Tag: api - Jeremy Daly

Throttling Third-Party API calls with AWS Lambda

Posted in How To & Serverless on February 2, 2019

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

🚀 Project Update: October 10, 2018

Lambda API: v0.8.1 Released

Lambda API v0.8.1 has been released to patch an issue with middleware responses and a path prefixing options bug. The release is immediately available via NPM. Read More...

🚀 Project Update: May 18, 2018

Lambda API: v0.6 Released

v0.6 is all about making the serverless developer's life easier! New support for both callback-style and async-await in route functions and middleware, new HTTP method routing features, and route debugging tools. Plus Etag support and automatic authorization parsing. Read More...

🚀 Project Update: April 26, 2018

Lambda API: v0.5 Released

v0.5 takes advantage of AWS Lambda's recently released support for Node v8.10 and has removed its Bluebird promise dependency in favor of async/await. Lambda API is now faster and adds built-in CORS support, additional wildcard features, new HTTP header management methods and more. Read More...

🚀 Project Update: April 2, 2018

Lambda API: v0.4 Released

v0.4 adds support for a number of standard use cases while still keeping it as lightweight and unopinionated as possible. This new release adds Static & Binary File Support, Route Prefixing, and more. Read More...

🚀 Project Update: March 21, 2018

Lambda API: v0.3.0 released

v0.3.0 adds JSONP support, cookie lifecycle management, and some additional updates, inching it closer to becoming a full-featured web framework for serverless applications. ⚡️🤘🏻 Read More...

🚀 Project Update: March 1, 2018

Lambda API: v0.1.1 patch released

Thanks to a bug report, a patch has been released that fixes an issue with querystrings in API Gateway path event parameters. Read More...

Securing Serverless: A Newbie’s Guide

Posted in Programming & Serverless
Last Updated: March 30, 2020

So you’ve decided to build a serverless application. That’s awesome! May I be the first to welcome you to the future. 🤖 I bet you’ve done a lot of research. You’ve probably even deployed a few test functions to AWS Lambda or Google Cloud Functions and you’re ready to actually build something useful. You probably still have a bunch of unanswered questions, and that’s cool. We can still build some really great applications even if we only know the basics. However, when we start working with new things we typically make a bunch of dumb mistakes. While some are relatively innocuous, security mistakes can cause some serious damage.

I’ve been working with serverless applications since AWS launched Lambda in early 2015. Over the last few years I’ve developed many serverless applications covering a wide range of use cases. The most important thing I’ve learned: SECURE YOUR FUNCTIONS! I can tell you from personal experience, getting burned by an attack is no bueno. I’d hate to see it happen to you. 😢

To make sure it doesn’t happen to you, I’ve put together a list of 🔒Serverless Security Best Practices. This is not a comprehensive list, but it covers the things you ABSOLUTELY must do. I also give you some more things to think about as you continue on your serverless journey. 🚀

How To: Build a Serverless API with Serverless, AWS Lambda and Lambda API

Posted in Lambda API, Programming & Serverless
Last Updated: March 30, 2020

AWS Lambda and AWS API Gateway have made creating serverless APIs extremely easy. Developers can simply create Lambda functions, configure an API Gateway, and start responding to RESTful endpoint calls. While this all seems pretty straightforward on the surface, there are plenty of pitfalls that can make working with these services frustrating.

There are, for example, lots of confusing and conflicting configurations in API Gateway. Managing deployments and resources can be tricky, especially when publishing to multiple stages (e.g. dev, staging, prod, etc.). Even structuring your application code and dependencies can be difficult to wrap your head around when working with multiple functions.

In this post I’m going to show you how to setup and deploy a serverless API using the Serverless framework and Lambda API, a lightweight web framework for your serverless applications using AWS Lambda and API Gateway. We’ll create some sample routes, handle CORS, and discuss managing authentication. Let’s get started.

🚀 Project Update: January 28, 2018

Lambda API: v0.1.0, first stable version released

After a lot of testing in a real world application, and with a few minor updates from a pull request, the first "stable" version of Lambda-API is now available. 🤘🏻 Read More...