Off-by-none: Issue #27

Let’s focus on business value…

Welcome to Issue #27 of Off-by-none. Thanks for being here! 🙌

Last week we discussed whether or not serverless is really dead and met some new serverless heroes. This week we look at Lyft’s AWS bill, share lots of serverless tutorials, use cases, and stories from the community… and shamelessly plug ServerlessDays Boston!

So much happening with serverless, so let’s jump right on in. 🏊‍♂️

When you find out that Lyft is spending $8 million per month on AWS… 💰

The other day, as part of Lyft’s IPO filings, it came out that they are obligated to spend $300 million on Amazon Web Services by 2022. It seems like a big number (~$8M per month), but according to Corey Quinn on Twitter, it works out to something like $0.14 per ride. Whether that is considered a lot or a little is up to the number crunchers, but it seems to me that the cost (and headaches) of owning your own global network of data-centers would cost a heck of a lot more than that.

We know that Lyft is using a wide variety of AWS services (including Lambda, DynamoDB and other serverless offerings), but another interesting part of this story has to do with what “all-in” with AWS really means for some of its other vendors. After this news came out, MongoDB shares plummeted due to speculation that this might mean that Lyft would be moving from MongoDB to AWS’ new DocumentDB. There has been no confirmation from either side, but according to that article, Lyft “is quite dissatisfied with Mongo’s performance and is in the process of a massive database migration.”

This may be bad news for MongoDB, but I think it goes a bit deeper than that. To me, this seems like more confirmation of the “Multi-Cloud Fallacy.” I’m a huge supporter of open-source, but the business model is going to need to find a way to adapt to the changing cloud economy. At scale, multi-cloud strategies continue to breakdown, and consolidating and collocating your applications and data in hyperconnected data-centers, IMO, will be the preferred approach. Something to think about when choosing your vendors.

Serverless Use Cases 🗺

Sending funny dog GIFs using AWS IoT Button and Lambda
This is clearly the best use case for serverless that I’ve ever seen. 😂 But seriously, IoT is a great serverless use case, and I’m thinking about ordering one of those buttons just to do something fun like this.

Serverless collaboration
A quite fascinating look at how you can use WebRTC to create “serverless” communication between browsers. There are some limitations, but this is pretty cool.

How a Monolith Architecture Can Be Transformed into Serverless
Kyle Galbraith has a great piece that outlines a number of use cases for “movable” parts of your monolithic architecture and how they can be adapted to serverless. He also points out some limitations that make certain components “unmovable” due to things like high memory requirements or low latency. He concludes that serverless is not the future because of the need for other types of workloads. Agree to disagree. 😉

A Typescript Runtime for Lambda and Why You May Not Want To Use It
Matthew Bonig wrote a custom TypeScript runtime for Lambda, and then wasn’t happy with the performance. From my experience, performance with custom runtimes has been quite good, but something to consider if you’re thinking about building your own.

ArcGIS in Lambda
Interesting use case that ties ArcGIS management into Lambda functions. I’m sure there is much more you could do with this API that could allow for additional mapping capabilities.

Serverless Computing with Drupal
It’s only a matter of time before WordPress ends up in a Lambda function. Luckily, the team at Opensense Labs took a slightly different approach with Drupal. The article spends quite a bit of time justifying serverless, but key take away is the use of CloudFront as a caching layer to globally distribute your CMS.

If you’re interested in some serverless product announcements… 📢

Announcing OpenTracing Compatibility for Go Agent
Golang continues to gain popularity on AWS Lambda, and now Thundra has extended their Go Agent to allow you to manually instrument your functions with the OpenTracing interface.

Aqua Security Introduces Industry’s First Serverless Function Assurance for Securing Serverless Environments
I’m not sure it’s actually the first, but this shows continued investments into the severless security space. Detecting vulnerabilities and over-provisioned roles is a good first step, but restricting execution based on defined policies is pretty cool.

If you’re new to Serverless… 🐣

Serverless computing 101 for developers
Rodric Rabbah (one of the original creators of Apache OpenWhisk), gave a great interview with App Developer Magazine about serverless. It is a good introduction to the overall landscape (a bit skewed to open source, of course), but does a great job explaining some of the key concepts. Most important takeaway: “What developers are showing us is that serverless will become the way you develop all applications in the future.”

Five Frequently Asked Questions about Serverless
Micah Adams answers five questions that I’m sure most teams new to serverless will be asking. While I don’t agree completely with all his answers, it is good to see these types of questions being raised.

Serverless Architecture using Serverless Framework and AWS Lambda
This quick tutorial from Atin Kapoor gives newbies a step-by-step guide that should get them up and running fast.

How to explain serverless in plain English
I keep trying to refine my own pitch for the uninformed, but this post gives a nice roundup of definitions by some industry experts. Might help you better explain what you do to your significant other.

Three Projects to Get You Started with Serverless in 2019
Alex DeBrie has another great post that outlines starter projects for Ops engineers, web developers, and “anyone that wants to be a hero,” so they can jumpstart their serverless journey.

Cutting Through the Layers: AWS Lamba Layers Explained
Michael Lavers from IOpipe gives a great overview of Lambda Layers and what they’re good for. There is a mention of using layers as composition, but I still think there is a bigger opportunity here beyond just importing prebuilt packages. I have to work on that.

Serverless Tutorials 👷‍♂️

DynamoDB TTL as an ad-hoc scheduling mechanism
Yan Cui runs a series of experiments to see if you can use DynamoDB TTLs as a way to build a massively scalable scheduler system. Unfortunately, there just isn’t enough precision for certain tasks, but could certainly be useful in a number of circumstances.

There Is More than One Way to Schedule a Task
Zac Charles followed up on Yan’s post and offered some alternative approaches to scheduling a task, including SQS Delay Queues, SQS Message Timers, SQS Visibility Timeout, and my favorite, Step Functions.

OpenWhisk Web Action Errors With Sequences
James Thomas has a great post that explains the power of Action Sequences with OpenWhisk Functions and how you can tie those to synchronous web actions. Function composition is still one of the most confusing aspects of serverless, but Action Sequences are an interesting approach.

Setup CI/CD pipeline with AWS Lambda and the Serverless Framework
Lorenzo Micheli walks you through setting up a CI/CD pipeline for your serverless projects, complete with approval steps.

AWS Infrastructure as Code with CDK
If you’re not a fan of CloudFormation and you’d like to use a more familiar programming language to manage your infrastructure, Ross Rhodes’ post will teach you how to use the AWS Cloud Development Kit to configure a simple serverless application.

Using Little’s Law to estimate IP capacity in VPC for AWS Lambda
If you still need to use VPCs with your Lambda functions, you need to make sure you have enough IPs available for your ENIs. Vladyslav Usenko shows you some quick calculations to make sure your CIDR blocks aren’t too small.

Building serverless apps with components from the AWS Serverless Application Repository
Aleksandar Simovic reminds us that we should not be reinventing the wheel if someone has already created a good solution. The AWS SAR is loaded with really great apps to jumpstart your serverless projects.

AWS Lambda for .NET Developers
If you love .NET core, this great post by Marc Roussy will give you some good insight and all the details you need to run .NET on AWS Lambda.

Serverless Stories 📖

Paul Swail has an excellent series of posts documenting the decisions he needs to make in order to Migrate a Monolithic SaaS App to Serverless. In part two, he tackles Routing requests away from a legacy API. This should be an interesting set of posts to keep up with.

Painless Serverless: Destructuring services into functions automatically
Not sure how effective this would actually be (nor is the author) but the basic idea is to take a monolithic service and automatically break it down into discrete serverless functions. Interesting idea.

Going serverless: How we migrated our customer websites to AWS Lambda
Andy Buckingham and his team over at Aiir built a custom PHP Lambda Layer to replace nginx based web servers. I’m assuming they are using Lambda like mini servers (so maybe not the best use case), but they are taking advantage of ALBs instead of API Gateways, so that’s interesting.

How we migrated from monolithic to serverless mentality
This is just a short write-up by Darlei Soares that shows how quickly small teams (with the right mindset) can start to implement serverless architectures.

Serverless For Devops Teams
A list of “weird and wonderful use cases that the DevOps team” at Space Ape has found for Lambda functions.

SEEKing Serverless with DevopsGirls
Just a nice story about people coming together and volunteering their time to spread the idea of serverless, one small bootcamp at a time.

Serverless Computing: The Story of Success
The story of how the JetRuby Agency built a serverless application for a client, what technologies they used, how many people it required, and how long it took. Interesting read.

Serverless Reads 👓

Macroservices vs. Microservices vs. Serverless: the story of a modern solution architect
Mick Roper takes us through his decision making process when choosing a particular design pattern.

Why I, A Serverless Developer, Don’t Care About Your Containers
An important point in here while we continue to argue about what makes something “serverless.” Developers won’t really care about any of it as long as the providers are managing the services for them.

Serverless Architectural Patterns
Eduardo Romero outlines several useful patterns that you can use with your serverless applications. Lots of excellent links at the end as well.

Industry predictions for 2019
A good overview of how companies think about moving to the cloud and why leapfrogging containers might be the better approach.

Project Management In The Age Of Serverless
Robert Ayres argues that project managers need to know more about the technology as their teams adopt serverless. This posts lays out a number of factors to consider when defining your project management methodology as well as outlining the impact of emerging technologies on your projects.

Amazon DynamoDB auto scaling: Performance and cost optimization at any scale
Helpful post that gives an overview of how auto scaling works and how to use it to reduce your overall costs.

How Might Serverless Impact Node.js Ecosystem?
Aditya Modi asks an important question, especially when it comes to the size of third-party Node.js libraries. As he says, it takes time to load dependencies into memory, which can affect cold start times. Doesn’t mean we avoid libraries, it just means we need to be smarter about how we optimize them.

When you’re wondering what AWS has been up to… 🛠

Amazon Aurora Serverless Publishes Logs to Amazon CloudWatch
Don’t know how I missed this last week, but this is big. A major deficiency with Aurora Serverless was the inability to see your log files. You can now publish general logs, slow query logs, audit logs, and error logs directly to CloudWatch.

Resource Groups Tagging API Supports Additional AWS Services
Step Functions was added to the list, so more useful ways to organize and track your serverless application components.

Amazon Athena Now Supports Resource Tagging
The Athena Workgroup resource lets you separate query execution and query history between Users, Teams, or Applications running under the same AWS account, and now you can tag them for better insight for billing.

Amazon DynamoDB adds support for switching encryption keys to encrypt your data at rest
Probably not a common need, but it’s good to know that you can do this.

Introducing AWS X-Ray support for Python web frameworks used in Serverless
If you use Flask or Django with your serverless Python apps, you can now auto instrument them with X-Ray, which is pretty cool.

Upcoming Serverless Events 🗓

ServerlessDays Boston is next week Tuesday, March 12th! If you haven’t bought your ticket yet, you still have time. They are only $49 and include breakfast, lunch, happy hour drinks, and an amazing lineup of speakers. If that’s not enough, Christina Wong and I will be emceeing the event, so you don’t want to miss our comedy stylings. 😉

ServerlessDays Helsinki is on April 25th. Tickets are on sale now and the CFP is still open. ServerlessDays Tel Aviv is on June 4th (CFP is open).  And the Call for Papers for Serverless Computing London is also open.

If you don’t feel like traveling, Yan Cui is teaching an online training course for Designing Serverless Architecture with AWS Lambda on April 15th and 16th.

When you prefer multimedia… 📽

And speaking of ServerlessDays, all the ServerlessDays Cardiff 2019 videos are now available for your viewing pleasure. Lots of great stuff in there.

I also came across this video to help you Understand Serverless Kubernetes and Serverless on Kubernetes. It’s short, and actually worth watching if you are curious as to what Azure actually means by these terms. The idea of “nodeless” Kubernetes is particularly interesting.

The lasted episode of the Think FaaS Podcast finishes up a three part interview with Yan Cui. From DevOps to FinDev gives you a good overview of what FinDev is and why serverless plays an important role. However, we have to deduct 1 point because it went over the 15 minute timeout. 😬

Serverless Security 🔒

AWS Security Best Practices for API Gateway
Ory Segal from PureSec lays out the different ways that you can control access to your AWS API Gateways and gives you some best practices to make sure you keep your serverless functions secure.

The 12 Most Critical Risks for Serverless Applications 2019 Guide
PureSec also published a new guide that outlines the 12 Most Critical Risks for Serverless Apps. While serverless apps are more secure just given the fact that the provider is managing the infrastructure, it’s important to remember that the application code is still our responsibility.

5 Best Serverless Security Platform for Your Applications
A quick list and overview of five of the main serverless security platforms that are available to you.

Injection Attacks: Protecting Your Serverless Functions
Another reminder that event injection is a little different with serverless applications. Good overview of the issue, plus some mitigation strategies using Stackery and Twistlock.

When you’re looking for some serverless insights on Twitter… 🐦

A clever post by @mykola that does a great job explaining Eventual Consistency.

A valuable insight from Dwayne Monroe‏  that  “the age of bespoke IT needs to end, serverless is the method.”

Joe Emison also made a good point about people who see serverless as just as FaaS.

And Forrest Brazeal asked what is the most underrated AWS service? He got some pretty good answers.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Matt Weagle (@mweagle). Matt is another recently named AWS Serverless Hero and a valuable member of the serverless community. He organizes the Seattle Serverless Meetup and is a co-organizer of Seattle Serverless Days. You can find his serverless musings on Medium as well as his Twitter feed. Matt’s GitHub is loaded with sample serverless applications as well as his Sparta project, a Go framework for building serverless microservices with AWS Lambda. 👍

Final Thoughts 🤔

I’m curious what your thoughts are about the new format of the newsletter. I’ll be experimenting a bit more in future, so please let me know what you like (or don’t like) about it.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And please do me the honor of sharing this newsletter with your friends and coworkers who might be interested in serverless. It would be greatly appreciated. 👍

See you next week (hopefully at ServerlessDays Boston),
Jeremy

Off-by-none: Issue #24

Serverless will become the default computing paradigm of the Cloud Era…

Welcome to Issue #24 of Off-by-none. I’m glad you’re here! 🤘🏻

Last week we looked at how we could use serverless to deal with third-party API quotas, watched some helpful videos, and introduced “Serverless Stories.” This week, we geek out on a recent UC Berkeley paper about serverless, share some more great stories and use cases, and discuss how SaaS providers should be thinking about serverless integrations.

So much to get to this week, so let’s get to it. 🏎

When you get excited by an academic paper that says serverless is the future… 🕺💃

Cloud Programming Simplified: A Berkeley View on Serverless Computing is a new paper recently published by the University of California at Berkeley. For those of you that don’t want to read all 20 pages, here’s a quick synopsis: “Serverless computing will become the default computing paradigm of the Cloud Era, largely replacing serverful computing and thereby bringing closure to the Client-Server Era.”

If you’re interested in the details, I highly suggest reading the entire paper as it gives both a realistic look at the current limitations, but also points out how they could be (and most likely will be) solved. I wrote a recent post called Stop Calling Everything Serverless that pointed out (similar to this paper) that cloud providers monitored how their customers used virtual machines and built additional services to make those use cases better, faster, and easier. The same is true for serverless environments, with the ecosystem and available suite of services getting better each day.

The paper points out other important advantages that serverless has over (what they call) serverful architectures, and helps to clarify how modern FaaS implementations are superior to previous generations. It also notes that container technologies, like Kubernetes, are “a technology that simplifies serverful computing” and that the economies of cloud scale will eventually “diminish the importance of such hybrid applications.” This is noteworthy as we start to look at computing at the edge, and how that will affect application design.

And while there are obviously still limitations, the paper suggests advancements such as faster ephemeral and durable storage, lower startup times, and better coordination between functions, will eventually solve current system challenges. The paper also suggested introducing access to more cores, sharing of computation graphs, and collocation of functions to solve some of the networking problems and throughput issues.

The bottomline is that the cloud business is growing by 50% year-over-year, and 24% of serverless users are using the cloud for the first time. Serverless adoption is only going to grow, and as limitations get innovated out of existence, the need for serverful computing and the underutilization associated with it, are going to become less relevant. The paper doesn’t give a suggested timeline, but Forbes has some 2019 Serverless Computing Predictions.

When you’re looking for some serverless innovations and announcements… 🗣

Epsagon announced One-Click Serverless Monitoring, which lets you instrument your Lambdas functions without any configuration changes. This is the perfect use case for Lambda Layers, and it looks like they are monitoring updates to configurations, which will ensure that the layer is added on every deployment. Enforcing monitoring compliance without developers having to do anything is a huge advancement.

Dashbird announced their new incident management platform, a new component that lets you set alert conditions based on Lambda metrics. Reducing notification fatigue is a helpful way to make sure real issues are identified and addressed quickly. You can read about it in their public changelog (which I just realized they had). They also announced that they are now an AWS Advanced Technology Partner, which is pretty cool.

A new article, Lumigo: End-to-End Serverless Monitoring and Troubleshooting, gives a great overview of Erez Berkner and Aviad Mor’s new serverless observability company. There are several providers in this space now, but they’re all trying to do things a little differently. A helpful video is included with the article that shows how Lumigo deals with transaction reporting.

And congratulations to Serverless, Inc. for winning a Technology of the Year award from InfoWorld. The year’s best in software development, cloud, and machine learning highlights the Serverless Framework for being an outstanding tool that has had a massive influence on the adoption of serverless technologies. 🏆

When you feel the need to add an extra deadbolt to your serverless applications… 🔒

Hillel Solow makes the case for serverless, but points out several Serverless Computing Security Risks & Challenges. But who’s responsible for securing your serverless applications? Hillel suggests that we make it everyone’s problem by creating closer relationships with other teams in your organization.

In Serverless Computing: ‘Function’ vs. ‘Infrastructure’ as-a-Service, Ory Segal does a great job calculating the drop in security responsibilities when moving to FaaS solutions. Not all the requirements are created equal, but this is a fairly good estimate. I’d much rather be responsible for less than half of the security components versus the roughly 92% required using the IaaS approach.

Ed Moyle discusses the security implications of serverless cloud computing with a particular focus on CloudFlare Workers. While segmentation attacks and Rowhammer concerns are certainly valid in a containerized world, I think most cloud providers have a pretty good handle on this.

Puresec did some ethical hacking and took down a newsletter’s Lambda-backed signup form. Serverless Security And The Weakest Link (Or How Not to Get Nuked by App-DoS) documents how they did it (and graciously points out that it was not Off-by-none 😉). While Puresec did a good job anonymizing the victim, he was proud to take ownership (hint: it rhymes with “Maury Schwinn”). Even though this was a bit of fun, the community working together like this is a great way to learn and make our applications safer.

It was only a matter of time before McAfee jumped into the serverless security realm. The Exploit Model of Serverless Cloud Applications is a high-level overview of possible threats to your serverless applications. This picture looks scarier than the reality. Key thing to remember is that the cloud provider is handling the vast majority of network and infrastructure security for you. TLDR; Use best practices to write secure apps, scan your dependencies, and protect your secrets. Do this and your serverless applications will likely be more secure than traditional ones.

Where to go for some awesome serverless events… 🗓

IOpipe is hosting a Stories of serverless in the wild with Saks Fifth Avenue at the Serverless Seattle Meetup on February 22, 2019. Always fun to hear real world problems being solved by serverless.

Stackery also has a webinar coming up tomorrow entitled New serverless workflows, build faster than ever before. Great opportunity to brush up on your (or learn some) infrastructure-as-code skills.

And we are getting into the ServerlessDays season with several events coming one after another. Hamburg is this week, followed by Austin in just 10 days. Boston is four weeks away (and recently announced an amazing agenda), Amsterdam is in late March, and Atlanta has a crazy three-day event planned, with Zürich right on its tail. Also Tel Aviv was just announced and scheduled for June 4, 2019. Looks like you’ll need to choose between that and NYC. 🗽

Also, don’t forget that the Serverless Architecture conference in The Hague, Netherlands is being held from April 8th to the 10th. I’m actually giving two talks now, so that should be a lot of fun. There are plenty of great speakers, so be sure to get your tickets soon.

When you’re looking for some encouraging Serverless Stories… 👂

How We Moved Towards Serverless Architecture highlights the struggles that a team encounters when transitioning to serverless. Pravash Raj Upreti reviews the technologies his team used, some advantages and disadvantages of using serverless, and the choices they made in order to launch their first serverless application.

In Serverless Event Sourcing in AWS (Lambda, DynamoDB, SQS), Dom Kriskovic explains the serverless architecture used to build Beenion. He uses the CQRS pattern along with DynamoDB to capture and distribute events. I don’t agree with all of the choices, but this article does a great job exposing the tough decisions that need to be made.

Serverless GitLab Runner Builds on Lambda gives a developer’s account of experimenting with using Lambda to executed GitLab builds, inherit IAM permissions, and use additional binaries and its dependencies to execute things like terraform during the build. There some Lambda Layer experiments in there as well.

Joshua Toth built a serverless Node.js, AWS native, Serverless, IoT, FinTech project. Lots of really good information in here about the different technology choices made. Plus, the realization that the velocity of a serverless project was “mind-blowing.” 🤯

Antonio Terreno tells us about the Startup Pre-series A tech choices you can’t compromise on. Great story about a small company using serverless to build and iterate quickly. Now they have a team of 20 people.

When you’re looking for real-world serverless use cases… 🔍

While the Berkeley paper argued that certain machine learning tasks might be too much for serverless right now, Michael Hart and the team over at Bustle has news for them. In Massively Parallel Hyperparameter Optimization on AWS Lambda, they explain how they used the concepts from the Asynchronous Successive Halving Algorithm paper and applied them to text-classification with Lambda. This is a really great read and an amazing use case.

Renato Byrro from Dashbird discusses Building a Serverless News Articles Monitor that can be used to extract article data in a structured format. They also made it open source for you to use.

Generating thumbnails is a common use case given for serverless, but what about generating complex PDFs? Marc Mathijssen came up with a way to do this using the power of Apache FOP in a .NET world using Azure Functions.

Nader Dabit takes us through Building Chatt – A Real-time Multi-user GraphQL Chat App in his recent post. The code is also open source, so not only is this a good use case, but also a helpful template to get you started with serverless.

What to do if you’re craving some good serverless reads… 📖

Alex DeBrie put together the Complete Guide to Custom Authorizers with AWS Lambda and API Gateway for you, and it is an awesome resource. Anyone who has played around with custom authorizers is sure to have some of their own war stories, so having this as a reference could be a lifesaver (metaphorically speaking).

Gojko Adzic introduces us to BaDaaS and the future of cloud integration. He explains that there is a new pattern called “Business action deployment as a service” (or BaDaaS), that allows service providers to offer application components that interact directly with FaaS services instead of passing data through webhooks. Twilio is already doing it, and last week we mentioned Braintree’s serverless payment functions initiative. Pay attention SaaS providers, a new standard might be emerging.

The New Stack’s How Serverless Platforms Could Power an Event-Driven AI Pipeline is another take on how to bring machine learning into the serverless world. It rightly suggests that “event-driven artificial intelligence (AI) can lead to faster and smarter decisions” and will take a “hybrid architecture structure that takes the best of serverless and combines it with stateful database stores” in order for it to be applied successfully. Obviously we need a database to store training data, but I think we’ll see more serverless alternatives to this sooner rather than later.

If you’d rather not read, you can watch Marcia Villalba talking about Serverless with Ben Kehoe. Another insightful interview featuring someone definitely worth listening to.

Finally, Cory Schimmoeller says that Using AWS Amplify feels like cheating, and he may be right. This is a good overview of how simple it is to use Amplify and the CLI to connect to your AWS backends.

What to do if you’re new to serverless… 🐣

Have no fear, Toby Fee from Stackery takes you through the Anatomy of a Serverless App. This post explains the three layers of a serverless application (business logic, building blocks, and workflow dependencies) and acts as a great primer for the newly initiated.

Serverless Computing 101 is another overview of what serverless computing is, how it works with other resources (or BaaS), and highlights some use cases. Not all the “demerits” are created equally, but certainly gives you something to think about.

Eric Sales De Andrade helps you answer if serverless is right for your next application in Should I go “Serverless” — How to choose the right solution for Your Product and Business. Like most of these types of posts, the pros and cons are laid out for you. But my suggestion, just go serverless. 😉

When you want to get hands-on with some serverless how-tos and tutorials… 🛠

Yan Cui gives us the lowdown on AWS Lambda and Secret Management in a recent post. Should you choose Parameter Store, Secrets Manager, or HashiCorp’s Vault? Yan walks you through the when, why and how.

Many people associate the terms “machine learning” and “artificial intelligence” with lots of math and complexity that make them seem unapproachable. But the reality is that powerful ML and AI services are readily available and easy to integrate with your applications. James Beswick show us how to build a serverless Twitter bot using sentiment analysis so that you can automatically like positive comments on your tweets. And it’s much easier to do that you probably think.

Debugging Chronicles: Missing Lambda Invocation is more of a tip (and a warning) from Davide de Paolis. TLDR; make sure you pass the Authorization header for every request that is using Congito with API Gateway. 🤦🏻‍♂️

Optimizing your Node.js lambdas with Webpack and Tree shaking is a great post by Erez Rokah that shows you how to use Webpack to remove unused modules when packaging your Node.js files for deployment to a serverless environment. He gives an example of reducing his deployment package from 740.6kB to 6.6kB.

If you’re using the .NET runtime, it might be helpful to know How to Unwrap an AggregateException Thrown by AWS Lambda. Zac Charles shares the secret of setting the right environment variable. He also shared how to make .NET AWS Lambda Functions Start 10x Faster using LambdaNative, a handy Lambda Layer that you can use.

If you’re working with Azure, David Pallmann has a full tutorial on how to build a Document Search Engine using Azure Functions and Cosmos DB.

Julian Tellez from DAZN gives us some tips for Handling complexity in lambda functions using his Lambcycle middleware component for AWS Lambda.

If you still haven’t played around with Lambda Layers yet, Eric Johnson’s Working with AWS Lambda and Lambda Layers in AWS SAM post is an awesome overview to get you started (or take you even further down the rabbit hole).

And why not combine the power of WebSockets, Machine Learning, and Translation services to build a better chat application? Danilo Pocci gave a recent presentation called Serverless real-time apps: Let’s build a “positive” chat that does just this. The architecture is all in the slides, plus you can check out the demo here.

Finally, if you are building Large (Java) Applications on Apache OpenWhisk, James Thomas has some very helpful tips and tricks for you.

When you’re wondering what AWS has been up to… 🧙‍♂️

Keeping up with AWS announcements is a full-time job in itself, never mind figuring out when CloudFormation adds support for a new feature. AWS CloudFormation: 2018 in review documents all the new features added to CloudFormation in 2018. And if you really want to stay current with new information, their release history page is always up-to-date.

Speaking of CloudFormation support, you can now Automate WebSocket API Creation in Amazon API Gateway Using AWS CloudFormation. Expect support in other serverless frameworks to be added soon.

Amazon SNS Message Filtering Adds Support for Multiple String Values in Blacklist Matching, which is actually much more exciting than it seems. Filtering messages at the broker level dramatically simplifies (and reduces costs for) pub/sub implementations. Having the ability to add several items to the blacklist is a very handy feature.

AWS also announced an open source project for Deploying a personalized API Gateway serverless developer portal. Using this project, you can make your API Gateway APIs available to your customers by enabling self-service discovery of those APIs. They can then use the portal to browse API documentation, get API keys, test published APIs, and monitor their own API usage. Another thing you don’t need to worry about. 👍

I’m not a .NET guy, so I didn’t even know there wasn’t support for this already. In any case, AWS X-Ray SDK for .NET Core is Now Generally Available, so good news for those utilizing that runtime.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Aleksandar Simovic (@simalexan). Aleksander is the co-author of Serverless applications with Node.js, a core team member for Claudia.js, and an AWS Serverless Hero. He has done a tremendous amount of work on Jarvis, an Alexa skill that allows you to create serverless applications using only voice commands, which is pretty cool. He also has 20 applications published to the Serverless Application Repository that you can use to get started with serverless quickly. Aleksandar continues to make valuable contributions to the serverless community, and we’re all lucky to have him!

Final Thoughts 🤔

There are so many amazing things happening with serverless right now, and this recent Berkeley paper is so incredibly encouraging. There is certainly a place for containers and servers right now, but it’s important to remember that today’s limitations are tomorrow’s opportunities, and the cloud providers all see the writing on the wall. Expect more and more advancements that address these limitations, and soon, serverless will in fact become, the default computing paradigm.

I hope you enjoyed this issue of Off-by-none. I love hearing feedback and suggestions so I can keep making this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And don’t forget to share this newsletter with your friends and coworkers who are interested in serverless. I’d really appreciate it.

Until next time,
Jeremy

Off-by-none: Issue #22

Investing in the future of serverless…

Welcome to Issue #22 of Off-by-none. I’m so happy you’ve joined us this week! 😁

Last week we looked at ways to scale your serverless apps, highlighted some recent innovations, and examined how serverless and the cloud is affecting the IT landscape. This week, we look at some recent investments into the serverless ecosystem, highlight some upcoming events, help you pick the right database for your next project, and share plenty of great serverless resources and reads.

There is so much happening in serverless right now! Let’s get to it. 💥

When you see people jumping on the serverless investment train… 🚂

This past week, Lumigo raised an $8M seed round to help manage serverless operations. I love seeing companies that are focusing on serverless raising money. It means that investors are seeing the value, which means they can see a market for it, which means that more companies will begin to invest in serverless technology, which means more options, which means great adoption, and ultimately, world domination… Okay, maybe I pushed that a bit too far.

Torsten Volk recently posted the Top 10 VC investments in serverless startups in 2018: $33M for Twistlock, $15M for Pulumi, $11M for Solo.io, $7M for Puresec, $10M for Serverless Inc., $5.5M for Stackery, $5M for CloudZero, $4.1M for Epsagon, $2M for IOpipe, and $2M for Protego Labs.

I really hope to see companies like this succeed and continue to push the limits of serverless!

When you’re trying to think of some useful serverless use cases… 🤔

Authentication at Edge with StackPath by Jason Byrne is an interesting look at how his company is attempting to eliminate an extra round trip to authenticate requests.

Centralized Logging System for Lambda Functions walks you through the process Mohamed Labouardy and the team over at Foxintelligence followed to deliver near real-time feed of logs from CloudWatch to ELK.

CloudFetch released an open source project called cloudquery that lets you turn any website to serverless API, including support for single-page applications.

Ricardo Trindade shows us a super simple way to create Slack Notifications via AWS Lambda and SQS. Great example of how you can add serverless to your existing workflows to reduce the complexity of your “serverfull” systems.

Our data lake story: How Woot.com built a serverless data lake on AWS is a great article that shows how Woot.com was able to reduce their operational costs by 90%. Plus, it’s a great use case that you can apply to your business straight away.

When your database selection process is down to eeny meeny Dyna-mo… 🤷‍♂️

You’re not alone. Choosing the right database for your application isn’t always easy. AWS has a great post that shows you How to determine if Amazon DynamoDB is appropriate for your needs, and then plan your migration. DynamoDB is an excellent choice for many different types of workloads, but it’s not right for everything.

If you do choose DynamoDb, getting started with writing interactions can be a bit overwhelming. You might want to check out Begin Data: DynamoDB made ridiculously easy!

Another often confusing concept is figuring out How to calculate a DynamoDB item’s size and consumed capacity. Zac Charles has got you covered in his recent piece.

Sasidhar Sekar from Hotels.com has a great piece about creating Efficient Indexes in DynamoDB. It’s the fifth post their DynamoDB series and definitely worth checking out.

Of course, if you want to push serverless data to the extreme, you can always Analyze and visualize nested JSON data with Amazon Athena and Amazon QuickSight. Mariano Kamp’s piece is incredibly useful.

When serverless observability just keeps getting better… 🕵️‍♀️

Thundra now supports observability for .NET functions. For those of you that thought (or were hoping) that C# was dead, Microsoft has news for you. Azure Functions is gaining a tremendous amount of popularity, and where there’s Microsoft, there’s .NET. Learn more by ready Sarjeel Yusuf’s post about Monitoring .NET Lambda Functions with Thundra.

If you want to learn a bit more about Serverless Observability Fundamentals, check out Christina Wong’s post about Breaking down your options when collecting data from AWS Lambda.

And Epsagon, another amazing observability platform, just released their public changelog. I really like this type of radical transparency, especially when you’re trusting companies like this to support your applications. They also initiated a fun Twitter contest. Export a picture of your architecture from Epsagon and tweet #ThisIsMyEpsagon to win a prize.

When you’re looking for deep thoughts on serverless… 🤓

Julian Friedman has a really interesting post titled What comes after Serverless? In it he argues that there is a “Deployless” future, where we’ll skip passed code repos and staging environments, and essentially just edit code. It might seemed a bit far-fetched, but it is worth a read.

From Servers to Serverless recounts Avner Braverman’s journey through infrastructure and cloud innovation. Interesting read with some good history and insights into why serverless is so powerful.

NoOps in a serverless world is an interesting piece that talks about shifting IT’s focus from operations to outcomes. The authors point out that in a 2018 Deloitte global CIO survey, 69% of respondents identified “process automation and transformation” as the primary focus of their digital agendas. NoOps is still a ways off, but as the authors argue, serverless is a powerful tool for companies to reduce their operational overhead.

Sujith Reddy Komma argues the PRO’s & CON’s of Serverless Architectures. It’s a fairly simple list, but I’ve included it because his “cons” are quickly being solved thanks to observability startups, multi-region deployments and SLAs. And the cost argument is starting to get a bit old (at least to me). Need to figure TCO, not just your services bill.

And speaking of costs, The Great Serverless Cost Debate: Serverless ≠ Costless is a great piece by John Demian that explains the cost benefits of going serverless. He makes the extremely salient point that “Running back-end operations is a business in itself.” For larger companies, this may be fine, but for smaller ones looking for a competitive advantage, it’s probably not a business you want to be in.

If you’re looking for more reasons to go serverless, Ryan Jones from Serverless Guru’s piece, Serverless Impact — Developer Velocity explains how serverless speeds up developers and lets them accelerate the delivery features faster.

Greg Simons also wrote about the added benefits of serverless. In Serverless; it’s more than a FaaS, he outlines a number of reasons why serverless is much more than just hype. Plus, there was a nice mention in there. 👍

9 trends to watch in systems engineering and operations from O’Reilly Media touches on a few interesting topics. They waver on whether Knative will become the standard (I don’t think so), the importance that cloud security will play in both automation and DevOps culture, and, of course, AIOPs, because we don’t have enough buzzwords right now.

They also noted that the “serverless craze is in full swing,” with a growth of over 17% from 2017. Erez Berkner, CEO & co-founder of Lumigo says, “2019 could be serverless’ breakthrough year.”

Of course, security should always be top of mind when deploying services to the public cloud. Serverless And The Evolution In Cloud Security, How FaaS Differs From IaaS is a great piece by Ory Segal from Puresec that will give you a side-by-side look so you know what you’re responsible for.

If you’re looking for some visuals, check out How to Fold a Fitted Sheet by Joe Emison from Monktoberfest 2018. If you don’t take away a higher meaning from it, at least you’ll know how to fold a fitted sheet.

Also, Slobodan Stojanovic was interviewed on the The Serverless Show talking about The Importance of Open Source & Community Involvement. Always love listening to Slobodan.

Finally, The Rise of “No Code” by Ryan Hoover isn’t about serverless, but it makes some interesting points about the people who are becoming makers. Thanks to products that allow “non-developers” to build MVPs (or even full-scale working applications), everyone is becoming a maker. What does this mean and how does it affect an IT world that is already being eaten up by automation? Something to think about.

When you’re looking to up your Lambda Layers game… 🚀

Ever wanted to publish your Docker containers as Lambda Layers? Well, now you can with aws-lambda-container-image-converter. This should open up some people’s imaginations.

Serverless Anything: Using AWS Lambda Layers to build custom runtimes by Ben Ellerby shows you how to use layers to build a custom PHP runtime. Sure, we’ve seen this before, but this piece provides an important reminder: “Don’t forget to terminate your large EC2 instance.” 😉

AWS already created a custom Rust runtime for us, but Doug Tangren took it a step further and built the serverless-rust plugin for the Serverless Framework. Love this type of community support!

Just recently, Gojko Adzic gave us some utility Lambda Layers for FFmpeg, SOX, Pandoc and RSVG. Nathan Glover used them to create Serverless Watermarks. Very cool.

When you’re trying to simplify your serverless development… 👩‍💻

Serverless, Inc. announced the release of Serverless Framework v1.36.3. Lots of enhancements and bug fixes in this one.

Brian Leroux published Introducing Architect 5.0: fully serverless WebSockets. More great updates and, of course, support for WebSockets.

And it seems that more frameworks are emerging everyday. Osiris is a new library for building and deploying serverless web apps on AWS. Haven’t spent much time with it, but give it a look.

I also came across the functional-typescript project, a TypeScript standard for rock-solid serverless functions. Looks pretty interesting.

And Eslam Hefnawy created a project called backend.js. It’s a super light module that lets you import your Lambda functions into the browser as a backend library. Not sure what I’d do with this, but kind of a cool concept.

Where to go to find some great serverless events… ✈️

If you’d like to go sans travel, there are a number of webinars scheduled to up your serverless game.

Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository is on January 31. This is a good opportunity to learn more about SAM and how to reuse your serverless components.

Trend Micro also has a webinar on the 31st to help you Make Sense of the Cloud, Containers, and Serverless. There are some promises of security principles in there, a topic I’m always interested in.

If you’re in the area, or just feel like taking a trip, Serverless, Inc. is running a Serverless workshop on March 1 in San Francisco. Lots of topics covered in here for the serious serverless professional.

AWS is running a Serverless Solution Provider Day in London on February 12th. There will be three great talks by three great companies: Epsagon, Stackery and Puresec. Definitely worth the visit.

Serverlessconf announced that it is coming to the east coast this fall. Exact location and date to drop in February. 🤞 for Boston. 😉

Serverless Computing London 2019 announced that their call for papers is now open. This was a great conference last year, so no doubt it will be amazing again.

The Serverless Architecture Conference in The Hague, Netherlands is running from April 8th through the 10th. Lots of great speakers, plus yours truly will be giving a talk about Serverless Microservice Patterns for AWS. Definitely looking forward to this one.

And don’t forget ServerlessDays Cardiff, Hamburg, and Austin are all coming up. Plus ServerlessDays Boston will be announcing speakers later today!

When you’re looking for some good serverless tips and tricks… 💡

Tom McLaughlin wrote a post titled, AWS Lambda And Python Boto3: To Bundle Or Not Bundle With Your Function. Quite a bit of research went into finding out that “you should not be using the AWS Lambda runtime’s boto3 and botocore module.” If you’re developing serverless apps with Python, take a few minutes to review this post.

Subscribe SQS to a SNS topic in another AWS account with CloudFormation, and gotchas! is another time-saver provide by Yan Cui. It’s a common pattern to connect to services from other accounts, and configuring it correctly with CloudFormation is with Yan’s help.

Danielle Heberling from Stackery gives us some Chaos Engineering Ideas for Serverless. Unit tests and integration tests are a necessity for serverless applications, but testing failures in distributed systems is a surefire way to make sure your systems are resilient and can handle different types of failures.

When you realize that serverless is much bigger than just AWS… 🤯

The Serverless360 team put together the Top 15 Azure Serverless Blogs of 2018. Lots of interesting posts here.

Doug Stevenson from Google answers Firebase & Google Cloud: What’s different with Cloud Functions?

An introduction to Azure Durable Functions: patterns and best practices is a great introduction to some common patterns that you can use in Azure. Only caveat, the examples are in Java. 😬

Serverless on Google Cloud Platform: an Introduction with Serverless Store gives a bit of background on serverless, event-driven computing and how it all fits together with Google Cloud Platform. There is also a link to download the Serverless Store demo app.

IBM Cloud Functions is raising the memory execution level to 2Gb to better handle Monte Carlo methods, genetic algorithms, map-reduce, and a host of other combinatorial optimization and operations research algorithms that lend themselves to running in a serverless environment.

Getting started with Custom Dockerfiles for Node.js for Serverless Functions will show you how to us the Fn project to build functions that you can run on Kubernetes.

And if you’re looking for better secrets managment, Unifying Secrets for OpenFaaS will point you in the right direction. Hint: don’t check them into source control.

Finally, if you’re interested in doing more serverless computing at the edge, Taking a look at Cloudflare Workers might be worth your time.

When the teams at AWS are forced to listen to “We can’t stop, we won’t stop” by Miley Cyrus on constant repeat… 👩‍🎤

AWS Introduced Python Shell Jobs in AWS Glue. Now you can leverage your Python skills to build things like serverless ETL tasks without learning Apache Spark.

TLS Termination for Network Load Balancers has also been added. Not applicable for serverless yet, but it could just be a matter of time.

The AWS CloudFormation UpdateReplacePolicy Attribute allows you to specify an update policy to delete, retain, or create a snapshot of old resources once the new ones have been created. Handy feature for automated serverless deployments.

The AWS Amplify CLI now supports IAM roles including MFA flows, which is a nice way of adding some extra security to the set up process.

AWS Cloud9 Supports AWS CloudTrail Logging now. So if you’re using that as your IDE, CloudTrail can track configuration changes to your environment.

Amazon Cognito Announces 99.9% Service Level Agreement, which is nice. Serverless authentication out of the box, now with guaranteed uptime.

And if you’re using Elasticsearch to handle analytics or full-text searches, you’ll be happy to hear that Amazon Elasticsearch Service doubles maximum cluster capacity with 200 node cluster support. And they announced support for Elasticsearch 6.4.

Also, be sure to check out Jerry Hargrove’s visual notes for AWS AppSync.

When you’re looking for spirited serverless discussions on Twitter… 🍿

@rakyll had some thoughts on Kubernetes being about “never having to wait for your cloud provider for a feature because you can build it yourself.” Ben Kehoe and some others whole-heartedly disagreed.

Paul Johnston posted that “Relational databases are the swiss army knife of databases”, meaning that there are likely better choices, especially for your serverless projects. The Internet did what the Internet does best and generated a lot of opinions. Very interesting thread.

Not to be outdone by others, I too sparked a heated discussion around Event Injection in your serverless apps. There was some candid feedback, and perhaps my point of “developer responsibility” was lost a bit in my wording. However, even though event injection existed before Lambda wasn’t the point, it’s still something to be aware of, especially those that are new to event-driven architectures.

The good news about the above discussion is that it actually highlighted some confusion around the “47” service integrations that Lambda has. Ajay Nair thought this was “good feedback”, so hopefully we’ll get some better documentation out of it. Silver linings. ☁️

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Brian Leroux (@brianleroux). Brian is the co-founder of @begin, a serverless application platform that promises “Serverless in seconds.” He’s also working on the open-source Architect project, another powerful framework for building and deploying serverless applications. Brian is a regular speaker, blogger, and always welcome voice in the serverless community.

Final Thoughts 🤔

When I first started this newsletter almost six months ago, I was scouring the web each week trying to find interesting and relevant serverless content. Now every week I have to narrow down the list, and there are still over 75 links in this week’s issue alone!

I love serverless, and I love how more and more people are embracing it, experimenting with it, and seeing how it can transform the way they are building applications and their businesses. Erez from Lumingo said 2019 could be the breakout year for serverless. With all this momentum, I think he could be right.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

See you next week,
Jeremy

Off-by-none: Issue #21

The serverless takeover…

Welcome to Issue #21 of Off-by-none. I hope you’re ready to talk serverless! 😃

Last week we got hands-on and learned how to handle “not-so-scalable” systems in our serverless applications. This week we look at some more ways to scale your serverless apps, highlight some recent innovations, examine how serverless and the cloud is affecting the IT landscape, and so much more.

Lots to get to, so let’s jump right in! 🏊‍♂️

When you’re trying to get your serverless application to scale… 📈

Mikhail Shilkov has a brilliant post titled: Serverless at Scale: Serving StackOverflow-like Traffic. In this post he runs experiments across AWS, GCP, and Azure, to test how serverless functions and blob-storage scales to 1,000 requests per second. The results are quite fascinating.

We often talk about scaling “non-serverless” downstream systems in this newsletter, and Tirumarai Selvan has presented us with another option for Scaling RDBMS for GraphQL backends on serverless. Connection management is an ongoing problem with serverless functions. AWS is working to fix this with their Data API for Aurora Serverless (and of course there’s my serverless-mysql package), but overall, not a bad (albeit, non-serverless) approach.

Paul Johnston has some thoughts on Serverless Compute and Serverless Data. It is an interesting way to compartmentalize serverless applications. Without the proper design, ephemeral compute is certainly limited by the underlying datastore. Designing for scale is the new default, and this is a skill that many developers have never really needed to worry about.

Tim Bray started this thread on Twitter that goes deep into microservices and temporal coupling through synchronous communication. 🤓 I love these types of discussions, especially when Marc Brooker and Sam Newman jump in.

And James Thomas tells us about loosely-coupled serverless functions with Apache Openwhisk. Good read that looks at the difference between triggers and queues and how they can affect the scalability of your severless application. A bit specific to Openwhisk, but I think the general concepts are quite universal.

When people are having way too much fun with custom runtimes… 👩‍💻

Danil Smirnov shows you how to access the latest JavaScript SDK from Lambda functions using Layers. You might think that AWS would keep this updated, but you’d be wrong. I ran into this problem a few times, which means you must package the aws-sdk with your Lambda functions. This way is much better. 👍

The team over at Thundra developed their own Node.js Custom Runtime to let you monitor your Lambda functions without making any changes to your code. We’ve seen this type of use case before, but Thundra went the extra step to show us how they actually built it.

Have you ever wondered how to run Elixir on Lambda? Me neither, but Arjan Molenaar has figured it out for us just in case. Building an Elixir runtime for AWS Lambda gives you a brief overview of his motivations, and ultimately leads you to the GitHub repository if you’d like to try it yourself.

And PHP fans can also rejoice! Bref, a serverless framework for PHP, is incorporating a custom PHP runtime into v0.3. Look forward to better performance, PHP-FPM support, and local development with Docker and AWS SAM.

Where to look for serverless events… 🗓

ServerlessDays Cardiff is coming up on January 30th. Tickets are still available, so if you’re going to be in the area, I’d highly suggest you attend. Can’t go wrong with talks from the likes of Yan Cui, Simona Cotin, the Ian MassinghamSlobodan Stojanović and so many more.

And if you’re state-side, ServerlessDays Boston is coming up on March 12th. We just announced the one and only Charity Majors as our opening keynote speaker. And I’m happy to announce that the, wait for it… legendary Chris Munns from AWS will be giving the closing keynote. The remaining speakers will be announced early next week. This is going to be good. 🙌

If you’re looking for something a bit more remote-friendly, Stackery has some upcoming serverless webinars that you can join. They’ll walk you through how to build your serverless applications without needing to write a bunch of YAML.

Feel like doing some traveling? Thundra put together a great list of Serverless Events You Should Be Aware Of in 2019. I’m going to try and get to a few of these myself.

For those of you that are visual learners… 👀

I stumbled across some videos that Cloud Path had created, and I was impressed with how well-produced they were. In AWS S3 & AWS Lambda Integration, they walk you through setting up an S3 trigger and the code required to process the event. Beginner level stuff, but I’m going to keep my eye on this channel.

Marcia Villalba dropped another re:Invent interview where she’s Talking about testing Serverless applications with Slobodan Stojonovic. Slobodan was our very first Serverless Star at Off-by-none and is an awesome serverless resource.

If you can’t get enough of Marcia, check out her Getting ready for AWS reInvent 2018 vlog series. If you’re thinking about going to re:Invent this year, these videos provide a first hand look at this amazing experience.

CloudFlare workers are a relatively new addition to the serverless ecosystem, and they’re quite passionate about how this type of edge computing could change how applications run. How Serverless Platforms are Changing to Enable New Applications is a talk by Zack Bloom that digs deep into this concept.

What to do if you’ve been ignoring serverless security and user privacy… 🔒

If you thought that you didn’t need to worry about GDPR, think again. It was just reported that France fined Google nearly $57 million for an alleged violation. Now this might just be France being France, or it’s a sign of things to come. If you’re not familiar with GDPR, or you’ve already forgot the requirements, Stripe has a great guide to help you out. C’est la vie. 🇫🇷

Last time I’ll mention this (promise). Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. It will be packed full of practical serverless security advice including risks associate with AWS Lambda, IAM permissions, governance and regulatory compliance, and scalability.

When you’re looking for innovation in the serverless ecosystem… 🔍

Epsagon continues to make serverless observability easier with the introduction of Trace Search. This is a very cool feature that lets you find and drill down into traces using a bunch of different filters. Plus they have created plug-in packages to make integrating tracing and cleaning up your old Lambda versions much easier.

But serverless observability and tracing is a hot space to be in, and Adam Johnson and the team over at IOpipe has their own long list of accomplishments and future plans. In Auld Lang Servers, Adam outlines IOpipe’s milestones and innovations over the last year. Their product continues to get better and better, giving serverless practitioners plenty of options when choosing an observability tool.

And don’t count out OpenWhisk. Release 0.17.0 (18.01.2019) of the Serverless Framework OpenWhisk plugin was recently released, with added support for concurrent actions, which should speed up your deployments.

When you find out that Google Cloud Functions finally supports Go… 🤷‍♂️

Google announced that Go 1.11 is now a supported language for Google Cloud Functions. You’d think that since they invented it, they might have beat Amazon to the punch. Oh well, at least GCP is still innovating its serverless offerings.

Not to be outdone by AWS’s classic serverless example, Adil H has put together a post showing us how to do Image Resizing with Go and Cloud Functions. Code included.

If you’re looking to push the envelope a bit more, Saurabh Deoras has a great article on combining TensorFlow, Go and Cloud Functions. I like when people experiment with stuff like this, and even though his final solution isn’t ideal, it still works. He even waxes-poetic at the end. #deep

When the zombie apocalypse might not be the apocalypse you need to worry about… 🧟‍♂️

Forrest Brazeal wrote a rather depressing (but necessary) piece about the The Creeping IT Apocalypse. With AWS reportedly working on a secretive low-code/no-code project, there is an entire class of engineers that could get automated out of existence. TLDR; learn to code and keep your skills current.

Along the same lines, James Beswick’s latest post, The cloud skills shortage and the unemployed army of the certified, comes at it from a slightly different angle. Of course IT head counts are dropping because of automation, but James argues it isn’t just about keeping your skills current. It’s about the unreasonable expectation that a single developer must now do the jobs of what used to require several highly-specialized people to do. TLDR; become a coding superstar.

Other people are writing about this trend, perhaps without even realizing it. Nader Dabit gives his take on what it means to do Full-Stack Development in the Era of Serverless Computing“This means you basically have a team of specialized engineers that have built out and iterated on something that you or your team simply could not do alone without investing an impractical number of hours.” I think this type of innovation is great, but don’t get caught watching shadows on the wall, this type of undifferentiated development work is going away. Now look who’s being poetic. 😉

When you really like seeing serverless use cases… 🤗

I think we are all in agreement that CloudWatch is not the best place to be digging into our application logs. There are plenty of options out there, but the team at BBC iPlayer shows us how they put Lambda Logs in ELK. It’s a DIY option, but highly effective for their needs.

This is a bit of an old post, but in How I export, analyze, and resurface my Kindle highlights, Sawyer Hollenshead show us how he created a serverless pipeline that extracted his highlights, analyzed them with NLP, and published them to his site to reflect on what he read. Pretty interesting use case, IMO.

Gavin Lewis shows us How To Build a Serverless CI/CD Pipeline On AWS. There is quite a bit of complexity to his approach, but he has it all laid out for you.

When you’re a big fan of the horror genre… 👹

Henning Jacobs has compiled a list of wonderful Kubernetes Failure Stories for us. He claims that these stories “should make it easier for people dealing with Kubernetes operations… to learn from others and reduce the unknown unknowns of running Kubernetes in production.” I say it’s just another opportunity for serverless fans to say I told you so 😂. But seriously, if you want to take a stab at Kubernetes, this is a good list to get you started (or maybe scare you away).

Corey Quinn recounts a horror story of his own in this Twitter thread. The story of an ambitious young man trying to set up his own infrastructure in a shared datacenter goes horribly awry, hilarity ensues. I remember these days myself, but now that the cloud is here, this type of tragedy can easily be avoided.

Where to go for some more serverless reading… 📚

Chris Feist wrote a post called Making serverless variables work for you to accompany his new serverless-plugin-composed-vars plugin for the Serverless framework. I do this a bit differently, but this looks like a handy plugin.

Migrating a Serverless application backend to the Serverless Framework highlights Tai Nguyen Bui’s journey moving away from the console and into the world of serverless deployment automation.

Speaking of serverless journeys, How I Got Comfortable Building with Serverless highlights how Jun Fritz went from code bootcamp graduate, to Stackery employee, to confident serverless builder in just a few months. There is still much to learn, but it is fascinating how quickly people can get things up and running.

The state of serverless: 6 trends to watch highlights a fairly obvious (IMO) evolution of any new technology. However, I think that betting Knative will drive standardization is a bit off. We can argue about what serverless means all day long, but with CloudFlare workers moving compute to the edge, and AWS loading VMs closer to the metal with Firecracker, I personally see anything that adds more layers of abstraction to ephemeral functions being a step in the wrong direction. Maybe it’s just me.

In Dear Go — Thank You For Teaching Me PHP Was A Waste of My Time, Vern Keenan is pretty harsh about the future prospects of PHP. Not sure I agree with him on that, but he does make some good points about Go potentially becoming the dominant serverless runtime.

And finally, Zac Charles asks, What happens to running threads when a Lambda finishes executing? If you’re interested in the inner workings of Lambda functions and container reuse, give this short article a read.

When you’re curious what AWS has been working on… ☁️

There were a lot of serverless announcements and innovations at AWS over the last few months. If you’re having a hard time keeping up, take a look at Eric Johnson’s full recap: ICYMI: Serverless Q4 2018

The new AWS Backup lets you automate and centrally manage your backups across AWS services. Jerry Hargrove (aka @awsgeek) wasted no time putting together a cloud diagram for you. He’s also got a great one for the new Amazon DocumentDB service as well.

AWS also added S3 as a deployment action provider in CodePipeline. Check out this tutorial to learn how to Create a Pipeline That Uses Amazon S3 as a Deployment Provider. Plenty of cool use cases with this.

Two weeks ago AWS announced that AWS Step Functions would support resource tagging. Now they’re getting their very own Service Level Agreement with three 9s.

And Step Functions isn’t the only one getting SLAs. Amazon announced 99.9% Service Level Agreements for Amazon Kinesis Data Streams and Amazon Kinesis Data Firehose.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Mikhail Shilkov (@MikhailShilkov). Mikhail is a Microsoft Azure MVP, a frequent conference speaker, and an advocate for all things serverless. His blog is loaded with insanely thorough articles about serverless (and functional programming) that are sure to help you level up your own skills. He mostly focuses on Microsoft, but has articles like this and this that can give you some much needed perspective in the overall serverless ecosystem. And today is his birthday, so Happy Birthday, Mikhail, and thanks for what you do! 🎂🎉🎈

Final Thoughts 🤔

Thank you for all the responses from last week. Everyone that sent me a message said they like the length and that they found it easy to skim and pick out the articles they were interested in. I’m glad you all like it. If you have any other thoughts, I’d be happy to hear them.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Off-by-none: Issue #19

Starting off the new year with a serverless bang… 💥

Welcome to Issue #19 of Off-by-none. I’m so glad you’re here to talk about serverless! 🙌

Last week we reminisced about 2018 and laid out some plans for the new year. This week we’ll sort through all the serverless content that people created over the holiday break. Plus we look at some serverless use cases, share some upcoming webinars, and give you links to plenty of great talks to keep you busy for awhile.

We’ve got a lot to get to today, but before we jump in, I wanted to share that Lambda API v0.10 was released. Lambda API is a lightweight web framework for your serverless applications. It’s open source, fast, free, and now supports seamless integration with ALBs. v0.10 also added support for multi-value headers and query string parameters, plus new method-based middleware and much more. I’d love for you to check it out and send me feedback.

Okay, back to our regularly scheduled program. Here we go! 🚀

When you’d rather just sit back and watch some serverless videos… 🍿

ServerlessDays Milan 2018 released videos of all the talks from their event in October of last year. Lots of really great talks in here from Yan Cui, Ian Massingham, Danilo Poccia, and many more.

Serverless Computing London has also released some additional videos including Mikhail Shilkov’s Performance Tales of Serverless, Nate Taggart’s Rethinking Testing For Serverless, and Guy Podjarny’s Serverless Security: What’s Left To Protect?

Heitor Lessa announced that the second season of Build on Serverless is going to be about “Building a Serverless Airline App from scratch + leading practices applied.” This is a fun (and educational) thing to watch. You can (and should) RSVP on Twitch.

Also, Marcia Villalba released the first video in her Serverless Interviews series which just so happens to feature yours truly. So if you want to see me ramble on about serverless for 15 minutes while admiring the view of the Mirage in the background, this video is for you.

When you want to learn more about serverless security… 🔒

The team over at Protego created a Damn Vulnerable Serverless Application and donated it to OWASP so that you can learn what not to do when building serverless application. You can read more about it here. Now we have this AND the Serverless GOAT project that PureSec donated last month. These are both great resources to see how easily serverless vulnerabilities can be exploited and what to do to protect your application.

If you’re interested in discussing the OWASP Top 10 and how they apply to serverless applications, Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Lots on information to cover, plus an interactive Q&A session at the end. Should be fun. 😉

What to do when you’re ready to use Lambda Layers… 🍰

Injecting Chaos to AWS Lambda functions using Lambda Layers by Adrian Hornsby, introduces us to a great use case for Layers. Werner said it best, “Everything fails all the time.” Using Chaos Engineering to test the resiliency of your distributed cloud applications is a great way to ensure that when things do fail, that your application will handle those issues gracefully and minimize the blast radius.

Gojko Adzic and his team created some public layers so you can now use FFmpeg, SOX, Pandoc and RSVG with your AWS Lambda projects. One more thing you don’t have worry about.

And if you want to take a Deep Dive Into Lambda Layers and the Lambda Runtime API, sign up for this webinar hosted by Chris Munns, Principal Developer Advocate at AWS. It’s scheduled for January 31, 2019 at 2pm ET.

When you’re having trouble choosing the right database for your serverless app… ⚖️

Alex DeBrie posted a tweet mentioning Rick Houlihan’s Match Your Workload to the Right Database (DAT301) talk at re:Invent. If you thought his Advanced Design Patterns for DynamoDB (DAT401) talk was amazing, prepare for another mind-blowing experience watching this one. Lots of practical advice to help you choose the right backend for your workload. 🤯

Speaking of DynamoDB, Forrest Brazeal from Trek10 spent his holiday break resurrecting the Northwind database from the annals of MS Access and teaches us how to convert it to NoSQL. From relational DB to single DynamoDB table: a step-by-step exploration is a great guide that shows us both the pros and cons of attempting to move relational workflows to DynamoDB. If you’re thinking about moving to NoSQL, please take a few minutes to read this.

When you’re wondering what AWS has been up to… Δ

AWS announced the Amazon API Gateway Service Level Agreement, which may have you scratching your head thinking, don’t all AWS services have SLAs? Just ask Scott Piper from SummitRoute. He put together an AWS Service Support table that shows just how few AWS services actually have them. Something for the 2019 #AWSwishlist.

The AWS Toolkit for Visual Studio Code project seems to be coming along nicely as well. Whether you just want to try it out, or contribute in some way, it’s pretty cool to see AWS developing more things like this out in the open.

They also keep making strides with Nested Applications. If you’d like to learn more, there is a Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository webinar scheduled for January 31, 2019.  It’s hosted by James Hood, Sr. Software Dev Engineer at AWS, so you know it’s going to be good.

When you’re looking for some sample serverless use cases… 🔍

I love finding people that are applying serverless to new and interesting use cases. Whether they are solving complex workflows, or just a simple function that accomplishes a single task that makes your life easier, seeing the broad application of serverless is quite fascinating. Here are a few I found this week.

Building a serverless data analytics pipeline by Rodrigo Reis shows us a simple, but effective way to capture a stream of web events. They use an SQS queue and reserved concurrency to help throttle requests to their Elasticsearch cluster, which is both simple, and a great approach at their stage. They’re also smartly using IOpipe for observability.

Blog URL to PDF to Amazon Kindle by Dhaval Nagar outlines a simple app for automatically sending blog posts to a Kindle. There are probably multiple ways that this type of workflow could be used.

Serverless Function to Sync Data from a Database to Google Spreadsheet is another simple workflow that would be perfect for marketing teams, sales, or your billing department. No need to build interfaces for reporting data when there are already tools that people are familiar with.

If you want to get a bit more complex, check out How to build a React chat app with AWS API Gateway WebSockets, Custom Lambda Authorizer. Lots to chew on here, but if you’re heading down the WebSockets path, this is a good resource for you.

When you just want some interesting serverless content… 🤓

Save time and money with AWS Lambda using asynchronous programming by James Beswick provides some great tips for handling synchronous calls in your serverless functions. Also be sure that you Don’t overpay when waiting on remote API calls either.

Mike Vizard predicts the Battle Over Serverless Computing Frameworks to Heat Up in 2019. There is a lot of discussion in this piece about other companies (read: NOT AWS) embracing Knative and other open source “serverless” middleware to power their FaaS solutions. I think this goes to show how popular serverless is becoming and the thrashing that’s going on to catch up with AWS. I’m not sure this is going to play out the way these companies think it will.

There’s a new serverless framework called BAM! I haven’t used it yet, but let’s just add this to the list.

Jerry Hargrove continues to create more Cloud Diagrams & Notes for our viewing pleasure. His AWS Lambda and Aurora Serverless ones are awesome.

Yan Cui shows us how to perform Error Handling in AWS Lambda With Wrappers. He talks about the need for middleware in our serverless applications and how we can use it to capture errors and help us debug our systems.

Speaking of debugging, Hamit Burak Emre over at Thundra shows us how to Debug Your Python Functions Locally. Step-by-step debugging in Lambda functions with breakpoints? Yes, please.

Finally, Slobodan Stojanović, author and serverless wizard, answers the question, “What do you use for scheduling AWS Lambdas?” His answer gives us cron jobs and delayed triggers, all without servers to manage or maintain. 👍

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Farrah Campbell (@FarrahC32). Farrah is the Ecosystems Manager at Stackery, a visual tool for building serverless applications. Farrah has become another positive voice in the serverless community, helping to organize ServerlessDays Portland and other workshops, and an ever present figure at conferences helping to spread the serverless word. She was also recently featured as a Serverless Superhero in How serverless is breaking down barriers in tech. Diversity in tech has always been a challenge, so it’s great to have people like Farrah as part of the serverless community working to make it more inclusive.

Final Thoughts 🤔

Week #1 of 2019 is in the books, and if this is any indication, it is going to be a banner year for the serverless community! There has already been a ton of great serverless content so far, plus Paul Johnston pointed out that there are EIGHT ServerlessDays conferences between now and April 11th. One of which is Boston, so be sure to buy your tickets soon! I know I’m excited.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Off-by-none: Issue #15

It’s all about Layers…

Welcome to Issue #15 of Off-by-none. I’m glad that you could join us. 😀

Last week we recapped re:Invent and took a look at some of the excellent talks and AWS product releases. This week we’ll dig deeper into Lambda Layers and see how people are having a bit of fun with custom runtimes. Plus we’ve got more talks from re:Invent and plenty of other serverless tidbits for your mental ingestion.

Lots to get to, so let’s get started! 🚄

What to do when AWS gives people access to Custom Lambda Runtimes… ⚙️

AWS already took care of C++ and Rust for us, plus some launch partners have already added PHP and Cobol support as well. But it seems that the community is taking advantage of this new feature in a big way.

The team over at The Agile Monkeys added a Haskell runtime. Think about it, a purely functional programming language running pure functions on stateless serverless functions! Okay, maybe that’s a bit much, but if you’re a hardcore functional programmer, you may want to give this a look. 😎

Graham Krizek added Bash support, which is pretty darn cool. He even included executables like aws, scp, git, wget and a whole lot more. Think about all the interesting and powerful use cases this opens up. Just this git support alone adds a number of possibilities. 🤓

Data scientists rejoice! You can now run R on Lambda thanks to this tutorial by Philipp Schirmer. There might be some memory limitations, but overall this looks like a workable solution for all you number crunchers. 📊

There’s also this proof of concept for a Serverless Open Runtime for AWS Lambda. Definitely an interesting concept, especially the language agnostic middlewares piece. Could turn out to be a terrible idea, but definitely something to keep your eye on. 🤷‍♂️

When you want to know how to use AWS Lambda Layers… 🥞

You can certainly build Lambda Layers on your own, but several companies are now providing them as a way for you to easily instrument your code. Epsagon, PureSec, Thundra, DataDog, IOpipe, and more, have all built Layers that you can simply plug in to your existing Lambda functions without modifying your code. That’s pretty easy.

Of course, our friend Paul Johnston has some thoughts on Lambda Layers and Custom Runtimes, including initial thoughts on best practices.

If you’re looking to help influence the future of Lambda Layers, take a look at this RFC on how to handle permissions with LayerVersions in SAM. AWS always appreciates feedback from the community, so feel free to throw your hat in the ring and add your comments. 🎩

When you refuse to believe you’ve watched all the good re:Invent talks… 📺

Not all of these are available to watch, but there is still a ton of amazing re:Invent content out there that you probably missed, even if you were at re:Invent! Here are three more talks that I found to be super interesting.

Inside AWS: Technology Choices for Modern Applications (SRV305)
Tim Bray, a Senior Principal Engineer from AWS, talks us through how AWS dogfoods serverless to power many of their own services. Even API Gateway runs on Lambda. He notes that “capacity planning sucks” and that you should “use serverless whenever possible.” This talk is full of great advice, including ways to “minimize state hydration”, plus some helpful notes on the three integration patterns. Watch the talk

Reddit’s Serverless & Compute Infrastructure at Scale (STP18)
Anand Mariappan & Jesjit Birak from Reddit take us through their latest redesign process and the steps they took to avoid another incident like “the Digg Mass Exodus of 2010.” The overall process was helpful to understand, but their method for scaling their video ingestion system using serverless tech is really interesting. A great lesson for enterprises here, as they built this to run along side their existing monolith. Watch the talk

Close Loops & Opening Minds: How to Take Control of Systems, Big & Small (ARC337)
Colm MacCárthaigh, another Senior Principal Engineer from AWS, lays out ten patterns to use while building control planes for distributed systems. Since all of our serverless applications are distributed, this makes for a really useful guide when building our own applications. Colm dives a bit into control theory, but keeps the advice practical so that you can apply these techniques immediately. Watch the talk

When you’re still debating what database to use with your serverless app… ⚖️

If you plan on using DynamoDB, you may want to look at Alex DeBrie’s DynamoDB On-Demand: When, why and how to use it in your serverless applications. Plus, lots of your burning DynamoDB questions are answered in here.

If you still want to go the relational database route, check out A crash course on Serverless with AWS — Building APIs with Lambda and Aurora Serverless by Adnan Rahić. This is a great post to get you started, I just wish he didn’t use an MySQL ORM. 🤦🏻‍♂️

And speaking of MySQL, I released a new version of serverless-mysql that fixes an ENQUEUE issue. If you’re not familiar with it, this module helps you with Managing MySQL at Serverless Scale.

What to do when you need more serverless content… 🙏

Jon Vines gives us some ideas about Breaking Down the Serverless Monolith. It’s tempting to load up functions with a lot of capabilities as it keeps things “simple” and is familiar to most developers. Some good lessons learned are outlined in this post.

If you’re interested in learning some more best practices, take a look at Five Essential Principles for Developing Lambdas. I think most of these are pretty solid (especially single-purpose lambdas), plus there are some examples, which is quite helpful.

Another great thing about single-purpose functions is that they can be optimized for their specific job. Case in point, don’t overpay when waiting on remote API calls by using the appropriate memory configurations.

For you serverless security buffs, take a look at Ory Segal’s 6 Cloud Security Predictions for 2019. And if you want some hands-on experience, try going through this Serverless Security Workshop. 🔒

When you remember that Microsoft Azure has serverless functions too… ⚡️

Mikhail Shilkov is Making Sense of Azure Durable Functions for you with his new (very detailed) post. Though the title suggests this is all about Microsoft’s solution, there is quite a bit of background on microservices, event-driven applications, serverless function composition and more. Definitely worth the read if you’ve got 20 minutes or so to spare. 📖

Kate Baroni, a Software Architect at Microsoft Azure, shows us how an Azure Function can orchestrate a real-time, serverless, big data pipeline.  Plus, if you’re interested, there are some links to related posts that go into more detail. I love finding interesting use cases like this, but it’s curious to me that Azure is doing complex orchestrations within a single function (with no mention of Durable Functions). This has always been a big anti-pattern with AWS Lambda, but maybe not with Microsoft? 😕

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Simon Wardley (@swardley). Simon invented Wardley Maps, which changes the way we look at strategic planning. You can read all about how it works here (and I suggest you do). Beyond that, Simon is a huge proponent of serverless and has been predicting for quite some time that it is the future of computing. He has a number of brilliant talks about serverless (including ServerlessDays Hamburg and Serverlessconf San Francisco 2018), plus his Twitter feed often contains entertaining back-and-forth arguments as to why serverless adoption is inevitable (see this recent Twitter thread). I’m a big fan of Simon and appreciate the work he is doing to make the case for serverless.

Final Thoughts 🤔

Lambda Layers is exposing serverless computing to a number of new communities, and people have been rushing to add support for all kinds of runtimes and service integrations. A recent report by Gartner identified “serverless computing” as the number one key trend for 2019 and noted that “more than 20 percent of global enterprises will have deployed serverless computing technologies by 2020.”

We are still early in this journey, but as Simon Wardley says, “No more questions on serverless. It’s not an ‘if’ but ‘when’. Get on with learning.” This is sage advice, and what we’re encouraging with this newsletter.

I hope you’ve enjoyed this issue of Off-by-none. I love getting your feedback. It is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps!

Take care,
Jeremy