A Weekly Newsletter By Jeremy Daly

Off-by-none: Issue #33

April 16, 2019

Serverless doesn’t take vacations… 🏝

Welcome to Issue #33 of Off-by-none. It’s great to have you join us! ☀️

Last week we were at the Serverless Architecture Conference in The Hague, Netherlands. This week, we’ll take a quick look at Google Cloud Run, see how serverless makes for better vacations, and, of course, share some amazing content from the serverless community.

Always plenty to get to, so here we go! 😎

When you can’t take your servers on vacation with you… ✈️🍹

This week I’m actually taking a vacation with my family. Besides writing this newsletter (and the occasional need to check Twitter), I’ve been able to disconnect myself from a number of production workloads that I’m responsible for. While I’ve worked for (and often work with) larger organizations that have redundant Ops staff, I always love the challenge and thrill of working with small startups.

One of the challenges that comes with these types of companies, is the need for a small team to share managing and maintaining the infrastructure (and generally on a budget). For people like me, this typically means that I’m “on call” no matter where in the world I may be. However, over the last ten years or so, as I (and others) have moved to the cloud, the increasing number of managed services has reduced the level of worry dramatically.

For the last 4+ years, I’ve been moving more and more workloads to managed services and AWS Lambda for compute. Now, as I lay on the beach, typing this newsletter on my phone, I can’t remember the last time I had a major outage that required my (or any of my team members’ immediate attention). I’m certainly not saying that Ops work goes away, but for startups and small teams, it’s nice to know that we can spend some worry-free time with our families instead of babysitting our servers.

When people are getting excited about Google Cloud Run… ☁️🏃‍♀️

Google recently announced their new Cloud Run service at Google Next. This service allows you to run stateless HTTP containers on a fully managed environment or in your own GKE cluster. TechCrunch’s article, Google Cloud Run brings serverless and containers together, will give you a bit more context.

I had several “thoughts” on this, but Ben Kehoe beat me to it with his post, The Good and the Bad of Google Cloud Run. I agree with Ben in that GCP is “providing people with a system that is going to make them complacent with traditional architecture, and not push them to gain the immense benefits of shifting (however slowly) to service-full architecture…” This seems to be so difficult for people to grasp, but it is spot on.

So is Google Cloud Run really “serverless” if it abstracts away most of the underlying infrastructure but still requires you to configure and maintain containers? I’m not convinced, but according to Paul Johnston’s New Definition of Serverless, it just might be.

Serverless Product Announcements 📢

Get alerts to PagerDuty and VictorOps with Epsagon
You can now get notified for any alert directly to your incident management tool. Both PagerDuty and VictorOps are supported.

Protego Labs Bolsters Serverless Security Solution with Support for Amazon Web Services Fargate
“Whether they are functions or containers, if they are small narrow-purpose workloads, optimizing configuration, and applying behavioral defense within the workloads significantly reduces serverless application attack surfaces.”~ Hillel Solow

Serverless Use Cases 🗺

Automated AWS Resource Cleaner
Servian had a bunch of unused AWS resources costing them money, so they built a tool (using Lambda) to help automatically clean them up.

How to defend games against DDoS attacks
If you’re building any type of application exposed to the web, being able to mitigate a DDoS attack is important. AWS already adds protection for a number of these attacks, and this post explores the architecture decisions you can make to best utilize these capabilities.

The Future of Serverless is… Functionless?
Developers seem to feel more comfortable when they can write some code, but in many cases, Lambda functions aren’t even necessary. Chase Douglas from Stackery discusses this in more detail and provides some demo-api-integrations that you can try out yourself.

If you’re just starting out with serverless…

Observability Without Having to Break the Bank
It’s important to capture metrics for your serverless applications, but logging every detail could get expensive. Yan Cui shows us how intelligent sampling with Thundra might be a better solution.

3 tips for serverless success in 2019
Richard Seroter of Pivotal shares 3 tips on what you should do in 2019 before you start using serverless products.

Put your serverless computing knowledge to the test
Taking this quiz won’t earn you any type of serverless certification, but if you’re new to the technology, perhaps this quiz will help to confuse you even more. 😉

Serverless Stories 📖

Migrating authentication from Express.js to API Gateway using a Lambda Authorizer
Part 6 of Paul Swail’s Decision Journal. This time he needs to implement an authentication and authorization mechanism with API Gateway using the same auth logic as their legacy API counterparts.

Building an AWS Serverless ML Pipeline with Step Functions
Rafael Felix Correa recounts how OLX Group used ML and Step Functions to consistently deliver meaningful recommendations to their customers.

Introducing Fenrir: How Coinbase is Scaling Serverless Applications
Coinbase built Fenrir, an AWS SAM deployer that is a reimplementation of the sam deploy command as an AWS Step Function.

Designing a modern serverless application with AWS Lambda and AWS Fargate
Nathan Peck discusses his use of AWS Lambda, AWS Fargate, and the AWS Cloud Development Kit to update his changelogs.md project.

Using AWS Serverless Technology as an Enabler for Cloud Adoption
This post describes how BJSS leveraged the AWS Serverless Platform and an innovative delivery approach to build a new ecommerce system for a major UK retailer.

How clean-architecture solved so many of our Serverless problems
Ewan Valentine solved a number of local testing problems by using a combination of dependency injection and a “delivery” interface for all his serverless functions.

Serverless Tutorials 🏗

Creating a Chat App with Serverless, WebSockets, and Python: A Tutorial
Lance Goodridge gives you a full walk through complete with Serverless Framework configurations and code snippets.

Upload files to AWS S3 using pre-signed POST data and a Lambda function
A simple pre-signed URL is all you need to allow users to upload data directly from their browsers into S3.

Invoking AWS Services from AppSync HTTP Resolvers
Yes, you can call AWS services without invoking Lambda functions. Yi Ai shows you how to use an HTTP resolver to send an email with SES.

Serverless API with ReactJS
Quick and easy tutorial that will show you how to create a simple ReactJS app with a serverless backend.

Serverless Security 🔐

AWS Security Maturity Roadmap
Scott Piper’s opinionated, actionable, guide to using AWS securely in 2019.

Key Differences in Security, Management for Serverless vs. Containers
Sonya Koptyev from Twistlock points out how security for functions and containers differ.

Serverless Reads 🤓

A Detailed Overview of AWS API Gateway
Alex DeBrie takes you through how requests are processed with API Gateway, and what happens at each step along the way.

How to know with whom your Lambda is talking?
Kirill Kolyaskin is a bit paranoid, but probably for good reasons. This post looks at how one might gain some better observability into HTTP communications to and from Lambda.

Serverless != microservices
Perhaps it should be “Serverless does not have to equal microservices” instead. Ersin Akinci does make a few good points, especially with regards to over complicating simple workflows.

The Fargate Illusion
Lee Briggs says that Fargate isn’t “easier” than Kubernetes, it’s just different. More importantly, “whichever way you choose is going to have operational overhead.”

Automating Apache OpenWhisk Releases With Serverless
James Thomas explains how he used serverless functions to automate release candidate verification for the Apache OpenWhisk project.

When you’re curious what’s happening at AWS… ⚙️

Sitting in the room with the entire Lambda PM + DA team talking about 2020. What do YOU want AWS to build?
Chris Munns and the team are looking for Lambda ideas.

Amazon Elasticsearch Service adds event monitoring and alerting support
The Amazon Elasticsearch Service now provides built-in event monitoring and alerting, enabling you to monitor the data stored in your domain and automatically send notifications based on pre-configured thresholds.

Periodic Table of Amazon Web Services (HTML Version)
Jerry Hargrove went above and beyond and created an HTML version of his incredible Periodic Table of AWS, complete with links to all the product pages. Very cool.

Upcoming Serverless Events 🗓

April 17, 2019 Serverless Observability Workshop presented by AWS and Epsagon.

April 24, 2019Cloud-side development: Why it’s a thing and how to build faster than ever with serverless present by Stackery

April 25, 2019ServerlessDays Helsinki.

April 25, 2019 – Mastering Amazon DynamoDB ACID Transactions: When and How to Use the New Transactional APIs

June 4, 2019  ServerlessDays Tel Aviv.

June 21, 2019 – ServerlessDays Milan.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ran Ribenzaft (@ranrib). Ran is the co-founder & CTO at Epsagon (@epsagon). Not only has his team built a killer product to make monitoring and tracing your serverless applications easier, but lately he has been hosting webinars like it’s nobody’s business. He always shares something interesting, whether in a webinar, or on the Epsagon blog. Thanks for your continued commitment to the serverless community, Ran!

Final Thoughts 🤔

Things are moving very fast in the serverless world, including the continued push to call every new service “serverless.” I also came across an interesting point in another article that observed that serverless “best practices” seem to be a moving target. Microservices, nanoservices, monoliths, containers, or direct service integrations with no functions at all? If anything, the noise is overwhelming, and I think this makes it harder for those looking to adopt serverless.

The technology will continue to mature, and more best practices will continue to emerge and evolve. But I tend to be of the mindset that it’s hard to make really bad decisions when building with serverless. So my advice, just go out there and build. Learn the basics, and take heed from others’ experiences, but in the end, there is no “right way” to “do serverless” right now. Some ways will work better than others, but do what works for you and your team, and adapt over time.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

If you have a minute, please share this newsletter with your friends and coworkers who might be interested in serverless. I would really appreciate it. 👍

See you again next week,
Jeremy

Share this newsletter with your friends and coworkers!


Off-by-none is a weekly email newsletter that focuses on the technical details of building applications and products in the cloud using serverless technology. Together we can become better developers and product people by making fewer mistakes as we learn from each other. Off-by-none is the idea that we can become exceptional at what we do, if we are willing to put in the work. Join me on this journey as we help the community work to develop best practices, share our ideas, and learn to build better cloud-based software.

Sign up below and get Off-by-none delivered to your inbox every Tuesday.

I respect your privacy and I will NEVER sell, rent or share your email address.