A Weekly Newsletter By Jeremy Daly

Off-by-none: Issue #31

April 2, 2019

Serverless goes enterprise… 🚀

Welcome to Issue #31 of Off-by-none. It’s great to have you here. 🙇‍♂️

Last week we looked at Event Fork Pipelines and explored the security model of Lambda. This week, the Serverless Framework goes Enterprise, we look at some serverless security trends, and share more great content from the serverless community.

Plenty happening with serverless this past week, so let’s get right to the good stuff!

Serverless Product Announcements 📢

Announcing Serverless Framework Enterprise: The Total Serverless Solution
I’m a HUGE fan of the Serverless Framework, and the new features launching with the Serverless Enterprise Framework are a great addition to help make deploying serverless applications easier AND safer. Insights, Secrets, and Safeguards, are three very useful services (that I’ve seen first hand) that should streamline your serverless development process.

Vizion.ai launches its managed Elasticsearch service
Also a huge fan of Elasticsearch, but even when using AWS’s managed service, there is still the issue of provisioning. Vizion.ai is trying to change that by scaling ES automatically and bringing the cost down using some sort of innovative caching. Serverless Elasticsearch would be a useful addition to the ecosystem.

Serverless Use Cases 🗺

Consume a RabbitMQ message from AWS Lambda
Curtis Strain’s last post was about publishing messages to RabbitMQ. This time he shows us how to consume them. And yes, I actually have a need for this. 🤦🏻‍♂️

A Serverless application to clean up old deployment packages
Yan Cui teamed up with Lumigo and created a Serverless Application Repository service called Lambda-Janitor that will clean up all those old deployment packages to keep you under the limit.

Building a Fully Serverless Realtime CMS using AWS AppSync and Aurora Serverless
There are a lot of people building content management solutions with serverless, and Yi Ai is joining in the fun. A CMS is a great use case for serverless, especially given the extremely infrequent computing power needed.

A Smart Service to Keep AWS Lambda Warm
Renato Byrro from Dashbird is continuing to pull the thread on warming Lambdas. This post takes an interesting approach by positing a predictive algorithm that could better understand concurrency models. Using CloudWatch metrics to make better decisions, hmm, that’s a novel idea. 😉

Building CICD pipelines for serverless microservices using the AWS CDK
Paul Swail has another installment in his Migrating a Monolithic SaaS App to Serverless series. This time he’s building out a CI/CD pipeline using AWS CDK to configure the infrastructure.

Uploading images to AWS from remote devices securely via Rest API using AWS
It’s perfectly plausible that you’d need images (or other files) uploading from remote devices, Sandip Pradhan will show you how to do it securely.

For the Serverless newbie… 🆕 🐝

Serverless computing: 6 things you need to know
Jeffery Hammond from Forrester Research gives an excellent interview explaining what serverless is and why it is so important.

Serverless Technology Overtakes Cloud Computing
If you need to convince your boss that your company should be adopting serverless, point them to this CIOReview article. It’s a nice little executive summary that lays out the benefits in just a few paragraphs.

Compare AWS Lambda to Azure, GCP serverless platforms
There are a lot of “serverless” offerings out there, but the big three are still dominating the market. This piece by Chris Moyer lays out some of the differences between them.

Comparing Nuclio and AWS Lambda
If you like comparisons, check out Yan Cui’s piece that looks at how the open-source Nuclio project compares to Lambda. Yan recommends exploring Nuclio if you are looking for a serverless platform that isn’t tied to a specific cloud provider.

When’s the right time to go serverless?
I say, RIGHT NOW! But according to Chip Childers, serverless is still in the “pre-chasm” phase, which means best practices and tools still haven’t evolved yet. While I believe that is true to some extent, the market is catching up very quickly.

Fullstack Serverless
Kurtis Kemple is realizing the power that managed services stitched together with FaaS and frontend frameworks can bring.

Don’t Code If You Don’t Have To When Serverless
Tom McLaughlin of ServerlessOps also had an “aha” moment when he realized he could wire PagerDuty directly into CloudWatch and didn’t need to write (and support) more code. Take a look at your serverless functions and try to figure out what doesn’t need to be there. I bet there’s more than you think.

Serverless Tutorials 🏗

Orchestrating backend services with AWS Step Functions
If you need to compose several reusable functions together, AWS Step Functions is the way to go. Jay Dadhania gives a great overview and walks you through setting up workflows to pass your state from step to step.

Mastering Java Cold Starts on AWS Lambda — VOLUME 1
Serkan Özal goes into an insane amount of detail trying to reduce Java cold starts in Lambda. If you’re a Java shop, more power to you. My advice if you’re going serverless, switch to another language with lower start up times.

How to send text messages from your static site using Netlify, Twilio and serverless functions
Static sites with serverless backends are all the rage, and rightfully so. Stefan Judis has an in-depth post that takes you through the process of connecting all the pieces.

Creating a Serverless Cron Job in AWS
We’ve highlighted many ways to run cron jobs in AWS in the past, some more complex than others. Henry Williams lays out a simple process for you.

Building a Reliable Serverless Application in a Weekend
Mohit Cheppudira shows you how to build a full-blown (reliable) serverless application using Google Cloud.

Serverless Security 🔐

Serverless, shadow APIs and Denial of Wallet attacks
In this podcast, Doug Dooley makes a great point about the number of serverless APIs being published, likely unbeknownst to the enterprise. With developers having the ability to launch more services without needing support and guidance from a traditional Ops team, it does beg the question of how we should be keeping track of all these things.

The Serverless Cloud Security Model: A Point Of View
Great piece that lays out a serverless security model based on a validated and battle-tested reference architecture. Definitely worth taking a look at if you’re interested in serverless security (as we all should be).

Local Policy Updates – Keep Your Functions Secure Anywhere (Even In a closed VPC)
Local Policy Updates let you use the PureSec CLI tool to fetch the latest security policy and enforce it on your function during the CI/CD process, eliminating the need to to call the PureSec service at runtime.

Amazon Web Services sharpens its focus on cloud security
This SiliconAngle story recaps last week’s AWS Summit, and gives a good summary of why AWS is continuing to focus on cloud security.

Understanding Amazon DynamoDB encryption by using AWS Key Management Service and analysis of API calls with Amazon Athena
It’s important to understand security controls available within DynamoDB, and this piece Sai Sriparasa and Prahlad Rao outlines best practices, and shows you how to perform audits.

Serverless Stories 🌎

Building, automating and deploying serverless microservice infrastructures
Here’s how the Fender engineering team built out their new Fender Play service using AWS and serverless. It focuses on the build process, but there are some interesting takeaways in here.

ServerlessDays Hamburg Retrospective
Thinking about running a ServerlessDays conference, or maybe just going to one? This is a great look at just how much has to happen to put on one of these incredible events.

Load testing Serverless with Serverless at Comic Relief
Adam Clark lays out how his team load tested their serverless applications (and legacy applications) using Serverless Artillery in the lead up to Red Nose Day 2019.

Monitoring & Debugging Serverless Applications for Red Nose Day 2019
In this post, Adam Clark gives a run through of the debugging, alerting and tools used to provide insight into their serverless applications.

Why we migrated opensource inboxkitten (77 million serverless request) from Firebase to Cloudflare workers & CommonsHost
Eugene Cheah explains the title of this post.

Serverless e-commerce: lessons learned
Riccardo Ferrazzo wanted to be the “good son,” so he built his mother’s business a serverless e-commerce site. Here’s what he learned.

Serverless Reads 🤓

The Everything Guide to Lambda Throttling, Reserved Concurrency, and Execution Limits
Kerri Rapes lays out the details of the Lambda concurrency model and why you should care.

Just how expensive is the full AWS SDK?
Some more details on cold starts and a few ways to optimize your code to minimize them.

What does AWS-SDK v3 mean for node.js Lambda?
TLDR;  Using AWS-SDK v3 allows you to significantly reduce the size of your Node.js Lambda functions.

Amazon Aurora: design considerations for high throughput cloud-native relational databases
If you really want to know how Aurora works behind the scenes, take a look at this in-depth post by Adrian Colyer.

Current options to deploy a Serverless blog
Veer Abheek Singh did some research and found several options for deploying a serverless blog.

Will it scale? Let’s load test geohashing on DynamoDB
James Beswick and Richard Boyd teamed up to load test James’ DynamoDB-based geohashing service. There are some interesting findings in here (like write less code and introduce fewer moving parts).

A CLOUD GURU ADOPTS A SERVER
For a little April Fools’ fun, the Kroonenburgs decide to adopt servers and eventually establish a sanctuary for rescue servers in the countryside. “It’s going to be a nice, quiet server farm.”

Breaking down the Monolith. Considering Serverless!
Harish Kumar gives you some thoughts on why serverless is a good choice, but more importantly, where you should start.

TypeScript Is a Perfect Choice for Serverless
This is just a short post that documents Arseny Yankovsky’s realization that Java is way too heavy for serverless functions. I included it because I want everyone to realize this.

For the Visual Learner… 🎥

AWS X-Ray for Serverless Applications | Serverless Monitoring
Marcia Villalba shows us how to easily instrument a Serverless Framework application with AWS X-Ray.

Visual Notes for Amazon SNS
By Jerry Hargrove. Enough said. 😉

When you’re wondering what AWS has been working on… ⚙️

Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience
Remember that API Gateway Serverless Developer Portal thing AWS launch a while ago? It just got better.

Application Load Balancers now Support Advanced Request Routing
ALBs are pretty sweet, and now you can use things like query parameters and HTTP methods to manipulate routing. Couple this with AWS Lambdas as the backend, and suddenly this starts to feel a bit like API Gateway. Very cool stuff. Here’s how to use the new features and some use cases for them.

The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available
You can now download the AWS Toolkit from the Visual Studio Marketplace with support for node.js. It also supports Visual Studio 2019. It’s good to see everyone playing nicely together.

Create Alexa Experiences for Your Organization with Blueprints
Still not familiar with Alexa private skills? Now these voice-powered capabilities for Alexa have a couple of blueprints to get you voice-enabling your business processes in no time.

Upcoming Serverless Events 🗓

April 8-10, 2019 – The Serverless Architecture Conference in The Hague, Netherlands.  I’m giving two talks, so I hope you’ll join us.

April 9, 2019ServerlessDays Atlanta. This one is combined with DevOps Days and Map Camp.

April 11, 2019ServerlessDays Zurich.

April 25, 2019ServerlessDays Helsinki. The speakers have all been announced!

The CFP for DevOpsDays Boston 2019 is now open.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Richard Boyd (@rchrdbyd). Richard is a Cloud Data Engineer at The iRobot Corporation who used to work on Robotics and Alexa at Amazon. Now he’s jumping into the serverless community by posting really interesting articles on his blog (rboyd.dev), engaging on Twitter, and collaborating with others. I love hearing new serverless voices and perspectives, and Richard is a very welcome addition to the community. Looking forward to seeing more from him. 👏

Final Thoughts 🤔

The last two weeks have been very busy for me, but we finally have the new AlertMe serverless article processing system up and running in production. Lots of interesting lessons learned there, so perhaps, at some point I’ll share all the details. There is always more to do, but our architecture makes extensibility extremely easy. I’m really looking forward to iterating on the live service.

Don’t forget that next week I’ll be speaking at the Serverless Architecture Conference in The Hague, Netherlands. I’m giving two talks, Serverless Microservice Patterns for AWS and Building resilient serverless Systems with non-serverless Components. I hope to see some of you there. Please come and say “Hi” if you get a chance. I’ve got plenty of “Off-by-none” stickers to give out.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

Hope to see you soon (maybe in The Hague),
Jeremy

Share this newsletter with your friends and coworkers!


Off-by-none is a weekly email newsletter that focuses on the technical details of building applications and products in the cloud using serverless technology. Together we can become better developers and product people by making fewer mistakes as we learn from each other. Off-by-none is the idea that we can become exceptional at what we do, if we are willing to put in the work. Join me on this journey as we help the community work to develop best practices, share our ideas, and learn to build better cloud-based software.

Sign up below and get Off-by-none delivered to your inbox every Tuesday.

I respect your privacy and I will NEVER sell, rent or share your email address.