A Weekly Newsletter By Jeremy Daly

Off-by-none: Issue #55

September 17, 2019

A better way to model DynamoDB? 🤓

Welcome to Issue #55 of Off-by-none. Thanks for being here! 👋

Last week, we reviewed some very encouraging news about cold starts in Lambda. This week, we look at a new way to model our DynamoDB data, share lots of exciting serverless news, and of course, we have lots of amazing content from the serverless community.

Lots to get to, so let’s get right to it. 👍

Serverless News & Product Announcements 🚀

Stackery Appoints Tim Zonca as Chief Executive Officer
I really love what Stackery is doing. If their new CEO can help accelerate them into the enterprise marketplace, I think this will make a huge impact on serverless adoption.

Optimizely Announces Performance Edge, Enabling the Industry’s Fastest Web Experiments
This is super interesting. Optimizely (the company that lets you easily run A/B tests) has launched a new service that runs at the edge using CloudFlare workers. Multivariate testing has long been a use case for edge computing, but seeing it productized is a big step forward.

Anthos simplifies application modernization with managed service mesh and serverless for your hybrid cloud
I’m really not sure what Google’s calculation is with Anthos, but they seem to be pushing full steam ahead on giving people alternatives to using their cloud platform. 🤷‍♂️

Zenoss Launches Serverless Monitoring for Google Cloud Environments
Zenoss (remember them) is now offering monitoring for Google Cloud’s suite of serverless compute options.

Monitor and debug all serverless errors
The Serverless Framework continues to get better. This time introducing the context.captureError(error) method to capture errors without needing to fail an entire Lambda function. While failing a function makes sense sometimes, user facing functions often require a custom error to be returned. This is a great way to get the error information you need, without affecting the user experience.

How to use Serverless and Twilio to automate your communication channels
The Serverless Framework is killing it lately. Now you can deploy Twilio functions as well. I’ve said before that SaaS providers providing native code execution environments could open up a lot of use case. Now it’s super easy with the Serverless Framework.

LambdaSharp 0.7 “Geminus” is out!
This release focuses on ease of use, sharing modules, and seamless upgrading. Great tool for building serverless C# Lambda functions on AWS with CloudFormation.

IOpipe Named a Cool Vendor in Performance Analysis by Gartner
Good to see vendors in the serverless space getting recognized for the great work they are doing. Congrats to IOpipe!

Lambda@Edge support now available
This is another awesome update to the Serverless Framework. There are still some quirks with deploying and removing Lambda@Edge functions, but this added support certainly makes it easier.

Announcing the RabbitMQ extension for Azure Functions
I’ve had less-than-fantastic experiences with RabbitMQ, but I know many people that have had better luck. I do think this is an interesting way to migrate existing workloads to serverless by tapping into your app’s RabbitMQ channels. Any time you make it easier to adopt serverless, I’m all for it.

Serverless Stories 📖

Use Serverless AWS step functions to reduce VPC costs
Kevin van Ingen has a great piece that explains how his team was able to cut costs dramatically by removing their NAT Gateway and parallelizing their Lambdas with Step Functions.

Serverless Web Application – Example Architecture
Ahmed Mansour gives us some insight into how he build a recent serverless project.

Serverless Use Cases 🗺

Doing Rollups of AWS S3 Server Access Logs
Here’s a useful use case from Douglas Muth. Use a Lambda function to roll up S3 access log files. He even wrote an app for you.

Generate AWS STS credentials: The portable way
There are some security considerations with this approach, but using Lambda to quickly generate STS credentials for teams is another interesting use case.

When you want to learn some advanced Serverless concepts… 🏗

Serverless Cost Containment
Rowan Udell has a great piece that outlines some of the cost traps that serverless developers can get caught in. Many of these are easily mitigated, but the first step is knowing that they exist.

Distributed Tracing: Manual Vs. Automatic
Nitzan Shapira presents two different approaches to implementing a distributed tracing solution: Manual and Automatic. Automatic has its drawbacks, especially around flexibility. But personally, I’d rather choose a tool that gets me 80% there without needing to do any extra heavy lifting.

Taking Serverless to the Next Level
Danilo Poccia is always taking serverless to the next level. In this presentation he covers everything from IaaC to automating deployments to event-driven microservices. There are a lot of slides here, but definitely worth taking a look to understand these fundamentals.

12 New Features of AWS Amplify
AWS Amplify is on the development bullet train. The project is moving fast and releasing new features constantly. Nader Dabit outlines 12 new features that have been released over the last few months.

Invoking one Lambda function inside another (Sync-Async)
Mahfuzul Alam outlines a way to do function composition by making asynchronous calls to downstream Lambda functions. Under the right circumstances, this can work well, but be careful about synchronous invocations, especially attached to a synchronous request from a client. It might be necessary, but this creates a lot of coupling. There are generally better ways to achieve this.

The best reason to use DynamoDB streams is…
Yan Cui points out the fact that using DynamoDB streams eliminates the need to update the state of two separate systems (DynamoDB and Kinesis), which eliminates the need for distributed transactions. IMO, this model works really well within a microservice, but if you are generating events for use across service boundaries, I think the distributed transactions are worth the added complexity.

Why you should use temporary stacks when you do serverless
Yan also explains two ways that you could use temporary CloudFormation stacks when doing serverless and why you would want to. Feature branches and integration tests are the highlights here, and while there are always pros and cons, it is definitely something you should consider.

If you’re just getting into serverless… 🐣

What’s the friction with Serverless?
This is a great post for teams thinking about going serverless or for teams that have started but are hitting a brick wall. While serverless promises “writing just your business” logic, there is a lot more to it, especially having knowledge of the other managed services available to you. This shouldn’t discourage you, but it’s important to know what you’re up against.

What Front-End Developers Need to Know about Serverless Databases
Dan O’Donnell gives you some of the pros of working with “serverless” databases.

Serverless Computing and the Trend to Asset Lean
While this analogy is not new, I like how Aater Suleman compares Uber to serverless by describing the parallels between each phase in the evolution of car ownership to hailing a driver from a ride-share app.

Serverless Tutorials 🏗

How to include SNS and Kinesis in your e2e tests
SNS and Kinesis are common components in our event-driven serverless applications. However, testing them can be a bit tricky. Yan Cui walks you through some ways to accomplish this.

Building an Event-driven Pipeline in AWS Using Serverless
Kyle Galbraith shows you how to build an event-driven pipeline using S3 and Lambda. It’s also a good intro to event-driven architecture.

Shifting Your Node Express APIs to Serverless
John Papa’s incredibly thorough tutorial on converting your existing Express apps over to Azure Functions.

GO AWS Development with Serverless Application Model-SAM to start functions locally
Yunus Kılıç’s third article on building and deploying serverless functions with SAM and GO.

How to test a serverless API using AWS serverless Gradle test runner
If I’ve said it once, I’ve said it a million times (I think I said this last week too), I’ve never seen two deployment pipelines that look the same. This example focuses more on the API testing side of things, but as you will see, they have their own unique process.

.NET Core serverless CI/CD on AWS using CodePipeline and CloudFormation
Kaveh Azad gives you a complete CI/CD solution for .NET Core apps using AWS CodePipeline. The CloudFormation template is included, so you could adapt this for other runtimes as well.

How to build HTTP REST APIs with AWS + Serverless Framework
Here is a simple tutorial (in Java) for how to build and deploy a serverless API.

Part 2: How Far Out is AWS Fargate?
Go with Lambda when you can, but if you need containers, Fargate is a much simpler alternative to the likes of Kubernetes for container orchestration and management. Michael Lavers shows you how to deploy a simple Flask app to demonstrate how easy it is to get started with Fargate.

How to Create a REST API with Azure Functions and the Serverless Framework – Part 1
The Serverless Framework has made some significant improvements to the serverless-azure-functions plugin, so building on Azure is even simpler. Check out this tutorial to see how you can use the framework to build your first REST API using Azure Functions.

Serverless Security 🔒

Automating AWS Guard Duty Enrollment
Dane Fetterman wrote a tool to help you enroll a member account in AWS Guard Duty on a master account. The scripts run as Lambda functions, kicked off by a Step Function that lives behind API Gateway.

Simple Voice-Command SQL Injection Hack into Alexa Application
And here I thought ordering 100 rolls of toilet paper from your friend’s Alexa was a vulnerability. I think this is an interesting attack vector, though it likely requires some pretty bad coding on the backend. Ultimately, voice-enabled devices translate your commands into text to be processed. Taking the same precautions as you normally would should be more than enough to mitigate this kind of vulnerability.

A Purple-Team View of Serverless and GraphQL
Abhay Bhargav has a presentation on serverless security and how you probably want to manage your own serverless GraphQL endpoints (instead of using frameworks). There are other solutions out there for serverless GraphQL (namely AWS AppSync), but this presentation does outline a number of risks to be aware of.

How Are Serverless Applications Attacked?
Serverless is, by default, a lot more secure than traditional infrastructures, or even self-managed cloud architectures. However, it bears repeating that the vast majority of vulnerabilities now fall on the quality of the application code. Having a good system in place to provide AppSec in the serverless world is probably insurance worth having.

Serverless Reads 🤓

Loud Narrative on Cloud Native
I love a good rant. Raman Sharma has some thoughts (and criticisms) on some common definitions of “Cloud Native”.

Applying Code-Splitting to AWS Lambda
Running experiments to find new and interesting ways to optimize serverless is a hobby of mine too. Matt Tyler played around with code-splitting in Lambda, and although I don’t think this would create a worthwhile optimization, the idea was definitely worth pursuing.

Review: Amazon Aurora Serverless – A cloud-native and production-ready relational database?
Andreas Wittig gives his review of Amazon Aurora Serverless. This article outlines some of the benefits and limitations, and for the most part I agree. However, I do think the pricing is justified given the Multi-AZ availability and failover support that comes out of the box with Aurora Serverless. In order to achieve this with provisioned Aurora, you’d need to set up multiple instances which actually costs you more.

A top Microsoft cloud exec says that the company wants more customers to try out serverless computing, the ‘best way to do compute’
It looks like Microsoft is going all in on serverless too! Microsoft Azure CTO, Mark Russinovich, explains why serverless is the future of cloud computing. “We don’t want customers to stay out of the best way to do compute, and serverless is the best way to do compute.” I’d have to agree. 😉

Serverless September Content Collection
#ServerlessSeptember is in full swing, and Jan Schenk has put together a collection of all the great posts the Azure community is providing.

Tips and tools to achieve a serverless DevOps workflow
Kurt Marko outlines some of the basics of CI/CD and what the evolution of serverless means for your DevOps workflows.

Exclusive Research from Sumo Logic Reveals Multi-Cloud on the Rise and Open Source Technologies like Kubernetes is Disrupting the Modern Application Stack
This multi-cloud thing is not surprising to me, especially since I assume enterprises are more likely to hedge their best against the public cloud. Maybe this make sense for enterprises, but if you’re a startup or a mid-size company, I really think you’re handicapping yourself by going this route.

When you’ve got a long commute… 🚗

Serverless Chats – Episode #14: Serverless CI/CD for the Enterprise with Forrest Brazeal
In this episode, I chat with Forrest Brazeal about the CI/CD challenges facing enterprises, how to take a pragmatic approach to building pipelines for your serverless projects, and what tools are available to help you.

The Serverless Smarts Podcast – Ft. Erez Berkner, Visibility and Serverless Security
In the latest edition of the Serverless Smarts Podcast, Hillel Solow is joined by Erez Berkner from Lumigo to discuss visibility as a means to achieve better security, who is responsible for security – cloud provider or cloud customer, and edge computing in serverless.

Aleksandar Simovic AWS Serverless Hero Interview at Serverless Days Belgrade 2019
AWS Serverless Hero Aleksandar Simovic shares his thoughts on serverless during an interview at Serverless Days Belgrade.

Danilo Poccia AWS Principal Evangelist Interview at Serverless Days Belgrade 2019
Danilo Poccia talks about how to get started with serverless, its major benefits, and what some AWS customers are doing with it.

When you’re curious what the AWS devs have been up to… 👷‍♀️

Introducing NoSQL Workbench for Amazon DynamoDB — Now in Preview
This has definitely got some promise. I played around with it a bit and there are definitely some quirks (like I couldn’t figure out how to create a Local Secondary Index through the GUI), but I think this will go a long way to helping people create data models with DynamoDB. Read more about it here.

Announcing AWS PrivateLink support for Amazon Rekognition
Great update for everyone stuck in a VPC, though I still think the pricing for a NAT Gateway works out better if you need to access multiple services like this.

New Quick Start deploys clickstream analytics on the AWS Cloud
I really like these Quick Starts that AWS is putting out. You certainly don’t need to follow them exactly, but having the reference architecture out there is super helpful.

AWS Marketplace Makes It Easier to Deploy Lambda Functions with AMIs
You can now deploy your AMI-based solutions along with Lambda functions that interact with them, all with one CloudFormation template.

Serverless Tools 🛠

SAMWise (Beta)
Erik Peterson from CloudZero decided to build a SAM wrapper that makes deploying serverless applications easier. Inspiration struck while watching Lord of the Rings.

you-dont-need/You-Dont-Need-Lodash-Underscore
Not really a “serverless” tool, but reducing dependencies in your serverless functions is always a good idea to minimize package sizes and third-party vulnerabilities. If you’re building with Node.js, these handy native solutions can save you from leaning too heavily on your favorite utility libraries.

Noiiice Blog
Noiiice is a fully serverless blog platform with server-less side rendering. All services run on Amazon Web Services. The webapp is a Nuxt.js app served from a Lambda function using serverless-http through API Gateway.

dynamo-cassandra-proxy
If you really love managing Cassandra rings and needing an entire team to keep it up and running, as opposed to the fully-managed DynamoDB platform, here is a tool to help you easily take a step backwards. 😬

Thoughts from Twitter 🐦

#StrangeButTrueCloudFacts… (a thread) ~ Forrest Brazeal
Forrest provides us with nine interesting #StrangeButTrueCloudFacts. He ends his thread with an announcement of a book deal. Congrats to him!

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

September 18, 2019 – Our Serverless Journey – Dev Team Retrospective (Webinar)

September 19, 2019 – IOpipe and Mapbox Webinar: Visualizing critical, location-based metrics on serverless

September 20, 2019 – Serverless Transformation: An Online Panel Discussion

September 26, 2019 – Increasing Serverless Development Velocity (Webinar)

October 2, 2019 – Deep Dive on Amazon EventBridge (Webinar)

October 3, 2019 – How to Leverage Serverless to Optimize for Cost and Performance (Webinar)

October 7-9, 2019 – Serverlessconf 2019 in New York City

October 14-16, 2019 – Serverless Architecture Conference Berlin

October 24, 2019 –  ServerlessDays Stockholm

October 30, 2019 – Retail at the Scale of Serverless with AWS – Webinar

February 27, 2020 – Serverless Nashville – The CFP is now open!

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Peter Sbarski (@sbarski). Peter is the VP of Content at A Cloud Guru, an AWS Serverless Hero, and he runs Serverlessconf (which is happening in NYC this October, BTW). Plus, he wrote a book about Serverless architectures on AWS, he’s a frequent speaker himself, and he’s one heck of a teammate for live Twitch coding challenges. 😉 The team over at A Cloud Guru is doing some amazing work helping to teach people about the cloud and serverless, and Peter is one of the driving forces behind it. Thanks for all you do, Peter (and we’ll take down Munns at re:Invent)! 🙌

Final Thoughts 🤔

Lots of really interesting things happening in the serverless ecosystem. It’s encouraging to see serverless shops like Stackery pushing forward with a new CEO and IOpipe getting recognized by Gartner. Plus, the Serverless Framework has been rapidly releasing features as part of their new full-lifecycle approach, as well as making a ton of improvements to their Microsoft Azure plugin. And speaking of Azure, there has been a huge push for serverless from Microsoft lately that is also great for the community. The more exposure it gets, results in faster adoption, faster innovation, and hopefully, more tools to make serverless even easier to use.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.

Until next time,
Jeremy

Share this newsletter with your friends and coworkers!


Off-by-none is a weekly email newsletter that focuses on the technical details of building applications and products in the cloud using serverless technology. Together we can become better developers and product people by making fewer mistakes as we learn from each other. Off-by-none is the idea that we can become exceptional at what we do, if we are willing to put in the work. Join me on this journey as we help the community work to develop best practices, share our ideas, and learn to build better cloud-based software.

Sign up below and get Off-by-none delivered to your inbox every Tuesday.

I respect your privacy and I will NEVER sell, rent or share your email address.