edge. Here, Rumble Fish used it to modify the behavior of CloudFront based on an IP address blacklist.

Running TensorFlow on AWS Lambda using Serverless
Mike Moritz outlines the process for building a serverless machine learning model.

Serverless “Not Hotdog”
Now you can have your very own Silicon Valley-esque “Hot dog, not hot dog” app. Peter Vanhee shows you how he built a serverless image classifier using, AWS Sagemaker and Lambda.

Enterprise use cases for AWS Lambda
Data Lakes, microservices, and disaster recovery are just a few of the serverless use cases for enterprises. Mart Laul from Dashbird breaks these down for you.

When you’re still trying to figure out this whole “serverless” thing… 🤔

Serverless computing pros and cons: 5 benefits and 3 drawbacks
This is a good primer from Brandon Vigliarolo that outlines a few pros and cons of serverless. I wouldn’t quite agree with all of these, but it’s helpful nonetheless.

4 Serverless Myths to Understand Before Getting Started with AWS
To rebut some of Brandon’s claims, Tanusree McCabe from Capitol One has a great article that I whole-heartedly agree with.

Deconstructing Serverless Computing Part 2: the Good, the Bad, and the Time to Market
Lucian Toader does a deep dive on some of the practical use cases for serverless, and where it really shines for organizations.

Serverless Stories 📖

How Mutual of Enumclaw Transformed from AS/400 to Serverless with Confidence
Great story that outlines their approach to moving from an AS/400 and Z-Series Mainframe to running serverless using AWS Lambda.

Building a Text to Speech Converter with AWS Polly
Danielle Heberling spent some time building a serverless text to speech converter. This post shares what she learned during the process.

How I Built A Serverless RSVP Feature With API Gateway, Lambda, and DynamoDB
Emilia Rubio summarizes how she approached building a serverless RSVP feature for her brother’s wedding website and shares a few helpful resources she used.

Go global variable in AWS Lambda
João Reis had a few problems with global variables in his serverless application. His problem was an easy fix, but it might not be obvious to those new to serverless.

Limiting Down Time by “Swapping Stacks” in AWS Lambda Serverless
FloSports shows us another interesting method for minimizing down time with their serverless applications when rerouting traffic between deployments.

Serverless Tutorials 🏗

S3 static site hosting over https with an external domain
Mim Armand gives you “all you need to know and nothing more!”

Combining Terraform and the Serverless Framework Gracefully
Thales Minussi shows you how to build out your shared resources using Terraform, then combine them with your Serverless Framework project.

How to split your serverless.yml with shared resources when you hit the 200 resource limit on AWS CloudFormation
Here is Sharath Prabhal’s simple trick for getting around this limitation.

The Complete Guide to User Authentication with the Amplify Framework
Trying to building your own authentication system when you have Cognito is just nonsense. Nader Dabit gives you the details on everything you need to know about using this service with Amplify.

Automating Serverless framework deployments using Bitbucket Pipelines
Ayush Sharma shows you a simple way to deploy your serverless applications using the Serverless Framework and Bitbucket.

Node.js 6 is approaching End-of-Life – upgrade your AWS Lambda functions to the Node.js 10 LTS
Node.js 6 reached its EOL on April 30th! Liz Parody shows you how you can (and why you should) upgrade your functions to Node.js 10 using a custom runtime. I’m sticking with 8.10 for now.

Serverless Security 🔒

How To Handle Secret Management for Serverless Applications
Pete Hugh outlines the top 3 mistakes and best practices for Serverless Secret Management.

4 Reasons Why CISO’s Need to Have a Plan for Serverless Security in 2019
If you’re a Chief Information Security Officer and your company plans on going serverless, you might want to take a look at this post.

Broken Access Control in Serverless Deployments
According to Protego, over-privileged functions are everywhere, and if the attacker spots the right one, your whole cloud account is in danger.

Serverless Reads 🤓

A Guide to S3 Batch on AWS
S3 Batch is an amazing new service from AWS, and Alex Debrie gives you a complete guide to learn when, why, and how to use it. Check out his plugin for it as well.

Building Serverless Pipelines with Amazon CloudWatch Events
This is an awesome post by Forrest Brazeal that shows you how CloudWatch Events can be used as a serverless message broker similar to SNS. But with nothing to provision, and with similar costs and filtering capabilities.

To VPC or not to VPC? Pros and Cons in AWS Lambda
Yan Cui gives you some advice about using Lambda functions with VPCs. Bottomline, only use them when you have to.

Disaster Tolerance Patterns Using AWS Serverless Services
I love patterns! Ken Robbins has a really great post that outlines a number of patterns and practices to ensure that your service deployments are resilient.

Wide adoption of serverless will be led by tomorrow’s giants, not today’s
Erez Berkner says that soon serverless will be seen as a primary way to develop new applications. That means the next generations of startups will be “serverless first”, ultimately leading to widespread adoption. Makes sense to me.

Using IoT with Serverless to Tackle Global Issues
I really liked this post by Sarjeel Yusuf. IoT can be a powerful tool for social projects. But there are limitations (cost is one) when it comes to being able to collect and process all that sensor data. Sarjeel argues that serverless is a great solution to this problem.

The new AWS X-Ray Analytics feature: How your serverless apps can benefit from it
Nuweba breaks down the new analytics feature of AWS X-Ray and shows you some ways you can use it to get better insights into your serverless apps.

How to Get Real-Time Visibility Into Serverless Apps
Adam Johnson from IOpipe shares some of the challenges he has faced in this industry, along with best practices and technical tips when it comes to monitoring your serverless applications.

Thoughts from Twitter… 🐦

Comments like this are in line with my thinking that k8s is the last hill for traditional IT/Ops to die on. After this more fully managed services and #serverless will dominate. Rough edges today, yes, but so did “cloud” 7 years ago. ~ Chris Munns
Interesting take on a post by Kelsey Hightower. The pace of innovation is absolutely staggering. Serverless four years ago is almost unrecognizable today. And in a very good way.

If you think that building #Serverless Architectures on #AWS is “innovation” and a risky choice maybe you should take a look at this screen by Mai-Lan Tomsen: “Serverless Customers” ~ Sergio Lecuona
I still think building with serverless is “innovative”, but a risky choice it is not. You might recognize just a few of the companies already using serverless in the attached photo.

When you prefer a multimedia experience… 🎞

Deployment strategies for serverless applications: Canary and Linear
In this video, Marcia Villalba talks about the major deployment strategies for serverless applications and how AWS helps you implement them.

Episode 58: The Cloud Is Great, But It Isn’t Perfect | Screaming in the Cloud
Corey Quinn talks robots and serverless with Richard Boyd from iRobot in this episode of his podcast.

When you’re wondering what AWS has been working on… 👩‍🚀

Amazon Aurora Serverless Supports Capacity of 1 Unit and a New Scaling Option
Yup, I totally missed this last week. 🤦🏻‍♂️ Aurora Serverless now supports scaling down to just 1 ACU, which makes it more affordable for low traffic workloads. Check out my updated post on Aurora Serverless to learn all about it and to see how this update changes the math.

Amazon S3 Introduces S3 Batch Operations for Object Management
So S3 Batch is amazing. The use cases for processing existing S3 items is probably infinite. You can check out Jeff Barr’s post for more information on how to use it.

AWS Amplify Console adds support for Incoming Webhooks
This means you can trigger deployments without needing to commit code to a repository, which is perfect for integrating with a headless CMS. Check out this post to learn more about how it works.

AWS Amplify launches an online community for fullstack serverless app developers
This new community site is fully open source, allowing developers to contribute blog posts, videos, sample projects, and tutorials through GitHub pull requests.

Amazon Cognito launches enhanced user password reset API for administrators
The new AdminSetUserPassword API for the Cognito User Pool service lets administrators set temporary or permanent passwords for their end users.

Speaking of changes, this new GitHub repo maintains a list of changes announced for AWS that may break existing code. S3 users be warned.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 8, 2019 – Stackery Livestream – AWS Serverless Application Patterns with Jeremy Daly (this should be fun)

May 14, 2019 – PureSec Webinar – PCI Compliance & Serverless: Everything You Need To Know

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner 😊

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan. The agenda was just released!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is James Thomas (@thomasj). James is a developer advocate lead for serverless at IBM Cloud. He’s heavily involved in the serverless community as an organizer for ServerlessDays London (@serverlessldn), a member of the global ServerlessDays committee, and a contributor to the open-source Apache OpenWhisk project (@openwhisk). He’s also a regular conference speaker, active on Twitter, and always updating his blog with interesting serverless posts. Thanks for what you do, James! The community appreciates it. 🙌

Final Thoughts 🤔

It was another great week for serverless innovations. Between S3 Batch (which is amazing), all of the announcements from Microsoft, and, of course, some great new plugins 😉, we are moving closer and closer to mature tooling, powerful frameworks, and battle-tested backend services. The rough edges of serverless continue to get smoothed out, and it’s great to see so many people dedicated to making serverless the “primary way to develop new applications.”

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Until next time,

Off-by-none: Issue #35

I want my, I want my, I want my SQL… 🎸

Welcome to Issue #35 of Off-by-none. It’s great to have you here! 👋

Last week we (re)addressed the serverless versus containers debate and looked at some interesting thought pieces on serverless. This week, we’ll try to wean ourselves off of our RDBMS addiction, explore some interesting serverless use cases, and share an overwhelming amount of content from our amazing community.

There was a ridiculous amount of serverless goodness this past week, so buckle up. There is a lot to get to. 😉

When you just need to say ‘No’ to SQL… 🙅‍♂️

I really love RDBMS, but as we migrate applications to the cloud, or better yet, build them as modern applications, the scaling limitations of RDBMS start to become readily apparent. There’s no doubt that certain use cases require the flexibility of relational table structures, and for small workloads, an RDS cluster would be just fine to accomplish our immediate goals. But in the “serverless” world, thinking in third normal form not only introduces scaling issues, but also adds complexity that could increase costs and unnecessary overhead.

This past week, I started working on a new application design that has a relatively complex data model. Like most developers, I often turn to what is familiar, and easier for me to implement. DynamoDB is an incredibly powerful NoSQL database, and when building a table that requires just a few simple access patterns, it is my go-to choice. But when I need to implement something with lots of relationships, I often (foolishly) fall back to the comforts of MySQL. I mean, I can 3NF the hell out of a data model, as most of us data nerds can. But this time I decided to take a stand, and see if I can go full NoSQL on this one.

I started by rewatching Rick Houlihan’s re:Invent 2018 Advanced Design Patterns for DynamoDB, and then tweeted about it. Apparently others agree that it is one of the best DynamoDB talks out there.

After that I spent some time with Forrest Brazeal’s excellent From relational DB to single DynamoDB table: a step-by-step exploration piece, looked at a few examples from Alex DeBrie’s amazing DynamoDB Guide, and then dug in to AWS’s Best Practices for DynamoDB. Where am I with my table design? Maybe about halfway there. But I’m confident that once it clicks, designing NoSQL tables with overloaded indexes, adjacency lists, and hierarchical sort keys, will become second nature. I’ve got more to do, and I know I’ll make some mistakes along the way, but it will be worth it.

I totally get that it’s hard to let go of our old ways of thinking and to leave our comfort zones. It was this mindset that led me to build serverless-mysql to try and jam the metaphorical square peg of RDBMS into the round hole of serverless. I even gave a talk recently on Building Resilient Serverless Systems with Non-Serverless Components that focused heavily on ways to keep using RDBMS. But now I feel like I have to do better. Not just for me, but for the serverless community. I have to start thinking more “serverlessly” when it comes to designing data models, and I need to make NoSQL my default choice, regardless of how complex the requirements.

I encourage you to join me, but I promise not to judge you if you’re still not ready. It’s taken me a long time to get here myself, and I totally understand the “I’ll give up my relational database when you pry it from my cold, dead hands” mentality. Serverless is a big enough paradigm shift in and of itself, so changing the way we think about data is a big ask. But I’m making the leap now, so I’ll be here to help when you’re ready. I know we can do this together.

Serverless News & Product Announcements 📢

Serverless Framework v1.41 – X-Ray for API Gateway, Invoke Local with Docker Improvements & More
You know I have a soft spot for the Serverless Framework, but this release is big! The new local executions with Docker improvements are amazing, especially the environment variable support and Layers integration.

A Cloud Guru raises $33 million for cloud platform classes and labs
If you were hoping that A Cloud Guru would produce some more serverless content, then I think an extra $33 million in the bank might just make your wish come true. Congrats to them. 💰

New course on AWS Step Functions from Yan Cui
Yan Cui has just released a new course that will make you an AWS Step Functions expert. And if you sign up for Thundra, you can get free access to Yan’s Production-Ready Serverless course.

Epsagon has also been busy. They released a new documentation site, introduced the new Timeline View, and added Support for Express applications.

When We Say “Full Observability”, We Really Mean “Full Tracing”
Thundra just launched their new “Full Tracing” feature. Serkan Özal explains what that means for monitoring and observability in your serverless applications.

Serverless automation using PowerShell preview in Azure Functions
The PowerShell community can rejoice.

Serverless Use Cases 🗺

How we keep running by running a slackbot.
The team at Nordcloud Engineering took their running challenge to the extreme and created their own serverless slackbot.

From AWS Lambda to AWS Athena
Dhaval Nagar shows you a simple use case for querying your data from S3 with Athena and AWS Lambda.

Serverless: Can It Simplify Data Science Projects?
There has been some debate (and criticism) over using serverless for deep learning and data science projects. But according to Yaron Haviv, it’s possible with the right underlying architecture (i.e. Nuclio).

Dynamic blocklist with Twilio
Remember when Twilio introduced functions and I said there would be all kinds of use cases for it? Well, Cohan Robinson has a good one for you.

Scheduling automatic deletion of AWS CloudFormation stacks
AWS resources that automatically delete themselves. A very interesting use case for building up and tearing down demo stacks automagically (sorry, I hate that word too).

Build and automate a serverless data lake using an AWS Glue trigger for the Data Catalog and ETL jobs
Besides winning the award for most buzzwordy title, it’s also a really sophisticated way to build out a completely serverless data lake.

When you want to understand how all this serverless stuff actually works… 👩‍🏫

Introduction to Serverless Monitoring
If you want to discover different ways of achieving observability in stateless, distributed, and event-driven architectures, take a look at this white paper from Thundra.

Serverless Architecture – Why and How It’s a Smart Choice?
Not only a great primer (and case) for serverless, but also a good explanation as to why serverless is not PaaS.

The perfect tech stack
Serverless obviously 😃. But seriously, Levi Nunnink walks you through some thoughts on choosing the right technology and how developer familiarity plays a big role.

AWS Lambda: Solving the cold start problems while accessing DB in VPC.
Vishnu Subramanian mulls over the cold start problem, but offers a few suggestions to overcome it. Let’s hope the ENI solution is coming sooner rather than later.

How Secrets Manager Schedules Automatic Rotations
You’re totally rotating your secrets, right? 😬 Well, for those of you actually following best practices, Zac Charles gives us some interesting information about how auto-rotation actually works.

AWS Lambdas Can Have Shared State
Obie Fernandez walks you through the power of state machines and how AWS Step Functions can help you compose multiple functions.

Getting Started with AWS Lambda Layers
Still unsure about Lambda Layers? Matthew Vielkind’s post explains what they are, their benefits, how to create and use them, and provides some best practices and tips as well.

Introduction to Distributed Tracing
The benefits of modern, distributed cloud applications can make it harder to debug and fix software. Nitzan Shapira gives us an overview of distributed tracing, and how that helps solve this problem.

Serverless Stories 📖

Real Time Lambda Cost Analysis Using Honeycomb
Michael Garski from Fender Engineering shows how they used Honeycomb to analyze CloudWatch logs from Lambda to better understand their function utilization.

Where do you keep credentials for your Lambda functions?
Davide de Paolis walks us through his team’s journey to choose the best way to store secrets in their serverless applications.

A journey into serverless, part 2
Laurent Leconte and the Moonshot-Internet team layout all the tools they used to go serverless and why they chose them.

Scaling Skip: Serverless Architectures
Serverless made it possible to scale Skip with just a small team of engineers using the Google Cloud Platform.

Serverless Tutorials 🏗

Using AWS CloudFormation Macros and Custom Resources with the Serverless Framework
Well this is pretty cool. Who would have thought to use CloudFormation Macros in a serverless.yml file? Yi Ai, that’s who.

Deploying AWS Lambda functions using AWS CloudFormation (the portable way)
Lambda requires your S3 bucket to reside in the same AWS Region as the function, and creating a single template limits you to just one region. This excellent post discusses three patterns to address this problem.

Creating a lambda function with terraform
As I was reading this, I said to myself, “Why the heck would Gabriel Garrido not just use a serverless deployment framework instead?” He sets the record straight at the end.

Use NLog in .Net Core and AWS Lambda
Simple tutorial by Ofoedu Frank Ebuka that shows you how to setup and use NLog with .Net Core in Lambda.

Serverless AWS Lambda Dependency Injection & Simple Dependency Injection In AWS Lambda .net core
Gary Woodfine has some tips for you .NET Core fans out there.

Up and running with Aurora Serverless
Manish Pandit gives you an overview of Aurora Serverless, how to get it set up, and how to connect to it. If you want to dive into the pricing model, check out my article.

Serverless Reads 🤓

How to Serverless Locally: The Serverless Dev Workflow Challenge
If you’ve tried developing a serverless application locally, you’ve probably needed to resort to a number of tricks to test with cloudside resources. The team at Stackery just introduced a pretty cool way to do this.

What happens when you stop doing Serverless apps for a time?
Excellent post by Paul Johnston that addresses the fact that many (if not most) developers out there are still building things the “old way” (i.e. not using serverless or modern cloud app techniques). He also presents some great ideas at the end to help address the problem.

A Brief, Incomplete, and Mostly Wrong History of Serverless
Michael Hausenblas’ title sums up this piece nicely, but still worth the quick read.

Fargate Patterns
Srini Karlekar covers the basics of Fargate as well as lays out several patterns that can be used to utilize Fargate as part of your serverless applications. Very cool stuff.

How Far Out is AWS Fargate?
Speaking of Fargate, Michael Lavers from IOPipes argues that perhaps AWS has been pitching it wrong. There are lots of great use cases for Fargate, and in Michael’s opinion (and mine) it’s a better alternative to Kubernetes.

Thoughts from Twitter… 🐦

“One interesting consequence of ‘Serviceful Serverless’ and ‘Code is a Liability’ philosophies is that the worst ‘refactoring’ projects are a couple days of work at most.” ~ Joe Emison
A spirited discussion about development choices. You need to dig a bit as the conversation is buried in replies.

“If you’re part of the broader @kubernetesio ecosystem, comments like these should be taken to heart.” ~ Sandeep Parikh
I really love the thinking behind this thread. Complexity for complexity’s sake, especially when it doesn’t benefit the end user, is a tiresome and wasteful exercise.

When you prefer a multimedia experience… 🎞

Securing serverless applications with the right IAM permissions
Marcia Villalba has another episode of Foobar, this time she show you how to use IAM permission correctly with your serverless applications.

The Serverless Show, Ft. Ran Ribenzaft
Hillel Solow is joined by Ran Ribenzaft, Co-Founder & CTO at Epsagon, to chat about all things serverless observability and security.

Serverless Tools 🛠

Serverless AppSync Plugin: Top 10 New Features
Develop and test your AppSync GraphQL API locally on your workstation.

laconiajs/laconia: Create well-crafted serverless applications, effortlessly
This is a relatively new serverless application framework. It enforces hexagonal architectures, which should help you choose consistent patterns for your serverless functions.

jeremydaly/serverless-cloudside-plugin: Serverless plugin for using cloudside resources during local development
A new plugin I built to help me with my local development issues. Still needs some work, and I always appreciate feedback.

When you realize that AWS has been incredibly productive lately… 🏃‍♂️

Amazon Elasticsearch Service now offers improved performance at lower costs
New instance types offer superior performance at lower costs compared to previous-generation instances. Now if we can just make it serverless.

AWS AppSync Now Supports Tagging GraphQL APIs
You can now assign tags to GraphQL APIs in AWS AppSync.

New Quick Start sets up serverless CI/CD for the enterprise on the AWS Cloud
This is very cool. Setting this whole process up manually can be a pain, so having this Quick Start CloudFormation template will make life a lot easier.

AWS Systems Manager Now Supports Use of Parameter Store at Higher API Throughput
Run up to 1,000 requests per second for applications that require higher concurrent access to a large number of parameters.

Now you can tag Amazon DynamoDB tables when you create them
Yes, you could tag DynamoDB tables, but you used to have to wait until they were created to do it.

AWS Systems Manager Parameter Store Introduces Advanced Parameters
Advanced parameters enable you to create more than 10,000 parameters, use a larger parameter value size (up to 8 KB) and add policies to your parameter.

AWS specifies the IP address ranges for Amazon DynamoDB endpoints
This was a surprisingly common issue, so being able to lockdown IP address ranges on your local firewalls or in your VPC security groups is very helpful.

Query for AWS Regions, Endpoints, and More Using AWS Systems Manager
This is another common issue, just trying to find information about different AWS regions and their service endpoints. Now this info is all available via the AWS Systems Manager API, for free.

Hello, World! Welcome to the AWS Cost Management Blog.
AWS has launched a new blog to help you understand and control your AWS costs. Let’s hope this doesn’t take business away from Corey Quinn. 😉

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 1, 2019 – Aqua Serverless Security for AWS Lambda

May 1, 2019 – Stackery Livestream – Cloudside Plus Local Development: What should your serverless development workflow look like?

May 8, 2019 – Stackery Livestream – AWS Serverless Application Patterns with Jeremy Daly (yup, that’s me)

May 14, 2019 – PureSec Webinar – PCI Compliance & Serverless: Everything You Need To Know

May 15, 2019 – Serverless Monitoring & Troubleshooting – Expert Roundtable with Yan Cui, Jeremy Daly and Erez Berkner (yes, me again)

May 21, 2019 – Epsagon Webinar: Modernizing Applications with Serverless on AWS

May 22, 2019 – Build On Serverless, hosted by Heitor Lessa (I’ll be a guest on this episode and on the 29th)

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan. I’m giving one of the keynotes!

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Yi Ai (@yia333). Yi is a Lead Application Developer at Neami National in Melbourne, Australia as well as a self-described “aspiring full-stack developer” and a “serverless enthusiast.” Over the last few months, Yi has published several excellent serverless articles on Medium as well as a number of repositories on GitHub. It’s always great to hear from new voices in the serverless space. Thank you, Yi, for taking the time to share your serverless knowledge and experience with the community! I’m looking forward to future articles and projects. 🙌

Final Thoughts 🤔

Wow, this was a long one. Hopefully you haven’t passed out on your keyboard 🤤.

Every week I’m blown away by the amazing things happening with serverless, and the incredible work that the cloud providers, vendors, and developers are doing. It’s such an honor to be part of this amazing community. And I’m glad that you’re all a part of it with me.  🙌

I hope you enjoyed this issue of Off-by-none. Your feedback and suggestions are always most welcome. They help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

See you next week,

Off-by-none: Issue #34

Serverless is not a hammer to every nail  –  but it’s a serious contender… 🔨

Welcome to Issue #34 of Off-by-none. I’m so glad you’re here! 💯

Last week we looked at Google Cloud Run and saw how serverless can make for better vacations. This week, we (re)address the serverless versus containers debate, look at some interesting thought pieces on serverless, and share plenty of excellent content generated by the community.

Lots of amazing serverless stuff to get to, so let’s do this! 🤘🏻

Serverless versus Containers (not this again)… 🤦🏻‍♂️

It seems that this debate comes up from time to time, and I found some articles this week that I thought were interesting in their framing. I’m hoping by now, that most of us realize that containers are extremely powerful, but oftentimes unnecessary with the advent of FaaS. If your argument is over portability or cloud vendor lock-in, then I think you need to evaluate how important those are to your organization versus the operational complexity it adds. Here are few articles that might help you make a more informed decision.

Serverless vs. Docker — what to choose in 2019?
This is a good post that outlines the advantages and disadvantages of using the different approaches. Ultimately it concludes that both have valid use cases and we should choose the one that works best for our workload.

Use Docker and AWS Lambda Together? A Layered Approach
Vijay Balasubramaniam argues that you can use Docker and Lambda together in a way that leverages the strengths of each technology, while compensating for each other’s limitations.

Run your containers on AWS Fargate
If you’re still undecided, take a look at this post from Glenn Wedin that guides you step-by-step on how to launch a container in Fargate. Sure, much of this can be automated, but I still prefer Lambda when possible.

Serverless Product Announcements 📢

PureSec Recognized as a Gartner Cool Vendor!
Gartner awards the Cool Vendor honor to vendors and products who prove themselves as innovators in their space, and I would definitely agree that PureSec deserves to be here.

IOpipe launches serverless alerts upgrades with PagerDuty
New IOpipe functionality improves the developer on-call experience and minimizes disruptions for brands building serverless applications.

Tackle Serverless Observability Challenges with the New Stackery-Epsagon Integration
I love seeing companies collaborate to create better experiences for their users. Stackery and Epsagon working together seems like a great fit.

Enhanced IOpipe Observability: Reducing Overhead with CloudWatch Logs
You can now enable a new AWS integration on your IOpipe dashboard that will instantly unlock access to your CloudWatch logs for each and every AWS Lambda invocation you observe and monitor with IOpipe. This makes a lot more sense to me than synchronous logging.

Serverless Use Cases 🗺

From Poll to Push: Transform APIs using Amazon API Gateway REST APIs and WebSockets
Sending long-running requests that need to perform a subsequent action is a very common use case. Now with serverless WebSockets, we can ditch the polling hack and be notified when our job is complete.

Using Lambda and Jira to handle DEVOPS tasks
Perry Yang from TechOps shows us a clever way to automate tasks using JIRA tickets and AWS Lambda. This could be applied to a number of integrations and could significantly reduce repetitive maintenance tasks.

Copy Millions of S3 Objects in minutes
Keith Rozario found himself with an “embarrassingly parallel problem”, needing to copy S3 objects between regions. He uses a combination of SQS Queues and Lambdas to create a robust serverless solution with built-in monitoring, exception handling and scaling.

The complete guide to use node oracledb on AWS lambda using serverless framework and lambda layers
Apparently some people are still using Oracle databases. How quaint. Jinglun Ding is one of them, and he shows us how to a) use Lambda Layers to solve this problem, and b) demonstrate why we probably shouldn’t use Oracle with Lambda in the first place. 😬

How to check millions of URLs in a serverless way. AWS Lambda uses case
Alessandro Marino is a self-described “Junior Dev”, but he outlined an interesting serverless approach to checking/validating a massive number of URLs very quickly. Where do we find more “junior” devs that can think this way?

Start a new Twilio Functions project the easy way
Yup, the revolution has begun. Twilio isn’t the only vendor (*cough* Adobe) that is letting their users build serverless functions directly within their platform, and for good reason. There will be many use cases for this that will give developers much more control over third-party services.

Detecting Faces from Videos using Serverless Architecture
Mahmudul Haque Azad uses AWS Rekognition for a neat little use case with just a few lines of code and configuration.

When you’re still trying to figure out the best way to “serverless”… 🤔

5 Common Misconceptions About Serverless in 2019
Gracie Gregory of Stackery takes on some common misconceptions in the serverless space. It might help you level-set your expectations if you’re still on the fence.

Lambda Deployment Frameworks Compared
Interesting post that compares nine different serverless deployment frameworks. There is a lot of flexibility with the Serverless Framework and AWS SAM, but sometimes highly-opinionated frameworks can be useful in a number of circumstances.

6 unknown CloudFormation features you should know about
Building serverless applications means you are likely going to need to deal with CloudFormation. There are some handy tips in here, like cfn-lint and understanding Deletion and Update replace policies.

Serverless Stories 📖

Lessons learned in Serverless
Jon Vines highlights some of the challenges’s engineering team faced on their journey to understanding serverless architectures.

Experimenting with GCP Cloud Functions
Danielle Adamz is an Information Security and Privacy grad student who spent some time playing around with serverless. I love reading stories like this because it gives me a chance to see how people experience serverless as a beginner (a perspective now lost on me). If anything, it’s better than those stupid YouTube reaction videos.

Serverless Tutorials 🏗

Canary Deployment with LaunchDarkly and AWS Lambda
Another interesting post by Yan Cui that shows you how to circumvent some of the limitations of API Gateway canary deployments by using LaunchDarkly instead.

Tutorial to setup Azure EventGrid Topic to call Azure Function, that triggers a Sendgrid email
Something for the Azureans. Arjit Sharma shows you how to buffer events with EventGrid and then send off an email with an Azure Function.

How to compile resources for AWS Lambda?!
Great post by Mohammed Lutfalla that shows you how to use Lambda Docker images to compile resources for your serverless applications.

Safely validating usernames with Amazon Cognito
Super cool article that shows you how to use a pre-sign-up Lambda trigger to validate usernames before creating a user in Cognito.

Circumventing CORS with Netlify Functions & Nodejs
Kamry Bowman gives us a way to bypass CORS with a serverless application. It seems like a lot of overhead, but if the use case calls for it, I guess it makes sense.

Serverless Reads 🤓

Fighting vendor lock-in and designing testable serverless apps using hexagonal architecture
Slobodan Stojanović has another great article that says the best way to mitigate switching costs is to implement proper testing and pluggable architectures right from the beginning.

The Fundamental Problem: Solving .NET Lambda Cold Start Part I & Holy Grail of Solutions: Solving .NET Lambda Cold Start Part II
Cold start times with .NET on Lambda are worse than Java, but apparently people still love C#. This two-part series from Thundra gives you some solutions to minimize the problem.

AWS Summit Recap: What’s new for Lambda, Cloudformation and more
Excellent recap from Raoul Meyer of the AWS Summit in Amsterdam.

Benchmarking .NET Core 3.0-preview4 on Lambda
Zac Charles runs some new tests on the .NET Core 3.0-preview4 runtime. TLDR; stick with 2.1 or 2.2 for critical workloads, but if you’re looking for performance, give 3.0-preview4 a try.

The next three articles are all very similar. However, I found that each of them had some interesting takes on serverless, so I included them all.

IT Managers Guide to Serverless
Altaf Rehmani does an excellent job laying out the serverless paradigm and what it means for companies in the future. I don’t agree with everything (as I rarely do), but I really enjoyed reading this piece.

Is Serverless computing the future of Cloud computing?
Not as in-depth as Altaf’s piece, but Moumita Charaborty recognizes how serverless complements microservices, the importance of BaaS, and the methodology that allows teams to bring products to market faster.

Deconstructing Serverless Computing Part 1: A new layer of abstraction
Lucian Toader’s post also correctly emphasizes the role of BaaS, while pushing the conversation a bit further to discuss CapEx versus OpEx, the out-of-the-box security considerations, and the speed to market.

For members of the A/V club… 📽

Build On Serverless, hosted by Heitor Lessa
This weekly Twitch show will guide you through building a full-stack serverless airline ticket booking application. And I’m honored to be a guest on the May 29th episode. First episode is tomorrow!

Building Happy Little APIs w/ Eric Johnson
This is another Twitch series with Eric Johnson (and guest) doing a deep dive into APIs on AWS. The first episode is already out, and totally worth the watch.

Differences between Cloud Run and Cloud Run on GKE
Bret McGowen and Martin Omander from Google explain the difference between the two versions of the new Google Cloud Run service. Makes sense, but be sure to check your use case.

Serverless In The Brownfield | Think FaaS with Trek10
Forrest Brazeal lays out how established companies can migrate their existing systems to serverless infrastructures.

AWS Lambda Layers Q&A
Marcia Villalba answers some common questions about Lambda Layers.

Building a Serverless Blog with Hugo and Netlify
In this video, Marcia will show you how she created her blog using Hugo and Netlify.

The Fast Track to Serverless Security on AWS
Andrew Brown’s Serverless Security talk for the Serverless Toronto User Group is loaded with useful information, especially if you’re interested in taking some AWS Certification Exams.

Serverless Tools 🛠

Open source application to programmatically clean your AWS resources based on whitelist and time to live (TTL) settings.

Easily run a scheduled/cron task on AWS Lambda using Serverless Components.

Generate list of api endpoints & stack outputs for consumption in other applications + service discovery.

When you’re wondering what AWS is working on… ⚙️

Introducing the Infrastructure & Automation blog
This new blog will share the experiences and challenges that the AWS Quick Start team has faced and patterns and tools that they have developed.

Amazon Aurora Serverless Supports Sharing and Cross-Region Copying of Snapshots
You can now share snapshots of Aurora Serverless DB clusters with other AWS accounts or publicly, as well as copy cluster snapshots across AWS regions.

AWS re:Inforce 2019 – Security, Identity, and Compliance
AWS is expecting over 8,000 attendees in Boston for their first ever cloud security conference. 300 breakout sessions including bootcamps, chalk talks, workshops, full-day hands-on labs, builder sessions, leadership sessions, and more. Security geeks welcome!

Amplify Framework announces new Amazon Aurora Serverless and GraphQL Transform features for building AWS AppSync APIs
You can now use an existing Amazon Aurora Serverless database as a data source for your AWS AppSync GraphQL APIs. Plus you can use the Amplify CLI to auto-generate the schema and resolvers.

Amazon Kinesis Data Firehose custom prefixes for Amazon S3 objects
Apparently this allows you to create prefixes that are compatible with Apache Hive. So if you need that, problem solved.

Upcoming Serverless Events 🗓

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless presented by Stackery

April 25, 2019ServerlessDays Helsinki.

April 25, 2019 – Mastering Amazon DynamoDB ACID Transactions: When and How to Use the New Transactional APIs

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Chase Douglas (@txase). Chase is the co-founder and CTO of Stackery, a visualization tool that makes building and scaling serverless applications drop-dead simple (i.e. without all that darn YAML). Chase and his team are not only pushing innovation in the serverless space, but are actively working to expand the serverless community and make adoption easier. Chase is instrumental to this, providing technical leadership for their product team, as well as contributing his insights on the Stackery blog, being a frequent conference speaker, and participating in their weekly training sessions. Thanks for what you do, Chase! The community appreciates it. 👏

Final Thoughts 🤔

Every week we see more content, more tools, more use cases, and more people and organizations adopting serverless. All the major cloud providers continue to invest in solutions that reduce operational complexity and focus on the developer experience, and we see some amazing developers continue to push the providers to make it even better. What a time to be alive. 😉

Before you go, Protego is running The State of Serverless Survey. Hopefully it will yield some interesting data, so give that a look if you’d like.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Until next time,

Off-by-none: Issue #33

Serverless doesn’t take vacations… 🏝

Welcome to Issue #33 of Off-by-none. It’s great to have you join us! ☀️

Last week we were at the Serverless Architecture Conference in The Hague, Netherlands. This week, we’ll take a quick look at Google Cloud Run, see how serverless makes for better vacations, and, of course, share some amazing content from the serverless community.

Always plenty to get to, so here we go! 😎

When you can’t take your servers on vacation with you… ✈️🍹

This week I’m actually taking a vacation with my family. Besides writing this newsletter (and the occasional need to check Twitter), I’ve been able to disconnect myself from a number of production workloads that I’m responsible for. While I’ve worked for (and often work with) larger organizations that have redundant Ops staff, I always love the challenge and thrill of working with small startups.

One of the challenges that comes with these types of companies, is the need for a small team to share managing and maintaining the infrastructure (and generally on a budget). For people like me, this typically means that I’m “on call” no matter where in the world I may be. However, over the last ten years or so, as I (and others) have moved to the cloud, the increasing number of managed services has reduced the level of worry dramatically.

For the last 4+ years, I’ve been moving more and more workloads to managed services and AWS Lambda for compute. Now, as I lay on the beach, typing this newsletter on my phone, I can’t remember the last time I had a major outage that required my (or any of my team members’ immediate attention). I’m certainly not saying that Ops work goes away, but for startups and small teams, it’s nice to know that we can spend some worry-free time with our families instead of babysitting our servers.

When people are getting excited about Google Cloud Run… ☁️🏃‍♀️

Google recently announced their new Cloud Run service at Google Next. This service allows you to run stateless HTTP containers on a fully managed environment or in your own GKE cluster. TechCrunch’s article, Google Cloud Run brings serverless and containers together, will give you a bit more context.

I had several “thoughts” on this, but Ben Kehoe beat me to it with his post, The Good and the Bad of Google Cloud Run. I agree with Ben in that GCP is “providing people with a system that is going to make them complacent with traditional architecture, and not push them to gain the immense benefits of shifting (however slowly) to service-full architecture…” This seems to be so difficult for people to grasp, but it is spot on.

So is Google Cloud Run really “serverless” if it abstracts away most of the underlying infrastructure but still requires you to configure and maintain containers? I’m not convinced, but according to Paul Johnston’s New Definition of Serverless, it just might be.

Serverless Product Announcements 📢

Get alerts to PagerDuty and VictorOps with Epsagon
You can now get notified for any alert directly to your incident management tool. Both PagerDuty and VictorOps are supported.

Protego Labs Bolsters Serverless Security Solution with Support for Amazon Web Services Fargate
“Whether they are functions or containers, if they are small narrow-purpose workloads, optimizing configuration, and applying behavioral defense within the workloads significantly reduces serverless application attack surfaces.”~ Hillel Solow

Serverless Use Cases 🗺

Automated AWS Resource Cleaner
Servian had a bunch of unused AWS resources costing them money, so they built a tool (using Lambda) to help automatically clean them up.

How to defend games against DDoS attacks
If you’re building any type of application exposed to the web, being able to mitigate a DDoS attack is important. AWS already adds protection for a number of these attacks, and this post explores the architecture decisions you can make to best utilize these capabilities.

The Future of Serverless is… Functionless?
Developers seem to feel more comfortable when they can write some code, but in many cases, Lambda functions aren’t even necessary. Chase Douglas from Stackery discusses this in more detail and provides some demo-api-integrations that you can try out yourself.

If you’re just starting out with serverless…

Observability Without Having to Break the Bank
It’s important to capture metrics for your serverless applications, but logging every detail could get expensive. Yan Cui shows us how intelligent sampling with Thundra might be a better solution.

3 tips for serverless success in 2019
Richard Seroter of Pivotal shares 3 tips on what you should do in 2019 before you start using serverless products.

Put your serverless computing knowledge to the test
Taking this quiz won’t earn you any type of serverless certification, but if you’re new to the technology, perhaps this quiz will help to confuse you even more. 😉

Serverless Stories 📖

Migrating authentication from Express.js to API Gateway using a Lambda Authorizer
Part 6 of Paul Swail’s Decision Journal. This time he needs to implement an authentication and authorization mechanism with API Gateway using the same auth logic as their legacy API counterparts.

Building an AWS Serverless ML Pipeline with Step Functions
Rafael Felix Correa recounts how OLX Group used ML and Step Functions to consistently deliver meaningful recommendations to their customers.

Introducing Fenrir: How Coinbase is Scaling Serverless Applications
Coinbase built Fenrir, an AWS SAM deployer that is a reimplementation of the sam deploy command as an AWS Step Function.

Designing a modern serverless application with AWS Lambda and AWS Fargate
Nathan Peck discusses his use of AWS Lambda, AWS Fargate, and the AWS Cloud Development Kit to update his project.

Using AWS Serverless Technology as an Enabler for Cloud Adoption
This post describes how BJSS leveraged the AWS Serverless Platform and an innovative delivery approach to build a new ecommerce system for a major UK retailer.

How clean-architecture solved so many of our Serverless problems
Ewan Valentine solved a number of local testing problems by using a combination of dependency injection and a “delivery” interface for all his serverless functions.

Serverless Tutorials 🏗

Creating a Chat App with Serverless, WebSockets, and Python: A Tutorial
Lance Goodridge gives you a full walk through complete with Serverless Framework configurations and code snippets.

Upload files to AWS S3 using pre-signed POST data and a Lambda function
A simple pre-signed URL is all you need to allow users to upload data directly from their browsers into S3.

Invoking AWS Services from AppSync HTTP Resolvers
Yes, you can call AWS services without invoking Lambda functions. Yi Ai shows you how to use an HTTP resolver to send an email with SES.

Serverless API with ReactJS
Quick and easy tutorial that will show you how to create a simple ReactJS app with a serverless backend.

Serverless Security 🔐

AWS Security Maturity Roadmap
Scott Piper’s opinionated, actionable, guide to using AWS securely in 2019.

Key Differences in Security, Management for Serverless vs. Containers
Sonya Koptyev from Twistlock points out how security for functions and containers differ.

Serverless Reads 🤓

A Detailed Overview of AWS API Gateway
Alex DeBrie takes you through how requests are processed with API Gateway, and what happens at each step along the way.

How to know with whom your Lambda is talking?
Kirill Kolyaskin is a bit paranoid, but probably for good reasons. This post looks at how one might gain some better observability into HTTP communications to and from Lambda.

Serverless != microservices
Perhaps it should be “Serverless does not have to equal microservices” instead. Ersin Akinci does make a few good points, especially with regards to over complicating simple workflows.

The Fargate Illusion
Lee Briggs says that Fargate isn’t “easier” than Kubernetes, it’s just different. More importantly, “whichever way you choose is going to have operational overhead.”

Automating Apache OpenWhisk Releases With Serverless
James Thomas explains how he used serverless functions to automate release candidate verification for the Apache OpenWhisk project.

When you’re curious what’s happening at AWS… ⚙️

Sitting in the room with the entire Lambda PM + DA team talking about 2020. What do YOU want AWS to build?
Chris Munns and the team are looking for Lambda ideas.

Amazon Elasticsearch Service adds event monitoring and alerting support
The Amazon Elasticsearch Service now provides built-in event monitoring and alerting, enabling you to monitor the data stored in your domain and automatically send notifications based on pre-configured thresholds.

Periodic Table of Amazon Web Services (HTML Version)
Jerry Hargrove went above and beyond and created an HTML version of his incredible Periodic Table of AWS, complete with links to all the product pages. Very cool.

Upcoming Serverless Events 🗓

April 17, 2019 Serverless Observability Workshop presented by AWS and Epsagon.

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless present by Stackery

April 25, 2019ServerlessDays Helsinki.

April 25, 2019 – Mastering Amazon DynamoDB ACID Transactions: When and How to Use the New Transactional APIs

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ran Ribenzaft (@ranrib). Ran is the co-founder & CTO at Epsagon (@epsagon). Not only has his team built a killer product to make monitoring and tracing your serverless applications easier, but lately he has been hosting webinars like it’s nobody’s business. He always shares something interesting, whether in a webinar, or on the Epsagon blog. Thanks for your continued commitment to the serverless community, Ran!

Final Thoughts 🤔

Things are moving very fast in the serverless world, including the continued push to call every new service “serverless.” I also came across an interesting point in another article that observed that serverless “best practices” seem to be a moving target. Microservices, nanoservices, monoliths, containers, or direct service integrations with no functions at all? If anything, the noise is overwhelming, and I think this makes it harder for those looking to adopt serverless.

The technology will continue to mature, and more best practices will continue to emerge and evolve. But I tend to be of the mindset that it’s hard to make really bad decisions when building with serverless. So my advice, just go out there and build. Learn the basics, and take heed from others’ experiences, but in the end, there is no “right way” to “do serverless” right now. Some ways will work better than others, but do what works for you and your team, and adapt over time.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

See you again next week,

Off-by-none: Issue #32

Live from the Serverless Architecture Conference… 🌷🌷🌷

Welcome to Issue #32 of Off-by-none. I’m so happy that you’ve joined us this week. 🎉

Last week we looked at the Serverless Enterprise Framework and explored a few serverless security trends. This week, we’re live at the Serverless Architecture Conference in The Hague, Netherlands (🌷 lots of tulips).  There have been a number of great speakers so far, and since this is my first international speaking engagement, I’m hoping all goes well.🤞 Either way, we still have plenty of amazing content to share from the serverless community.

But before we begin, I want to give a shout out to friend-of-the-newsletter, and all around great guy, James Beswick. He recently announced that he joined the AWS Serverless team as a Developer Advocate. He will be an extremely valuable resource to all you serverless fans out there. He’s one of the most passionate serverless people I know, so I’m excited to see what kind of energy he’ll bring to AWS. Congrats, James! 👏👏👏

Every week seems to bring new and exciting serverless announcements, articles and projects, so let’s get going! 🔥

Serverless Product Announcements 📢

Announcing the Azure Functions Premium plan for enterprise serverless workloads
Pre-warming serverless functions? What kind of nonsense is this? But seriously, I’m actually glad that AWS has pushed to eliminate the problem completely, rather than taking this approach. Though I think many AWS customers would still pay for something similar.

New Serverless Plugin for IOpipe Monitoring and Observability via AWS Lambda Layers
If you’re using the Serverless Framework to build, deploy, and operate your applications on AWS Lambda, you can now use this new plugin to instrument your serverless applications with IOpipe.

Nginx Brings API Management to Application Platform
Nginx Unit is a polyglot application server for different programming languages including Python, PHP, Perl, Ruby, Go and JavaScript, that can be brought up to just run an event and then be brought down again. Hmm. 🤔

Aqua Security gets $62M to boost its container security platform
$62M in new funding to help companies protect container-based, cloud-native and serverless applications from malware and malicious attack. 💰

Serverless Edge Computing with EdgeEngine
Create dynamic scripting layers that sit in front of all StackPath services to create a customized delivery experience for end-users. Sound familiar? (cough, CloudFlare)

Serverless Use Cases 🗺

How to FaaS like a pro: 12 uncommon ways to invoke your serverless function (Part 1)
Yes, Lambda can do more than just respond to an API Gateway request. Alex Casalboni gives us four great Lambda use cases using Amazon Cognito, AWS Config, Amazon Kinesis Data Firehose, and Amazon CloudFormation.

Deploying Serverless WordPress sites
Well, if you have to use WordPress, deploying it as a static site is at least a good compromise. I’ll allow it. 😉

Chaining Serverless Functions for Stateful Workflows: AWS Step Functions using Adapter Pattern
Interesting approach to implementing Step Functions with an “adapter” function in between steps.

Using Serverless Reapers to Lower Your AWS Bill
Use Lambda to clean up unused resources in your AWS accounts. Don’t fear the reaper. Blue Oyster Cult would be so proud. 💀

Translating Speech in Real-Time with Your Browser and the Cloud
Anthony Chu shows us how to use Microsoft Azure Functions, the Azure Cognitive Services Speech SDK, and the Azure SignalR Service to build a speech translation application.

Amazon DynamoDB: Ad tech use cases and design patterns
DynamoDB allows ad tech companies to achieve a high request rate (millions of requests per second), low and predictable latency, and reliability without having to invest resources in database operations.

If you’re just starting out with serverless… 🚼

You’re Clouding — But are you Clouding Properly?
If you’re not fully taking advantage of serverless, then Abner Germanow might disagree with you.

A Node.js introduction to Amazon Simple Queue Service (SQS)
Derek Woods shows you how to set up an SQS queue, send a message, and process it with a worker. Learn to embrace asynchronous operations for more stable applications.

Best Practices for AWS Lambda Container Reuse
Angela Razzell shows you how to optimize warm starts when connecting AWS Lambda to other services.

Serverless cloud – Is it for everyone?
Daniel Kroening, a professor of Computer Science at Oxford University, argues that the best way to adopt a serverless strategy is to weave it into existing setups. I don’t disagree.

If you’re looking for some tools to automate your stack… 🤖

Serverless by Design
This tool by Danilo Poccia is absolutely amazing. Thanks to Ory Segal for pointing it out to me.

Serverless Apps to Automate Chores Around CloudWatch Logs
Yan Cui and Lumigo published some more apps in the Serverless Application Repository that let you auto-subscribe log groups and update retention policies.

Jeremy Edberg created a handy little script that will automatically create and stub functions just by reading your serverless.yml file. Very cool.

Serverless Tutorials 🏗

How to Build a Real-time Collaborative Markdown Editor with React Hooks, GraphQL & AWS AppSync
This post will walk through everything from creating the API, writing the client code, and deploying a custom domain.

Profiling database and API calls in Alexa Skills
Are your Alexa skills behaving correctly and answering quickly? Thorsten Hoeger shows you how to monitor each invocation of your skill function and trace calls to databases and third parties with Thundra.

Invoke AWS services directly from AWS AppSync
AWS AppSync now supports calling AWS services via HTTP data sources with auto-generated sigV4s. Josh Kahn shows you an example of how to implement long-running queries.

Create a metric math alarm using Amazon CloudWatch
I love math. Javier Martin shows us how to use metric math to create an error rate expression that only triggers CloudWatch alarms when a percentage of failed Lambda functions reach a certain threshold.

Serverless Security 🔐

The Evolution of Application Security In The Serverless World
Ory Segal sits down with Amit Klein to talk about how the move to serverless architectures, microservices, and the heavy reliance on cloud services, are changing the application security world.

[Whitepaper] Don’t think serverless security, think application security
The team over at Nuweba put together a whitepaper that debunks a lot of the FUD around serverless security. They stress that application level security is what really matters.

Expanding the PureSec API – Secure Your Functions Programmatically
PureSec recently made some updates to the PureSec API, which they say makes it easier than ever to automate the protection of your serverless applications.

Who’s on your Starting Lineup?
Maybe not the best analogy, but I think the point that Protego was trying to make has some merit.

Serverless Reads 🤓

My 2 year stint in micro serverless with AWS
Aphinya Dechalert outlines the lessons learned when switching from an EC2 -styled set up, to a serverless architecture that utilized Lamdba, API Gateway and S3.

OverSketched Newton: Fast Convex Optimization for Serverless Systems
OverSketched Newton is a randomized Hessian-based optimization algorithm to solve large-scale smooth and strongly-convex problems in serverless systems. 😳 (I got a headache just reading the abstract, but Ben Kehoe found it fascinating.)

How Should You Organize Your Functions in Production?
Yan Cui argues for single-purpose functions with fine-grained security controls. You should listen to him.

AWS AppSync Serverless GraphQL Real-Time Reference Architecture
Ed Lima really likes AppSync, and he wants you to as well. This post outlines two architectures that will help you achieve millions of real-time requests per day.

More Memory, more Cores? No
Does AWS Lambda grant you more cores with more memory? Björn Raupach ran an experiment and was apparently disappointed.

6 Ways Azure Beats AWS in the Cloud
This held my interest up until the point where it mentions multi-cloud.

For the Visual Learner… 🎥

Marcia Villalba (pronounced VI-SHALL-BA  😉) added a couple of videos to her FooBar Serverless monitoring series. Checkout the new videos covering the Dashbird and Epsagon.

Serverless Architectural Patterns and Best Practices
Sascha Möllering’s GOTO conference talk was recently published to YouTube. This was pre-re:Invent, so there are a few things missing, but overall, just a very informative serverless talk. You all know I’m partial to serverless patterns. 😀

When you’re curious what the teams at AWS have been working on… ⚙️

John Darrow on Twitter: “SHUTDOWN ABORT the last Oracle database running Amazon Fulfillment!”
AWS shutdown their final Oracle database instance, and apparently it was a big deal. The video shows the team’s enthusiasm, but what’s missing is the followup video of them beating that Oracle piñata to death.

Amazon DynamoDB drops the price of global tables by eliminating associated charges for DynamoDB Streams
You are no longer billed for streams resources used by global tables for replicating changes from one replica table to all other replicas.

Amazon CloudWatch Launches Search Expressions
Create dashboards that update automatically as new resources are created that match the search query, providing up-to-the-minute visibility with reduced operational overhead.

AWS Serverless Application Repository is Now Available in the EU (Paris) and EU (Stockholm) Regions

AWS Amplify Console Now Supports Deploying Fullstack Serverless Applications with a Single Click
“You can now deploy entire projects (including the front end & backend) for your Gatsby, Vue, React, Angular or JS apps with a single click!” ~ Nader Dabit

Amazon Elasticsearch Service announces support for Elasticsearch 6.5
New support for auto-interval date histogram, conditional token filters, and early termination support for min/max aggregations. And don’t forget that you can do in-place version upgrades.

Amazon CloudFront enhances the security for adding alternate domain names to a distribution
Now, only those with authorized access to your domain’s certificate can add your domain to a CloudFront distribution as an alternate domain name.

Amazon Comprehend now support KMS encryption
AWS customers that work with highly sensitive, encrypted data can now easily enable Comprehend to work with this encrypted data via an integration with the AWS Key Management Service.

Upcoming Serverless Events 🗓

April 10, 2019 – The Serverless Architecture Conference is in full swing in The Hague, Netherlands. Tomorrow I’m giving two talks and speaking on a panel.

April 11, 2019ServerlessDays Zurich.

April 17, 2019 Serverless Observability Workshop presented by AWS and Epsagon.

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless present by Stackery

April 25, 2019ServerlessDays Helsinki.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Danilo Poccia (@danilop). Danilo is a Principal Evangelist for Serverless at AWS Cloud and the author of AWS Lambda In Action. Danilo speaks at just about every conference you can imagine and has somewhere close to a billion presentations on serverless, several of which you can find the videos for. His GitHub account is loaded with amazing serverless goodies, and his Twitter feed is always updated with serverless news, product releases, and other industry buzz. I’ve been a big fan of Danilo’s work for quite some time, but after discovering his Serverless by Design project, he just got elevated to a whole new level. I think he takes the title from Chris Munns for the hardest working man in serverless. 🏆

Final Thoughts 🤔

Every day that I’m part of this amazing serverless community, I become more and more passionate about the future of cloud computing. All of these conferences are great for sharing ideas and spreading the word, but now I’m hearing these stories of developers and organizations embracing serverless and excelling with it. Not just saving money, but building better systems faster, and focusing on core business value rather than wasting time on the things that don’t matter. This is having a huge impact on software development, and seeing this potential is the reason why I started writing this newsletter. Even if you start small, the path to serverless will start generating an immediate return.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Until next time,

Off-by-none: Issue #31

Serverless goes enterprise… 🚀

Welcome to Issue #31 of Off-by-none. It’s great to have you here. 🙇‍♂️

Last week we looked at Event Fork Pipelines and explored the security model of Lambda. This week, the Serverless Framework goes Enterprise, we look at some serverless security trends, and share more great content from the serverless community.

Plenty happening with serverless this past week, so let’s get right to the good stuff!

Serverless Product Announcements 📢

Announcing Serverless Framework Enterprise: The Total Serverless Solution
I’m a HUGE fan of the Serverless Framework, and the new features launching with the Serverless Enterprise Framework are a great addition to help make deploying serverless applications easier AND safer. Insights, Secrets, and Safeguards, are three very useful services (that I’ve seen first hand) that should streamline your serverless development process. launches its managed Elasticsearch service
Also a huge fan of Elasticsearch, but even when using AWS’s managed service, there is still the issue of provisioning. is trying to change that by scaling ES automatically and bringing the cost down using some sort of innovative caching. Serverless Elasticsearch would be a useful addition to the ecosystem.

Serverless Use Cases 🗺

Consume a RabbitMQ message from AWS Lambda
Curtis Strain’s last post was about publishing messages to RabbitMQ. This time he shows us how to consume them. And yes, I actually have a need for this. 🤦🏻‍♂️

A Serverless application to clean up old deployment packages
Yan Cui teamed up with Lumigo and created a Serverless Application Repository service called Lambda-Janitor that will clean up all those old deployment packages to keep you under the limit.

Building a Fully Serverless Realtime CMS using AWS AppSync and Aurora Serverless
There are a lot of people building content management solutions with serverless, and Yi Ai is joining in the fun. A CMS is a great use case for serverless, especially given the extremely infrequent computing power needed.

A Smart Service to Keep AWS Lambda Warm
Renato Byrro from Dashbird is continuing to pull the thread on warming Lambdas. This post takes an interesting approach by positing a predictive algorithm that could better understand concurrency models. Using CloudWatch metrics to make better decisions, hmm, that’s a novel idea. 😉

Building CICD pipelines for serverless microservices using the AWS CDK
Paul Swail has another installment in his Migrating a Monolithic SaaS App to Serverless series. This time he’s building out a CI/CD pipeline using AWS CDK to configure the infrastructure.

Uploading images to AWS from remote devices securely via Rest API using AWS
It’s perfectly plausible that you’d need images (or other files) uploading from remote devices, Sandip Pradhan will show you how to do it securely.

For the Serverless newbie… 🆕 🐝

Serverless computing: 6 things you need to know
Jeffery Hammond from Forrester Research gives an excellent interview explaining what serverless is and why it is so important.

Serverless Technology Overtakes Cloud Computing
If you need to convince your boss that your company should be adopting serverless, point them to this CIOReview article. It’s a nice little executive summary that lays out the benefits in just a few paragraphs.

Compare AWS Lambda to Azure, GCP serverless platforms
There are a lot of “serverless” offerings out there, but the big three are still dominating the market. This piece by Chris Moyer lays out some of the differences between them.

Comparing Nuclio and AWS Lambda
If you like comparisons, check out Yan Cui’s piece that looks at how the open-source Nuclio project compares to Lambda. Yan recommends exploring Nuclio if you are looking for a serverless platform that isn’t tied to a specific cloud provider.

When’s the right time to go serverless?
I say, RIGHT NOW! But according to Chip Childers, serverless is still in the “pre-chasm” phase, which means best practices and tools still haven’t evolved yet. While I believe that is true to some extent, the market is catching up very quickly.

Fullstack Serverless
Kurtis Kemple is realizing the power that managed services stitched together with FaaS and frontend frameworks can bring.

Don’t Code If You Don’t Have To When Serverless
Tom McLaughlin of ServerlessOps also had an “aha” moment when he realized he could wire PagerDuty directly into CloudWatch and didn’t need to write (and support) more code. Take a look at your serverless functions and try to figure out what doesn’t need to be there. I bet there’s more than you think.

Serverless Tutorials 🏗

Orchestrating backend services with AWS Step Functions
If you need to compose several reusable functions together, AWS Step Functions is the way to go. Jay Dadhania gives a great overview and walks you through setting up workflows to pass your state from step to step.

Mastering Java Cold Starts on AWS Lambda — VOLUME 1
Serkan Özal goes into an insane amount of detail trying to reduce Java cold starts in Lambda. If you’re a Java shop, more power to you. My advice if you’re going serverless, switch to another language with lower start up times.

How to send text messages from your static site using Netlify, Twilio and serverless functions
Static sites with serverless backends are all the rage, and rightfully so. Stefan Judis has an in-depth post that takes you through the process of connecting all the pieces.

Creating a Serverless Cron Job in AWS
We’ve highlighted many ways to run cron jobs in AWS in the past, some more complex than others. Henry Williams lays out a simple process for you.

Building a Reliable Serverless Application in a Weekend
Mohit Cheppudira shows you how to build a full-blown (reliable) serverless application using Google Cloud.

Serverless Security 🔐

Serverless, shadow APIs and Denial of Wallet attacks
In this podcast, Doug Dooley makes a great point about the number of serverless APIs being published, likely unbeknownst to the enterprise. With developers having the ability to launch more services without needing support and guidance from a traditional Ops team, it does beg the question of how we should be keeping track of all these things.

The Serverless Cloud Security Model: A Point Of View
Great piece that lays out a serverless security model based on a validated and battle-tested reference architecture. Definitely worth taking a look at if you’re interested in serverless security (as we all should be).

Local Policy Updates – Keep Your Functions Secure Anywhere (Even In a closed VPC)
Local Policy Updates let you use the PureSec CLI tool to fetch the latest security policy and enforce it on your function during the CI/CD process, eliminating the need to to call the PureSec service at runtime.

Amazon Web Services sharpens its focus on cloud security
This SiliconAngle story recaps last week’s AWS Summit, and gives a good summary of why AWS is continuing to focus on cloud security.

Understanding Amazon DynamoDB encryption by using AWS Key Management Service and analysis of API calls with Amazon Athena
It’s important to understand security controls available within DynamoDB, and this piece Sai Sriparasa and Prahlad Rao outlines best practices, and shows you how to perform audits.

Serverless Stories 🌎

Building, automating and deploying serverless microservice infrastructures
Here’s how the Fender engineering team built out their new Fender Play service using AWS and serverless. It focuses on the build process, but there are some interesting takeaways in here.

ServerlessDays Hamburg Retrospective
Thinking about running a ServerlessDays conference, or maybe just going to one? This is a great look at just how much has to happen to put on one of these incredible events.

Load testing Serverless with Serverless at Comic Relief
Adam Clark lays out how his team load tested their serverless applications (and legacy applications) using Serverless Artillery in the lead up to Red Nose Day 2019.

Monitoring & Debugging Serverless Applications for Red Nose Day 2019
In this post, Adam Clark gives a run through of the debugging, alerting and tools used to provide insight into their serverless applications.

Why we migrated opensource inboxkitten (77 million serverless request) from Firebase to Cloudflare workers & CommonsHost
Eugene Cheah explains the title of this post.

Serverless e-commerce: lessons learned
Riccardo Ferrazzo wanted to be the “good son,” so he built his mother’s business a serverless e-commerce site. Here’s what he learned.

Serverless Reads 🤓

The Everything Guide to Lambda Throttling, Reserved Concurrency, and Execution Limits
Kerri Rapes lays out the details of the Lambda concurrency model and why you should care.

Just how expensive is the full AWS SDK?
Some more details on cold starts and a few ways to optimize your code to minimize them.

What does AWS-SDK v3 mean for node.js Lambda?
TLDR;  Using AWS-SDK v3 allows you to significantly reduce the size of your Node.js Lambda functions.

Amazon Aurora: design considerations for high throughput cloud-native relational databases
If you really want to know how Aurora works behind the scenes, take a look at this in-depth post by Adrian Colyer.

Current options to deploy a Serverless blog
Veer Abheek Singh did some research and found several options for deploying a serverless blog.

Will it scale? Let’s load test geohashing on DynamoDB
James Beswick and Richard Boyd teamed up to load test James’ DynamoDB-based geohashing service. There are some interesting findings in here (like write less code and introduce fewer moving parts).

For a little April Fools’ fun, the Kroonenburgs decide to adopt servers and eventually establish a sanctuary for rescue servers in the countryside. “It’s going to be a nice, quiet server farm.”

Breaking down the Monolith. Considering Serverless!
Harish Kumar gives you some thoughts on why serverless is a good choice, but more importantly, where you should start.

TypeScript Is a Perfect Choice for Serverless
This is just a short post that documents Arseny Yankovsky’s realization that Java is way too heavy for serverless functions. I included it because I want everyone to realize this.

For the Visual Learner… 🎥

AWS X-Ray for Serverless Applications | Serverless Monitoring
Marcia Villalba shows us how to easily instrument a Serverless Framework application with AWS X-Ray.

Visual Notes for Amazon SNS
By Jerry Hargrove. Enough said. 😉

When you’re wondering what AWS has been working on… ⚙️

Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience
Remember that API Gateway Serverless Developer Portal thing AWS launch a while ago? It just got better.

Application Load Balancers now Support Advanced Request Routing
ALBs are pretty sweet, and now you can use things like query parameters and HTTP methods to manipulate routing. Couple this with AWS Lambdas as the backend, and suddenly this starts to feel a bit like API Gateway. Very cool stuff. Here’s how to use the new features and some use cases for them.

The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available
You can now download the AWS Toolkit from the Visual Studio Marketplace with support for node.js. It also supports Visual Studio 2019. It’s good to see everyone playing nicely together.

Create Alexa Experiences for Your Organization with Blueprints
Still not familiar with Alexa private skills? Now these voice-powered capabilities for Alexa have a couple of blueprints to get you voice-enabling your business processes in no time.

Upcoming Serverless Events 🗓

April 8-10, 2019 – The Serverless Architecture Conference in The Hague, Netherlands.  I’m giving two talks, so I hope you’ll join us.

April 9, 2019ServerlessDays Atlanta. This one is combined with DevOps Days and Map Camp.

April 11, 2019ServerlessDays Zurich.

April 25, 2019ServerlessDays Helsinki. The speakers have all been announced!

The CFP for DevOpsDays Boston 2019 is now open.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Richard Boyd (@rchrdbyd). Richard is a Cloud Data Engineer at The iRobot Corporation who used to work on Robotics and Alexa at Amazon. Now he’s jumping into the serverless community by posting really interesting articles on his blog (, engaging on Twitter, and collaborating with others. I love hearing new serverless voices and perspectives, and Richard is a very welcome addition to the community. Looking forward to seeing more from him. 👏

Final Thoughts 🤔

The last two weeks have been very busy for me, but we finally have the new AlertMe serverless article processing system up and running in production. Lots of interesting lessons learned there, so perhaps, at some point I’ll share all the details. There is always more to do, but our architecture makes extensibility extremely easy. I’m really looking forward to iterating on the live service.

Don’t forget that next week I’ll be speaking at the Serverless Architecture Conference in The Hague, Netherlands. I’m giving two talks, Serverless Microservice Patterns for AWS and Building resilient serverless Systems with non-serverless Components. I hope to see some of you there. Please come and say “Hi” if you get a chance. I’ve got plenty of “Off-by-none” stickers to give out.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Hope to see you soon (maybe in The Hague),