All Posts

🚀 Project Update:

Serverless MySQL: v1.5.0 released

Serverless MySQL v1.5.0 is a maintenance/security update that also adds a new feature to transaction handling allowing you to return null queries to simplify conditional transaction workflows. Read More...

How to switch from RDBMS to DynamoDB in 20 easy steps…

I posted a thread on Twitter with some thoughts on how to how to switch from RDBMS to DynamoDB. Some people have asked me to turn it into a blog post to make it easier to follow. So here it is… with some bonus steps at the end. Enjoy! 😁

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.4.0 Released

Thanks to contributions from the community, Serverless MySQL v1.4.0 adds the ability to bring your own MySQL and Promise libraries, an enhancement that lets you use multiple instances, and some more TypeScript updates. Read More...

Developing Serverless Applications Locally with the “serverless-cloudside-plugin”

Developing and testing serverless applications locally can be a challenge. Even with tools like SAM and the Serverless Framework, you often end up mocking your cloud resources, or resorting to tricks (like using pseudo-variables) to build ARNs and service endpoint URLs manually. While these workarounds may have the desired result, they also complicate our configuration files with (potentially brittle) user-constructed strings, which duplicates information already available to CloudFormation.

This is a common problem for me and other serverless developers I know. So I decided to come up with a solution.

Continue Reading…

🚀 Project Update:

Lambda API: v0.10.1 Released

Lambda API v0.10.1 has been released to fix an issue with the "statusCode" reporting incorrectly in error logs. The arity requirement for handler functions has also been relaxed since it's possible that they may not be needed within a route definition. Read More...

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…


How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…


Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…


re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…


Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9.1 Released

Lambda API v0.9.1 has been released to include the index.d.ts TypeScript declarations file in the NPM package (thanks again, @hassankhan). The release is immediately available via NPM. Read More...
🚀 Project Update:

Lambda API: v0.9 Released

v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. Read More...

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…


What 15 Minute Lambda Functions Tells Us About the Future of Serverless

Amazon Web Services recently announced that they increased the maximum execution time of Lambda functions from 5 to 15 minutes. In addition to this, they also introduced the new “Applications” menu in the Lambda Console, a tool that aggregates functions, resources, event sources and metrics based on services defined by SAM or CloudFormation templates. With AWS re:Invent just around the corner, I’m sure these announcements are just the tip of the iceberg with regards to AWS’s plans for Lambda and its suite of complementary managed services.

While these may seem like incremental improvements to the casual observer, they actually give us an interesting glimpse into the future of serverless computing. Cloud providers, especially AWS, continue to push the limits of what serverless can and should be. In this post, we’ll discuss why these two announcements represent significant progress into serverless becoming the dominant force in cloud computing.

Continue Reading…

🚀 Project Update:

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

🚀 Project Update:

Serverless MySQL: v1.1.0 Released

Serverless MySQL v1.1.0 adds additional transaction support capabilities to allow users to retrieve interim query results for use with future queries. This is useful for getting the insertId from previous queries when performing transactions. Read More...

Serverless Security: Locking Down Your Apps with FunctionShield

I’ve written quite extensively about serverless security, and while you don’t need to be an expert on the matter, there are a number of common sense principles that every developer should know. Serverless infrastructures (specifically FaaS and managed services) certainly benefit from an increased security posture given that the cloud provider is handling things like software patching, network security, and to some extent, even DDoS mitigation. But at the end of the day, your application is only as secure as its weakest link, and with serverless, that pretty much always comes down to application layer security.

In this post we’re going to look at ways to mitigate some of these application layer security issues by using some simple strategies as well as a free tool called FunctionShield.

Audio Version:

Continue Reading…


Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…


Jeremy goes to AWS re:Invent 2018

It’s official! I’m going to AWS re:Invent 2018. 🙌

My goal from this trip is to learn, learn, learn… and then share, share, share.   There are over 30 sessions that talk about serverless, plus 40,000 other people there to meet and learn from! I’m so excited. 🙃

I know that many of you will be there, but for those of you who can’t be, I’ll do my best to share insights, tips, how-tos, best practices and more. I’ll even have a drink for you if you’d like 🍺 (no arm twisting necessary)!

Continue Reading…


Serverless Microservice Patterns for AWS

I’m a huge fan of building microservices with serverless systems. Serverless gives us the power to focus on just the code and our data without worrying about the maintenance and configuration of the underlying compute resources. Cloud providers (like AWS), also give us a huge number of managed services that we can stitch together to create incredibly powerful, and massively scalable serverless microservices.

I’ve read a lot of posts that mention serverless microservices, but they often don’t go into much detail. I feel like that can leave people confused and make it harder for them to implement their own solutions. Since I work with serverless microservices all the time, I figured I’d compile a list of design patterns and how to implement them in AWS. I came up with 19 of them, though I’m sure there are plenty more.

In this post we’ll look at all 19 in detail so that you can use them as templates to start designing your own serverless microservices.

Audio Version:

Continue Reading…

🚀 Project Update:

Lambda API: v0.8 Released

Lambda v0.8 is finally here and was well worth the wait! New features include allowing middleware to accept multiple handlers, new convenience methods for cache control and signing S3 URLs, and async/await support for the main function handler. And best of all, new LOGGING and SAMPLING support for you to add more observability into your APIs and web applications. Read More...

Aurora Serverless: The Good, the Bad and the Scalable

Amazon announced the General Availability of Aurora Serverless on August 9, 2018. I have been playing around with the preview of Aurora Serverless for a few months, and I must say that overall, I’m very impressed. There are A LOT of limitations with this first release, but I believe that Amazon will do what Amazon does best, and keep iterating until this thing is rock solid.

The announcement gives a great overview and the official User Guide is chock full of interesting and useful information, so I definitely suggest giving those a read. In this post, I want to dive a little bit deeper and discuss the pros and cons of Aurora Serverless. I also want to dig into some of the technical details, pricing comparisons, and look more closely at the limitations.

Audio Version

Continue Reading…


A Tale of Two Teams

Audio Version:

It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness… ~ A Tale of Two Cities by Charles Dickens

There is a revolution happening in the tech world. An emerging paradigm that’s letting development teams focus on business value instead of technical orchestration. It is helping teams create and iterate faster, without worrying about the limits or configurations of an underlying infrastructure. It is enabling the emergence of new tools and services that foster greater developer freedom. Freedom to experiment. Freedom to do more with less. Freedom to immediately create value by publishing their work without the traditional barriers created by operational limits.

Continue Reading…


How To: Add Test Coverage to your Serverless Applications

Writing serverless functions brings developers closer and closer to the stack that runs their code. While this gives them a tremendous amount of freedom, it also adds additional responsibility. Serverless applications require developers to think more about security and optimizations, as well as perform other tasks that were traditionally assigned to operations teams. And of course, code quality and proper testing continue to be at the top of the list for production-level applications. In this post, we’ll look at how to add test coverage to our Node.js applications and how we can apply it to our Serverless framework projects. ⚡️

Continue Reading…


Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…


How To: Tag Your Lambda Functions for Smarter Serverless Applications

As our serverless applications start to grow in complexity and scope, we often find ourselves publishing dozens if not hundreds of functions to handle our expanding workloads. It’s no secret that serverless development workflows have been a challenge for a lot of organizations. Some best practices are starting to emerge, but many development teams are simply mixing their existing workflows with frameworks like Serverless and AWS SAM to build, test and deploy their serverless applications.

Beyond workflows, another challenge serverless developers encounter as their applications expand, is simply trying to keep all of their functions organized. You may have several functions and resources as part of a microservice contained in their own git repo. Or you might simply put all your functions in a single repository for better common library sharing. Regardless of how code is organized locally, much of that is lost when all your functions end up in a big long list in the AWS Lambda console. In this post we’ll look at how we can use AWS’s resource tagging as a way to apply structure to our deployed functions. This not only give us more insight into our applications, but can be used to apply Cost-Allocation Tags to our billing reports as well. 👍

Continue Reading…


Thinking Serverless (Big and Small)

I’ve been reading and writing a lot of about serverless lately, and one of the things I realized, is that most articles talk about how SCALABLE serverless architectures are. This, of course, is one of the major benefits of using serverless to build your applications. The ability to scale to thousands of concurrent requests per second without needing to manage your own servers, is simply amazing. 🙌

However, not needing to manage any servers has other benefits beyond the capabilities to achieve web scale. Having on-demand compute space also make serverless the perfect candidate for smaller workloads. In this post, let’s discuss how we can utilize serverless to handle our “less than unicorn 🦄” services and the benefits this can bring.

Continue Reading…


Lambda Warmer: Optimize AWS Lambda Function Cold Starts

At a recent AWS Startup Day event in Boston, MA, Chris Munns, the Senior Developer Advocate for Serverless at AWS, discussed Lambda cold starts and how to mitigate them. According to Chris (although he acknowledge that it is a “hack”) using the CloudWatch Events “ping” method is really the only way to do it right now. He gave a number of really good tips to pre-warm your functions “correctly”:

  • Don’t ping more often than every 5 minutes
  • Invoke the function directly (i.e. don’t use API Gateway to invoke it)
  • Pass in a test payload that can be identified as such
  • Create handler logic that replies accordingly without running the whole function

Continue Reading…


15 Key Takeaways from the Serverless Talk at AWS Startup Day

I love learning about the capabilities of AWS Lambda functions, and typically consume any article or piece of documentation I come across on the subject. When I heard that Chris Munns, Senior Developer Advocate for Serverless at AWS, was going to be speaking at AWS Startup Day in Boston, I was excited. I was able to attend his talk, The Best Practices and Hard Lessons Learned of Serverless Applications, and it was well worth it.

Chris said during his talk that all of the information he presented is on the AWS Serverless site. However, there is A LOT of information out there, so it was nice to have him consolidate it down for us into a 45 minute talk. There was some really insightful information shared and lots of great questions. I was aware of many of the topics discussed, but there were several clarifications and explanations (especially around the inner workings of Lambda) that were really helpful. 👍

Continue Reading…


Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices

I came across a post the in the Serverless forums that asked how to disable the VPC for a single function within a Serverless project. This got me thinking about how other people structure their serverless microservices, so I wanted to throw out some ideas. I often mix my Lambda functions between VPC and non-VPC depending on their use and data requirements. In this post, I’ll outline some ways you can structure your Lambda microservices to isolate services, make execution faster, and maybe even save you some money. ⚡️💰

Continue Reading…


5 Reasons Why Your Serverless Application Might Be A Security Risk

There has been a lot of buzz lately about serverless security. People are certainly talking about it more and sharing great articles on the topic, but many serverless developers (especially new ones) are still making the same critical mistakes. Every time a serverless function is deployed, its unique security challenges need to be addressed. Every time. I’ve researched and written extensively about serverless security (see Securing Serverless: A Newbie’s Guide). I’ve read countless articles on the subject. And while there is no shortage of information available, let’s be honest: developers are busy building applications, not pouring through hundreds of articles.

I know, it sounds boring, but I would encourage you to do your research on serverless security. Serverless applications are different than traditional, server-hosted applications. Much of the security responsibility falls on the developer, and not following best practices opens you (or your company) up to an attack. But I know you’re busy. I totally get it. So rather than forcing you to read a bunch of long articles 😴 or watch a plethora of videos 🙈, I’ve whittled it all down to the five biggest serverless security risks for you. Sure, there are a lot of other things to consider, but IMO, these are the most important ones. Nothing here hasn’t been said before. But If you do nothing more than follow these principles, your serverless applications will be much more secure. 🔒

Continue Reading…


Serverless Consumers with Lambda and SQS Triggers

On Wednesday, June 27, 2018, Amazon Web Services released SQS triggers for Lambda functions. Those of you who have been building serverless applications with AWS Lambda probably know how big of a deal this is. Until now, the AWS Simple Queue Service (SQS) was generally a pain to deal with for serverless applications. Communicating with SQS is simple and straightforward, but there was no way to automatically consume messages without implementing a series of hacks. In general, these hacks “worked” and were fairly manageable. However, as your services became more complex, dealing with concurrency and managing fan out made your applications brittle and error prone. SQS triggers solve all of these problems. 👊

Update December 6, 2018: At some point over the last few months AWS fixed the issue with the concurrency limits and the redrive policy. See Additional experiments with concurrency and redrive polices below.

Audio Version (please note that this audio version is out of date given the new updates)

Continue Reading…


Event Injection: Protecting your Serverless Applications

Updated January 25, 2019: This post was updated based on feedback from the community.

The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. Many traditional web applications are front-ended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. If you’re invoking serverless functions from sources other than API Gateway, you no longer have the ability to use the protection of a WAF. 

Continue Reading…


10 Things You Need To Know When Building Serverless Applications

I am a HUGE fan of serverless architectures. This new type of compute not only opens up more possibilities for developers, but can support highly-scalable, complex applications for a fraction of the cost compared to provisioning virtual servers. My first question when planning a new application is always, “Can I build this with serverless?” Spoiler alert, the answer is almost always YES!

I’ve been building serverless applications since the release of AWS Lambda in 2015, so answering the question above is pretty easy for me. However, a lot of people I talk to who are new to serverless often have many questions (and misconceptions). I want you to be successful, so below I’ve create a list of 10 things you need to know when building a serverless application. These are things I wish I knew when I started, so hopefully they’ll help you get up to speed a faster and start building some amazing applications.

Continue Reading…

🚀 Project Update:

Lambda API: v0.7 Released

v0.7 adds new features to control middleware execution based on path, plus additional parsing of the AWS Lambda context object. ESLint and coverage reports using Istanbul and Coveralls were also added to ensure code quality and adequate test coverage. Read More...

How To: Optimize the Serverless Optimizer Plugin

I’m sure you’re already well aware of how awesome the ⚡ Serverless Framework is for managing and deploying your serverless applications. And you’re probably aware that there are several great plugins available that make Serverless even better. But did you know that there was a plugin to optimize your functions and reduce the size of your deployment packages? Or are you already using this plugin to optimize your functions, but hate how it takes too long to optimize locally run functions? In this post I’ll share some quick tips to help you optimize your Serverless Optimizer experience.

Continue Reading…


Transducers: Supercharge your functional JavaScript

This is the first in a series of posts on functional programming in JavaScript. My goal is to make these ideas more accessible to all levels of programmers. Feedback about style, content, etc., would all be greatly appreciated.

One thing that perplexed me early on in my functional programming days was the concept of transducers. I spent a lot of time Googling and found some great articles that went deep into the theory and the underlying mechanics. However, the practical use of them still seemed a bit out of reach. In this post I’ll attempt to explain transducers in a more understandable way and hopefully give you the confidence to use them in your functional JavaScript. While this article attempts to make transducers more accessible, you will need to have some basic knowledge of functional programming in JavaScript. Specifically, you should know about function composition and iterator functions like .map(), .filter(), and most importantly, .reduce(). If you are unfamiliar with these concepts, go get a grasp on them first.

Continue Reading…

🚀 Project Update:

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

Solving the Cold Start Problem

Dear AWS Lambda Team,

I have a serious problem: I love AWS Lambda! In fact, I love it so much that I’ve pretty much gone all in on this whole #serverless thing. I use Lambda for almost everything now. I use it to build backend data processing pipelines, distribute long running tasks, and respond to API requests. Heck, I even built an Alexa app just for fun. I found myself building so many RESTful APIs using Lambda and API Gateway that I went ahead and created the open source Lambda API web framework to allow users to more efficiently route and respond to API Gateway requests.

Serverless technologies, like Lambda, have revolutionized how developers think about building applications. Abstracting away the underlying compute layer and replacing it with on-demand, near-infinitely scalable function containers is brilliant. As we would say out here in Boston, “you guys are wicked smaht.” But I think you missed something very important. In your efforts to conform to the “pay only for the compute time you consume” promise of serverless, you inadvertently handicapped the service. My biggest complaint, and the number one objection that I hear from most of the “serverless-is-not-ready-for-primetime” naysayers, are Cold Starts.

Continue Reading…


How To: Manage Serverless Environment Variables Per Stage

I often find myself creating four separate stages for each ⚡ Serverless Framework project I work on: dev, staging, prod, and local. Obviously the first three are meant to be deployed to the cloud, but the last one, local, is meant to run and test interactions with local resources. It’s also great to have an offline version (like when you’re on a plane ✈ or have terrible wifi somewhere). Plus, development is much faster because you’re not waiting for round trips to the server. 😉

A really great feature of Serverless is the ability to configure ENVIRONMENT variables in the serverless.yml file. This lets us store important global information like database names, service endpoints and more. We can even reference passwords securely using AWS’s Service Manager Parameter Store and decode encrypted secrets on deployment, keeping them safe from developers and source repositories alike. 😬 Just reference the variable with ${ssm:/myapp/my-secure-value~true} in your configuration file.

Continue Reading…

🚀 Project Update:

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

How To: Stub “.promise()” in AWS-SDK Node.js

Since AWS released support for Node v8.10 in Lambda, I was able to refactor Lambda API to use async/await instead of Bluebird promises. The code is not only much cleaner now, but I was able to remove a lot of unnecessary overhead as well. As part of the refactoring, I decided to use AWS-SDK’s native promise implementation by appending .promise() to the end of an S3 getObject call. This works perfectly in production and the code is super compact and simple:

The issue came with stubbing the call using Sinon.js. With the old promise method, I was using promisifyAll() to wrap new AWS.S3() and then stubbing the getObjectAsync method. If you’re not familiar with stubbing AWS services, read my post: How To: Stub AWS Services in Lambda Functions using Serverless, Sinon.JS and Promises.

Continue Reading…


How To: Manage RDS Connections from AWS Lambda Serverless Functions

Someone asked a great question on my How To: Reuse Database Connections in AWS Lambda post about how to end the unused connections left over by expired Lambda functions:

I’m playing around with AWS lambda and connections to an RDS database and am finding that for the containers that are not reused the connection remains. I found before that sometimes the connections would just die eventually. I was wondering, is there some way to manage and/or end the connections without needing to wait for them to end on their own? The main issue I’m worried about is that these unused connections would remain for an excessive amount of time and prevent new connections that will actually be used from being made due to the limit on the number of connections.

🧟‍♂️ Zombie RDS connections leftover on container expiration can become a problem when you start to reach a high number of concurrent Lambda executions. My guess is that this is why AWS is launching Aurora Serverless, to deal with relational databases at scale. At the time of this writing it is still in preview mode.

Update September 2, 2018: I wrote an NPM module that manages MySQL connections for you in serverless environments. Check it out here.

Update August 9, 2018: Aurora Serverless is now Generally Available!

Overall, I’ve found that Lambda is pretty good about closing database connections when the container expires, but even if it does it reliably, it still doesn’t solve the MAX CONNECTIONS problem. Here are several strategies that I’ve used to deal with this issue.

Continue Reading…


Is Code Really Self-Documenting?

In my 20+ years of programming, I’ve encountered a near endless amount of opinions on everything from coding styles to programming paradigms to the great whitespace debate. Obviously, I have strong opinions on a number of these. But for me, the one that bothers me the most is this notion that “code is self-documenting.” 😾

I know what you’re probably thinking: “of course not all code is self-documenting, only well-written code is.” I don’t entirely disagree. I can generally look at someone else’s code and understand exactly WHAT it is doing. However, often it’s not obvious WHY they did it that way, or even why they did it in the first place. In my opinion, the programmer’s intent (the WHY) is just as important as the HOW when it comes to properly documenting software.

So whether you agree with me or not, let’s explore how to better document our software by writing cleaner code, following some general commenting etiquette, and commenting more effectively to make you and your team more productive. 👍

Continue Reading…


Securing Serverless: A Newbie’s Guide

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

Continue Reading…


How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway.  Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

Continue Reading…

Off-by-none: Issue #46

Building Serverless Event Bridges… 🌉

Welcome to Issue #46 of Off-by-none. I’m so happy that you’re here! 😃

Last week, we pondered how companies adopt serverless and previewed AWS Summit New York. This week, we take a deep dive into the new Amazon EventBridge service and share some amazing stories, tutorials, and content from the serverless community.

There is a lot to get to this week, so let’s get to it! 🏃‍♂️

When you’re wondering why EventBridge is such a big deal #NoMoreWebhooks…🤓

Last week Thursday was very exciting for all us serverless nerds out there. Werner Vogels introduced Amazon EventBridge in his keynote, and several people quickly took notice of how powerful this new service is. Besides this excellent post by Mike Deck, a few others had some rather good things to say about it:

Amazon EventBridge: The biggest thing since AWS Lambda itself
Jared Short made this rather bold claim, but I wholeheartedly agree. Yes, CloudWatch Events has been around for awhile, but custom event buses and partner integrations elevate events to first-class citizens within the AWS ecosystem. This is important.

Why Amazon EventBridge will change the way you build serverless applications
Paul Johnston gets it too. He also said that EventBridge is “the most important release for serverless applications since Lambda.” CloudWatch Events was a clever way to coordinate custom events without needing SNS or Kinesis, but now Paul says, “EventBridge has become a central pivot to a serverless applications on AWS.”

There have also been a few posts that show it in use:

If you want even more insights into what you can do with EventBridge, listen to the latest episode of Serverless Chats (Episode #5: Event-Driven Applications using Amazon EventBridge with Mike Deck) where Mike Deck and I chat all about it.

Serverless News & Product Announcements 🚀

Announcing Stackery’s AWS DevOps Competency – Professional Workflow & Tooling For Building On AWS Serverless
To achieve this certification, APN Partners must show AWS expertise and deliver solutions seamlessly on AWS. It’s great to see Stackery keeping up the good work!

Protego Labs Announces Enhancements with New Pipeline Integration Tool
With the enhancements and new functionality, Protego makes it easier for organizations to truly shift security left from development through to deployment, in a smooth and frictionless manner.

Serverless Guru Joins Serverless as a Development Partner
With this partnership in place, Serverless Guru will be able to work more closely with Serverless, Inc. on delivering solutions for its customers. The two companies will collaborate on training and supporting customers as well as building out further functionality in the Serverless Framework.

Serverless Plugin Support Program
This new program reviews community plugins to ensure specific standards are met. Enterprise customers can then be assured that Serverless, Inc. will support approved plugins used within their applications.

AWS Serverless Hero Yan Cui joins Lumigo
The legendary Yan Cui (aka The Burning Monk) joins Lumigo to head up their serverless consulting team. We should expect to see some great serverless stuff coming from this new partnership.

Serverless Stories 📖

How I made AWS Lambda work for my SaaS
Tim Nolet gives an overview of how he built his SaaS company, Checkly, using Lambda and other AWS services. Lots of interesting commentary in here, and nice reuse of Lambda functions for both synchronous and asynchronous use cases.

How BuildCenter and Serverless Guru Streamlined Their Serverless Development Cycle
Interesting case study that shows how Serverless Guru helped BuildCenter adopt the Serverless Framework.

Serverless data engineering at Zalando with the AWS CDK
Viacheslav Inozemtsev and the team at Zalando are big fans of the AWS CDK. Read how they used it to speed up their development lifecycle.

How we built a serverless architecture with AWS
A detailed look at Hypertrack’s AWS architecture and how they use serverless to implement live location for their developers’ apps.

Serverless Use Cases 🗺

How to Use R in AWS Lambda
Jakub Nowicki shows you how you can use R with Lambda functions and Lambda Layers to preprocess data for your ML models.

Orchestrating an ETL process using AWS Step Functions for Amazon Redshift
This is a great use case for Lambda and Step Functions. Thiyagarajan Arumugam shows you how to run serverless ETL tasks to refresh data from your source systems.

SAP IDoc integration with Amazon S3 by using Amazon API Gateway
In this blog post, you’ll see how to store SAP IDocs in Amazon S3 by using API Gateway, with AWS Lambda authorizers and Amazon Cognito both providing the authentication layer.

Responding to SMS in PHP using AWS Lambda and Bref
Simple use case for responding to SMS messages with Lambda functions and PHP.

If you’re interested in learning some serverless basics… 🏗

S3 or DynamoDB?
This is an excerpt from Gojko Adzic’s new book. Picking the right service for your key-based storage workflow should be a little easier after reading this.

Best Practices for Developing on AWS Lambda
George Mao gives you five tips for building applications with AWS Lambda. Pay special attention to #1, “When to VPC-Enable a Lambda Function.”

CloudFormation Nested Stacks Primer
This is an excellent primer by Jared Short from Trek10. The 200 resource limit from CloudFormation does creep up from time to time, and the reusability of child stacks is a very powerful thing. Just be sure you are aware of the “rough edges.”

AWS Step Functions 101
John Demian from the Dashbird gives you some basics of Step Functions, how they work, and when you might want to use them.

Simplify AWS Lambda Dependencies Using Layers
A simply overview of Lambda Layers by Jordan Chalupka.

Benchmarking AWS Lambda runtimes in 2019 (Part II)
The Agile Monkeys are back with Part II of their benchmarking tests, this time using a CRUD simulation. Interesting to see the performance stats, especially from API Gateway.

Understand Lambda Logging and Unlock CloudWatch Logs
Zac Charles explains how Groups, Streams, and Events fit together, describes some relevant parts of the CloudWatch API and how Lambda interacts with it, then explains how to make use of your logs after they’re sent to CloudWatch.

Serverless Tips
The team over at launched a series of Serverless Tips that are worth checking out. Some of the latest posts include:

If you’re just starting your serverless journey… 🐣

Six Things You Need to Know Before Going Serverless
Charbel Ghossain’s post is quite thorough and gives you some things to consider before jumping into your first serverless project.

Awfully Thorough Guide to Choosing the Best Serverless Solution
Speaking of thorough, Ilya Kritsmer outlines the event triggers, supported languages, performance, security, scaling capabilities, and much more, of the serverless offerings from the “Big Four” cloud providers.

Is AWS Lambda actually useful?
If you’ve seen even just a few of Lambda’s use cases, then you know this is a silly question, but Nemanja Novkovic gives some more context for the newbies out there.

Getting Started with AWS Lambda Event Sources
Renato Byrro has another post, this time highlighting the power of event-driven applications and giving some examples of event sources that can trigger our serverless workloads.

Consider DynamoDB for Your Next Data-Driven Application
This is a great post by Luke Mwila that gives a great overview of DynamoDB and why it may (or may not) be right for your next project.

Serverless Tutorials 🏗

GraphQLifying REST
Nader Dabit shows you how to put a GraphQL API (using AppSync) in front of an existing REST API to immediately add GraphQL to your project without a lot of engineering work.

Basic Integration Testing with Serverless Framework
Maciej Skierkowski from Serverless, Inc. shows you how to use the framework’s new integration testing feature to run some simple post deploy API tests.

In Depth Guide to Serverless APIs with AWS Lambda and AWS API Gateway (Part 2)
Kay Ploesser’s follow up to Part 1. This part uploads an image, adds image recognition, and a whole lot more.

Unit Test Serverless Applications The DevOps Way — Part 1 & Part 2
Mahdi Azarboon has a two part post that shows you his method for building unit tests for serverless, along with integrating them into a CI/CD pipeline for deployment.

Using TypeScript with AWS SAM Local
In this post, Henrik Bjørnskov explains how he sets up AWS SAM projects using Webpack and TypeScript.

How YOU can create a Serverless API in C# and .NET
In this article, Chris Noring takes you through building a Serverless function using C#,.NET, and Azure Functions.

Serverless Security 🔒

How to get specific security information about AWS services
Well this is pretty cool. AWS has created “Security Chapters” in the AWS documentation for over 40 different services. Lots of great information for serverless services like DynamoDB and Lambda.

Serverless Security Workshop
Talk about a dream team of serverless know-how! Danilo, James, Heitor and Simon (you know who I’m talking about) put on a Serverless Security workshop at ServerlessDays London last week. Here are the slides and a link to the Github repo.

Serverless Reads 🤓

Development workflow for serverless applications
Efi Merdler-Kravitz from Lumigo details the guiding principles and tools used at a 100% serverless company to ensure the most efficient workflow possible.

The real business value Comic Relief has unlocked by going Serverless
Caroline Rennie has written about this before, but this time gives a little more detail about some of the more nuanced advantages that going Serverless has unlocked for her organization.

From Laptop to Lambda: Outsourcing Everyday Jobs to Thousands of Transient Functional Containers (PDF)
A team from Stanford created, gg, a framework and set of command-line tools that lets you run thousands of parallel threads on FaaS to achieve incredibly fast completion times. It’s a long read, but very interesting.

Why does serverless matter?
Kevin Smith from Dootrix explains why serverless is important and what it has done for some of their clients, like Suffolk Libraries.

What to do if you’ve already finished season 3 of Stranger Things… 🍿

Serverless Chats – Episode #5: Event-Driven Applications using Amazon EventBridge with Mike Deck
In this episode, I chat with Mike Deck about Amazon EventBridge and how it works, what it means for the future of webhooks, and how we can use it to build serverless event-driven applications.

Vue.js and Serverless – Going Serverless with Vue.js
Divya Sasidharan examines strategies for building applications in VueJS with a serverless mindset. She walks us through real life use cases for making API calls and communicating with third party services.

Serverless is the Abstraction We Deserve – GOTO 2019
Jesse Butler gives an excellent talk about the benefits of serverless and what this new layer of abstraction means for developers. And he works for Oracle, so there’s that. – Episode 029: Building Serverless Apps on AWS
Yan Cui joins Mike Pfeiffer to discuss a number of serverless topics, including data lock-in, tooling, and much more.

Twilio & Serverless – Serverless Toronto Meetup
Developer evangelist, Phil Nash, from Twilio talks about Node.js-powered Twilio Functions, the new Autopilot, and some new features coming soon.

The Future of Serverless is … Functionless?
What if we could build an API that didn’t need Lambda to perform simple translations between services? Richard Boyd’s ongoing crusade to minimize the use of Lambda function continues. 🛡⚔️😀

If you’re curious what the AWS devs have been cranking on… 👷‍♀️

Announcing AWS Toolkit for Visual Studio Code
The toolkit enables you to easily develop serverless applications, including creating a new project, local debugging, and deploying your project—all conveniently from within the editor. The toolkit supports Node.js, Python, and .NET.

Amazon Elasticsearch Service increases data protection with automated hourly snapshots at no extra charge
Amazon Elasticsearch Service has increased its snapshot frequency from daily to hourly, providing more granular recovery points. If you need to restore your cluster, you now have numerous, recent snapshots to choose from.

Amplify Framework adds support for AWS Lambda Triggers in Auth and Storage categories
The Amplify CLI now allows you to enable and configure Lambda triggers for building custom authentication flows in your mobile and web applications.

Amazon Aurora with PostgreSQL Compatibility Supports Serverless
PostgreSQL lovers rejoice! The popular MySQL compatible edition is now joined by a PostgreSQL version. All the same benefits and scaling capabilities are available. More info here.

AWS New York Summit 2019 – Summary of Launches & Announcements
The New York Summit was last week, and there were a few more interesting announcements beyond EventBridge.

Session Manager launches tunneling support for SSH and SCP
I haven’t played around with this yet, but if I can get rid of jump boxes when accessing VPCs from my local environment, than this is pretty big!

Serverless Tools 🛠

Lambda Checklist
The Lambda Checklist Application is perfect for meticulous serverless engineers!

buggy/aws-sam-webpack-plugin: A Webpack plugin to replace the build step for SAM CLI
Neat tool by Rich Buggy that you can use to replace the sam build step if every function in your template uses the nodejs8.10 or nodejs10.x runtime.

Plugins Explorer | Serverless Plugins Directory
The new plugins directory lets you search for plugins and see which ones are now “certified” or “approved” by Serverless, Inc.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

July 22, 2019 – Lumigo: Serverless at Full Speed – Monitoring Webinar

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

October 14-16, 2019 – Serverless Architecture Conference Berlin

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erez Berkner (@erezberkner). Erez is the CEO & co-founder of Lumigo, a startup focusing on serverless application monitoring. Erez is always out there spreading the word of serverless, whether through Twitter and blog posts, or through his numerous speaking engagements and interviews. Since the beginning, Erez and Lumigo have embraced and contributed to the growth of the serverless community, and has used the Lumigo platform to engage and educate people on the benefits of serverless. It doesn’t go unnoticed. Thanks for all you do, Erez!  🙌

Final Thoughts 🤔

There were a lot of exciting serverless announcements this past week, plus a very successful ServerlessDays London event, so congrats to the organizing team over there. But there were also lots of dumb and incredibly hurtful things said that are becoming normalized in our culture (and I’m not just talking about that 10x Engineer nonsense). So without getting political, I’ll simply make a naive plea and ask that we all try to be better people, or in the words of Bill & Ted, “be excellent to one another.”

I’ll leave you with this excellent piece by Emma Wedekind: 101 Tips For Being A Great Programmer (& Human).

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,

Off-by-none: Issue #45

Where do companies start with serverless?

Welcome to Issue #45 of Off-by-none. I’m so glad you joined us! 🎉

Last week, we recapped AWS re:Inforce and looked at the broader AWS security ecosystem. This week, we ponder how companies adopt serverless, look ahead to AWS Summit New York, and share lots of great content from the serverless community.

Tons of stuff to get to this week, so let’s get to it! ⏩

When you’re looking to bring serverless to your organization… 👩‍💻

Earlier this week, Tom McLaughlin wrote this piece announcing that he was shutting down ServerlessOps (his cloud/serverless consulting company). The good news is that he will be bringing his expertise and wisdom to Liberty Mutual to help them with their serverless journey, but the bad news is, that another independent consultant is off the market.

Tom offers some insights into why he thinks a small, serverless-focused consultancy business isn’t viable (yet), and I think he’s probably correct for many reasons. There are certainly opportunities for serverless practitioners (of all sizes) to help companies looking to adopt serverless, but there are a lot of factors that drive the internal conversations. I’ve spoken to a number of companies simply looking for guidance, some who want to outsource completely, and some who have just started figuring things out on their own. I think these are all viable ways to get started with serverless. The key is that they are getting started.

However your company plans on adopting serverless, it’s good to know that there are some really good people out there (like Tom was) to help you, especially when you start dealing with complex architectures. I’m sure Tom will continue to share his thoughts and ideas with the serverless community, and maybe even give us some insights into how his new employer adopts serverless. We certainly wish him well.

For all you readers: I’d be curious to know the story of serverless adoption at your company. Please reach out to me on Twitter or LinkedIn if you’d like to share.

Serverless News & Product Announcements 🚀

Serverlessconf 2019 New York Speakers Announced
The speaker lineup is now available for Serverlessconf New York in October. Lots of amazing serverless minds will be taking the stage, and I’m honored to be joining them for a talk of my own. Hope to see you all there.

Releasing X-Lambda (alpha): Statistical Power Against Code Starts
Renato Byrro and the team at Dashbird have released an interesting way to deal with cold starts. It’ll depend on your use case as to whether or not you need this, but the approach is very cool.

The Best Serverless Sessions at AWS Summit New York
Stackery has put together a list of sessions that serverless fanatics can’t miss at the AWS Summit New York later this week. I’d add DEV11 to that list, but I’m a bit biased. 😉

NEW BOOK! Running Serverless: Introduction to AWS Lambda and the Serverless Application Model
Gojko Adzic’s latest book is now available in paperback and on Kindle. I read an early preview of this book and it was fantastic. Definitely worth checking out.

Serverless Stories 📖

Building Open Source Communities at AWS Serverless
Sanath Kumar Ramesh from AWS talks about the open source community around serverless developer tools, and his story about open sourcing two AWS products.

Surviving Azure Functions
Ali Zahid recounts the last year of being forced to work with Azure Functions, what he learned, and some of the challenges his team faced.

Australian Wool Handlers (AWH) — Case Study
A bit of a marketing piece for NONA, but the underlying solution for AWH was built using AWS and serverless components. Always nice to see large scale, successful serverless projects.

Lambda + Twilio + WhatsApp = Automated VISA Results Informer
Sort of a mix between a use case and serverless story. Anuraag Jain wrote a simple serverless tool one Sunday afternoon to check his VISA status.

Filling stadiums with serverless computing
“From an operations and management standpoint, we don’t need to be the experts at running a MongoDB database. And we don’t need to be experts in running some kind of streaming platform. We’ve got to be experts in being able to use it as a ticketing platform. But we don’t need to be the experts running it.” ~ Tane Oakes, Ticketek

Serverless Use Cases 🗺

Hybrid Load Balancing traffic between EC2 and Lambda functions – useful API migration pattern
Rafal Wilinski outlines how to implement the Strangler Pattern to migrate to serverless using AWS ALBs, Lambda functions, and the Serverless Framework.

AWS Step Functions — why you should use them.
A bit of a tutorial as well, but a good post by Keith Coughtrey that shows the value of Step Functions in a real-world application.

Using Lambda Layers for Better Serverless Architecture
Renato Byrro from the Dashbird outlines a few use case for Lambda Layers.

Querying your AWS Cost and Usage Report using Amazon Athena
Did you know you can query your Cost and Usage report data with Athena? Erin Carlson shows you how to set up this powerful use case.

If you’re interested in learning some serverless basics… 🏗

Understanding the Different Ways to Invoke Lambda Functions
Lambda functions are event-driven, and there are multiple ways to invoke them. George Mao breaks them down for you.

Which AWS Lambda programming language should you use?
John Demian gives you a rundown of the different runtimes supported by AWS Lambda, along with their benefits and community support.

Benchmarking AWS Lambda runtimes in 2019 (part I)
Speaking of performance, Tai Nguyen Bui runs a number of experiments to show how each runtime performs.

If you’re just starting your serverless journey… 🐣

Understanding Serverless: Tips and Resources for Building Servicefull Applications
Excellent piece by Christopher Paton that gives a great overview of serverless and clears up some misconceptions that have developed over time.

An enterprise guide to serverless computing
Kathleen Casey has compiled a number of TechTarget articles about serverless. If you’re jumping in, this might be a good starting place.

Serverless Cloud Computing: Introduction, Emergence, Limitations, and Challenges
This piece gives a good introduction to serverless (FaaS + BaaS), along with some of its advantages in modern application development.

Serverless computing: 5 things to know about the post-container world
Not sure we’re quite ready for a post-container world, but Bernard Golden outlines several things that might make you rethink choosing containers.

Serverless Tutorials 🏗

Dynamic image resizing with Ruby and Serverless framework
Everyone loves to use serverless to resize images! 😂 Here’s how to do it with Ruby and the Serverless Framework.

Handle AWS lambda error with API gateway integration using Typescript in a clean way
Albert Gao shows you an interesting way to wrap all your Lambdas with a higher-order function to consistently handle your errors.

Leveraging external data in Lambda@Edge
Achraf Souk guides you through some common patterns and options for reading external data in Lambda@Edge functions.

Serverless APIs for Machine Learning models
James Thomas figured out how to run MAX models on IBM Cloud Functions and expose them as serverless APIs.

How to Create Secure Internal APIs on AWS without VPCs
Eoin Shanaghy shows you how to set up internal APIs with proper authentication controls. Not a huge fan of Lambdas calling Lambdas through an API Gateway, but there are some benefits here.

Crash Course on Fan-out & Fan-in with AWS Lambda
Renato Byrro has been quite prolific as of late, and in this piece, shows you how to build a Fan-out/Fan-in process with Lambda.

Monitoring Your AWS Lambda Pipeline with Automatic Notifications
Shawn Cochran shows you how to set up CloudWatch Metrics and alarms on your Lambda functions.

Using the Data API to interact with an Amazon Aurora Serverless MySQL database
Marcilio Mendonca gives you the basics of the Data API and eight examples of queries you can run against your Aurora Serverless databases.

In Depth Guide to Serverless APIs with AWS Lambda and AWS API Gateway (Part 1)
Always love a good in depth guide. Kay Ploesser has all the steps necessary to get started with building a serverless API with Lambda and API Gateway.

AWS Lambda with Node.js: A Complete Getting Started Guide
Samuel James’ guide goes even further and gives you everything you need to know to build your first serverless application with AWS.

Globally-distributed Serverless Application in 100 Lines of Code. Infrastructure Included!
Mikhail Shilkov has a great piece for Azure and Pulumi fans.

Serverless Security 🔒

9 in 10 Serverless Apps Are In Deep Trouble In Frontend Security
Renato Byrro is back again, this time with some advice for storing tokens correctly on the frontend, to securely connect to your serverless backend.

Who is really responsible for cloud security?
Thought-piece by Lionel Snell on how the nature of security in the cloud is changing, and more importantly, who bears the responsibility.

From Shift Left to Shift Up: Securing Containers and Serverless Architectures
Interesting piece by Tsvi Korren that encourages DevOps to “shift left” and “shift up” to start integrating security best practices earlier in the development stage and put a greater emphasis on application security in the cloud.

strong_password v0.0.7 has been yanked, as it contained malicious code. Make sure to downgrade if you run it in production. ~ Tute Costa via Twitter
Not specific to serverless, but just another example of how popular third-party modules can be compromised.

Serverless Reads 🤓

The Promise and Perils of Serverless Computing
I always appreciate other people’s take on serverless as it’s interesting to see how they frame the advantages and disadvantages. This post by Krishnan Srinath points out the “security” and “vendor lock-in” FUD that are commonly spread. I did find his take on “services sprawl” to be valid.

Serverless Impact — Less Overhead
Ryan Jones from Serverless Guru discusses the superpower of serverless that lets a new hybrid developer build massively scalable applications without worrying about the underlying infrastructure.

The Nature of Serverless
Rodrigo Estrada’s piece is a bit hard to follow in spots, but overall offers a number of subtle points about the underlying asynchronous nature of serverless.

How serverless computing saves time and money
Ooh, a post on InfoWorld about serverless. They even pulled a quote from one of my blog posts about Aurora Serverless.

For members of the A/V Club… 🎥

Serverless Chats – Episode #4: Serverless Development Workflows with Chase Douglas
In this episode, I chat with Chase Douglas about how serverless applications change our development workflows, what a local development process looks like, and some tools we can use to help make our lives easier.

DiscoPosse Podcast – Ep 81: AWS Outposts and Serverless Twitter Thread Chat with Ben Kehoe (ben11kehoe)
Eric Wright is joined by Ben Kehoe to explore the advantages and challenges of cloud-owned features and which will be important to cloud ops and cloud developer teams everywhere.

Erez Berkner interview at Cloud Expo
The Lumigo CEO talks about serverless, observability, the applications people are building, and what some of the challenges are.

When you’re wondering what AWS has been working on… 👷‍♀️

Amazon DynamoDB now supports deleting a global secondary index before it finishes building
This is a nice update, especially for development workflows when you’re experimenting with different indexes.

AWS CodeCommit Now Supports Resource Tagging
You can now group and find repositories with a common tag as well as define AWS Identity and Access Management (IAM) permissions based on tags.

AWS Amplify Console Updates Build image with SAM CLI and Custom Container Support
The Amplify Console launched several updates to the build service including SAM CLI and custom container support. Custom containers allow developers to swap out the default container with their own build environment.

Thoughts from Twitter 🐦

Loving what @GunnarGrosch did on “Serverless chaos” using the Injection library I built. Got inspired by his feedback so merged his code and added a bunch of functionality: StatusCode, Exception and of course Latency injection!! Thanks mate! ~ Adrian Hornsby
Some good collaboration between Adrian and Gunnar. The more tools we have, and the better we understand how chaos engineering applies to our serverless applications, the more resilient our services will be.

Dear @awscloud, I am a real fan of AWS CloudFormation & Serverless implementation, could we please have the CloudFormation’s 200 resources limit removed. Please a humble request from a #AWS fan. #awswishlist #Serverless ~ Srujal Kachhela
This seems like a pretty straightforward request, but it started an interesting debate. Nested stacks are an eloquent solution.

To me, serverless is about the Developer Experience (DX). If these words are in the conversation, we aren’t talking serverless IMO. And I don’t think it has anything to do with how you pay for it. #serverless ~ Paulo Arruda
I liked this tweet from Paulo. Make sure you click through to see the attached image.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications, with a surprise 😉)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

October 7-9, 2019 – Serverlessconf 2019 in New York City (I’m giving a talk here)

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Gojko Adzic (@gojkoadzic). Gojko is a partner at Neuri Consulting LLP, an author, and frequent speaker at software development conferences around the world. His new book, Running Serverless: Introduction to AWS Lambda and the Serverless Application Model, is now available on Kindle and in paperback (and it’s really good). Besides his other open source serverless work,  he’s also one of the co-authors of Claudia.js, a serverless deployment framework for Lambda and API Gateway. Gojko continues to do a ton of work for the serverless community, and it is much appreciated!  🙌

Final Thoughts 🤔

It’s been another busy week with lots of interesting things happening in the serverless space. The Serverless Chats podcast is going strong with FOUR episodes already available. Plus we have some more amazing guests coming up, so stay tuned (or subscribe) for those. If you’re going to the AWS Summit New York, please be sure to stop and say “Hi!” and grab some stickers from me.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next week (or maybe at AWS Summit New York),

Off-by-none: Issue #44

re:Inforcing Serverless Security 🔒

Welcome to Issue #44 of Off-by-none. It’s so great that you’re here! 😎

Last week, we recapped ServerlessDays Milan and shared some great serverless reads. This week, we talk a bit about the inaugural edition of AWS re:Inforce and look at the broader AWS security ecosystem. And, as always, we have some amazing content from the serverless community.

Before we get started, Serverless, Inc, is running a State Of Serverless Community Survey. If you get a chance, fill it out and share your experience. It’s always great to see the results. Lots more stuff to get to this week, so let’s get right to it! 🎯

When you want to re:Inforce your serverless security… 🔐

This past week was the inaugural AWS re:Inforce conference. I was only able to make the second day, but from what I saw, it was very well-attended and quite successful. There were some great serverless security talks (like Securing Enterprise-Grade Serverless Applications – SDD401 with George Mao) and several others on more general AWS cloud security products and services. You can find all of the sessions in this post: Re:Inforce 2019 wrap-up and session links.

I also gave a Dev Chat titled Serverless Security: Best practices and mitigation strategies that sparked several post-talk discussions with lots of great questions. It was really quite eye-opening putting together a talk on serverless security. There was so much content to cover, with so many intersecting and overlapping AWS products and services, that I found it difficult to limit the talk to just 30 minutes (I actually went over by a few minutes 😬). But I found myself really just skimming the surface of a very complex subject.

This is something that we really need to think about as we develop our serverless applications. Even though the cloud providers are handling most of the heavy-lifting for us, there are still some important security requirements that must be properly implemented by developers. Many of these aren’t new, but as developers get closer to the infrastructure and start deploying their applications directly, not having an Ops person looking over their shoulder could possibly affect your overall security posture. Something to think about and train your developers on.

Serverless News & Product Announcements 🚀

Serverless Framework v1.46.0 – Extended ALB configurability, Support for external Websocket APIs, Local plugins via relative paths & more
The Serverless Framework has a new release, this time adding support for ALB conditions, shared WebSockets, and a new local plugin component.

Stackery CEO steps down as serverless technology startup seeks new leader for its next phase
Nate Taggart is stepping down to bring in an experienced CEO to grow the company. I’m a big fan of Stackery and their team, and I think this shows their true dedication to the serverless community. There is a real opportunity here to build a company that’ll be a major player in the cloud market. If they continue to focus on serverless, this will help to grow and better define the serverless ecosystem. Something about rising tides. ⛵️😉

Serverless Stories 📖

Mistakes we made adopting event sourcing (and how we recovered)
Nat Pryce has a great piece that outlines what his team learned when building an event-sourced application. Couple of big takeaways include the difference between event-sourced and event-driven architectures, and the benefits of using a hexagonal architecture for separating and testing business logic.

How this New South Wales transport agency built an analytics platform on AWS
Interesting story about a government agency implementing serverless to not only create a better service, but to save money as well.

Serverless Development Workflow
Guilherme Waess outlines his serverless development workflow for us. He needs a better way to deal with secrets, but overall a good approach.

Lambda Dependency Management using Serverless Plugins
Navarasu Muthu discusses the process his team at Francium Tech used to manage Python dependencies using the serverless-python-requirements plugin for the Serverless Framework.

How to SSR in a serverless environment and make your visitors 400% happier!
Sven Al Hamad walks you through how Webiny implemented SSR with serverless to speed up page loads.

Serverless Use Cases 🗺

How to customize verification emails in Amazon Cognito? Use Lambdas!
This is a great use case. Use Lambda to customize emails sent from Cognito. Very cool.

Dynamic image resizing with Python and Serverless framework
This is one of those very common use cases that is “perfect” for serverless. Here’s another look at it using Python and the Serverless Framework.

Configuring user creation workflows with AWS Step Functions and AWS Managed
This is a really great automation workflow that can make everyone’s lives easier. One configuration change can kick off a whole series of events, and using Step Functions, we get retries and orchestration out of the box.

Step Functions as an ad-hoc scheduling mechanism
And speaking of Step Functions, Yan Cui goes into more detail about some of the benefits (and problems) with using Step Functions as a scheduling mechanism. The suggestion from David Wells to use DynamoDB TTLs alongside Step Functions is quite ingenious.

If you’re thinking about going serverless… 🤔

Serverless. You Keep Using That Word. I Do Not Think It Means What You Think It Means.
Hmm, did Allen Helton see my meme from ServerlessDays Milan? Anyway, here is another attempt at a comprehensive “definition” of serverless.

Serverless Microservices in a Team
Gareth McCumskey outlines a few best practices for teams building serverless microservices using the Serverless Framework.

AWS Lambda: how to share code between functions in a monorepo
A common question for those structuring their serverless applications. Yan Cui has some suggestions if you’re going down the monorepo route.

AWS Lambda – 7 things you might not know
John Demian from Dashbird outlines the top seven reasons AWS Lambda is a powerhouse your business should consider.

Deconstructing Serverless Computing Part 4: Developing to infinity and beyond!
In the fourth part in his series, Lucian Toader discusses some things you should keep in mind when it comes to serverless development.

Make Data Acquisition Easy with AWS & Lambda (Python) in 12 Steps
Shawn Cochran gives you a brief introduction to AWS Lambda and building a fully serverless data pipeline using Python.

Serverless Tutorials 🏗

Getting Started with Lambda and Application Load Balancers
In this post, Gavin Lewis runs some experiments with ALBs using Lambda targets and discovers some use cases along the way.

How to create a highly scalable serverless GraphQL data-driven app in minutes
Gerard Sans teaches you how to build a GraphQL data-driven serverless app using Angular, AWS Amplify and AWS AppSync.

humank/EventStormingWorkShop: EventStorming workshop
A hands-on workshop that contains topics such as DDD, event storming, and specification by example. It uses Lambda, API Gateway, DynamoDB, X-Ray, and CloudWatch.

Building AWS Amplify Customized Authentication Forms for Serverless Vue.js
Wataru Oguchi’s tutorial is from the perspective of someone without a lot of AWS experience, but finds that AWS Amplify abstracts most of that away.

AWS Serverless App: Continuous Integration and Deployment
In this post, you’ll learn some steps to add continuous integration and deployment (CI/CD) to your serverless project.

Building Serverless Data Lake with AWS Glue DynamoDB and Athena
Yi Ai shows you how to build a serverless data lake solution using AWS Glue, DynamoDB, S3 and Athena.

Getting Started with AWS SES
Usama Yousuf walks you through the process of sending emails and creating configuration sets to publish email events  like bounces, complaints, deliveries, sent emails, etc.

Building a real-time gaming leaderboard with Amazon ElastiCache for Redis
While this may not seem particularly “serverless”, it is a really great solution that still uses API Gateway and Lambda to power the API.

Increasing real-time stream processing performance with Amazon Kinesis Data Streams enhanced fan-out and AWS Lambda
Excellent post by Eric Johnson that shows you how to deal with huge volumes of streaming data.

Serverless Security 🔒

How to never have a public S3 bucket
Teri Radichel shows you how you can implement automated governance to prevent people from making mistakes when setting up S3 buckets.

Managing Secrets and Output Variables With Serverless Framework Enterprise
Maciej Skierkowski from Serverless, Inc. shows you how to protect your secrets using the new features of the Serverless Enterprise Framework.

Top 10 Security Blog posts in 2019 so far
Since we are talking about security in this issue, I figured I’d include this post from AWS that outlines their most popular security posts from this year.

Serverless Reads 🤓

How to FaaS like a pro: 12 uncommon ways to invoke your serverless functions on AWS [Part 2]
Alex Casalboni outlines four more uncommon ways to invoke Lambda functions. My favorite from this group is Aurora triggers. Interesting way to build event-sourced applications.

Chaos Engineering — Part 1
An amazing post by Adrian Hornsby that walks you through the art of implementing Chaos Engineering.

How to Design Your Serverless Apps for Massive Scale
George Mao has a short post on how to use intermediary buffers to compensate for downstream services that don’t scale as well as Lambda.

Analyzing the Cost of Your Serverless Functions Using Faast.js
Kyle Galbraith discusses some of the benefits of Faast.js, an open source project that streamlines invoking serverless functions.

Tackling API Gateway Lambda performance issues
Matt Billock from Lumigo outlines some of the performance pitfalls of API Gateway and how you might be able to get around them.

The Annoying State of Lambda Observability
Luke Demi from Coinbase outlines his frustrations with AWS’s current native observability offerings for Lambda functions.

AWS Lambda nodejs10.x = FIXED
The release of the NodeJS 10.x runtime for AWS Lambda was not without issues. And thanks to Michael Hart pointing out these problems, it appears that they’ve now been fixed!

When you prefer an audio/visual experience… 🎧

Serverless Chats – Episode #3: Serverless GraphQL using AWS AppSync with Marcia Villalba
In this episode, I chat with Marcia Villalba about the benefits of building applications with GraphQL, how to use AWS AppSync to build serverless applications with it, and some best practices for using it in your projects.

Deploying AppSync Using The Serverless Framework
Speaking of AppSync, Luke from Serverless Guru kicks off a video series on deploying it using the Serverless Framework.

Experimenting with chaos engineering in serverless applications
And speaking of Marcia Villalba, she has another video that completes her series on hunting for errors in serverless apps. In this video, she shows you how to create experiments for performing chaos engineering in your serverless applications.

Cloud Unfiltered – Ep84: The Serverless Framework, with Nick Gottlieb
Nick Gottlieb talks about the Serverless Framework, and the state of serverless.

When you want to know what the devs at AWS have been building… 👷‍♀️

Amazon API Gateway Now Supports Tag-Based Access Control and Tags on WebSocket APIs
You can now give permissions to WebSocket resources at various levels by creating policies based on tags.

Amazon CloudWatch Events Now Supports Amazon CloudWatch Logs as a Target and Tagging of CloudWatch Events Rules
You can now use CloudWatch Logs to store, monitor, and analyze CloudWatch Events that are triggered in your environment. Very meta.

Introducing Amazon EC2 Instance Connect
Amazon EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). While I would definitely prefer to never have to SSH to a machines, I still have plenty that I need to, so this is a great feature.

AWS Security Hub is now generally available
AWS announced the general availability of AWS Security Hub, a new security service that provides customers a comprehensive view of both their compliance with the security standards and their high priority AWS security alerts, or findings. Not specific to serverless, but a great way to get an overview of your security posture.

AWS Control Tower is now generally available
Managing multiple accounts in AWS has become the standard for environment isolation, so having a new tool to implement all your guardrails and policies automatically was much needed. It only works for new accounts (with no organization) right now, but they also announced plans to provide support for migrations as well.

Serverless Tools 🛠

Func.Farm – Browser extension to create serverless functions from snippets
This is an interesting Chrome extension that allows you to create functions in multiple languages and in multiple clouds right from your browser.

Releasing AWS Lambda Haskell Runtime v2
The Agile Monkeys have an update to their Haskell custom runtime for Lambda.

Reduce Complexity and Quickly Search Amazon CloudFront Logs in Amazon S3
Chaosearch looks like an interesting tool that allows you to search through preprocessed CloudFront access logs. Haven’t tried it yet, but I like tools that solve common serverless problems.

Common Serverless Errors
This is a great resource put together by the team over at It lists the most common Serverless Framework AWS errors and how to fix them.

Thoughts from Twitter 🐦

I don’t assign required reading very often, but it’s time for another. If you are responsible for any AWS account(s), set aside 45 minutes and watch this recent AWS #reInforce presentation by @bjohnso5y about Attribute-Based Access Control (ABAC). ~ Eric Hammond
Eric’s recommendation is spot on. This session from re:Inforce on Attribute-Based Access Control is definitely worth the watch. Brigid Johnson does an excellent job presenting this very powerful and flexible access control method.

The future of #serverless is not stateful compute. It’s computeful state. ~ Ben Kehoe
Ben offers another glimpse into how he thinks about the future of serverless. Having changes in state drive collocated computations could be an interesting way to solve a number of latency problems with current models.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 9, 2019 – Epsagon: Modern Apps on AWS: Challenges and Solutions (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

July 17, 2019 – Aqua Security: Serverless Runtime Protection – How to Create the Optimal Balance Between Performance and Risks (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

September 4-6, 2019 – Production-ready Serverless Workshop – Full Stack Fest

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Nader Dabit (@dabit3). Nader is a Senior Developer Advocate at AWS that works with projects like AWS AppSync and AWS Amplify. He produces a mountain of content, including several great posts on Amplify, serverless, and GraphQL, as well as hosting the GraphQL Patterns Podcast, regularly speaking at conferences, and authoring both React Native in Action and (the soon to be released) Full Stack Serverless books. Nader’s focus is more on the mobile side, but his writing, teaching, and contributions to the serverless ecosystem are incredibly helpful and very much appreciated. Thanks for what you do, Nader! 🙌

Final Thoughts 🤔

It’s been a busy few weeks, and the serverless community and ecosystem are going strong. My biggest takeaway from this week is to stress the importance of cloud security when building your serverless applications. It’s not just about application security best practices, but also about understanding proper configuration, secrets management, scalability behavior and much more. Serverless makes it very easy for us to build, deploy and tests applications quickly, and even though these applications are much more secure by default, spending some time to learn best practices should be a mandatory investment.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next time,

Off-by-none: Issue #43

Buongiorno from ServerlessDays Milano! 🇮🇹

Welcome to Issue #43 of Off-by-none. I’m so glad you joined us! 🙌

Last week, we looked at some frameworks that are making serverless easier. This week, we recap an amazing ServerlessDays event in Milan, we have some great serverless reads, and we have plenty of serverless content from the community.

There is a ton to get to this week, so let’s get started! 🏎

ServerlessDays Milan 🇮🇹

This past Friday was the third installment of ServerlessDays Milan, and it was a really great show. I started the day off by giving my Stop Calling Everything Serverless! keynote, followed up by a great talk from Andreas Grimm about authentication in the serverless world. Next up was the one and only Danilo Poccia talking about Diving deep into the event-driven side of serverless. This was definitely one of my favorite talks.

There was then a number of rapid fire lightning talks from Ran Rib of Epsagon, Marcia Villalba (Developing Serverless applications with GraphQL), Soenke Ruempler from Superluminar (Serverless vs. Organizations), and Farmin Farzin. Ory Segal gave an excellent talk about serverless security, including a number of great examples and a live demo. Victoria Bernard then gave us some Dev life hacks using serverless.

The highlight of the show might have been Gunnar Grosch’s talk about Performing chaos in a serverless world. The talk was great, of course, but the best part was when Gunnar purposely simulated a projector failure (to make the point that “everything fails all the time”) and Alex Casalboni jumped up to try and fix it. The MTTR from the ServerlessDays organizers was impressive. 😉

Bret McGowen from Google admitted that Kubernetes was really hard, but also introduced us to an interesting billing model for Google Cloud Run. Sheen Brisals pronounced that “Serverless was Definitionless” and then walked us through the serverless journey of Finally, Guillermo Rauch didn’t disappoint with an engaging closing keynote. He concluded that “serverful schedules, and serverless is scheduled.” I really like that definition. Even though it focuses on the execution model, it’s a great way to think of it.

Overall it was a great day. The organizers did a fantastic job, the speakers discussed a diverse set of topics, and the crowd was amazing. I’m looking forward to the videos coming in the next few weeks.

Serverless News & Product Announcements 🚀

ServerlessDays Tokyo and ServerlessDays Istanbul were announced!
Add two ServerlessDays events to the list that are happening this year. Istanbul on October 3rd and Tokyo on October 22nd.

What’s New in IOpipe for Python 1.8?
IOpipe’s new release adds a bunch of features to make auto-tracing more configurable, plus trace decorating, context for WSGI interfaces, and new event types.

Recent Developments in monitoring AWS Lambda in Python
Thundra has also added some enhancements to their Python support including distributed tracing support and automatic tracing for SqlAlchemy, Elasticsearch, and MongoDB.

Aqua Security releases new version of its cloud native security platform
Aqua 4.2 introduces advanced runtime protection for serverless functions, providing security teams with the ability to detect and prevent potential misuse and abuse of cloud-based serverless functions.

Serverless Stories 📖

Fun with AWS Lambda Layers and Serverless
Barend Bootha recounts his experience with Lambda Layers, and gives you a few tips to avoid deploying functions with missing versions.

Building a full Node.js website in the FaaS world: Serverless Framework + AWS Lambda
Yoram Griguer gives you a bunch of lessons learned from building with serverless at Biogen and why they don’t regret their choices.

From a high traffic monolithic app to serverless
The story of how Skyscrapers evolved a classic, high traffic, monolithic application to a serverless architecture using AWS Lambda, DynamoDB and Kinesis.

Serverless Use Cases 🗺

Building a PDF Generator on AWS Lambda with Python3 and wkhtmltopdf
Here’s a very hand use case from Richard Keller that uses the wkhtmltopdf binary with Lambda to create a highly-scalable PDF generator.

Empirically test and measure queries from Amazon DynamoDB
Ryan Meyer walks us through a really interesting way to intercept, track, and measure calls to a DynamoDB table for the purpose of performance analysis, refactoring legacy queries, or root cause analysis.

How to build a dynamic message of the day with AWS Lambda
In this simple use case, Chris Blackwell shows you how to create a basic templating system using S3 and personalization using Lambda.

Lightweight Serverless API Using AWS Lambda and ALB
Regis Wilson from Driven By Code explains how he built a simple serverless API using ALBs with Lambda targets. If you don’t need the heavy lifting of API Gateway, this might be a good (and cheaper) option for you.

If you’re thinking about going serverless… 🤔

How to convince your boss to go serverless
“In simple terms, one should clearly explain why going ‘Serverless’ is no longer an option, but a priority.”

Meet the Family: The “Other” AWS Serverless Services
Serverless != FaaS. Yan Cui introduces Serverless newcomers to the other “serverless” services that AWS has to offer.

Containers or Serverless: Which one to choose?
Alex Miranda gives some of his thoughts on the container versus serverless selection process. While he admits he doesn’t have a lot of experience with serverless, I think this goes to show the knowledge gap that needs to be filled.

Serverless 101: A Comprehensive Guide
Maybe not entirely comprehensive, but there are some good details in here about the history of serverless.

Serverless Tutorials 🏗

How to use Google Sheets Data as JSON in your front end, So simple.
If you need a quick and easy place to provide JSON to your front end (or backend), Google Sheets makes it surprisingly simple.

Save Money With AWS S3 Static Web Hosting
Simple step by step guide by Keith Miller to set up static web hosting with AWS S3.

Four Steps for Debugging your Content Delivery on AWS
Achraf Souk  show you how to configure alarms for delivery issues, and how to troubleshoot them using AWS tools and services like the CloudFront console, Athena and CloudWatch Logs Insights.

Using AWS Services from different regions using Serverless Architecture
Interesting workaround for dealing with regions that don’t support all AWS services.

URL Shortener + Tracking solution using Nexmo Messaging and AWS Serverless
Simple URL Shortener and click-tracker from Enrico Portolan.

Serverless Security 🔒

Serverless Computing from the Inside Out
Interesting article from Joe Vadakkan. He argues that the biggest “serverless” risks don’t stem from the technology itself, but from an organization’s response to the rapid adoption.

Amazon S3 consistently raises the bar in data security
Just a gentle reminder from AWS that S3 is really secure, if it’s in the right hands, that is. 😜

Best practices for secrets management in serverless applications
Here are a few tips from Snyk to keep your serverless secrets secure.

Serverless Reads 🤓

Serverless is a Doctrine, not a Technology
Paul Johnston has another great thought piece that tries to explain what serverless is. At first, it was a mindset, then “Cloud 2.0”, and now a doctrine. But, I really like the way he thinks about this stuff, and an evolving definition will be commonplace for quite some time.

Choosing a Database for Serverless Applications
Alex DeBrie wrote this excellent piece that discusses several database options for your serverless applications. Definitely worth the read if you’re thinking about building a serverless app.

In the cloud, beware of sharp edges, for there are many
Really great post by Ryan Green about understanding the limits imposed by cloud providers. Some of them can be raised, but many are hard limits that require changes to your implementation.

Forget monoliths vs. microservices. Cognitive load is what matters
Not specifically for serverless, but this is an interesting piece that argues that organizations should be using the team’s cognitive load as the guiding principle for the effective delivery and operation of modern software systems.

Solving Cold-Start disturbs serverless’ definition and it’s okay
Maxime Rouiller argues that just because Azure Premium Functions don’t scale to zero, doesn’t mean they’re not serverless. I actually argued for something like this in the past (but now I think there are better solutions than pre-warming).

When you’d rather just Netflix and chill… 🍿

Serverless Chats – Episode #2: Building Resilient Serverless Systems with Nitzan Shapira
In this episode, I chat with Nitzan Shapira from Epsagon about building resilient serverless applications, what can go wrong with serverless, and what we should do to make sure our applications are working as expected.

Serverless chaos demo – Latency injection into Lambda function
Walk-through of the serverless chaos engineering experiment Gunnar Grosch performed live at ServerlessDays Milano 2019. Latency injection into AWS Lambda function!

Serverless Smells – Think FaaS Podcast
Forrest Brazeal talks about developing an intuition for serverless designs that just don’t feel quite right.

Hillel Solow, CTO & Co-Founder at Protego, discusses all the latest topics in cloud-native and serverless with Eoin Shanaghy, CTO of fourTheorem, in this four part episode of the Serverless Show:

When you want to know what AWS has been working on… ⚙️

Amazon CloudFront announces seven new Edge locations in North America, Europe, and Australia
Four in the US, two in Europe and one in Australia. Capacity in each of the new cities has been doubled to serve the growing number of user requests.

Announcing Enhanced Lambda@Edge Monitoring within the Amazon CloudFront Console
Debugging Lambda@Edge used to be a nightmare, but this release from AWS might just change all that. Imagine being able to see all your edge locations and Lambda@Edge functions in one place! Wish granted.

Amazon API Gateway Adds Configurable Transport Layer Security Version for Custom Domains
You can now enforce TLS v1.2 on API Gateway. I can’t even remember how many times I’ve seen this request on a security audit. Good stuff.

Use IAM access advisor with AWS Organizations to set permission guardrails confidently
I haven’t looked into this extensively, but my initial impression is that it’s a good idea. Being able to review last accessed info and add guardrails to restrict unneeded access should be very powerful. Let’s just hope not too powerful to break some existing service with infrequent access patterns. There’s some more info in this post.

Introducing Service Quotas: View and manage your quotas for AWS services from one central location
This service could come in might handy, especially as you start to scale up your applications. More details are available in this post.

AWS Lambda Console shows recent invocations using CloudWatch Logs Insights
Hmm, I figured this was coming, but there is a long way to go before CloudWatch has parity with the likes of Epsagon, Thundra, IOpipe, etc.

Introducing Amazon QuickSight fine-grained access control over Amazon S3 and Amazon Athena
I have never used QuickSight, but I hear good things. Maybe this will make it a more attractive option now that you can get precise with data permissions?

Amazon DynamoDB now supports up to 25 unique items and 4 MB of data per transactional request
Transactions are an awesome feature of DynamoDB, and now that you can have 25 items, I think this could open up a number of new use cases. But not to maintain relational data models! (As Rick Houlihan says, “Don’t do that!”)

Serverless Tools 🛠

Serverless App to Speed up all your Lambda Functions
Yan Cui (with support from Lumigo) has published the new optimized-aws-sdk layer to enable HTTP keep-alive by default. There’s also a SAR app to make sure that all your functions have it automatically applied.

FFmpeg, ImageMagick, Pandoc and RSVG for AWS Lambda
Gojko Adzic has updated his Lambda Layers to support Amazon Linux 2.

Rocketsam: A CLI made to build and deploy microservices in AWS
This is a new serverless deployment tool that takes a slightly different approach to deploying your serverless applications.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 25-26, 2019 – AWS re:Inforce. (I’m doing a Dev Chat on Serverless Security on Wednesday afternoon)

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 9, 2019 – Epsagon: Modern Apps on AWS: Challenges and Solutions (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

July 17, 2019 – IOpipe: Charting a Course for Serverless with Matson (webinar)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Gunnar Grosch (@gunnargrosch). Gunnar is a Cloud Evangelist and Co-founder at Opsio in Sweden. He is also a co-organizer of ServerlessDays Stockholm and AWS Community Day Nordics, and an organizer of serverless meetups and AWS User Groups. I really enjoyed Gunnar’s Performing chaos in a serverless world talk from ServerlessDays Milan. This type of practical advice is extremely important to spread to the community. Thanks for all your organizing efforts, Gunnar, and thanks for the great content.  🙌

Final Thoughts 🤔

Milan was an absolute blast. It is really great to see such an engaged community all around the world. Thanks again to the organizers for inviting me to talk. It was great to see all the familiar faces and to meet a bunch of new ones.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Take care,

Off-by-none: Issue #42

Is serverless becoming easier? 🤷‍♂️

Welcome to Issue #42 of Off-by-none. It’s great to see you! 👍

Last week, we learned how to switch from RDBMS to DynamoDB and looked at a number of interesting serverless stories. This week, we look at some frameworks that are making serverless easier, hear some thoughts from serverless naysayers that don’t agree, and share tons of great content from the serverless community.

There is a lot to get to this week, so let’s get right to it! 📚

Serverless News & Product Announcements 🚀

Introducing Pulumi Crosswalk for AWS: The Easiest Way to AWS
This is really interesting. I like to have control over the different components, but services like this that can easily wire them together for you, seems like the direction these frameworks are heading.

Serverless Framework v1.45.0 – ALB event source, API Gateway Websocket logs
Speaking of frameworks, the new version of the Serverless Framework has added some more interesting features. Automatically creating ALB event sources is very cool. Don’t forget that Lambda API automatically handles the parsing and response formatting for you. 😉

ServerlessDays London Keynotes and Speakers Announced
Teri Radichel, Lin Clark, Till Schneidereit and Sarah Drasner are all giving keynotes, plus plenty of other great speakers. This should be a great event!

Function Faster on AWS Lambda: IOpipe Launches New Search Visualization Feature
Here is another really cool feature from the team over at IOpipe. Visualizations are so much easier to consume than lists of search results, so seeing this aggregated view instead makes a ton of sense.

Lumigo adds monitoring support for AWS Chalice
Serverless Python users rejoice.

Serverless Stories 📖

Learnings from “no failure”
Marc Villagrasa tells the story of building Genioo and how serverless played an important part in letting them focus on solving their domain problems.

Taking Cloud Run for a trial run
Aviv Laufer tried Google Cloud Run. The scale up time seems a bit high.

Making a Smarter Smart Thermostat with Go, Lambda, and SAM
Joshua Barratt wrote some Go code and used serverless to take control of his thermostat. While not everyone has the skills to do this, for those that can, how can using a serverless backend not be the perfect choice?

Serverless Use Cases 🗺

FICO: Fraud Detection and Anti-Money Laundering with AWS Lambda and AWS Step Functions
Even though Lambda doesn’t do the actually batch processing, this is a great example of how you can use serverless components to manage interactions and workflows with your “non-serverless” services.

Build your own real-time voice translator application with AWS services
I’ve been using Transcribe lately and have been impressed by the accuracy. Tomasz Stachlewski takes this even further and stitches together a complete end-to-end translation service.

Auto-Generating Tags for Content using Amazon SageMaker BlazingText with fastText
Yi Ai has another great use case for serverless, using it to call Amazon SageMaker to predict the tags of text content.

Injecting data into AWS IoT Analytics from Amazon Kinesis Data Streams
AWS IoT Analytics provides a public BatchPutMessage API action. Vikram Singh shows you how to use Lambda to inject data from a Kinesis Data Stream.

Analyzing Performance and Cost of Large-Scale Data Processing with AWS Lambda
“Being able to go from zero to processing nearly two million records per second and back to zero over the course of just minutes is unheard of using traditional server-based architectures. It’s also incredibly powerful across many use cases.”

AWS CodePipeline Approval Gate Tracking
If you want to keep track of your CI/CD approvals, here’s a relatively easy way to use the “PutApprovalResult” events from CloudTrail to do some magic with Lambda.

Understanding AWS Lambda behavior using Amazon CloudWatch Logs Insights
Alice Xiao discusses how State Street built a framework using CloudWatch Logs Insights to support their innovation process of rapidly converting business ideas into client-centered applications.

If you’re thinking about going serverless… 🤔

How to overcome the challenges of serverless
Eoin Shanaghy has an excellent article that talks about the current state of serverless and how we can overcome some of the challenges.

How to cut the Cloud bill by 90%?
Fouad Maach gives you a quick overview of some of the benefits of serverless. Aurora Serverless doesn’t scale to thousands of instances, but the sentiment is right. Serverless “frees a lot of time to improve the application features and generate more business value than ever.”

AWS costs every programmer should know
Not specific to serverless, but there are a lot of costs (often small) involved with the cloud. David Hatanian points out some of the most important ones.

The Goods and Bads of Serverless
Benjamin Tanone gives some pretty harsh critiques of the state of serverless (right now), but I can think of several optimizations that would dramatically reduce the issues he’s experiencing. But maybe the real problem (as he says) is that this information isn’t ubiquitous enough.

Serverless Tutorials 🏗

AWS Lambda: how to detect and stop accidental infinite recursions
Yan Cui shows you how to mitigate infinite recursions using the dazn-lambda-powertools open source project.

How to mock and unit test serverless lambda invoking AWS and DynamoDB
Here’s a simple way from Suranjana Basu to override calls to AWS services using some simple mocks.

Easily Deploy a Serverless Node App with ZEIT Now
While this may be another “Hello World” post, William Imoh gives you a glimpse at how easy it is to create serverless applications using ZEIT. No need to worry about cloud infrastructure at all.

Part two: serverless real-time ReactJS app — AWS IoT MQTT
In the second part of this tutorial, Ryan Jones shows you how to build out, deploy, and test the backend of a real-time serverless React app.

Building a Serverless App Using Athena and AWS Lambda
Ran Ribenzaft gets you started with Amazon Athena via a simple tutorial that uses Athena and deploys with the Serverless Framework.

Serverless Data Processing with AWS Step Functions, Part II.
In the second installment of this tutorial, Jun Fritz shows you how to call SNS topics directly from your Step Functions to alert on success or failures.

How to install a WordPress site on Google Cloud Run
Step 1: Don’t! 🤦🏻‍♂️

Serverless Security 🔒

AWS Lambda Security Best Practices
Hillel Solow from Protego explains why applying the Least Privilege Principle to your AWS Lambda functions isn’t as easy as you think.

AWS SSM is a trojan horse: fix it now!
Not serverless, but interesting cloud security stuff. Michael Wittig outlines the power of SSM and why you might want to take some extra steps to protect your environment.

Too much FUD? Fear, uncertainty, and doubt be gone!
This is kind of fun. Now you can easily call out Nuweba if they publish something that promotes FUD with their serverless security posts.

Securing credentials using AWS Secrets Manager with AWS Fargate
Fargate customers can now easily consume secrets securely and parameters transparently from their own task definitions thanks to a new integration with AWS Secrets Manager and Parameter Store.

Serverless Reads 🤓

Why Serverless/FaaS is not there yet
Dragos Bulugean provides some additional criticism of serverless in this post. I agree that serverless isn’t perfect, but there are a lot of arguments here that could be solved with a bit of education.

How to implement the perfect failover strategy using Amazon Route53
Fascinating post by Simon Tabor that walks you through a number of tests that DAZN ran to optimize Route53 routing failover.

You’ll always need VMs says, surprise, VMware: Run on any cloud you like and get portability
I just thought this article was funny. Some of the comments are even better.

On The Serverless Cold Start Problem
I agree cold starts are overblown, and if your use case requires the absolute elimination of them, then yes, FaaS might not be for you. But for the 99% of other workloads out there, it generally isn’t that big of deal.

Better IoT with GraphQL and AppSync
Sarjeel Yusuf from Thundra outlines why GraphQL and AppSync might give us the IoT future we were promised.

Serverless Stream Consumers — Common Pitfalls and Best Practices
This is a really interesting article by Jose Antonio Moreno that shows how Capital One is experimenting with different forms of stream processing using long-polling Lambdas. Not sure I like this approach, but sometimes we just need to do what works.

When you’re all about the audio/visual experience… 📽

Serverless Chats – Episode #1: Serverless Purity vs. Practicality with Alex DeBrie
In this episode I chat with Alex DeBrie from Serverless, Inc. about the choices facing developers when building serverless applications, and when a practical approach sometimes trumps best practices.

Writing integration tests in serverless applications
Marcia Villalba shows us how to write some basic integration tests to make sure that our deployed applications work as expected.

Screaming in the Cloud – Episode 64: Serverless Runs on Serverless Framework with Austen Collins
In this episode, Austen talks about his work with AWS, building the Serverless Framework, and why it’s solving so many problems.

Porting your web app to serverless in 30 minutes
Alex Casalboni hosts a live-coding session that guides you through the process of migrating an existing Express application to AWS Lambda.

When you’re wondering what AWS has been up to… ⚙️

Amazon S3 Update – SigV2 Deprecation Period Extended & Modified
Not a lot of serverless happenings to announce this week at AWS, but here’s something that’s worth noting. If you have any really old apps that are still using SigV2 to access S3, don’t worry! They just pushed the deprecation back another year.

AWS Amplify Console now supports AWS CloudFormation
More great work to ensure repeatable deployments of serverless applications, this time with the Amplify Console.

Thoughts from Twitter

As an old school #perl guy it is so funny to watch the younger generation rediscover CGI. ~ Sebastian Riedel
This is in reference to some Serverless Framework examples. The funny thing? He’s not entirely wrong. My Stop Calling Everything Serverless! post and keynote makes a very similar point, although serverless is much more powerful and important than the cgi-bins of the past.

⚡ I need your help! #serverless poll! I’m curious — In your opinion, what is the most important feature that MUST exist for a service to be defined as “serverless” as opposed to “fully managed”? ~ Jeremy Likness
Speaking of not calling everything serverless, Jeremy Likness had an interesting poll on Twitter this past week that tried to discern between serverless and managed services. The results are interesting, especially since the winning vote might be the exact definition of a managed service.

You know you’re a #serverless developer when your CSP account balance is $1.01 and you’re like, “This must be an accounting error!!” ~ Linda Nichols
This is a fun reminder that small serverless projects are practically free.

When introducing new engineers to #serverless, it still feels like teaching them how to draw an owl: Step 1: Write and deploy a lambda function Step 2: Build the rest of your damn production-ready event-driven application! ~ Javier Toledo
This has been a common complaint. There are a lot of “Hello World” tutorials out there, but when you start to build more complex applications, the “how-to” information is obviously less ubiquitous. There is some good stuff out there, but not always easy to find.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 19, 2019 – Serverless Best Practices by Dashbird (webinar)

June 19, 2019 – Serverless Security: A Practitioners Guide by Protego (webinar)

June 21, 2019 – ServerlessDays Milan. (I’m giving a keynote)

June 25-26, 2019 – AWS re:Inforce. (I’m doing a Dev Chat on Serverless Security on Wednesday afternoon)

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York (I’m doing a Dev Chat on building event-driven serverless applications)

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex Ellis (@alexellisuk). Alex is the creator of OpenFaaS, which is an open source project that makes it easy to turn anything into a serverless function using Docker Swarm or Kubernetes. The project has over 200 contributors, 17k GitHub Stars, and two Bossie awards from InfoWorld. Alex was recently accepted as an  ambassador to the Cloud Native Computing Foundation (CNCF). He’s also a speaker, author, consultant, and coach, that has made a huge impact on the serverless community. Thanks for everything you’re doing, Alex! 🙌

Final Thoughts 🤔

This week I finally launched my new podcast, Serverless Chats. I have been working on this for awhile and it has been a lot more work than I had anticipated. Having the opportunity to talk with all these amazing guests has been an awesome experience, and I look forward to all the future chats I’ll get to have. I’d love your feedback on the podcast, and I welcome any requests for topics and guests. With your help and support, I think we can build something really interesting here.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

See you next week,

Off-by-none: Issue #41

Switching to DynamoDB in 20 Easy Steps… 😉

Welcome to Issue #41 of Off-by-none. I’m so happy you’re here! 😀

Last week, we discussed AWS’s new “serverless” way to access your MySQL databases, plus I shared my new Data API Client library that makes working with the Data API even easier. This week, we see what happens when you offer some DynamoDB advice that resonates on Twitter, plus we look at several great serverless stories, and share a boat load of awesome content from the serverless community.

Lots of great stuff happening in the serverless world, so let’s get right to it! 🚤

When you want to switch from RDBMS to DynamoDB… 👨🏻‍💻

If you’re a regular reader, or you follow me on Twitter, you’ve probably noticed that I advocate for using DynamoDB, while at the same time, still building tools to support using RDBMS solutions with serverless. There are two very important reasons for this.

First, the vast majority of my existing workloads are built using MySQL backends. I have neither the time, nor the inclination, to rewrite these to use a different database. However, I have moved several of my compute requirements to Lambda, so interacting with MySQL is an absolute must. Second, DynamoDB isn’t right for every application. While I often start with DynamoDB as my new default, sometimes I still have use cases that require (or at least fit better into) MySQL.

There are a lot of factors that go into choosing NoSQL over RDBMS, but the first step in understanding that choice, should be getting to know what NoSQL (and specifically DynamoDB) is capable of. I posted a thread to Twitter last week that outlined 20 “easy” steps to switch from RDBMS to DynamoDB. It apparently resonated with quite a few people, so upon request, I turned it into a blog post. Give it a read, and see if it convinces you to give DynamoDB a try.

Serverless News & Product Announcements 🚀

Qubole launches Quantum, its serverless database engine
This looks really interesting. The data sits on AWS, and you can query it using a high-performance SQL engine. I’m curious how this compares to Athena.

Meet the Newest AWS Heroes! June 2019
Welcome to the new AWS Heroes! There is a good batch of people in here.

Epsagon Achieves the AWS Data & Analytics Competency Status
This designation recognizes that Epsagon has demonstrated success in helping customers evaluate and use the tools, techniques, and technologies of working with data productively, at a high scale, to successfully achieve their data and analytics goals on AWS. Good for them!

AWS goes live with Windows containers… but contain yourselves: It’s going to be niche
Remember that time we wanted to run Windows containers? Me neither, but I’m sure this is super exciting for people who love operational complexity. 😜

Bref is backed by null, the company
Maintaining open source projects is a huge time commitment, but it looks like Matthieu Napoli has found a way to keep building Bref (an open-source project for PHP).

Serverless Stories 📖

Creating Asynchronous Serverless APIs with AWS AppSync
Very cool implementation by Nordcloud Engineering that uses AppSync subscriptions to create a better UX for a RedShift-backed datastore.

Moving Faster With AWS by Creating an Event Stream Database
The team at Nike Engineering came up with an incredibly creative (and cost effective) way to use Kinesis Firehose, S3, and Athena, to build a high-volume event stream. Great solution for getting around the limitations of other services.

AWS Summit London case study: Going Serverless at Comic Relief
Caroline Rennie adds some more thoughtful information and advice to her AWS Summit London presentation.

Serverless Event Sourcing
Eric Li from OfferUp outlines how his team used event sourcing with DynamoDB and streams to create their new shipping feature.

Serverless is easier than you think
Tai Nguyen Bui from the Agile Monkeys explains how and why they built the Made For Serverless site.

Deduplicating Amazon SQS Messages
Ross Rhodes shows how his team solved the duplicate message problem using DynamoDB. This could also possibly be solved by using DynamoDB streams to enforce uniqueness.

Serverless Use Cases 🗺

Tracking software licenses with AWS Service Catalog and AWS Step Functions
Here’s an interesting little use case that uses CloudWatch Logs, Lambda and DynamoDB to automatically keep track of license utilization and notify administrators when the utilization increases.

Building a DIY ADHD Medication Reminder with Azure Functions & Twilio
Simple, but straightforward use case to automate your life. This is one of those “infinitely small” use cases for serverless, which can help you automate things without needing to deploy infrastructure to do it.

Feature Toggling and A/B Testing with React
These are two very standard use cases for any web application. Follow BJ Clark’s advice, or put these in CloudFront with Lambda@Edge and up your serverless game.

100% Serverless Asynchronous API with APIG, SQS and Lambda
Asanka Nissanka outlines a very good method for using AWS Service Integrations to route traffic from API Gateway directly into an SQS queue. There is very little transformation happening here, and removing Lambda from the equation is fairly easy, and will be faster and cheaper.

If you’re thinking about going serverless… 🤔

Avoiding an Organizational Cold Start
Migrating your enterprise to serverless has a number of benefits, but Adam Johnson outlines three things that enterprises need to be aware of when making the switch.

WTF is Serverless?
I’m not sure we need another one of these posts, but Adam Berlinsky-Schine does give some good history in this one. Definitely don’t agree that it’s “possible that serverless is a passing fad”, but maybe I’m just a bit biased. 🤷‍♂️

10 things to know about serverless computing — before you make the leap
There are plenty more things you might want to know, but Rahul Sharma captures a few of them for you in this post.

Are you ready for serverless development?
Uri Parush from Lumigo recounts his foray into serverless and how he had to learn to think differently about building applications.

Serverless Basics and Best Practices… ✅

AWS Lambda Timeout Best Practices
Rajesh Bhojwani outlines some common timeout scenarios with AWS Lambda and how you can monitor and deal with them.

alias cicd=’sam deploy’
Richard Boyd goes all literal on us and takes issue with some of the Serverless Application Model’s (SAM) semantics. He’s totally right though, CI/CD is the preferred way to deploy your production applications.

Understanding AWS Cognito and IAM Roles
User pools, Identity pools, and IAM roles to share access to AWS resources. A comprehensive walkthrough with common use cases and code samples.

AWS Step functions and Lambda
Sanket Bengali may have gotten a little overzealous with CMD+SHIFT+4, but this post is chockfull of screenshots to run through the basics of Step Functions.

Reproducing the ‘SQS Trigger and Lambda Concurrency Limit’ Issue
Zac Charles outlines how to break SQS Triggers with Lambdas every time. I mistakenly thought he was mistaken, until I responded, and realized that I, in fact, mistook his mistakeness for intentionally being mistaken. 🤦🏻‍♂️

Serverless Tutorials 🏗

Deploying Lambda Function GraphQL Resolvers
The Amplify CLI recently added support for deploying Lambda GraphQL resolvers directly from your Amplify environment. Nader Dabit gives you an in-depth look at how to take advantage of this cool new feature.

How to get near-realtime logs for a Terraform-managed Lambda function
If you’re using Terraform to manage and deploy Lambda functions, I would suggest switching to the Serverless Framework or SAM. If that’s not an option, then maybe Tamás Sallai post will make your life easier.

Build a real-life serverless app with AWS Amplify
Thomas Bouron shows you how he built an app for his wife’s travel company using AWS Amplify and DynamoDB. Nice use of GIFs as well. 👍

Build a voting website that doesn’t crash — part two. Now with Amplify.
James Beswick is back with another excellent post that shows us some of the basics of Amplify and how we can use it to create powerful SPAs.

 Create Lambda Layers with Serverless Framework and Offline support
In part 2 of Dhaval Nagar’s Lambda Layers series, he shows you how to develop and test Lambda Layers using the Serverless Framework.

Sorting Queries with AWS Amplify’s Key Directive
Jan Hesters teaches you how to sort your GraphQL queries in AWS Amplify using the @key directive.

Serverless Security 🔒

How to securely provide database credentials to Lambda functions by using AWS Secrets Manager
Ramesh Adabala shows you how to secure your credentials in Lambda functions without hardcoding the secrets in code or passing them through environment variables.

Keeping the Security and Scalability of Serverless Apps Problem-Free with AWS Secrets Manager
Chase Douglas from Stackery outlines a similar method to Ramesh, but focuses more on the permissions and ongoing management of your secrets.

10 Serverless security best practices
Snyk provides you with a handy cheatsheet for making sure you follow some general guidelines for securing your serverless functions.

Serverless Reads 🤓

5 Ways to Understand Distributed System Logging and Monitoring
Ran Ribenzaft from Epsagon outlines several ways to add observability into your serverless applications.

Serverless = Distraction-Free
Alex Glikson gives us another “what is serverless” post, but positions it as an approach that reduces distractions when building applications. I kind of like that line of thinking.

Serverless Caching for Faster Data Serving
This is such a strange post that I had to include it. No disrespect to the author, but I’ve never heard the term “serverless caching” before, and I’m not sure I want to hear it again. This is why we need to Stop Calling Everything Serverless!

When you’re all caught up on the new season of The Handmaid’s Tale… 🍿

Writing unit tests in serverless applications
Marcia Villalba is back with another video in her serverless testing series. This time she shows us how to write unit tests with Jest.

How to build a social network entirely on serverless
In this talk, Yan Cui discusses his journey of migrating a social network startup to serverless, and how his team was able to improve performance, scalability and feature delivery using serverless technologies.

Visual Notes – Amazon API Gateway & Amazon Personalize
Can you draw me a picture? Jerry Hargrove (aka @awsgeek) has some more excellent visual notes for those of you that would rather read comic books instead of documentation. 👨🏻‍🎨

Serverless ❤️ GraphQL | 2019 – Serverless Architecture Conference
Here are Marcia Villalba’s slides from her talk at the Serverless Architecture Conference in The Hague.

When you want to know what AWS has been cranking on… ⚙️

Updates to Serverless Architectural Patterns and Best Practices
Drew Dennis recaps some of the updates since re:Invent 2018 that have enhanced the AWS serverless ecosystem.

Amazon Personalize Now Generally Available
Um, so yeah, now pretty much any site can have the personalization features of Lots of powerful stuff outlined in this blog post.

Amazon Pinpoint now includes support for AWS CloudFormation
Now you can configure Pinpoint as part of your infrastructure, which will be a great way to build reusability into your targeting campaigns.

Serverless Image Handler Now Leverages Sharp and Provides Smart Cropping with Amazon Rekognition
I love that this now has a facial recognition cropping feature. It’s not particularly innovative (we were doing this back in 2010), but having it just done for you (without licensing facial recognition software) is nice.

Amazon CloudWatch Launches Dynamic Labels on Dashboards
Maybe not “serverless” news, but I like this little personalization feature for your dashboards. Now I can stop telling people, “no, I can’t change the label.”

Amazon ECS Support for Windows Server 2019 Containers is Generally Available
There are no words. I mean, can’t we just run .NET Core on Linux?

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 12, 2019 – VS Code + AWS Serverless Workflow by Stackery

June 12, 2019 – Azure Service Bus, better managed and monitored using Serverless360 (webinar)

June 12, 2019 – AWS Lambda & Serverless: Making It the Best Thing that Happened to AppSec (webinar)

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 8, 2019 – Thundra – Happier Customers with Serverless and Observability (webinar)

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Rick Houlihan (@houlihan_rick). Rick is a Principal Technologist for NoSQL at AWS and a #NoSQL wizard 🧙‍♂️. If you’re building serverless applications, and you’re using (or thinking about using) DynamoDB, Rick is definitely your guy. For some context, be sure to watch his Amazon DynamoDB Deep Dive: Advanced Design Patterns for DynamoDB (DAT401) session from re:Invent 2018 and Advanced Design Patterns for Amazon DynamoDB (DAT403-R) from re:Invent 2017. Rick will completely change how you think about NoSQL and DynamoDB. These videos inspired me, and I think others will be inspired too. Thanks for sharing your knowledge, Rick! It is incredibly helpful. 🙌

Final Thoughts 🤔

Another week in the books, with plenty of happenings in the serverless ecosystem. Be sure to check out the inaugural episode of the Serverless Chats Podcast with guest Alex DeBrie on Monday, June 17th. We had a great chat about Serverless Purity vs. Practicality that I think you’ll enjoy.

Also, on a personal note, I just passed 5,000 followers on Twitter 🎉, which is pretty cool. Interacting with all of you, and sharing thoughts and ideas on serverless, is one of my very favorite things to do. You all make that possible, and I’m very thankful for all of you and the serverless community. 🙇‍♂️

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

Take care,

Off-by-none: Issue #40

Did your RDBMS just become serverless?

Welcome to Issue #40 of Off-by-none. Thank you for being here! 👋

Last week we reviewed a nifty little update to AWS Step Functions and shared some interesting serverless stories. This week, AWS GA’d an exciting new “serverlessish” way to access your MySQL databases, plus I share a new Node.js library that’ll make using this new innovation even easier. And as always, we share some amazing content from the serverless community.

It was another busy week, so let’s get to all the good serverless stuff! 🎁

When you reallyreally need to use a MySQL database with your serverless app… 🙈

This past week, AWS announced the General Availability of the Aurora Serverless Data API. In short, it lets you “issue SQL commands against an Aurora Serverless cluster by simply invoking an API endpoint provided by the Data API and the Data API takes care of managing database connections and returning data.” This is a pretty big deal, because as we know, managing MySQL connections with Lambda is a challenge (if only someone had written a package to help with that 😜).

The preview of Data API launched just before re:Invent 2018, to quite a bit of fanfare. Unfortunately, the performance wasn’t great. In November of last year, I wrote a post outlining my initial (poor) experience with it. However, this new release is much better, so I’ve update my post (Aurora Serverless Data API: An (updated) First Look) with lots of new details. Jeff Barr also has an official AWS post that shows you how to set up the Data API and gives some basic usage examples as well.

But wait! There’s more! When I was playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up getting just a bit carried away, and turned it into a full-blown, “DocumentClient”-esque library! 🎉 I call it the “Data API Client“, and it’s available now on GitHub and NPM. Your feedback and contributions would be greatly appreciated, and hopefully you’ll find it super familiar and useful for your projects.

Serverless News & Product Announcements 📢

Palo Alto Networks buys Twistlock, PureSec for container security
Wow, good for Ory and the team over at Puresec. They built an amazing product and Palo Alto Networks should make a great home for them. If you’re wondering what’ll happen to Puresec, read this open letter to PureSec’s clients, partners, and friends.

Visual Studio Code · Stackery Documentation
This is simply amazing. Stackery’s visual builder tool now runs locally as a VSCode extension. I’ve played around with this, and the workflow is excellent.

Lumigo adds Java Tracing support for AWS Lambda
Good news for people who enjoy painfully slow Lambda start up times. Hopefully this new feature from Lumigo will help them make the decision to choose a different runtime. Just sayin’. 😏

Announcing Manual Instrumentation for .NET Agent
You can now add manual instrumentation with the new OpenTracing compatible API. According to the post, automated instrumentation support for .NET is on the way.

Just Write Code: Improving Developer Experience for Cloudflare Workers
Cloudflare Workers gets a CLI, new and improved docs, multiple scripts for everyone, the ability to run applications on without bringing your own domain, plus a free tier for developers to try it out. I’ve been very impressed lately by Cloudflare’s push to bring computing to the edge. Very cool stuff.

Serverless Developer Acceleration at Trek10
I came across this page on the Trek10 site and thought it was worth sharing. Not only are Forrest and Jared two of the most knowledgable serverless folks I know, they are also huge contributors to the serverless community. If I had a group of developers that needed to be trained to do serverless the right way, these would be the first people I’d call.

Serverless Stories 📖

CI/CD, AWS, and Serverless: 5 tips I learned the hard way
Speaking of Forrest Brazeal, he has a great piece that outlines some best practices for testing and deploying your serverless applications; picked up from his time in the software trenches. 👨‍🏭

How I Built This: IsraelVC
Elie Steinbock built a side project that catalogues the latest investments in Israeli high tech. It uses Google Sheets as a database, but for his use case, it’s probably a fine choice.

No More Marking is going Serverless!
I love reading success stories like this. Chris Wheadon’s short piece explains why they went serverless, and their plans for the future.

Serverless Use Cases 🗺

Sequence Numbering in Serverless via API Gateway
Love this use case, because it’s probably needed by most of us. Sheen Brisals from the Lego Group shows us how to use DynamoDB as an atomic counter for generating sequence numbers. He even shows you how to create an API Gateway with a (😱) Service Integration to use it! No Lambda function required.

Using the MailChimp API with Netlify Serverless Functions
Using a serverless function to subscribe someone to a mailing list is a nice, simple use case. The Raymond Camden shows us how he built one with a Netlify function.

Scheduling irregular AWS Lambda executions through DynamoDB TTL attributes
Good post by Michael Bahr that shows the use of DynamoDB TTLs as a way to schedule events. As Yan Cui has pointed out, the TTLs are not very accurate, so don’t use this if your requirements require precision. Also, Michael doesn’t mention Step Functions as a way to schedule one-off executions without needing a CloudWatch rule.

Building A ‘Serverless’ Chrome Extension
Serverless as a backend for your browser extensions. Bilal Tahir outlines some experiments he did with Google Cloud Functions and how he tied that into his Chrome Extension.

Realtime Object Detection API using Amazon SageMaker and Amazon API Gateway
Great post by Yi Ai that shows us how to take advantage of AWS’s machine learning services to build some really interesting applications.

Running Arbitrary Executables in AWS Lambda — Encrypting a PDF
If you have more complex executable requirements, it’s likely still possible to run them in a Lambda, you just need the right build environment. Keith Coughtrey shows you how to do it by building it on an EC2 instance first.

Easily query AWS service logs using Amazon Athena
Damon Cortesi shows you some need tricks to query your log files from S3 using Amazon Athena. He also introduces AGSlogger, an open-source Python tool for converting popular log formats into columnar-based Parquet files.

Some things to think about when you’re going serverless… 🤔

Thirty serverless architectures in 30 minutes
If you’re still wondering what you can do with serverless, check out Chris Munns’ slides from AWS Summit Chicago. This should get the wheels spinning (or your brain smoking).

Deconstructing Serverless Computing Part 3: Ninety-Nine Platforms but How to Choose One?
Lucian Toader outlines nine different FaaS platforms, including their general and differentiating features. Lots of really great info in here.

How to Save Hundreds of Hours on Lambda Debugging
Renato Byrro outlines some limitations with CloudWatch Logs and how tracking down errors isn’t quite as straightforward as you might think. There are better ways to do this, whether by using Dashbird, or one of several other excellent observability tools for serverless.

Don’t Be Surprised by Your Serverless Bill
Speaking of observability, Yan Cui outlines a few common situations that can result in higher serverless costs. Good news, most observability platforms, like Epsagon, are able to help you monitor these.

Part 1 — Getting started with AWS Lambda Layers
Lambda Layers are a great way to manage shared dependencies across functions. Dhaval Nagar runs through the basics of creating and using one.

Serverless Tutorials 🏗

Serverless Framework Courses & Tutorials
This is a great resource. The Serverless Framework has put together a compendium of courses that’ll help you learn the ins and outs of building a serverless application with their framework.

Getting started with serverless
And if you’re looking for some more serverless courses, this post outlines a new AWS Fundamentals: Building Serverless Applications Coursera course that is now available.

Serverless Gatsby Pipeline with AWS Amplify
A step-by-step guide for setting up and deploying your React Gatsby project using an automated pipeline to a serverless S3 bucket backed by Cloudfront.

Create your first Serverless workflow with Durable functions
Chris Noring gives you the what, why, and how-to, for building with Azure’s Durable functions. Lots of interesting stuff in here.

Ordered queue processing in Azure Functions with Sessions
Jeff Hollan writes about one of his favorite topics, processing events in order (his words). But seriously, using queues that “lock” a session to a consumer to guarantee ordering might be genius.

Serverless Security 🔒

Council Post: Servers To Serverless: Does New Technology Mean New Security
I certainly don’t want to downplay security, but I feel like many of the suggestions in here don’t apply if you’re not managing the containers (read Kubernetes) that run your serverless functions. AWS is really good at security, so I’m going to defer to them for most of this stuff.

10 Things To Know About Palo Alto Networks Buying Twistlock, PureSec
Not a lot of serverless talk in here, but I included it because of point #5: Buying PureSec Is A Meaningful Milestone For The Serverless Movement. I wholeheartedly agree. 😀

Serverless Security AntiPatterns: 7 Serverless Computing Security Mistakes
I certainly don’t want to overplay security (see what I did there?), but I think these tips by Twain Taylor are a good starting point for creating and maintaining a good serverless security posture.

Serverless Reads 🤓

Excellent post by Tim Bray arguing that “if you’re building a moderately complex piece of software that needs to integrate heterogeneous microservices and deal with variable sometimes-high request loads, then if your design doesn’t have a queuing component, quite possibly you’re Doing It Wrong.”

Cloud Irregular: Does Anyone Know How Your System Works?
Another installment of Forrest Brazeal’s Cloud Irregular newsletter. His analysis of the problem is spot on, but the solution is hard (and often impossible) for most teams to swallow.

Cost Analysis: Serverless scheduling of irregular invocations
Michael Bahr does some math and details the cost of implementing his serverless irregular scheduler. Spoiler alert, it doesn’t cost much!

Why I believe in the brave new world of serverless
I really enjoyed this post by Zan Markan. It’s short, but it captures and explains the true power of serverless. Lowering the barrier to entry has both its pros and cons, but ultimately it creates a huge marketplace for ideas and innovation. Personally, I think this new world is going to be a good one.

An Intro to the Power of Serverless with AWS Amplify
Jared Short shows you how powerful Amplify and AppSync are by building an old-school “visitor counter” badge.

Thoughts from Twitter… 🐦

Trying to convince security that we should have an SCP in prod with “Deny”: [“ec2:*”, “ecs:*”]. You know, just to be safe. #serverless ~Ben Kehoe
Forget about being safe, maybe just issue this as a challenge for your developers to build things without needing to provision servers.

If you were going to make a falsifiable claim about k8s and serverless adoption over the next 12-24 months, to explain more people getting frustrated with the former and going to the latter, what would it be? ~ Joe Emison
Interesting conversation going on here. People love containers (I mean, hey, they are pretty darn cool), but after having used serverless for several years, I have zero interesting in adopting Kubernetes to solve a problem that no longer exists for me.

How do you install kubernetes on serverless? ~ Aaron Patterson
I had to include this. Some of my favorite replies are “Machine learning to generate blockchain-authenticated YAML?” and “May the pods be ever be in your favor.”

Question: What’s your favourite AWS Lambda event trigger? (yes it’s an odd question, but I’m interested to know) ~ Paul Johnston
Maybe an odd question, but the responses and discussions it started are quite interesting. Worth a quick skim at the very least.

When you’re looking for a more audio-visual experience… 🎧

Screaming in the Cloud – Episode 62: Serverless Storytelling with Anna Spysz
Corey interviews Anna Spysz from Stackery about her unusual path into programming, writing good documentation, and developing serverless applications locally with Stackery.

Investing in Serverless: Less Servers, More Code
Learn about the Azure serverless platform and how Azure Functions, Event Grid, and Logic Apps work together to deliver cloud native experiences.

Introduction to testing serverless applications | Hunting for errors
Marcia Villalba gives you an introduction into how we might test serverless applications and why flipping the testing triangle on its head might be a really good idea.

When you’re wondering if the developers at AWS ever sleep… 😴

Amazon Textract – Now Generally Available
Textract is a managed machine learning service that automatically extracts text and structured data from documents. It’s darn pretty cool, and I can image this saving quite a bit of data entry for all those companies and government agencies that still love paper forms. 🤖

Amazon Elasticsearch Service now supports SQL querying
So, this is actually quite amazing. Now you can query your Elasticsearch domain using standard SQL syntax. Plus, there’s a JDBC driver for it. Elasticsearch is crazy powerful, but the query language for it is a bit bulky. This should make it a lot more accessible.

Amazon Aurora Serverless MySQL 5.6 Now Supports Data API
Already mentioned this one, but it’s totally worth repeating. Still probably not fast enough for synchronous operations, but there are plenty of use cases that this is a perfect fit for.

Amazon Aurora with PostgreSQL Compatibility Supports Database Activity Streams For Real-time Monitoring
Yeah, so the cool stuff just keeps on coming. If you have compliance requirements (or you’re a fan of DynamoDB streams), you can now stream your database activity to CloudWatch (then off to Lambda), Imperva’s SecureSphere Database Audit and Protection, McAfee’s Data Center Security Suite, or IBM’s Infosphere Guardium. 😎

AWS Step Functions Enables Access to Workflow Metadata
Step Functions are no longer black boxes powered by elves living in a tree. You now have access to metadata about workflow executions, making it easier to correlate logs for faster debugging and to measure workflow performance data.

Amplify Framework Adds Support for AWS Lambda Functions and Amazon DynamoDB
The Amplify CLI now includes support for adding an AWS Lambda function to your AWS AppSync API using the GraphQL Transformer and the new @function directive. Lots of cool things you can do with these updates. More info in this blog post.

Announcing Tag-Based Access Control for AWS CloudFormation
I’m really loving this tag-based access stuff that AWS is doing. With the addition to CloudFormation, you can now deny certain users deletion or update privileges to stacks with a specific tag, while allowing access to others. 🔒

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

June 5, 2019 – BuildOn | Securing Serverless Apps on AWS with Alex Casalboni

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

August 27, 2019 –  ServerlessDays Sydney

August 29, 2019 –  ServerlessDays Melbourne

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Michael Hart (@hichaelmart).  Michael is the Director of Research Engineering at Bustle and an AWS Serverless Hero. Not only is he the creator of the popular LambCI tool, but he has several other open-source projects including docker-lambda, which was utilized to create AWS SAM Local (which eventually became the AWS SAM CLI). Recently, he wrote an eyeopening post reviewing the AWS Lambda nodejs10.x runtime, plus his Massively Parallel Hyperparameter Optimization on AWS Lambda piece is still one of my favorites. I’m pretty sure that everyone in the AWS serverless community has benefited from Michael’s work in one way or another. And for that, we thank you! 🙌

Final Thoughts 🤔

There are so many amazing things happening in the serverless ecosystem right now. The recent acquisition of Puresec (for $47M!) should be a clear market indicator that will push for more investment and more innovation in the space. The cloud providers are releasing new products at a mind-blowing pace, with libraries, frameworks, and downstream providers rapidly innovating and maturing in near-realtime. I remember the early days of cloud adoption, but never have I seen something like serverless that has redefined modern applications so quickly. This is a great show to watch! 🍿

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍


Off-by-none: Issue #39

One small step for AWS, one giant leap for Step Functions… 👨‍🚀

Welcome to Issue #39 of Off-by-none. Thank you so much for joining us! 🙌

Last week we introduced the new Serverless Chats Podcast and took on some serverless contrarians. This week, we talk about a nifty little update to AWS Step Functions, share some serverless stories, and narrow down the mountain of content from the community. 🏔

Lots of serverless goodness this week, so let’s get to it. ⚡️

When you really wish you could get a callback… ☎️

This past week, AWS Step Functions added support for Callback Patterns in Workflows. If you’re not familiar with Step Functions (or state machines in general), they are a really useful way to orchestrate tasks in distributed systems. With serverless, they allow you to easily “compose” multiple functions that automatically trigger and track each step, as well as handle retries. This allows the “steps” in your application to execute in order, every time.

There are some issues with Step Functions (like pricing), but one of the biggest problems was controlling execution when long-running, synchronous tasks were required. This meant that any time you needed to pause the state machine, you had to set a delay that polled a resource to see if it could move to the next step. This worked well for shorter tasks, but what if you needed to wait several minutes? Or hours? Or days? You would end up paying for hundreds or thousands of executions just to check a status. Not very efficient or cost effective.

With the new Callback Pattern support, you can trigger a task and pass along the generated taskToken. The Step Function execution will pause until another process calls the SendTaskSuccess command with the taskToken to restart the workflow from where you left off! I can envision use cases that trigger third-party APIs that listen for callbacks on a webhook endpoint, or long-running transcoding/processing tasks that trigger callbacks from completion events. Think of all the possibilities (and cost savings)! Very cool stuff. 👊

Serverless News & Product Announcements 📢

Introducing Logbird — log gateway for the cloud
The Dashbird introduced a service to aggregate and filter log streams for events and trigger activities from them. Think of it as a centralized log collector that you can subscribe to for post-processing in event-driven applications. Interesting idea.

Log Search: Finding the needle in the haystack with Thundra!
Thundra’s new Log Search feature allows software teams to search through invocation logs using specific patterns.

Introducing New Relic Monitoring for AWS Lambda
Monitor, visualize, troubleshoot, and alert on your AWS Lambda functions using the New Relic ONE platform. Similar instrumentation and implementation as other serverless observability offerings.

ServerlessDays Stockholm – Call for Papers Now Open
ServelessDays Stockholm is scheduled for October 24, 2019. CFP is now open. Learn more at

Serverless Stories 📖

Lessons Learned From Sending Millions of Serverless Webhooks
Rocky Warren shares 10 things his team at Dwolla learned from converting their webhook notification system to serverless. Key insights in here regarding dynamic provisioning and resource tagging.

Less is More: Securing Payment Application with Serverless Architecture
Great post that shows how the Macquarie Group removed 60 groups of EC2 instances and replaced them with just a few AWS services including AWS CloudFront, AWS WAF, AWS Lambda@Edge and Amazon S3.

How we used the Slack API and Cloud Functions to help us keep track of events in our platform
Shailen Naidoo from GetTruck explains how they built a simple serverless Slackbot using Google Cloud Functions and Whatsapp.

Openfit: Serverless, CI/CD, SRE, Monitoring, and more
Read how API Gateway, Lambda, and DynamoDB, proved to be a perfect architectural match for Openfit’s requirements.

Serverless Use Cases 🗺

API Gateway to front services not hosted in AWS
Richard Boyd from iRobot is a big fan of API Gateway Service Integrations. In this post, he shows you how to use API Gateway as a proxy to external APIs without using Lambda. If you can wrap your head around it, you can use this type of pattern to cut latency and cost.

Real-time Streaming for Data Science with Time Series and Serverless
Data Science with serverless tends to get a bad wrap because of the limitations of certain providers. This tutorial from Iguazio demonstrates the use of Kafka and Nuclio to support the availability of streaming data in real-time datasets.

Deploy serverless Symfony on AWS Lambda with Bref
Want to make your Symfony PHP app serverless? Thibaud Lemaire outlines the use case and how to do it in this step-by-step post.

Automate Analyzing your IAM Permissions using IAM Access Advisor
Here’s a great little use case by Hassan Murtaza that uses generate_service_last_accessed_details and get_service_last_accessed_details to detect old IAM roles.

When you’re thinking about going serverless… 🤔

A serverless glossary
Just getting into serverless? Check out this glossary of terms by Toby Fee.

Testing Applications Built on Serverless Architecture: Don’t Fear the Transition
Dan Widing from ProdPerfect outlines how serverless changes (or doesn’t change) your testing practices.

15 Frameworks for Creating Serverless Apps
Alex Ivanovs lists 15 frameworks and tools that can be useful when building serverless applications. There are a lot more than this, but this should get you started.

An Introduction to Serverless Functions with The Minions!
Explain it to me like I’m a five-year-old. 😁 But seriously, if you’re new to serverless and you like Minions, this article will give you a basic intro to how Functions-as-a-Service (FaaS) works.

Serverless Tutorials 🏗

Safe List updates with DynamoDB
Robert Zhu gives you some tips and tricks to update lists in DynamoDB and avoid race conditions.

How to log timed out Lambda invocations
Yan Cui shows you how to preemptively log timeouts in your Lambda functions if you want something more than the standard “timed out”message.

Getting Started with the AWS Websockets API
An introduction to the power of an AWS Lambda powered real-time AWS WebSocket API, complete with Node.js code examples.

Adding Websockets to your AWS Serverless application
In case you’d prefer Python examples for using Websockets, Nino van Hooff has you covered.

Building a Serverless Workflow using AWS Step Functions
Dhaval Nagar takes you through building a simple workflow using AWS Step Functions.

Advanced Serverless CICD – Part 1 :  AWS CodeBuild
Erez Rokah shows you how to set up a Serverless CI/CD system using AWS CodeBuild connected to a GitHub repo.

AWS Lambda Layers: Getting Started Guide
Lambda Layers are extremely powerful and useful tool for your serverless applications. In this post, Ran Ribenzaft demonstrates how to create a layer with the Serverless Framework and then include it in your next project.

Serverless Security 🔒

Council Post: Rethinking Security For Your Serverless Applications
I think Ameesh Divatia’s recommendations might be overkill, but there are some good thoughts in here about the potential for human error.

5 Serverless Security Platforms
I agree with Ishan Mathur that developers need to be aware of security requirements, and having a tool that can help account for human error and nefarious behavior, can definitely provide that peace of mind.

4 fundamental practices for serverless architecture security
Clive Longbottom points out a few recommendations for securing your serverless applications. Most of these are best practices for any type of application, but always good to be reminded every once in awhile.

Serverless Reads 🤓

Reviewing the AWS Lambda nodejs10.x runtime
Michael Hart from Bustle banged up against the new AWS Lambda Node.js 10.x runtime, and he has just a few concerns. 😳

Getting it right between EC2, Fargate and Lambda
Choosing the right cloud compute service means balancing operational burden with cost to achieve the optimal experience. Sarjeel Yusuf has some thoughts on how to make the right decision.

Azure Functions’ Durable Entities
Chris Gillum from Microsoft runs through the thinking and use cases behind the new Durable Entities. I think there are times when rehydrating state would be very useful, but I’d hate to see it become a crutch that allows developers to embrace old, less-scalable application patterns.

4 reasons to go multicloud according to tech experts. Do you agree?
NO. 🤨 TLDR; 1) Vendor lock-in. Nope. 2) Customized solutions. Really? 3) Minimizes risk. If by “cloud” you mean a “server in a garage with a T-1 line,” sure. 4) Cost savings. If you ignore the cost of setting up and maintaining the complexity of multi-cloud as well as the lost revenue by over-engineering a solution and not getting to market fast enough. Other than that, I have no strong opinions on the matter.

5 Cost Saving Tricks to Reduce AWS Cloud Hosting Bill
If “cost savings” is making you think multi-cloud, try following Mark Runyon’s advice first. You know what’s a big cost saving? Going serverless. 😜

4 factors to ruin your serverless migration
Sure, serverless isn’t all 🦄s and 🌈s, but I have to respectfully disagree with Lee Atchison on a number of these points. You should certainly understand the performance capabilities of FaaS and whether it can handle your use case, but best practices and tools have emerged for managing complexity and controlling scaling costs. Plus, FaaS is the one part of serverless that has the least lock-in. Your data, on the other hand…

Data availability and backups in AWS
As Kirill Kolyaskin so eloquently puts it, “shit happens.” There are some rather interesting scenarios in here that could result in data loss, even if it’s “backed up.”

What the technology hype cycle tells us about the future of crypto
Tim Wagner has some interesting thoughts of where crypto is in the technology hype cycle, using his experience with AWS Lambda as a comparison. When the father of Lambda speaks, we should listen. 😉

Server to Serverless: How to achieve more by thinking of servers less
I really liked this piece by Richard Reukema as he points out that thinking about the underlying server deployments are a “distraction from the business need.” He says, “We need to stay above the implementation perspective, and only think of what the application requires from a services perspective.”

Thoughts from Twitter… 🐦

Lambda Layers Tip: I have a layer structure like this. It’s a utility layer for libraries I use (aws-sdk, aws-xray-sdk, uuid). I also have a simple response-handler.js. In Node I can use “const rh = require(‘/opt/response-handler’);” to utilize. #Serverless #ServerlessForEveryone ~ Eric Johnson
This is a neat way to utilize multiple libraries in a single require.

Not pleased to learn that the Node 10.x runtime for AWS Lambda is no longer logging serialized errors. Example code with screens of error output in 8.10 vs 10.x: exports.handler = async (event) => throw Error('simple err') This is really bad for bug resolution. 😠 ~ Brian Leroux
Brian is definitely not happy about this Node 10.x runtime for Lambda issue. I mean, look at how angry that emoji is!

Pearls of wisdom from @matthewfellows , “If you can’t build good microservices you shouldn’t be doing serverless” at @AWSMelb meetup ~ Tom Dickman
While I tend to agree, there are a lot of serverless use cases that don’t require as much choreography or orchestration as a traditional microservice would.

When you search for “serverless” on Netflix… 🍿

Building Event-Driven Serverless Apps with AWS Event Fork Pipelines
Stop reading and go watch this now! James Hood from AWS walks you through building event-driven applications and how you can use reusable Event Fork Pipelines to create loosely coupled serverless services. The underlying pattern is where the real power is.

AWS for Developers: Data-Driven Serverless Applications with Kinesis
Marcia Villalba has a new course out. It’s on LinkedIn Learning, so if you already have a LinkedIn Premium membership, you can access the course for free.

DevOps Chat: Serverless Intelligence With Lumigo’s Aviad Mor
Aviad Mor from Lumigo talks about how their customers are embracing serverless in hybrid environments, and why serverless is more about a way of thinking, rather than a specific technology.

Creating A Website Using AWS AppSync
Luke from Serverless Guru shows you how to build a file upload website using AppSync and DynamoDB.

American Heart Assoc: 100 years of Content is Discoverable with Serverless & AI on AWS
Heitor Lessa talks with AWS customer, Chirag Chhita, from the American Heart Association. He explains how they use serverless and AI tools to create better experiences for their platform users.

Azure Friday Live – Building serverless Python apps with Azure Functions
It looks like Microsoft bought an old CNN set to record this demo, but the fact that Azure Functions support Python now is pretty cool. Asavari Tayal takes you through a demo using the Azure Function VSCode extension.

Serverless Tools 🛠

cloudkj/scar: Deploy static websites in seconds – with HTTPS, a global CDN, and custom domains
Kelvin Jiang built a useful CloudFormation stack that allows “one-click” deployments for your static sites on AWS.

ICYMI: five updates you’ve missed about Serverless Step Functions
If you’re using the Serverless Framework and Step Functions, check out Yan Cui’s recent updates to the serverless-step-functions plugin.

When you’re wondering what AWS is building… 👷‍♀️

Updated timeframe for the upcoming AWS Lambda and AWS Lambda@Edge execution
Based on customer feedback, AWS has extended the timeframe for validation as well as given customers some more control. You now have five additional weeks to test and update affected functions.

CloudWatch Logs adds support for percentiles in metric filters
This is pretty cool. You can now visualize and trigger alarms on p90, p95, p99, p99.9 or any other percentile with CloudWatch logs.

Amazon DynamoDB adaptive capacity is now instant
This is another great update to avoid throttling on hot partitions. There are still limitations, so make sure to choose good partition keys.

Amazon API Gateway Now Supports Tag-Based Access Control and Tags on Additional Resources
And another really cool feature. Now you can use tags to limit access to routes/methods with API Gateway. I’m thinking this will be a very handy pattern for creating ACLs for Lambda and service integrations.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 29, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019  ServerlessDays Tel Aviv.

June 11-12, 2019Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

July 11, 2019 – ServerlessDays London

July 11, 2019 – AWS Summit New York

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Matthieu Napoli (@matthieunapoli). Matthieu is a software consultant and full stack developer that has been instrumental in introducing serverless to the PHP community. He is the creator of Bref, a PHP framework for building serverless PHP applications on AWS Lambda, as well as the creator of several other open source projects for PHP developers. Plus, he’s an active speaker at conferences, spreading serverless to the masses (of PHP developers). You can learn more about his upcoming speaking engagements and read his blog at Thanks for your contributions, Matthieu! 🙌

Final Thoughts 🤔

The amount of serverless content being produced every week is overwhelming. But I really do enjoy reading it, picking out the interesting stuff, and sharing it all with you. If you find this newsletter valuable, and you think that some of your friends and coworkers might as well, I would really appreciate if you shared it.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

Until next time,