Live from AWS re:Invent…
Welcome to Issue #13 of Off-by-none. We’re coming to you LIVE from AWS re:Invent in Las Vegas!
Last week we looked at some clever use cases for Step Functions, revisited serverless microservices, and made the serverless case for startups. This week we rethink serverless+RDBMS, challenge the objections of laggards, protect ourselves from DoS and other attacks, and of course, look at some new AWS product launches.
So many amazing things to get to today, so let’s jump right in!
When you’re not sure if RDBMS and serverless mix… ☯
Many of us wished for RDS HTTP Endpoints, and the other day, AWS announced that you can now access your Amazon Aurora Serverless Database with the New Data API (Beta). No VPCs, no connection management, and automatic scaling with Aurora Serverless. Almost sounds too good to be true. 😳
And… it sort of is (for now). In Aurora Serverless Data API: A First Look, I share the results of a few experiments I ran as well as some of my initial thoughts on the implementation. TLDR; The latency is really bad and this isn’t ready for primetime. But like all things AWS, it’ll get much better before GA.
Is RDBMS in serverless applications even a good idea? Paul Johnston shares his thoughts on Serverless and Data Rigidity and argues that other technologies (like NoSQL) have removed the need for them. He’s not wrong, but there are still plenty of use cases that relational databases work well for. One thing we can definitely agree on: AVOID ORMs! 🙌
When you’re looking for some serverless inspiration… 💡
Serverless, Inc. is wrapping up #NoServerNovember with the re:Invent serverless virtual hackathon. Build a serverless app for a non-profit, feel good about yourself, and win some swag.
If you want to get a bit more complex, try building a chat application using AWS AppSync and Serverless.
Are you writing your code in Python? AWS SAM CLI just introduced the sam build Command that lets you easily package all your dependencies. Or you can learn How To Package External Code In AWS Lambda Using the Serverless Framework.
What to do when your boss won’t let you play with serverless… 👨🏻💻
James Beswick outlines five common objections to adopting serverless in his new post, Scared Serverless — How do you handle opposition from your IT group? Lots of ammunition in here if you find yourself needing to defend your (very wise) decision.
If they’re still not convinced, maybe this Twitter thread will help. Simon Wardley says, “The overwhelming output of most businesses is waste. Serverless is way larger than you think. More significant than cloud was.” It’s definitely worth the read (plus there’s maps).
When you realize you’re still responsible for securing your serverless application… 🔒
Avi Shulman from PureSec wrote a great post on Lambda DoS Mitigation Strategies. See how different invocation types and retry policies can be leveraged by attackers to wreak havoc on your serverless applications. Lots of practical tips in here including a number of best practices and tips to minimize your exposure.
Want to add even more security to your serverless app? Amazon API Gateway has added support for AWS WAF, which means no more creating regional endpoints and using your own CloudFront distribution. It still won’t prevent event injection, but it’s a good start.
And just when you think that
npm audit will protect you from third-party package vulnerabilities, we discover another widely used open source software that contained a bitcoin-stealing backdoor. Luckily it only has 2 million weekly downloads. 🤦🏻♂️ A friendly reminder to minimize dependencies in your serverless applications.
What to expect when 50,000 AWS fans in Vegas are waiting for more product updates… 🚀
There’s only been one full day of re:Invent and AWS has already announced a number of products and services that are pushing serverless to a whole new level. I’ve heard a lot of whispers, so expect many more to come over the next few days. 🤘🏻
- Firecracker – Lightweight Virtualization for Serverless Computing 🎆
Want to run the same virtualization technology used by AWS Lambda and Fargate? Well, apparently now you can with AWS’s open-sourced Firecracker project.
- Run Amazon Aurora Serverless Queries Directly from the AWS Management Console (Beta)
No more VPNs, SSH tunnels, or phpMyAdmin setups to run queries on your Aurora Serverless clusters. It’s still in beta, so look for more improvements.
- Introducing the AWS Amplify Console
Scalable hosting for static web applications with serverless backends. AWS’s new continuous deployment and hosting service plugs into your code repository and will build and deploy your front and back end on every commit. It will even automate feature branch builds for testing.
- Amazon S3 Introduces S3 Batch Operations (Preview) for Object Management
I knew there was a reason for increasing Lambda executions to 15 minutes. New batch operations in S3 allows you to trigger custom Lambda functions on billions of documents. Ajay Nair is rightfully excited about it.
- Automatic Cost Optimization for Amazon S3 via Intelligent Tiering
No more guessing with Standard, One Zone, or Glacier storage classes. New S3 Intelligent Tiering automatically decides how to store your objects based on access patterns. This should result in huge cost savings.
- AWS Transfer for SFTP – Fully Managed SFTP Service for Amazon S3
Transfer files to S3 using SFTP without building your own Frankenstein. I’m glad AWS finally came around to providing “legacy” support for “long-established data processing and partner integration workflows.” I’m hoping for a managed VPN service next.
Serverless Star of the Week ⭐️
There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.
This week’s star is Chris Munns (@chrismunns). Chris is a Principal Developer Advocate for Serverless at Amazon Web Services and a great resource for anyone working with (or interested in) serverless. He’s a regular speaker at events, an AWS blog contributor, a host on Serverless Bytes, and he also puts on the occasional webinar. Even though he works for AWS, he’s a huge advocate for serverless computing in general and will always jump into a good debate on Twitter. This week he’s not only giving a number of talks at re:Invent, but also finding some time to spend with members of the serverless community.
Final Thoughts 🤔
The buzz around serverless at re:Invent is absolutely amazing. Every session I’ve attended so far has been bursting with people that are either already using it in production, or are hoping to start. I know we are in a bit of bubble here, but it’s clear that AWS is continuing to make massive investments in serverless technologies and wants to continue to be the market leader. Exciting times ahead.
I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always welcome and much appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.
Go build some amazing serverless apps and enjoy the rest of re:Invent! ⚡️
I’ll be here all week, 😉
P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks!
Share this newsletter with your friends and coworkers!
Off-by-none is a weekly email newsletter that focuses on the technical details of building applications and products in the cloud using serverless technology. Together we can become better developers and product people by making fewer mistakes as we learn from each other. Off-by-none is the idea that we can become exceptional at what we do, if we are willing to put in the work. Join me on this journey as we help the community work to develop best practices, share our ideas, and learn to build better cloud-based software.
I respect your privacy and I will NEVER sell, rent or share your email address.