Off-by-none: Issue #18

Happy (Serverless) New Year! 🎉

Welcome to Issue #18 of Off-by-none. It’s 2019, and it’s going to be a great year for serverless! 🙌

Last week we looked at the new WebSocket support for API Gateway, saw some more serverless love from startups, and I argued that we should Stop Calling Everything Serverless! This week we’re going to reflect back on 2018, I’ll share my 2019 plans for Off-by-none, and we’ve got plenty of great stories from the community.

Let’s jump right in. It’s going to be another busy year! 👨🏻‍💻👨🏻‍🔬👨🏻‍🎨👨🏻‍🏫

When you need to look back so you can look forward… 🔭

2018 was quite a busy year. Being the CTO of a startup certainly keeps my to-do list full, plus I consulted for several additional companies in the serverless space. However, my passion for creating, writing and helping out others (or at least trying to) is too powerful a force to keep contained.

Even though I have been blogging for quite some time, last year was when I started writing almost exclusively about serverless. I also spent time working on some open source projects and thinking about new ones I’d like to create. I thought it would be a proper exercise to look back at all the things I worked on last year, reflect on what was helpful, and then plan to do more of that in 2019.

In January, I launched the first stable version of Lambda API and then wrote How To Build a Serverless API with Serverless, AWS Lambda and Lambda API. Soon thereafter, I created Securing Serverless: A Newbie’s Guide to capture some serverless security best practices for those just starting out.

Then I shared some tips on How To: Manage RDS Connections from AWS Lambda Serverless Functions as well as How To: Stub “.promise()” in AWS-SDK Node.js. I weighed in on Solving the Cold Start Problem and proposed some additional solutions with How To: Optimize the Serverless Optimizer Plugin. I also came up with a list of 10 Things You Need To Know When Building Serverless Applications.

I did some more security research and wrote about Event Injection: A New Serverless Attack Vector and then shared 5 Reasons Why Your Serverless Application Might Be A Security Risk. I ran some experiments using Serverless Consumers with Lambda and SQS Triggers as soon as AWS announced support. I also started to share serverless microservice concepts and published Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices.

In July, I met Chris Munns for the first time and wrote 15 Key Takeaways from the Serverless Talk at AWS Startup Day. This gave me more insight into the cold start issue, so I created the open source package, Lambda Warmer, so you could Optimize AWS Lambda Function Cold Starts. I then shared some thoughts on Thinking Serverless (Big and Small) and why serverless is great for workloads of all sizes.

As I converted several workflows over to serverless applications, I started making use of tags to keep things organized. I captured my best practices in How To: Tag Your Lambda Functions for Smarter Serverless Applications. The more I wrote about serverless, the more people I found in the community, so I published my list of Serverless Peeps You Need To Follow. 😃

I put together a guide on How To: Add Test Coverage to your Serverless Applications, and then wrote a fictional story called A Tale of Two Teams, about two startups that made vastly different technology choices (serverless versus containers). It was fun to write and there was a lot of interesting feedback. Next up was Aurora Serverless: The Good, the Bad and the Scalable, an in-depth look at AWS’s new “serverless” MySQL database offering.

In August I published Serverless Microservice Patterns for AWS, which is a really handy resource. It eventually made its way to #7 on Hacker News and crashed my site. FYI: WordPress does not scale. Speaking of scaling, I created a solution for Managing MySQL at Serverless Scale with the open source serverless-mysql NPM package. I’ve been using it in production ever since.

In September I launched Off-by-none! It’s been quite a bit of work, but all of your feedback has been incredibly encouraging (more on this later). I then shared a piece called Serverless Security: Locking Down Your Apps with FunctionShield, and wrote up An Introduction to Serverless Microservices. In What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I shared some thoughts about AWS’s new execution limits and why it’s an important step forward.

I also shared some Takeaways from ServerlessNYC 2018, took a first look at the Aurora Serverless Data API, and then spent a week in Las Vegas for AWS re:Invent. My re:Capping re:Invent: AWS goes all-in on Serverless post explains why AWS is lightyears ahead of other providers in the serverless space. I also shared a serverless tip so you Don’t overpay when waiting on remote API calls, and I finished up the year with my Stop Calling Everything Serverless rant.

I’m exhausted just thinking about all that, but at the same time, I’m super excited for 2019. I received a tremendous amount of constructive feedback, met some really amazing people, and learned a ton in the processes. I’ve got plenty of content planned for this year, most of which will be highly practical so that you can apply the concepts straight away. I’m also working on a course or two, plus some other creative ways to talk about and explore serverless applications and the methodology used to build them. I’m hoping you’ll find all of this useful.

When you’re wondering what’s next for Off-by-none… 🧙‍♂️

When I first launched Off-by-none, it was a bit of an experiment. I wanted to create a sort of “un-newsletter”, something that was more interactive than just some links to recent articles, blog posts, and handy tools. Don’t get me wrong, I love getting my weekly newsletters, and there are plenty of good ones to choose from, but I still think we can do something even bigger and more helpful.

Don’t worry, I’m still going to write the weekly newsletter, but in the next couple of weeks, Off-by-none will be launching its own site. This new site will host archives, resources, and plenty of additional ways for the community to interact, contribute, and help steer the conversation. I’m really excited about this and the possibilities it creates. I still believe that Off-by-none is about working together to build better cloud-based products, so I’m hoping this new site will open it up to a bigger audience and help to expand the serverless community.

When you’ve heard enough about me and just want some good serverless content… 📚

Gal Bashan over at Epsagon wrote The Hitchhiker’s Guide to Serverless. Earlier this year we talked quite a bit about the serverless echo-chamber and how foreign some of these concepts are to those that are new to serverless. Gal outlines a number of key components that make up serverless applications and explains what they are and when to use them.

Getting started with AWS Lambda Layers for Python is a new post from Adrian Hornsby that lays out the basics for harnessing the power of Lambda Layers. Lots of really good stuff in here.

I also came across Contemporary Views on Serverless and Implications by Subbu Allamaraju the other day. Subbu is an engineer with Expedia and wrote this really interesting piece about the differing views of serverless and the conflicting nature of the term. Another piece that shows just how much further we have to go to bring serverless to the masses.

Syed Jaffry, a solutions architect at Amazon Web Services, wrote a really great article regarding Best practices for securing sensitive data in AWS data stores. When we’re building serverless applications (or any application in the cloud), understanding how to keep sensitive data secure is extremely important. This piece gives you an overview of some general security patterns that you can use. Definitely worth the read.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erik Peterson (@silvexis). Erik is the Founder and CEO of CloudZero (@cloudzeroinc), a startup that helps you monitor your cloud computing costs. Erik has been building on AWS for over a decade, he’s a frequent speaker at conferences and meetups, and is a regular contributor to the CloudZero blog. He’s a big proponent of #FinDevOps, which is all about leveraging cost as a first class metric when designing serverless systems. Serverless applications generally have a lower TCO than most traditional applications, so it’s good to have people like Erik think through how cost affects our organizations up and down the value chain.

Final Thoughts 🤔

Last year was quite a whirlwind. There were so many amazing advancements in the serverless space, that it’s hard to keep track. AWS announced a number of new services that will be available in 2019, plus I’m hoping that other cloud providers will continue to invest heavily in this space as well. I’m thinking that 2019 is going to be a very good year for the serverless community. ⚡️

I plan on producing lots of serverless content this year, plus I’m co-organizing ServerlessDays Boston on March 12, 2019, and I hope to do some speaking as well. I look forward to spending 2019 with all of you!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none even better.

Here’s to 2019, 🍾🥂
Jeremy

Off-by-none: Issue #17

WebSockets are so hot right now…

Welcome to Issue #17 of Off-by-none. Thanks for being here! 👋

Last week we talked about when to optimize our apps and discussed what the term “serverless” actually means. This week I’ll share some more thoughts on that, plus we’ll explore the new API Gateway WebSocket support, share some great serverless articles, and look at a few more announcements from the world of serverless.

Let’s get to it. 😀

What to do when you want to call every managed service and SaaS app “serverless”… 😳

Maybe let’s not. Last week there was a bit of Twitter chatter about what “serverless” actually meant. Is it a technology, a compute model, an architectural pattern, a spectrum, an operational construct? I contend that it can’t be all of these things. I went into rant mode and wrote a post called Stop Calling Everything Serverless! It’s quite a long post, but I think it’s important that we don’t overload the term to the point that it no longer has any meaning.

In my opinion, serverless is a methodology for planning, building, and deploying software in a way that maximizes value by minimizing undifferentiated heavy lifting. It touches everything up and down the value chain, not only affecting how engineers approach development, but also influencing product strategy, design, budgeting, resource planning and much more.

I got a lot of feedback on this post. Several people disagreed with me, but I think it is a healthy debate. I’d love to hear your feedback as well.

When you’re looking for a reason to use serverless WebSockets just because you can…

AWS finally released support for WebSocket APIs in Amazon API Gateway. Which is very cool. I spent some time playing around with them and the implementation is really good. I can see lots of great use cases for this.

If you want to get a thorough walk-through of how they work, George Mao from AWS has a webinar that covers Building Real Time Applications using WebSocket APIs Supported by Amazon API Gateway.

There is also a simple-websockets-chat-app available on GitHub that you can launch using SAM. Or if you prefer, you can start Using API Gateway WebSockets with the Serverless Framework. Jared Short shows you how to use the new serverless-websockets-plugin, plus gives us a really cool DynamoDB streams pattern that we can use in all sorts of scenarios. 🤘🏻

When you realize that serverless and startups are a perfect match… 💖

Serverless and startups, the beginning of a beautiful friendship by Slobodan Stojanović, takes us through how he and his team built Vacation Tracker using serverless and a hexagonal architecture. He’s not the first to say it, but it’s certainly worth repeating: serverless give startups a huge advantage.

Speaking of Slobodan, he and Aleksandar Simović have finished their book: Serverless Applications with Node.js. Definitely worth taking a look if you’re building your serverless apps with Node.js.

If you’re looking for other startups that bet big on serverless, check out SQQUID: a 100% serverless startup. It seems like there are more and more stories like this every day.

When you can’t get enough serverless input… 🤖

Michael Vargas wrote a great piece about Using Design Patterns with AWS Lambda. Some good lessons in there about separating our business logic from the cloud provider’s interface.

Yan Cui shares his Thoughts on the Serverless Announcements at re:Invent 2018. He also lays out some Considerations for the Beginner Serverless Developer. Good place to start for those of you just getting into serverless.

I’ve spent some time working with the new Lambda support for Application Load Balancers, and there are plenty of pitfalls in there. If you’re interested in finding out more, Jeremy Thomerson has got you covered with his post API Gateway vs Application Load Balancer—Technical Details.

Serverless & SaaS — Part 1: The New Build Versus Buy by Tom McLaughlin is an interesting piece that advocates the use of SaaS products over AWS building blocks whenever possible. It might be easy to glue services together, but that doesn’t mean that your team has the right domain expertise.

Building sandcastles and securing WordPress by James Beswick is a great piece that talks about the state of content management and how it is starting to evolve to serverless backends. WordPress may be the 800 pound guerrilla, but James contends that its days may be numbered.

When you’re looking beyond relational database patterns… 🤓

How to use Amazon DynamoDB global tables to power multi-region architectures by Adrian Hornsby is a pretty cool look at how to geographically disperse your applications for lower latency and disaster recovery.

And if you’re looking for more DynamoDB goodies, Faux-SQL or NoSQL? Examining four DynamoDB Patterns in Serverless Applications by Alex DeBrie is great way to expand your mind and start drinking the NoSQL Kool-Aid.

“Serverless” CQRS using Azure Event Grid and Durable Functions by Duncan Edwards Jones, is great primer on the CQRS pattern and how you could apply that to your serverless applications. Decoupling commands and queries makes for a tremendously scalable approach.

When you’re looking for some more hands-on serverless tutorials…

Angela Wang put together A curated collection of hands-on workshops for learning AWS. There’s a few great serverless ones in there, but plenty of other AWS services are covered too.

Authentication & Authorization in GraphQL with AWS AppSync (MOB402) with Karthik Saligrama is another awesome re:Invent talk. If you’re using AppSync, I really hope you’ve got your authentication locked down. You might want to double check after you watch this video.

Eric Hammond has some ideas on Using AWS SSM Parameter Store With Git SSH Keys. Interesting approach that you might find useful.

And Marcia Villalba released a new video: Lambda layers with Serverless Framework and good practices.

When AWS keeps pumping out new features… 🏭

I was all excited when they introduced AWS Client VPN to Securely Access AWS and On-Premises Resources. Too bad the pricing is quite ridiculous.

Amazon Route 53 Adds Alias Record Support For API Gateway and VPC Endpoints, so no more additional Route 53 charges when mapping your domains to your regional or edge-optimized endpoints.

Amazon DynamoDB Accelerator (DAX) Adds Support for DynamoDB Transactions, which closes the open loop with the new DynamoDB transactions.

Amazon DynamoDB Increases the Number of Global Secondary Indexes and Projected Index Attributes You Can Create Per Table. For those of you that found five global secondary indexes to be too few, now you automatically get 20. Plus you can always ask for more if you need them.

Plus, a New SAM PUBLISH Command Simplifies Publishing Applications to the AWS Serverless Application Repository. This is a nice little addition. Hopefully we’ll see more apps in the repository soon.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex DeBrie (@alexbdebrie). Alex is a big part of the team over at Serverless, Inc., you know, the ones that brought us the amazing Serverless Framework ⚡️. Alex is constantly working to bring us new features to make our lives easier as serverless developers. He is a regular contributor to the Serverless blog, but has also started posting some great stuff to his personal blog as well. I’m looking forward to keeping up with his content and his continued work on the Serverless Framework.

Final Thoughts 🤔

WebSockets are awesome, I just need to find a reason to use them with some of my apps 😂. But seriously, there are a few use cases that are still beyond the scope of serverless. All the recent additions to DynamoDB, plus now with WebSockets, that list is getting smaller every single day. I’m really excited about what the future of serverless holds, just so long as we don’t keep misappropriating the term. 😉

🎄 Merry Christmas and Happy Holidays to all of you! I wish you all a happy, healthy and prosperous new year!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always incredibly helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

See you next year,
Jeremy

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Off-by-none: Issue #16

Premature Serverless Optimization…

Welcome to Issue #16 of Off-by-none. Thanks for joining us. 🤘🏻

Last week we looked at Lambda Layers and custom runtimes. This week we’re going to talk about when we should worry about optimizations, plus highlight some recent discussions about the term “serverless” and what that actually means. We’ve also got some interesting articles, several product announcements, and (somehow) more stuff from re:Invent.

Let’s get started. 👍

When you spend too much time optimizing the wrong things… ⚙️

Mark Schwartz published an article on the AWS Cloud Strategy Blog entitled: Micro-Optimization: Activity-Based Costing for Digital Services? In it he outlines the fact that we can now meter individual units of compute to analyze costs. Simon Wardley (and others, including me) have been talking about capital flow for quite some time. Erik Peterson over at CloudZero uses the term FinDevOps to described it. But knowing your costs is different than trying to prematurely optimize them.

I wrote a post last week about the potential to overpay when waiting on remote API calls. This was a micro-optimization, and for my use case and company, it made sense. However, there are two slippery slopes that this type of fine-grained metering can introduce. The first is to tie your costs directly to customer pricing. Some services make sense to use metered billing, but don’t let this level of cost granularity influence the value your service provides to customers.

Second, is premature optimization. Compared to building and maintaining your own systems, cloud computing is ridiculously inexpensive, especially when you’re starting out and haven’t achieved significant scale. Don’t waste your developers’ time trying to shave off nickels and dimes from your bill. Focus on creating more value by delivering and iterating on features faster and worry about cost optimizations later.

Choosing serverless, however, is a MACRO optimization. I have some thoughts on that.

When you’re still confused by what serverless actually means… 🤷‍♂️

You’re not alone. Ben Kehoe called serverless a spectrum at one point, CloudZero wrote a post about it. AWS calls it an operational construct. Simon Wardley has his definition. Jeff Hollan wasn’t happy with the mischaracterizations in this paper that argues that current serverless offerings are “a bad fit for cloud innovation.” And Paul Johnston says that teaching people to do serverless is hard because it’s not about technology, but culture.

I have plenty of my own thoughts on this as well, but one thing is for sure, this debate won’t be settled any time soon. Regardless of the exact definition, I believe many of us “know it when we see it” and are starting to embrace the benefits it brings. And if you’re looking for some of those benefits, Zack Kanter makes the business case for serverless in his new post on TechCrunch.

What to do when you’re looking for some light serverless reading… 📚

Ory Segal published some Security Considerations for AWS Lambda Runtime API and Layers. AWS does a lot to protect you and your application from security issues, opening up custom runtimes, while a good thing, means more to consider from a security standpoint. Read this post to get an idea of some of these new risks.

Serverless Latency has been a common objection amongst the anti-serverless crowd for quite some time. Tim Bray dives deep into this and gives us some things to think about regarding state hydration, database considerations, and how we should really be thinking/talking about latency in our applications.

Yan Cui (AKA The Burning Monk), talks about Holistic Problem Solving using serverless. Yan just wrapped up his Production Ready Serverless course, which is a favorite among many of us in the serverless community.

For more on custom runtimes in Lambda, you can check out Adnan Rahic’s crash course on Serverless with AWS – Running Node.js 11 on Lambda. But just because it’s possible, doesn’t mean it’s a good idea. 😃

When you’re looking for more serverless announcements… 📣

Serverless, Inc. announced the release of the Serverless Framework v1.35. Good news for you Ruby folks, plus support for cross-region CloudFormation outputs and a bunch of bug fixes.

AWS announced that Amazon SQS now Supports Amazon VPC Endpoints using AWS PrivateLink. It’s a pain to need NATs just to connect to some AWS services, so for bunkered apps, this removes another external call to the Internet.

AWS also announced support for nested applications for AWS SAM and the AWS Serverless Application Repository. Nested applications were announced at re:Invent, but now that AWS SAM supports them, I’m guessing we’ll see some interesting use cases emerging. Easier reusability in our serverless applications is a big deal.

If you really want to geek out, there’s a post on How to use the new Amazon DynamoDB key diagnostics library to visualize and understand your application’s traffic patterns. Not sure I would spend a lot of time with this one, but it’s nice to know it’s there if you need it.

Beyond some of these bigger announcements, there were also quite a few Invisible Improvements made by AWS. Alex DeBrie broke them all down for us in his new post.

When weeks go by and we’re still talking about re:Invent…

It seems that no matter how many hours you’ve spent watching re:Invent videos and reading recaps, there’s always more to discover. There’s another post here that lists several great talks, and here are two more that I really enjoyed.

Accelerate Innovation & Maximize Business Value w/ Serverless Apps (SRV212)
Linda Lian talks about how Amazon thinks about serverless. It’s explained as an operational construct, rather than an architectural model or a way to think about packaging and deploying code. Christopher Dixon from Comcast then shows us how Xfinity used serverless to integrate Netflix streaming into their set top boxes. Pretty cool stuff.
Watch the talk

CI/CD for Serverless and Containerized Applications (DEV309)
Clare Ligouro, Principal Engineer at AWS Container Services walks us through the three pillars of releasing modern applications. Lots of great information in here about blue-green and canary deployments, plus how to use Lambda to add verification hooks and automatically rollback ones that fail.  Watch the talk

Also, if you want a bit of an inside look at re:Invent, check out Marcia Villalba’s video series on her Foo Bar channel. She interviewed a lot of people, so it’ll be great when the full versions come out. Maybe start with Day 2 if you want to see a snippet of yours truly. 😉

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ory Segal (@orysegal). Ory is the CTO and Co-Founder of PureSec, a serverless security platform. Beyond their core product, Ory and his team are responsible for a number of innovations around serverless security. These include their free FunctionShield and Least Privileged Role Generator tools for Lambda, their creation and contribution to the OWASP Serverless Top 10 project, and their collaboration with AWS to bring application security to Lambda using Layers. Ory is also active on the PureSec Blog and just launched a new eBook all about AWS Lambda Security Best Practices. Serverless empowers developers to build and release software quickly, but that can introduce significant security risks. I feel much better knowing that Ory is watching our backs. 👀

Final Thoughts 🤔

The more popular “serverless” gets, the more people try to overload the term and subscribe it to everything. I’m a firm believer that serverless is not a buzzword, and that it means something very specific, even if the definition continues to be blurred by marketing departments. If I thought this was just an argument about semantics, then I’d probably let it go. But I think there is more to it than just that, and that the distinction will become important. More thoughts to come on this.

I hope you’ve enjoyed this issue of Off-by-none. All of your feedback and suggestions are incredibly helpful, so please keep them coming. Reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

Until next time,
Jeremy

Off-by-none: Issue #14

re:Capping re:Invent…

Welcome to Issue #14 of Off-by-none. I just spent a week in Vegas at AWS re:Invent and have I got a lot to share with you!

Last week we pondered if RDBMS were a good fit for serverless, overcame some common serverless objections and geeked out over serverless security. This week we’ll recap re:Invent, take a look at some of the amazing sessions and speakers, and review another 7,000 AWS product announcements (or something like that).

Buckle your seatbelt and let’s get started! 🏎

What to do if you’re suffering from re:FOMO… 😿

Unless you’ve been asleep for the last several months, you’re probably aware that AWS threw quite the shindig last week in Las Vegas. If you weren’t able to attend, don’t worry about it, we’ve got you covered. Because remember, what happens in Vegas, ends up on the Internet.

re:Capping re:Invent: AWS goes all-in on Serverless is my post that outlines some of the key announcements and what they all mean. I think I learned enough to write several books, so expect more posts to be coming.

What I learned from AWS re:Invent 2018 by James Beswick is also another great recap with a warning for cloud consultants and an important message about TCO. Paul Swail asks the question, What new use cases do the re:Invent 2018 serverless announcements open up? (answers included, of course). And if you want to read about all the Serverless announcements at re:Invent 2018, Alex DeBrie and Jared Short from Serverless, Inc. give you the full rundown.

When you’re looking for some really good conference talks… 👨‍🏫👩‍🏫

Advanced Design Patterns for DynamoDB (DAT401) 🤯
Rick Houlihan gave one of the most impressive talks of the entire conference. There were so many insights in this session that it was hard to keep track. He said, “We invented relational databases because storage was expensive” and “When people say NoSQL is missing JOINs, you say you’re missing the point.” He stressed that modeling NoSQL is difficult because you need to know and understand your access patterns upfront. But once you do, you can create a single table that can support 20 or more access patterns with just two or three Global Secondary Indexes (GSIs). Seriously mind-blowing stuff. Plus he stressed using serverless to validate your products. One of his best quotes was, “Don’t fail fast, fail cheap.” This could be the best 60 minutes you ever spend.

Watch the talk and checkout Best Practices for DynamoDB

From Monolith to Modern Apps: Best Practices (SRV322) 🎸
Paras Bhuva and Tom Laszewski (with a little help from Fender’s VP of IT, Chris Ingraham) gave an excellent talk that outlined how enterprises are adopting serverless for a variety of use cases. Companies like Reuters and Hearst are using it for analytics, Finra is using it for fraud detection, and Expedia is using it for operations. Paras walks us through the design of a modern application and stresses that teams want/need to “reduce their undifferentiated heavy lifting.” It is a very interesting session that really highlights the power, speed, and diversity of serverless applications.

Watch the talk

Serverless Architectural Patterns and Best Practices (ARC305) 🗺
Drew Dennis and Maitreya Raganath gave another really interesting talk that explored some architectural patterns and best practices. I see many people struggle with their serverless application designs because they aren’t quite sure how to stitch together all the managed services to create efficient pipelines. This talk looks at several common patterns including those for web applications, stream data processing, and data lakes.

Watch the talk

Applying Principles of Chaos Engineering to Serverless (DVC305)
Yan Cui (aka @theburningmonk), gave an awesome talk on Chaos Engineering and how we can apply those principles to serverless. The topics in here are so good that I don’t think I can do it justice by trying to sum this session up. Just do yourself a favor and watch it.

Watch the talk

A Serverless Journey: AWS Lambda Under the Hood (SRV409) 👩‍🔧
Holly Mesrobian and Marc Booker took us on a deep dive into how Lambda actually works. Lots of really interesting information, but perhaps the best part of the talk was this…

Reducing the cold start VPC issue by using a secure tunnel with a remote NAT and no longer stealing hundreds of IPs from CIDR blocks in your VPC subnets? Yeah, that’s a pretty big deal.

Watch the talk

There were so many amazing talks that I can’t possibly list them all. Be sure to check out AWS’s playlist on YouTube for an extensive list of recorded sessions. You can also check out this post by Jennine Townsend that lists some of the more notable sessions.

Just when you think that AWS might be running out of ideas… 🚀

Nope. Not only does AWS continue to make massive investments in its global infrastructure, hardware components and product offerings, but it also continues to break through the limits of serverless computing. Here are some of the important serverless announcements from last week.

When you’re still looking for some more serverless content… 👍

Joe Emison wrote a really great article that discusses The Serverless Sea Change. The post goes deep into the impact that serverless can have on companies and outlines an example of the dramatic cost savings that can be achieved. He makes an astute point that “ten times more lines of code, is ten times more technical debt.” Spending more time researching and less time coding will make maintaining your serverless applications much easier and a heckuva lot cheaper. 💰

Marcin Zasepa pointed out that Version 3 of the AWS SDK for JavaScript is written in TypeScript, so that’s pretty cool. 🤓

If you’re looking to jump in and start using some new AWS features, you can learn How to publish and use AWS Lambda Layers with the Serverless Framework.

You can also learn What’s New with Serverless at AWS during a webinar on December 11, 2018 @ 2pm ET. There are a lot of new things happening, so this might be a good opportunity to get a crash course.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Corey Quinn (@QuinnyPig). Corey is a cloud economist that helps companies save money on their AWS bills. But he’s also the brains behind the Last Week in AWS newsletter, host of Screaming in the Cloud, occasional blogger, regular conference speaker, and all around nice guy. Don’t let the snark fool you, he is a huge proponent (and user) of serverless technologies, but also a vocal critic of AWS when necessary (which keeps them honest and on their toes). Corey shared this newsletter last week with his audience and many of you are reading this because of him. So here’s a huge thank you to Corey for helping me spread the serverless word. 🙌

Final Thoughts 🤔

This was another long one, but last week was a whirlwind of information and announcements that have cemented serverless as the future of cloud computing. I want to thank AWS and all the support staff that helped put together and run this amazing conference. And I also want to thank AWS for continuing to support their customers and pushing serverless innovation. The next few years are going to be really exciting.

I hope you’ve enjoyed this issue of Off-by-none. Your feedback is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

AWS just released enough products and features to keep us busy until next year’s re:Invent. So let’s go build some amazing serverless apps!

See you next week,
Jeremy

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Off-by-none: Issue #13

Live from AWS re:Invent…

Welcome to Issue #13 of Off-by-none. We’re coming to you LIVE from AWS re:Invent in Las Vegas!

Last week we looked at some clever use cases for Step Functions, revisited serverless microservices, and made the serverless case for startups. This week we rethink serverless+RDBMS, challenge the objections of laggards, protect ourselves from DoS and other attacks, and of course, look at some new AWS product launches.

So many amazing things to get to today, so let’s jump right in!

When you’re not sure if RDBMS and serverless mix… ☯

Many of us wished for RDS HTTP Endpoints, and the other day, AWS announced that you can now access your Amazon Aurora Serverless Database with the New Data API (Beta). No VPCs, no connection management, and automatic scaling with Aurora Serverless. Almost sounds too good to be true. 😳

And… it sort of is (for now). In Aurora Serverless Data API: A First Look, I share the results of a few experiments I ran as well as some of my initial thoughts on the implementation. TLDR; The latency is really bad and this isn’t ready for primetime. But like all things AWS, it’ll get much better before GA.

Is RDBMS in serverless applications even a good idea? Paul Johnston shares his thoughts on Serverless and Data Rigidity and argues that other technologies (like NoSQL) have removed the need for them. He’s not wrong, but there are still plenty of use cases that relational databases work well for. One thing we can definitely agree on: AVOID ORMs! 🙌

When you’re looking for some serverless inspiration… 💡

Serverless, Inc. is wrapping up #NoServerNovember with the re:Invent serverless virtual hackathon. Build a serverless app for a non-profit, feel good about yourself, and win some swag.

If you want to get a bit more complex, try building a chat application using AWS AppSync and Serverless.

Are you writing your code in Python? AWS SAM CLI just introduced the sam build Command that lets you easily package all your dependencies. Or you can learn How To Package External Code In AWS Lambda Using the Serverless Framework.

What to do when your boss won’t let you play with serverless… 👨🏻‍💻

James Beswick outlines five common objections to adopting serverless in his new post, Scared Serverless — How do you handle opposition from your IT group? Lots of ammunition in here if you find yourself needing to defend your (very wise) decision.

If they’re still not convinced, maybe this Twitter thread will help. Simon Wardley says, “The overwhelming output of most businesses is waste. Serverless is way larger than you think. More significant than cloud was.” It’s definitely worth the read (plus there’s maps).

When you realize you’re still responsible for securing your serverless application… 🔒

Avi Shulman from PureSec wrote a great post on Lambda DoS Mitigation Strategies. See how different invocation types and retry policies can be leveraged by attackers to wreak havoc on your serverless applications. Lots of practical tips in here including a number of best practices and tips to minimize your exposure.

Want to add even more security to your serverless app? Amazon API Gateway has added support for AWS WAF, which means no more creating regional endpoints and using your own CloudFront distribution. It still won’t prevent event injection, but it’s a good start.

And just when you think that npm audit will protect you from third-party package vulnerabilities, we discover another widely used open source software that contained a bitcoin-stealing backdoor. Luckily it only has 2 million weekly downloads. 🤦🏻‍♂️ A friendly reminder to minimize dependencies in your serverless applications.

What to expect when 50,000 AWS fans in Vegas are waiting for more product updates… 🚀

There’s only been one full day of re:Invent and AWS has already announced a number of products and services that are pushing serverless to a whole new level. I’ve heard a lot of whispers, so expect many more to come over the next few days. 🤘🏻

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Chris Munns (@chrismunns). Chris is a Principal Developer Advocate for Serverless at Amazon Web Services and a great resource for anyone working with (or interested in) serverless. He’s a regular speaker at events, an AWS blog contributor, a host on Serverless Bytes, and he also puts on the occasional webinar. Even though he works for AWS, he’s a huge advocate for serverless computing in general and will always jump into a good debate on Twitter. This week he’s not only giving a number of talks at re:Invent, but also finding some time to spend with members of the serverless community.

Final Thoughts 🤔

The buzz around serverless at re:Invent is absolutely amazing. Every session I’ve attended so far has been bursting with people that are either already using it in production, or are hoping to start. I know we are in a bit of bubble here, but it’s clear that AWS is continuing to make massive investments in serverless technologies and wants to continue to be the market leader. Exciting times ahead.

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always welcome and much appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps and enjoy the rest of re:Invent! ⚡️

I’ll be here all week😉
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks!

Aurora Serverless Data API: An (updated) First Look

Update June 5, 2019: The Data API team has released another update that adds improvements to the JSON serialization of the responses. Any unused type fields will be removed, which makes the response size 80+% smaller.

Update June 4, 2019: After playing around with the updated Data API, I found myself writing a few wrappers to handle parameter formation, transaction management, and response formatting. I ended up writing a full-blown client library for it. I call it the “Data API Client“, and it’s available now on GitHub and NPM.

Update May 31, 2019: AWS has released an updated version of the Data API (see here). There have been a number of improvements (especially to the speed, security, and transaction handling). I’ve updated this post to reflect the new changes/improvements.

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞 (Update May 31, 2019: There have been a ton of improvements, so read the full post.)

Continue Reading…

🚀 Project Update:

Lambda API: v0.9.2 Released

Lambda API v0.9.2 has been released and contains additional updates and fixes for the index.d.ts TypeScript declarations file. Thanks again to @hassankhan and @Wintereise for submitting the changes. The release is immediately available via NPM. Read More...

Off-by-none: Issue #11

After this, there is no turning back

Welcome to Issue #11 of Off-by-none. I’m happy that you’re here! 🙌

Last week we recapped ServerlessNYC and talked quite a bit about serverless adoption. This week we’re going to point out some more resources for those getting started, as well as offer up plenty of options if you’re looking to take the red pill and go down the serverless rabbit hole. 🐇

Here we go! 🕺

What to read when you want to amp up your serverless knowledge… 🔈

Danilo Poccia has written a free ebook, Agile Development for Serverless Platforms. This book is over 100 pages and has a great section on architectural patterns. There is plenty to learn from this free resource and it is well worth a look. 📖

The team over at Financial Engines wrote a guide to help us with managing disaster recovery with DynamoDB. AWS DynamoDB: Backup and Restore Strategies looks at both Point-in-Time Recovery and On-Demand Backups. Lots of useful information here including configuration and pricing. 👨🏻‍💻

Finally, Thundra published a great piece that shows us how to Debug AWS Lambda Node.js Functions in Production Without Code Change. I really like the idea of automated instrumentation as it cuts down the burden on developers and keeps your code a bit cleaner. It can also ensure we don’t lock ourselves in to a specific software vendor. 📈

When you want to get started with serverless… 🏋️‍♂️

There have been a lot of new “Getting Started with Serverless” posts this week. I really like that more people are starting to create this type of content. The more that’s out there, the more likely someone is to come across it and get to that serverless “aha” moment. If you’re new to serverless, here are a few posts to get you started:

And don’t forget that the #NoServerNovember Challenge (hosted by Serverless, Inc.) is still going on. These challenges will give you something interesting to work on and let you go beyond the standard “Hello World” tutorial.

When you’re not ready to give up RDBS with serverless… 🤓

In our inaugural issue we introduced the serverless-mysql package with my Managing MySQL at Serverless Scale post. David Zhang (@Zigzhang) has taken this even further and created a five part series to help others get started. In his first post, Serverless & RDBS (Part 1) — Set up AWS RDS Aurora and Lambda with serverless, David lays out some background, then gives you full examples to get you up and running.

He’s also published Part 2 (Set up EC2 instance to securely connect to your Aurora DB) and Part 3 (Set up database migrations with umzug) with the final two parts (Set up continuous deployment to migrate database with CircleCI and Set up local development environment with serverless-offline and Docker) coming soon. These are sure to be helpful guides for anyone looking to build serverless apps with RDBS backends.

Of course, re:Invent is right around the corner, so let’s hope we get HTTP endpoints for RDS! 😬

When you feel like there are a lot of conferences… ✈️

Speaking of re:Invent, it is less than two weeks away! 🎉 This is the first year that I’m attending so I’ve been looking for tips like this and this. I’m excited for some of the sessions I’m attending and will be at several events as well. If we haven’t connected already, please contact me so we can meet up.

In other conference news, Serverless Computing London is happening right now and it is chockfull of great speakers. Follow their Twitter feed to see some snippets from the event. Some of the slide decks have been posted as well, so check those out. I was looking at Timirah James’ Function Composition in a Serverless World talk, good stuff. Hopefully we’ll see the videos posted soon. ⚡️

Also, ServerlessDays BOSTON finally has a date! The event is scheduled for March 12, 2019 at the Microsoft New England Research & Development Center. More information about our call for papers and sponsorship opportunities is coming soon. 🎊

When you realize that AWS has no plans to slow down their serverless innovations… 🚀

AWS has released several new features recently that could have a profound impact on our serverless applications. Some of these are pretty exciting. Now just imagine what they are going to announce at re:Invent! Here are just a few of the recent updates:

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex Casalboni (@alex_casalboni). Alex is an AWS Technical Evangelist, Serverless champion, co-organizer of ServerlessDays Milan and the serverless meetup there, contributor to serverless open source projects, and a regular conference speaker spreading the serverless gospel. He also helps coordinate ServerlessDays conferences around the word, including helping me and the Boston team. Thanks for all you do, Alex!

Final Thoughts 🤔

As much as I still worry that serverless adoption will be slower than I had hoped, the amount of innovation and new faces in the community is really encouraging. I’m already aware of a few announcements planned for re:Invent, but I also know that there will be a ton more. Other cloud providers are also pushing serverless innovations, and I expect Google and Azure to be announcing new things soon as well.

Serverless still has a long way to go, but all of these new tools, platforms, cloud provider features, conferences, and enthusiasm from the community, is helping to expose this paradigm to a much larger audience. I’m going to continue to write and promote it as much as I can, because there is little doubt in my mind that this is the future of application development.

I hope you’ve enjoyed this issue of Off-by-none. Feedback and suggestions are always welcome and appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some great serverless apps and spread the word. 📣

See you next week,
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it! 😉