The Dynamic Composer (an AWS serverless pattern)

I’m a big fan of following the Single Responsibility Principle when creating Lambda functions in my serverless applications. The idea of each function doing “one thing well” allows you to easily separate discrete pieces of business logic into reusable components. In addition, the Lambda concurrency model, along with the ability to add fine-grained IAM permissions per function, gives you a tremendous amount of control over the security, scalability, and cost of each part of your application.

However, there are several drawbacks with this approach that often attract criticism. These include things like increased complexity, higher likelihood of cold starts, separation of log files, and the inability to easily compose functions. I think there is merit to these criticisms, but I have personally found the benefits to far outweigh any of the negatives. A little bit of googling should help you find ways to mitigate many of these concerns, but I want to focus on the one that seems to trip most people up: function composition.

Continue Reading…

Off-by-none: Issue #27

Let’s focus on business value…

Welcome to Issue #27 of Off-by-none. Thanks for being here! 🙌

Last week we discussed whether or not serverless is really dead and met some new serverless heroes. This week we look at Lyft’s AWS bill, share lots of serverless tutorials, use cases, and stories from the community… and shamelessly plug ServerlessDays Boston!

So much happening with serverless, so let’s jump right on in. 🏊‍♂️

When you find out that Lyft is spending $8 million per month on AWS… 💰

The other day, as part of Lyft’s IPO filings, it came out that they are obligated to spend $300 million on Amazon Web Services by 2022. It seems like a big number (~$8M per month), but according to Corey Quinn on Twitter, it works out to something like $0.14 per ride. Whether that is considered a lot or a little is up to the number crunchers, but it seems to me that the cost (and headaches) of owning your own global network of data-centers would cost a heck of a lot more than that.

We know that Lyft is using a wide variety of AWS services (including Lambda, DynamoDB and other serverless offerings), but another interesting part of this story has to do with what “all-in” with AWS really means for some of its other vendors. After this news came out, MongoDB shares plummeted due to speculation that this might mean that Lyft would be moving from MongoDB to AWS’ new DocumentDB. There has been no confirmation from either side, but according to that article, Lyft “is quite dissatisfied with Mongo’s performance and is in the process of a massive database migration.”

This may be bad news for MongoDB, but I think it goes a bit deeper than that. To me, this seems like more confirmation of the “Multi-Cloud Fallacy.” I’m a huge supporter of open-source, but the business model is going to need to find a way to adapt to the changing cloud economy. At scale, multi-cloud strategies continue to breakdown, and consolidating and collocating your applications and data in hyperconnected data-centers, IMO, will be the preferred approach. Something to think about when choosing your vendors.

Serverless Use Cases 🗺

Sending funny dog GIFs using AWS IoT Button and Lambda
This is clearly the best use case for serverless that I’ve ever seen. 😂 But seriously, IoT is a great serverless use case, and I’m thinking about ordering one of those buttons just to do something fun like this.

Serverless collaboration
A quite fascinating look at how you can use WebRTC to create “serverless” communication between browsers. There are some limitations, but this is pretty cool.

How a Monolith Architecture Can Be Transformed into Serverless
Kyle Galbraith has a great piece that outlines a number of use cases for “movable” parts of your monolithic architecture and how they can be adapted to serverless. He also points out some limitations that make certain components “unmovable” due to things like high memory requirements or low latency. He concludes that serverless is not the future because of the need for other types of workloads. Agree to disagree. 😉

A Typescript Runtime for Lambda and Why You May Not Want To Use It
Matthew Bonig wrote a custom TypeScript runtime for Lambda, and then wasn’t happy with the performance. From my experience, performance with custom runtimes has been quite good, but something to consider if you’re thinking about building your own.

ArcGIS in Lambda
Interesting use case that ties ArcGIS management into Lambda functions. I’m sure there is much more you could do with this API that could allow for additional mapping capabilities.

Serverless Computing with Drupal
It’s only a matter of time before WordPress ends up in a Lambda function. Luckily, the team at Opensense Labs took a slightly different approach with Drupal. The article spends quite a bit of time justifying serverless, but key take away is the use of CloudFront as a caching layer to globally distribute your CMS.

If you’re interested in some serverless product announcements… 📢

Announcing OpenTracing Compatibility for Go Agent
Golang continues to gain popularity on AWS Lambda, and now Thundra has extended their Go Agent to allow you to manually instrument your functions with the OpenTracing interface.

Aqua Security Introduces Industry’s First Serverless Function Assurance for Securing Serverless Environments
I’m not sure it’s actually the first, but this shows continued investments into the severless security space. Detecting vulnerabilities and over-provisioned roles is a good first step, but restricting execution based on defined policies is pretty cool.

If you’re new to Serverless… 🐣

Serverless computing 101 for developers
Rodric Rabbah (one of the original creators of Apache OpenWhisk), gave a great interview with App Developer Magazine about serverless. It is a good introduction to the overall landscape (a bit skewed to open source, of course), but does a great job explaining some of the key concepts. Most important takeaway: “What developers are showing us is that serverless will become the way you develop all applications in the future.”

Five Frequently Asked Questions about Serverless
Micah Adams answers five questions that I’m sure most teams new to serverless will be asking. While I don’t agree completely with all his answers, it is good to see these types of questions being raised.

Serverless Architecture using Serverless Framework and AWS Lambda
This quick tutorial from Atin Kapoor gives newbies a step-by-step guide that should get them up and running fast.

How to explain serverless in plain English
I keep trying to refine my own pitch for the uninformed, but this post gives a nice roundup of definitions by some industry experts. Might help you better explain what you do to your significant other.

Three Projects to Get You Started with Serverless in 2019
Alex DeBrie has another great post that outlines starter projects for Ops engineers, web developers, and “anyone that wants to be a hero,” so they can jumpstart their serverless journey.

Cutting Through the Layers: AWS Lamba Layers Explained
Michael Lavers from IOpipe gives a great overview of Lambda Layers and what they’re good for. There is a mention of using layers as composition, but I still think there is a bigger opportunity here beyond just importing prebuilt packages. I have to work on that.

Serverless Tutorials 👷‍♂️

DynamoDB TTL as an ad-hoc scheduling mechanism
Yan Cui runs a series of experiments to see if you can use DynamoDB TTLs as a way to build a massively scalable scheduler system. Unfortunately, there just isn’t enough precision for certain tasks, but could certainly be useful in a number of circumstances.

There Is More than One Way to Schedule a Task
Zac Charles followed up on Yan’s post and offered some alternative approaches to scheduling a task, including SQS Delay Queues, SQS Message Timers, SQS Visibility Timeout, and my favorite, Step Functions.

OpenWhisk Web Action Errors With Sequences
James Thomas has a great post that explains the power of Action Sequences with OpenWhisk Functions and how you can tie those to synchronous web actions. Function composition is still one of the most confusing aspects of serverless, but Action Sequences are an interesting approach.

Setup CI/CD pipeline with AWS Lambda and the Serverless Framework
Lorenzo Micheli walks you through setting up a CI/CD pipeline for your serverless projects, complete with approval steps.

AWS Infrastructure as Code with CDK
If you’re not a fan of CloudFormation and you’d like to use a more familiar programming language to manage your infrastructure, Ross Rhodes’ post will teach you how to use the AWS Cloud Development Kit to configure a simple serverless application.

Using Little’s Law to estimate IP capacity in VPC for AWS Lambda
If you still need to use VPCs with your Lambda functions, you need to make sure you have enough IPs available for your ENIs. Vladyslav Usenko shows you some quick calculations to make sure your CIDR blocks aren’t too small.

Building serverless apps with components from the AWS Serverless Application Repository
Aleksandar Simovic reminds us that we should not be reinventing the wheel if someone has already created a good solution. The AWS SAR is loaded with really great apps to jumpstart your serverless projects.

AWS Lambda for .NET Developers
If you love .NET core, this great post by Marc Roussy will give you some good insight and all the details you need to run .NET on AWS Lambda.

Serverless Stories 📖

Paul Swail has an excellent series of posts documenting the decisions he needs to make in order to Migrate a Monolithic SaaS App to Serverless. In part two, he tackles Routing requests away from a legacy API. This should be an interesting set of posts to keep up with.

Painless Serverless: Destructuring services into functions automatically
Not sure how effective this would actually be (nor is the author) but the basic idea is to take a monolithic service and automatically break it down into discrete serverless functions. Interesting idea.

Going serverless: How we migrated our customer websites to AWS Lambda
Andy Buckingham and his team over at Aiir built a custom PHP Lambda Layer to replace nginx based web servers. I’m assuming they are using Lambda like mini servers (so maybe not the best use case), but they are taking advantage of ALBs instead of API Gateways, so that’s interesting.

How we migrated from monolithic to serverless mentality
This is just a short write-up by Darlei Soares that shows how quickly small teams (with the right mindset) can start to implement serverless architectures.

Serverless For Devops Teams
A list of “weird and wonderful use cases that the DevOps team” at Space Ape has found for Lambda functions.

SEEKing Serverless with DevopsGirls
Just a nice story about people coming together and volunteering their time to spread the idea of serverless, one small bootcamp at a time.

Serverless Computing: The Story of Success
The story of how the JetRuby Agency built a serverless application for a client, what technologies they used, how many people it required, and how long it took. Interesting read.

Serverless Reads 👓

Macroservices vs. Microservices vs. Serverless: the story of a modern solution architect
Mick Roper takes us through his decision making process when choosing a particular design pattern.

Why I, A Serverless Developer, Don’t Care About Your Containers
An important point in here while we continue to argue about what makes something “serverless.” Developers won’t really care about any of it as long as the providers are managing the services for them.

Serverless Architectural Patterns
Eduardo Romero outlines several useful patterns that you can use with your serverless applications. Lots of excellent links at the end as well.

Industry predictions for 2019
A good overview of how companies think about moving to the cloud and why leapfrogging containers might be the better approach.

Project Management In The Age Of Serverless
Robert Ayres argues that project managers need to know more about the technology as their teams adopt serverless. This posts lays out a number of factors to consider when defining your project management methodology as well as outlining the impact of emerging technologies on your projects.

Amazon DynamoDB auto scaling: Performance and cost optimization at any scale
Helpful post that gives an overview of how auto scaling works and how to use it to reduce your overall costs.

How Might Serverless Impact Node.js Ecosystem?
Aditya Modi asks an important question, especially when it comes to the size of third-party Node.js libraries. As he says, it takes time to load dependencies into memory, which can affect cold start times. Doesn’t mean we avoid libraries, it just means we need to be smarter about how we optimize them.

When you’re wondering what AWS has been up to… 🛠

Amazon Aurora Serverless Publishes Logs to Amazon CloudWatch
Don’t know how I missed this last week, but this is big. A major deficiency with Aurora Serverless was the inability to see your log files. You can now publish general logs, slow query logs, audit logs, and error logs directly to CloudWatch.

Resource Groups Tagging API Supports Additional AWS Services
Step Functions was added to the list, so more useful ways to organize and track your serverless application components.

Amazon Athena Now Supports Resource Tagging
The Athena Workgroup resource lets you separate query execution and query history between Users, Teams, or Applications running under the same AWS account, and now you can tag them for better insight for billing.

Amazon DynamoDB adds support for switching encryption keys to encrypt your data at rest
Probably not a common need, but it’s good to know that you can do this.

Introducing AWS X-Ray support for Python web frameworks used in Serverless
If you use Flask or Django with your serverless Python apps, you can now auto instrument them with X-Ray, which is pretty cool.

Upcoming Serverless Events 🗓

ServerlessDays Boston is next week Tuesday, March 12th! If you haven’t bought your ticket yet, you still have time. They are only $49 and include breakfast, lunch, happy hour drinks, and an amazing lineup of speakers. If that’s not enough, Christina Wong and I will be emceeing the event, so you don’t want to miss our comedy stylings. 😉

ServerlessDays Helsinki is on April 25th. Tickets are on sale now and the CFP is still open. ServerlessDays Tel Aviv is on June 4th (CFP is open).  And the Call for Papers for Serverless Computing London is also open.

If you don’t feel like traveling, Yan Cui is teaching an online training course for Designing Serverless Architecture with AWS Lambda on April 15th and 16th.

When you prefer multimedia… 📽

And speaking of ServerlessDays, all the ServerlessDays Cardiff 2019 videos are now available for your viewing pleasure. Lots of great stuff in there.

I also came across this video to help you Understand Serverless Kubernetes and Serverless on Kubernetes. It’s short, and actually worth watching if you are curious as to what Azure actually means by these terms. The idea of “nodeless” Kubernetes is particularly interesting.

The lasted episode of the Think FaaS Podcast finishes up a three part interview with Yan Cui. From DevOps to FinDev gives you a good overview of what FinDev is and why serverless plays an important role. However, we have to deduct 1 point because it went over the 15 minute timeout. 😬

Serverless Security 🔒

AWS Security Best Practices for API Gateway
Ory Segal from PureSec lays out the different ways that you can control access to your AWS API Gateways and gives you some best practices to make sure you keep your serverless functions secure.

The 12 Most Critical Risks for Serverless Applications 2019 Guide
PureSec also published a new guide that outlines the 12 Most Critical Risks for Serverless Apps. While serverless apps are more secure just given the fact that the provider is managing the infrastructure, it’s important to remember that the application code is still our responsibility.

5 Best Serverless Security Platform for Your Applications
A quick list and overview of five of the main serverless security platforms that are available to you.

Injection Attacks: Protecting Your Serverless Functions
Another reminder that event injection is a little different with serverless applications. Good overview of the issue, plus some mitigation strategies using Stackery and Twistlock.

When you’re looking for some serverless insights on Twitter… 🐦

A clever post by @mykola that does a great job explaining Eventual Consistency.

A valuable insight from Dwayne Monroe‏  that  “the age of bespoke IT needs to end, serverless is the method.”

Joe Emison also made a good point about people who see serverless as just as FaaS.

And Forrest Brazeal asked what is the most underrated AWS service? He got some pretty good answers.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Matt Weagle (@mweagle). Matt is another recently named AWS Serverless Hero and a valuable member of the serverless community. He organizes the Seattle Serverless Meetup and is a co-organizer of Seattle Serverless Days. You can find his serverless musings on Medium as well as his Twitter feed. Matt’s GitHub is loaded with sample serverless applications as well as his Sparta project, a Go framework for building serverless microservices with AWS Lambda. 👍

Final Thoughts 🤔

I’m curious what your thoughts are about the new format of the newsletter. I’ll be experimenting a bit more in future, so please let me know what you like (or don’t like) about it.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And please do me the honor of sharing this newsletter with your friends and coworkers who might be interested in serverless. It would be greatly appreciated. 👍

See you next week (hopefully at ServerlessDays Boston),
Jeremy

Off-by-none: Issue #26

Introducing the new serverless heroes…

Welcome to Issue #26 of Off-by-none. It is great to see you all again! 😃

Last week we thanked IOpipe for supporting open source and explored some helpful serverless architectural patterns provided by AWS and others. This week, we figure out if serverless is really dead, meet some new serverless heroes, and share lots of great content and stories from the community.

It was a busy week for serverless, so let’s get to it. 🚀

When you’re holding out for a hero ’til the end of the night… 👨‍🚀👩‍🚀

AWS announced its latest round of AWS Serverless Heroes, including Ant Stanley, Matt Weagle, Kurt LeeShingo Yoshida, and me! ☺️ It is an incredible honor to be welcomed into this remarkable group of people doing amazing things with serverless. And a huge thank you to all of you for reading this newsletter, my blog posts, and my Twitter ramblings. If it wasn’t for you sharing and retweeting, this wouldn’t have been possible. 🙌

I already had quite a few things planned for 2019, and this just makes me want to do more to help the serverless community learn and grow.

When you hear a rumor that Serverless is Dead… ☠️

Chris Munns of AWS gave the closing keynote at ServerlessDays Austin and proclaimed that Serverless is Dead! Don’t worry, “Modern application development using managed services that provide opinionated event-driven interfaces” isn’t going away. This was about the death of the term by “extreme buzzword trauma,” as he called it. I had tried to tell people to Stop Calling Everything Serverless, but I think Chris is right, our enemies were too many. 🧟‍♂️

So what do we do now that the term “serverless” is being applied everywhere to everything? We could try to ignore it, or as Chris said, “we should instead be focusing on what we’re seeing to be the new way of doing modern application development.” This is an important point. While confusion is sure to abound, and perhaps have a short term impact on adoption, eventually, “serverless” will just be the way to build applications in the cloud.

In Paul Johnston’s most recent post, Cloud 2.0: Code is no longer King — Serverless has dethroned it, he argues that code is a liability. The evolution of the cloud will be in understanding what services to use and when, and perhaps more importantly, when not to write code. This allows teams to build faster and solve problems that actually impact customers, as opposed to unnecessary problems they bring on themselves.

Okay, so maybe it’s too late to salvage the term “serverless”, but the vision and the evolution is just beginning. To quote Chris again, “Long live serverless!” 

When you’re looking for the latest serverless announcements… 🔈

Serverless Framework v1.38 has been released, now with support for WebSockets. So that’s pretty cool.

Last week, we mentioned that IOpipe was sponsoring my Lambda API and Lambda Warmer open source projects. This is actually part of their New Serverless Open Source Sponsorship Program, so look forward to more generous sponsorships in the future.

Stackery just announced their new pricing plans, which includes a free developer tier. If you’d rather use a visual interface instead of going cross-eyed writing YAML files, give them a look.

For those of you that love to get your Java on, Microsoft announced the general availability of Java support in Azure Functions. Even cooler, you can use the Azure Functions Maven plugin to create, build, and deploy your functions from any Maven-enabled project.

When you want some expert advice… 👩‍⚕️

ServerlessDays Boston is in 2 weeks! Tickets are only $49 and include breakfast, lunch, drinks at the happy hour, and an insane amount of serverless knowledge from an amazing lineup of speakers. Please spread the word to your friends and colleagues.

James Beswick joins a webinar with Stackery on February 27th to teach you how to Save time and money with AWS Lambda using asynchronous programming.

If you want to know How to Accelerate Serverless Adoption, sign up for this webinar on March 7th with Shannon Hogue from Epsagon and Avner Braverman from Binaris. Should be interesting.

If you want more from Epsagon, you can also sign up for the Best Practices to Monitor and Troubleshoot Serverless Application webinar on March 7th as well.

The AWS Serverless Webinar: Unleash Innovation & Enable Legacy (Four-Part Session) is scheduled for Thursday, March 21st. AWS’s Steve Liedig will be joined by new AWS Community Hero, Aileen Smith, and others, for what’s sure to be a very educational series of sessions.

A Cloud Guru announced that Serverlessconf 2019 will be held from October 7th through the 9th in New York City. Definitely looking forward to this.

When you want to hear some interesting Serverless Stories… 📖

There certainly is a learning curve for serverless, and even those of us with a lot of experience tend to scratch our heads now and again. In Dear deployment diary: serverless is f**king hard, the author points out the challenges that larger companies face when the line between developer and operations become blurred.

On the subject of serverless not always being easy, Pavol Fulop gives us some Takeaways from using AppSync, which entails a lot of struggles. It’s always interesting to hear where people are getting stuck.

For those of you that have been putting off building that side project, here’s another example of how a developer created a MVP in 1 week for $10 while working a full-time job. It’s not the most complex app, but it goes to show how quickly serverless can get you up and running.

Benedikt Eckhard’s piece, My First Alexa Skill — Lessons Learnt, is an in-depth look at how he went about designing, building, deploying, and testing an Alexa skill. Some really good lessons in here.

Jeff Lu explains how his team took a serverless approach to Weather Underground in order to generate Intellicast radar maps.

And, Things about serverless I wish I used from the start by Antonio Terreno is a quick hit list of some simple tips that can save you quite a bit of time.

When you’re wondering what’s going on around the AWS universe… 🤓

Simon-Pierre Gingras published a very helpful AWS S3 Batch Operations: Beginner’s Guide for us to start thinking about all the amazing things we’ll be able to do with this. S3 Batch is still in preview mode, but when it goes GA with Lambda support, the possibilities will be endless.

Last week, we mentioned the new AWS Solutions catalog that contains vetted, technical reference implementations that can help you solve
common problems with prebuilt CloudFormation templates. Kira Hammond built this useful AWS Solutions Update Feed that you can subscribe to, triggering an email, SQS message, or Lambda function when new solutions are added. And of course, it’s 100% serverless. 😉

Jerry Hargrove (aka @awsgeek) has some new visual notes on Amazon Transcribe. As more and more people move to audio and video on the web, I think they’ll find this to be an incredibly handy service.

If you’re curious how Jerry Hargrove keeps producing these amazing pieces of content, check out his How I Create Visual Notes at awsgeek.com — My Step-by-Step Process.

And if you like visual things, the newly released AWS Architecture Icons are available for download.

Finally, If you need your weekly dose of snark, check out Corey Quinn’s guest appearance on What’s New with AWS – Week of February 11, 2019 with Jeff Barr. Nothing serverless in here, but always good to see AWS having a little fun.

When you want to be inspired by some serverless use cases… 🗺

Alex Casalboni’s new post, Design patterns for high-volume, time-series data in Amazon DynamoDB, is a great example of how breaking with best practices sometimes creates a better solution. Beyond just this use case, there are likely several other practical reasons to auto-provision DynamoDB tables.

Nikolay Nemshilov has a fascinating read on building a Serverless Genetic Algorithm. Genetic algorithms are an extremely powerful problem solving mechanism and Nikolay demonstrates a quick and dirty solution using parallelization with Lambda functions.

Scott Ringwelski from Handshake has a post that explores Serverless Use Cases At Startups. I think he offers a fresh perspective on how mid-size startups could take advantage of serverless and how implementing odd jobs and internal automation might be a great place to start.

Lambda@Edge: Why Less is More is a good introduction to get you thinking about how powerful computing at the edge can be. There are a lot of use case around this concept, and Nuatu Tseggai from Stackery, points out a whole bunch.

When you’re looking for serverless brain candy… 🍬

Why serverless is revolutionary for product managers by James Beswick is 20 years of software development wisdom wrapped up into a 9 minute read. There is so much to unpack here, I think you just need to read it yourself.

John Demian from the Dashbird is Getting down and dirty with metric-based alerting for AWS Lambda in his new post. There are some helpful definitions in this post that explain the metrics captured by CloudWatch as well as how to set up alarms. There’s also a nice chart that shows you how observability platforms like Dashbird can extend the basic metrics and search capabilities of CloudWatch.

Making AppSync Easier with Thundra gives some more insight into how observability platforms can make monitoring and debugging your serverless applications so much easier. Using Lambda as an AppSync datasource is obviously incredibly powerful, but as this piece points out, debugging it can get a bit tricky.

Nader Dabit had some thoughts on the new Serverless paper from the folks over at Berkeley. Cloud Programming Simplified: Simplified points out a few key points from the paper and offers some of Nader’s thoughts.

Mikhail Shilkov’s new Evergreen Serverless Performance Reviews has taken his fantastic posts and made them even better. He’s now tracking the performance of serverless functions from various cloud providers and has automated them so they’re always up-to-date.

Alex DeBrie has another excellent post entitled, AWS API Performance Comparison: Serverless vs. Containers vs. API Gateway integration. Which one should you use for your workload? It depends, but Alex has some recommendations for you.

In Chaos test your Lambda functions with Thundra, Yan Cui shows us how to use an observability platform to inject errors into our serverless application and then trace them to make sure the proper fallbacks are in place. Great advice and an excellent use of these third-party tools.

When you just want to build something serverless… 🏗

Marcia Villalba has another great video that shows you how to build a Simple application with API Gateway Websockets. This is an incredibly powerful feature of API Gateway that opens up some really great use cases (and no, it’s not just chat). 💬

How to Use AWS Lambda to Send High Volume Emails at Scale outlines a serverless architecture that could give you some ideas of your own. Definitely a useful pattern if you want to own your own mass email generation.

Serverless Functions in Depth is a great tutorial for front-end developers looking to get started with serverless. I think using Amplify CLI will resonate with devs familiar with some common build tools.

For something a bit more advanced, this tutorial will show you how to create A predictive engine API deployment with AWS and serverless in minutes.

Building a Serverless Mixpanel Alternative. Part 1: Collecting and Displaying Events is the first part of a tutorial series on building an analytical web application with Cube.js. Lots of useful concepts in here.

How to build a serverless web crawler, another great post by James Beswick, will take you through several different ways to build a classic web crawler using combinations of Lambda, DynamoDB streams, SQS queues, S3 and more.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ant Stanley (@IamStan). Ant was recently named an AWS Serverless Hero, and for good reason. When he’s not consulting, he’s running the Serverless User Group in London, organizing ServerlessDays London, and helping organizer around the world as part of the global ServerlessDays leadership team. He was also a co-founder of A Cloud Guru and organized the first ServerlessConf event back in 2016. I think he’s done more to spread the word of serverless than anyone else. His blog and Twitter account are also great sources for serverless insights.

Final Thoughts 🤔

I can’t thank you all enough for being a part of this newsletter. I can’t believe it’s already been six months since we started this! I try each week to capture and disseminate important and interesting stories and announcements, but I could always use more help. If there are great stories that need to be heard, or interesting use cases, or people who you feel deserve to be the star of the week, please send them to me. This newsletter is as much yours as it is mine.

I hope you enjoyed this issue of Off-by-none. Please feel free to send feedback and suggestions so I can keep making this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And please do me the honor of sharing this newsletter with your friends and coworkers who might be interested in serverless. It would be greatly appreciated. 👍

Until next time,
Jeremy

Off-by-none: Issue #24

Serverless will become the default computing paradigm of the Cloud Era…

Welcome to Issue #24 of Off-by-none. I’m glad you’re here! 🤘🏻

Last week we looked at how we could use serverless to deal with third-party API quotas, watched some helpful videos, and introduced “Serverless Stories.” This week, we geek out on a recent UC Berkeley paper about serverless, share some more great stories and use cases, and discuss how SaaS providers should be thinking about serverless integrations.

So much to get to this week, so let’s get to it. 🏎

When you get excited by an academic paper that says serverless is the future… 🕺💃

Cloud Programming Simplified: A Berkeley View on Serverless Computing is a new paper recently published by the University of California at Berkeley. For those of you that don’t want to read all 20 pages, here’s a quick synopsis: “Serverless computing will become the default computing paradigm of the Cloud Era, largely replacing serverful computing and thereby bringing closure to the Client-Server Era.”

If you’re interested in the details, I highly suggest reading the entire paper as it gives both a realistic look at the current limitations, but also points out how they could be (and most likely will be) solved. I wrote a recent post called Stop Calling Everything Serverless that pointed out (similar to this paper) that cloud providers monitored how their customers used virtual machines and built additional services to make those use cases better, faster, and easier. The same is true for serverless environments, with the ecosystem and available suite of services getting better each day.

The paper points out other important advantages that serverless has over (what they call) serverful architectures, and helps to clarify how modern FaaS implementations are superior to previous generations. It also notes that container technologies, like Kubernetes, are “a technology that simplifies serverful computing” and that the economies of cloud scale will eventually “diminish the importance of such hybrid applications.” This is noteworthy as we start to look at computing at the edge, and how that will affect application design.

And while there are obviously still limitations, the paper suggests advancements such as faster ephemeral and durable storage, lower startup times, and better coordination between functions, will eventually solve current system challenges. The paper also suggested introducing access to more cores, sharing of computation graphs, and collocation of functions to solve some of the networking problems and throughput issues.

The bottomline is that the cloud business is growing by 50% year-over-year, and 24% of serverless users are using the cloud for the first time. Serverless adoption is only going to grow, and as limitations get innovated out of existence, the need for serverful computing and the underutilization associated with it, are going to become less relevant. The paper doesn’t give a suggested timeline, but Forbes has some 2019 Serverless Computing Predictions.

When you’re looking for some serverless innovations and announcements… 🗣

Epsagon announced One-Click Serverless Monitoring, which lets you instrument your Lambdas functions without any configuration changes. This is the perfect use case for Lambda Layers, and it looks like they are monitoring updates to configurations, which will ensure that the layer is added on every deployment. Enforcing monitoring compliance without developers having to do anything is a huge advancement.

Dashbird announced their new incident management platform, a new component that lets you set alert conditions based on Lambda metrics. Reducing notification fatigue is a helpful way to make sure real issues are identified and addressed quickly. You can read about it in their public changelog (which I just realized they had). They also announced that they are now an AWS Advanced Technology Partner, which is pretty cool.

A new article, Lumigo: End-to-End Serverless Monitoring and Troubleshooting, gives a great overview of Erez Berkner and Aviad Mor’s new serverless observability company. There are several providers in this space now, but they’re all trying to do things a little differently. A helpful video is included with the article that shows how Lumigo deals with transaction reporting.

And congratulations to Serverless, Inc. for winning a Technology of the Year award from InfoWorld. The year’s best in software development, cloud, and machine learning highlights the Serverless Framework for being an outstanding tool that has had a massive influence on the adoption of serverless technologies. 🏆

When you feel the need to add an extra deadbolt to your serverless applications… 🔒

Hillel Solow makes the case for serverless, but points out several Serverless Computing Security Risks & Challenges. But who’s responsible for securing your serverless applications? Hillel suggests that we make it everyone’s problem by creating closer relationships with other teams in your organization.

In Serverless Computing: ‘Function’ vs. ‘Infrastructure’ as-a-Service, Ory Segal does a great job calculating the drop in security responsibilities when moving to FaaS solutions. Not all the requirements are created equal, but this is a fairly good estimate. I’d much rather be responsible for less than half of the security components versus the roughly 92% required using the IaaS approach.

Ed Moyle discusses the security implications of serverless cloud computing with a particular focus on CloudFlare Workers. While segmentation attacks and Rowhammer concerns are certainly valid in a containerized world, I think most cloud providers have a pretty good handle on this.

Puresec did some ethical hacking and took down a newsletter’s Lambda-backed signup form. Serverless Security And The Weakest Link (Or How Not to Get Nuked by App-DoS) documents how they did it (and graciously points out that it was not Off-by-none 😉). While Puresec did a good job anonymizing the victim, he was proud to take ownership (hint: it rhymes with “Maury Schwinn”). Even though this was a bit of fun, the community working together like this is a great way to learn and make our applications safer.

It was only a matter of time before McAfee jumped into the serverless security realm. The Exploit Model of Serverless Cloud Applications is a high-level overview of possible threats to your serverless applications. This picture looks scarier than the reality. Key thing to remember is that the cloud provider is handling the vast majority of network and infrastructure security for you. TLDR; Use best practices to write secure apps, scan your dependencies, and protect your secrets. Do this and your serverless applications will likely be more secure than traditional ones.

Where to go for some awesome serverless events… 🗓

IOpipe is hosting a Stories of serverless in the wild with Saks Fifth Avenue at the Serverless Seattle Meetup on February 22, 2019. Always fun to hear real world problems being solved by serverless.

Stackery also has a webinar coming up tomorrow entitled New serverless workflows, build faster than ever before. Great opportunity to brush up on your (or learn some) infrastructure-as-code skills.

And we are getting into the ServerlessDays season with several events coming one after another. Hamburg is this week, followed by Austin in just 10 days. Boston is four weeks away (and recently announced an amazing agenda), Amsterdam is in late March, and Atlanta has a crazy three-day event planned, with Zürich right on its tail. Also Tel Aviv was just announced and scheduled for June 4, 2019. Looks like you’ll need to choose between that and NYC. 🗽

Also, don’t forget that the Serverless Architecture conference in The Hague, Netherlands is being held from April 8th to the 10th. I’m actually giving two talks now, so that should be a lot of fun. There are plenty of great speakers, so be sure to get your tickets soon.

When you’re looking for some encouraging Serverless Stories… 👂

How We Moved Towards Serverless Architecture highlights the struggles that a team encounters when transitioning to serverless. Pravash Raj Upreti reviews the technologies his team used, some advantages and disadvantages of using serverless, and the choices they made in order to launch their first serverless application.

In Serverless Event Sourcing in AWS (Lambda, DynamoDB, SQS), Dom Kriskovic explains the serverless architecture used to build Beenion. He uses the CQRS pattern along with DynamoDB to capture and distribute events. I don’t agree with all of the choices, but this article does a great job exposing the tough decisions that need to be made.

Serverless GitLab Runner Builds on Lambda gives a developer’s account of experimenting with using Lambda to executed GitLab builds, inherit IAM permissions, and use additional binaries and its dependencies to execute things like terraform during the build. There some Lambda Layer experiments in there as well.

Joshua Toth built a serverless Node.js, AWS native, Serverless, IoT, FinTech project. Lots of really good information in here about the different technology choices made. Plus, the realization that the velocity of a serverless project was “mind-blowing.” 🤯

Antonio Terreno tells us about the Startup Pre-series A tech choices you can’t compromise on. Great story about a small company using serverless to build and iterate quickly. Now they have a team of 20 people.

When you’re looking for real-world serverless use cases… 🔍

While the Berkeley paper argued that certain machine learning tasks might be too much for serverless right now, Michael Hart and the team over at Bustle has news for them. In Massively Parallel Hyperparameter Optimization on AWS Lambda, they explain how they used the concepts from the Asynchronous Successive Halving Algorithm paper and applied them to text-classification with Lambda. This is a really great read and an amazing use case.

Renato Byrro from Dashbird discusses Building a Serverless News Articles Monitor that can be used to extract article data in a structured format. They also made it open source for you to use.

Generating thumbnails is a common use case given for serverless, but what about generating complex PDFs? Marc Mathijssen came up with a way to do this using the power of Apache FOP in a .NET world using Azure Functions.

Nader Dabit takes us through Building Chatt – A Real-time Multi-user GraphQL Chat App in his recent post. The code is also open source, so not only is this a good use case, but also a helpful template to get you started with serverless.

What to do if you’re craving some good serverless reads… 📖

Alex DeBrie put together the Complete Guide to Custom Authorizers with AWS Lambda and API Gateway for you, and it is an awesome resource. Anyone who has played around with custom authorizers is sure to have some of their own war stories, so having this as a reference could be a lifesaver (metaphorically speaking).

Gojko Adzic introduces us to BaDaaS and the future of cloud integration. He explains that there is a new pattern called “Business action deployment as a service” (or BaDaaS), that allows service providers to offer application components that interact directly with FaaS services instead of passing data through webhooks. Twilio is already doing it, and last week we mentioned Braintree’s serverless payment functions initiative. Pay attention SaaS providers, a new standard might be emerging.

The New Stack’s How Serverless Platforms Could Power an Event-Driven AI Pipeline is another take on how to bring machine learning into the serverless world. It rightly suggests that “event-driven artificial intelligence (AI) can lead to faster and smarter decisions” and will take a “hybrid architecture structure that takes the best of serverless and combines it with stateful database stores” in order for it to be applied successfully. Obviously we need a database to store training data, but I think we’ll see more serverless alternatives to this sooner rather than later.

If you’d rather not read, you can watch Marcia Villalba talking about Serverless with Ben Kehoe. Another insightful interview featuring someone definitely worth listening to.

Finally, Cory Schimmoeller says that Using AWS Amplify feels like cheating, and he may be right. This is a good overview of how simple it is to use Amplify and the CLI to connect to your AWS backends.

What to do if you’re new to serverless… 🐣

Have no fear, Toby Fee from Stackery takes you through the Anatomy of a Serverless App. This post explains the three layers of a serverless application (business logic, building blocks, and workflow dependencies) and acts as a great primer for the newly initiated.

Serverless Computing 101 is another overview of what serverless computing is, how it works with other resources (or BaaS), and highlights some use cases. Not all the “demerits” are created equally, but certainly gives you something to think about.

Eric Sales De Andrade helps you answer if serverless is right for your next application in Should I go “Serverless” — How to choose the right solution for Your Product and Business. Like most of these types of posts, the pros and cons are laid out for you. But my suggestion, just go serverless. 😉

When you want to get hands-on with some serverless how-tos and tutorials… 🛠

Yan Cui gives us the lowdown on AWS Lambda and Secret Management in a recent post. Should you choose Parameter Store, Secrets Manager, or HashiCorp’s Vault? Yan walks you through the when, why and how.

Many people associate the terms “machine learning” and “artificial intelligence” with lots of math and complexity that make them seem unapproachable. But the reality is that powerful ML and AI services are readily available and easy to integrate with your applications. James Beswick show us how to build a serverless Twitter bot using sentiment analysis so that you can automatically like positive comments on your tweets. And it’s much easier to do that you probably think.

Debugging Chronicles: Missing Lambda Invocation is more of a tip (and a warning) from Davide de Paolis. TLDR; make sure you pass the Authorization header for every request that is using Congito with API Gateway. 🤦🏻‍♂️

Optimizing your Node.js lambdas with Webpack and Tree shaking is a great post by Erez Rokah that shows you how to use Webpack to remove unused modules when packaging your Node.js files for deployment to a serverless environment. He gives an example of reducing his deployment package from 740.6kB to 6.6kB.

If you’re using the .NET runtime, it might be helpful to know How to Unwrap an AggregateException Thrown by AWS Lambda. Zac Charles shares the secret of setting the right environment variable. He also shared how to make .NET AWS Lambda Functions Start 10x Faster using LambdaNative, a handy Lambda Layer that you can use.

If you’re working with Azure, David Pallmann has a full tutorial on how to build a Document Search Engine using Azure Functions and Cosmos DB.

Julian Tellez from DAZN gives us some tips for Handling complexity in lambda functions using his Lambcycle middleware component for AWS Lambda.

If you still haven’t played around with Lambda Layers yet, Eric Johnson’s Working with AWS Lambda and Lambda Layers in AWS SAM post is an awesome overview to get you started (or take you even further down the rabbit hole).

And why not combine the power of WebSockets, Machine Learning, and Translation services to build a better chat application? Danilo Pocci gave a recent presentation called Serverless real-time apps: Let’s build a “positive” chat that does just this. The architecture is all in the slides, plus you can check out the demo here.

Finally, if you are building Large (Java) Applications on Apache OpenWhisk, James Thomas has some very helpful tips and tricks for you.

When you’re wondering what AWS has been up to… 🧙‍♂️

Keeping up with AWS announcements is a full-time job in itself, never mind figuring out when CloudFormation adds support for a new feature. AWS CloudFormation: 2018 in review documents all the new features added to CloudFormation in 2018. And if you really want to stay current with new information, their release history page is always up-to-date.

Speaking of CloudFormation support, you can now Automate WebSocket API Creation in Amazon API Gateway Using AWS CloudFormation. Expect support in other serverless frameworks to be added soon.

Amazon SNS Message Filtering Adds Support for Multiple String Values in Blacklist Matching, which is actually much more exciting than it seems. Filtering messages at the broker level dramatically simplifies (and reduces costs for) pub/sub implementations. Having the ability to add several items to the blacklist is a very handy feature.

AWS also announced an open source project for Deploying a personalized API Gateway serverless developer portal. Using this project, you can make your API Gateway APIs available to your customers by enabling self-service discovery of those APIs. They can then use the portal to browse API documentation, get API keys, test published APIs, and monitor their own API usage. Another thing you don’t need to worry about. 👍

I’m not a .NET guy, so I didn’t even know there wasn’t support for this already. In any case, AWS X-Ray SDK for .NET Core is Now Generally Available, so good news for those utilizing that runtime.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Aleksandar Simovic (@simalexan). Aleksander is the co-author of Serverless applications with Node.js, a core team member for Claudia.js, and an AWS Serverless Hero. He has done a tremendous amount of work on Jarvis, an Alexa skill that allows you to create serverless applications using only voice commands, which is pretty cool. He also has 20 applications published to the Serverless Application Repository that you can use to get started with serverless quickly. Aleksandar continues to make valuable contributions to the serverless community, and we’re all lucky to have him!

Final Thoughts 🤔

There are so many amazing things happening with serverless right now, and this recent Berkeley paper is so incredibly encouraging. There is certainly a place for containers and servers right now, but it’s important to remember that today’s limitations are tomorrow’s opportunities, and the cloud providers all see the writing on the wall. Expect more and more advancements that address these limitations, and soon, serverless will in fact become, the default computing paradigm.

I hope you enjoyed this issue of Off-by-none. I love hearing feedback and suggestions so I can keep making this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And don’t forget to share this newsletter with your friends and coworkers who are interested in serverless. I’d really appreciate it.

Until next time,
Jeremy

Off-by-none: Issue #20

Let’s get hands-on…

Welcome to Issue #20 of Off-by-none. It’s great to have you here! 🤘🏻

Last week we sifted through quite a bit of serverless content to start the new year. This week we’re going to get a bit more hands-on, and dig into some useful applications of serverless that we can start using right now. We also have some more insights into the future of serverless, plus some really compelling research regarding TCO of serverless infrastructures.

We’ve got a bunch of stuff to get to today, so let’s get into it! 👇

When your downstream systems aren’t infinitely scalable… 😳

There is an ongoing debate about the “serverlessness” of certain services and downstream systems. While that may be a useful exercise from an operational perspective, from a practical standpoint, the bigger issue has to do with scalability. It is likely that most of the services that make up your serverless applications will not scale as well as Lambda. This can create significant pressure on downstream services during heavy traffic spikes, sometimes resulting in unplanned downtime. So what can we do when certain parts of our application simply can’t scale?

An extremely useful pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple queues to “buffer” events so that we can throttle processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that calls a third-party API, this pattern would be a great fit.

In my new post, How To: Use SNS and SQS to Distribute and Throttle Events, I walk you through how to automate this and add it to your serverless applications. Full working code examples are provided and explained, so give it look, and see if this would be right for your application.

When you want more serverless use cases… 🙋‍♀️

Last week I shared some interesting serverless use cases that I came across. I think it’s helpful to see how other people are using serverless, and then be able to apply some of those ideas to your own systems. Here are a few I found this week.

Creating A Serverless Answer For eCommerce  shows us how a team created a completely serverless ecommerce system and the resulting benefits. The quote at the end of the article may seem a bit obvious to those of use who live and breathe serverless, but it sums up the business case quite nicely: “By moving to a Serverless solution, businesses can achieve an affordable solution that will rapidly scale up and down with demand, removing wasted resources and expenditure during down times, while ensuring you’re able to handle larger peak volumes whenever they occur.”

Bob Thomas shows us how and why KYD joined the serverless train. There are some great insights into why they went serverless as well as some code examples for CI/CD with Gitlab.

There are plenty of third party ESPs to choose from, but Vinicius Kiatkoski Neves gives us a complete walk-through and shows us how to send e-mails through AWS SES and Lambda.

When serverless security should be your #1 concern… 🔒

Marcia Villalba is back with another great interview from re:Invent. This week she is Talking about Serverless Security with Ory Segal.

Speaking of Vegas and serverless security, I came across this talk from Erez Yalon at BSides called Serverless Infections. It has some really good security tips in there, plus there are some demos that show how hackers can both infiltrate and exfiltrate your serverless functions.

And don’t forget that Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Make sure you signup to see how the OWASP Top 10 applies to your serverless applications.

When you want to build serverless apps on something other than AWS… ⚡️

I’m a big AWS fan, and with 70% of the serverless market, it’s hard to ignore. But others continue to make strides in the space, and lots of developers are utilizing the service offerings of other cloud providers. Here are few interesting resource I came across this week that do serverless sans AWS.

Serverless Notes is a site dedicated to helping developers build applications on Azure. They’ve recently launched there Azure Serverless Tips series with helpful bits of information from technology leaders and experienced people, all in one place.

Another great resource is the Azure Serverless Community Library. Think of it a bit like the AWS Serverless Application Repository. I browsed through these and there are A LOT of covered use cases already built for you.

And if you’re using the Microsoft cloud and you need to Scale Azure Functions to Make 500,000 Requests to Weather.com in Under 3 minutes, David Barkol has you covered.

And let’s not leave Google out! Wassim Chegham wrote a great post called Building Your Next Serverless Application: The Complete Guide. It is an in-depth, step-by-step, code included walk-through that’s a great resource for those working in the Google Cloud.

When you think about the future of serverless… 🔮

Nate Taggart from Stackery has some predictions for Serverless in 2019. According to him, we can look forward to monolith conversions and executive buy-in, but will face resistance from the IT-Industrial complex.

Ben Moore from ChannelLife New Zealand reports that KBV research predicts the Serverless architecture market to reach $14B by 2024. That’s a compound annual growth rate of 23.4%. 🐨

Adrian Colyer has some thoughts on the Serverless computing: one step forward, two steps back paper that was released recently. Lots of us saw the paper as highly critical of serverless, especially since it focused on use case that were not a good fit. Adrian has a bit of a different perspective on this.

And whenever we look at the future, it’s always helpful to take look at the past. Our friends over at Thundra have a nice post that recaps their journey in 2018. It is really exciting to see companies in the serverless space growing up and being successful. There are so many opportunities in the serverlesss space, and Thundra is just one example.

When you’re finally thinking about migrating to serverless… 🤷‍♂️

Ready to move all your applications to a serverless architecture? Yan Cui says Not so FaaS! He points out that there are lots of viable use cases for serverless, but that user experience should trump everything else. TLDR; don’t try to fit a square peg into a round hole, even if the square peg is serverless. 😜

The team at Nuweba has put together a serverless ebook to help you understand The Top 4 Challenges In Serverless. Handy little guide if you’re new to the serverless world.

There’s also an interesting interview with Red Hat’s Michael Hausenblas on learning to walk before running into a Serverless mess. There are some good points in here about the operations culture changing as well as pointing out a few places where serverless might not make sense.

And if you are planning on going serverless, the biggest culture shock will most likely be with observability, or the lack thereof. The team over at Epsagon has an upcoming webinar that will explain Serverless Monitoring in Practice. Definitely worth a look.

What to do if you can’t let go of your Ruby or PHP framework… 👋

Are you a Ruby on Rails developer that is feeling left out by this whole serverless thing? Check out Jets: Ruby Serverless Framework, and see if that gets you excited.

What about all the PHP fans? I’ve heard that Laravel is doing some work to make the framework more serverless, but in the meantime, Rob Allen will show you how to run Serverless PHP on AWS Lambda. AWS also has a post that can help you as well.

When you’re curious if serverless will actually reduce your costs… 💰

Remember that Serverless computing: one step forward, two steps back paper that we previous mentioned? Well it also got Yan Cui fired up. He tells us why You are thinking about serverless costs all wrong and points out that TCO (total cost of ownership) is the better metric to evaluate costs.

Kevin O’Hara shared a typical #AWS bill for a startup building their MVP primarily on serverless technology like Lambda. Production APIs, static sites, databases, and messaging all for under a few bucks a month. This is not uncommon.

Mark Schwartz had some recent thoughts on Switching Costs and Lock-In that are worth reading. However, the new Generating Value Through IT Agility and Business Scalability with AWS Serverless Platform report is definitely worth a skim. Some of the highlights include a 33% increase in developer productivity, 18% increase in applications/logic created, and an over 200% increase in the number of features. Add to this massive drops in unexpected downtime and MTTR, 60% lower operations costs, and a 53% reduction in infrastructure and hardware costs over a five year period. This is some great data if you’re trying to make the serverless case to the higher-ups.

When you’re looking for some interesting serverless reads and resources… 📚

Your Quintessential Guide to AWS Athena is just that. No need to be paying for RedShift if you store your data correctly in S3.

Mike Roberts and John Chapin over at Symphonia created a lambda-benchmarking project that generates and saves benchmarks for cold start latencies of the AWS Lambda service. It will be really interesting to see these latencies decrease as AWS continues to optimize for them.

And Ray Camden has a new article about Adding Serverless Functions to Your Netlify Static Site. I think I’ve read most of Ray’s books, so it will be awesome if he becomes a serverless advocate too!

When you get overly excited about AWS announcements…🗣

There was an AWS Fargate Price Reduction – Up to 50%. This is thanks to the Firecracker virtualization technology they announced at re:Invent last year. Good news for those of you that still need containers.

AWS also announced Amazon DocumentDB (with MongoDB Compatibility). I wouldn’t suggest building greenfield on it, but if you are moving an existing workload, this could make your managing a MongoDB cluster nightmares go away.

Speaking of migrating MongoDB, AWS Database Migration Service Now Supports Amazon DocumentDB with MongoDB compatibility as a target. Live migrate right from your replica sets or sharded clusters.

And AWS Step Functions Now Supports Resource Tagging, which is pretty cool. The more you tag the better. Read How To: Tag Your Lambda Functions for Smarter Serverless Applications for a bunch of reasons why.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Heitor Lessa (@heitor_lessa). Heitor is a Specialist Solutions Architect at AWS that focuses on serverless. Beside being an all around nice guy and serverless expert, Heitor is the host of the Build on Serverless Twitch series. The first season featured a number of great guests with lots of hands-on, real-world serverless problem solving. Season 2 is in the works, so be sure to RSVP so you can learn more best practices while watching Heitor and his guests build a Serverless Airline App from scratch. Great stuff!

Final Thoughts 🤔

I realize that this newsletter keeps getting longer every week. Maybe I’m looking too hard for serverless content, or maybe there is just a lot more of it out there. Either way, I feel like it is getting a little unwieldy. There is obviously a lot of information to share each week, but I don’t want it to be too overwhelming. Should I cut this down a bit? Do you like all this content? Should I add more!? I’d love to hear your thoughts on it.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

See you next time,
Jeremy

Off-by-none: Issue #19

Starting off the new year with a serverless bang… 💥

Welcome to Issue #19 of Off-by-none. I’m so glad you’re here to talk about serverless! 🙌

Last week we reminisced about 2018 and laid out some plans for the new year. This week we’ll sort through all the serverless content that people created over the holiday break. Plus we look at some serverless use cases, share some upcoming webinars, and give you links to plenty of great talks to keep you busy for awhile.

We’ve got a lot to get to today, but before we jump in, I wanted to share that Lambda API v0.10 was released. Lambda API is a lightweight web framework for your serverless applications. It’s open source, fast, free, and now supports seamless integration with ALBs. v0.10 also added support for multi-value headers and query string parameters, plus new method-based middleware and much more. I’d love for you to check it out and send me feedback.

Okay, back to our regularly scheduled program. Here we go! 🚀

When you’d rather just sit back and watch some serverless videos… 🍿

ServerlessDays Milan 2018 released videos of all the talks from their event in October of last year. Lots of really great talks in here from Yan Cui, Ian Massingham, Danilo Poccia, and many more.

Serverless Computing London has also released some additional videos including Mikhail Shilkov’s Performance Tales of Serverless, Nate Taggart’s Rethinking Testing For Serverless, and Guy Podjarny’s Serverless Security: What’s Left To Protect?

Heitor Lessa announced that the second season of Build on Serverless is going to be about “Building a Serverless Airline App from scratch + leading practices applied.” This is a fun (and educational) thing to watch. You can (and should) RSVP on Twitch.

Also, Marcia Villalba released the first video in her Serverless Interviews series which just so happens to feature yours truly. So if you want to see me ramble on about serverless for 15 minutes while admiring the view of the Mirage in the background, this video is for you.

When you want to learn more about serverless security… 🔒

The team over at Protego created a Damn Vulnerable Serverless Application and donated it to OWASP so that you can learn what not to do when building serverless application. You can read more about it here. Now we have this AND the Serverless GOAT project that PureSec donated last month. These are both great resources to see how easily serverless vulnerabilities can be exploited and what to do to protect your application.

If you’re interested in discussing the OWASP Top 10 and how they apply to serverless applications, Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Lots on information to cover, plus an interactive Q&A session at the end. Should be fun. 😉

What to do when you’re ready to use Lambda Layers… 🍰

Injecting Chaos to AWS Lambda functions using Lambda Layers by Adrian Hornsby, introduces us to a great use case for Layers. Werner said it best, “Everything fails all the time.” Using Chaos Engineering to test the resiliency of your distributed cloud applications is a great way to ensure that when things do fail, that your application will handle those issues gracefully and minimize the blast radius.

Gojko Adzic and his team created some public layers so you can now use FFmpeg, SOX, Pandoc and RSVG with your AWS Lambda projects. One more thing you don’t have worry about.

And if you want to take a Deep Dive Into Lambda Layers and the Lambda Runtime API, sign up for this webinar hosted by Chris Munns, Principal Developer Advocate at AWS. It’s scheduled for January 31, 2019 at 2pm ET.

When you’re having trouble choosing the right database for your serverless app… ⚖️

Alex DeBrie posted a tweet mentioning Rick Houlihan’s Match Your Workload to the Right Database (DAT301) talk at re:Invent. If you thought his Advanced Design Patterns for DynamoDB (DAT401) talk was amazing, prepare for another mind-blowing experience watching this one. Lots of practical advice to help you choose the right backend for your workload. 🤯

Speaking of DynamoDB, Forrest Brazeal from Trek10 spent his holiday break resurrecting the Northwind database from the annals of MS Access and teaches us how to convert it to NoSQL. From relational DB to single DynamoDB table: a step-by-step exploration is a great guide that shows us both the pros and cons of attempting to move relational workflows to DynamoDB. If you’re thinking about moving to NoSQL, please take a few minutes to read this.

When you’re wondering what AWS has been up to… Δ

AWS announced the Amazon API Gateway Service Level Agreement, which may have you scratching your head thinking, don’t all AWS services have SLAs? Just ask Scott Piper from SummitRoute. He put together an AWS Service Support table that shows just how few AWS services actually have them. Something for the 2019 #AWSwishlist.

The AWS Toolkit for Visual Studio Code project seems to be coming along nicely as well. Whether you just want to try it out, or contribute in some way, it’s pretty cool to see AWS developing more things like this out in the open.

They also keep making strides with Nested Applications. If you’d like to learn more, there is a Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository webinar scheduled for January 31, 2019.  It’s hosted by James Hood, Sr. Software Dev Engineer at AWS, so you know it’s going to be good.

When you’re looking for some sample serverless use cases… 🔍

I love finding people that are applying serverless to new and interesting use cases. Whether they are solving complex workflows, or just a simple function that accomplishes a single task that makes your life easier, seeing the broad application of serverless is quite fascinating. Here are a few I found this week.

Building a serverless data analytics pipeline by Rodrigo Reis shows us a simple, but effective way to capture a stream of web events. They use an SQS queue and reserved concurrency to help throttle requests to their Elasticsearch cluster, which is both simple, and a great approach at their stage. They’re also smartly using IOpipe for observability.

Blog URL to PDF to Amazon Kindle by Dhaval Nagar outlines a simple app for automatically sending blog posts to a Kindle. There are probably multiple ways that this type of workflow could be used.

Serverless Function to Sync Data from a Database to Google Spreadsheet is another simple workflow that would be perfect for marketing teams, sales, or your billing department. No need to build interfaces for reporting data when there are already tools that people are familiar with.

If you want to get a bit more complex, check out How to build a React chat app with AWS API Gateway WebSockets, Custom Lambda Authorizer. Lots to chew on here, but if you’re heading down the WebSockets path, this is a good resource for you.

When you just want some interesting serverless content… 🤓

Save time and money with AWS Lambda using asynchronous programming by James Beswick provides some great tips for handling synchronous calls in your serverless functions. Also be sure that you Don’t overpay when waiting on remote API calls either.

Mike Vizard predicts the Battle Over Serverless Computing Frameworks to Heat Up in 2019. There is a lot of discussion in this piece about other companies (read: NOT AWS) embracing Knative and other open source “serverless” middleware to power their FaaS solutions. I think this goes to show how popular serverless is becoming and the thrashing that’s going on to catch up with AWS. I’m not sure this is going to play out the way these companies think it will.

There’s a new serverless framework called BAM! I haven’t used it yet, but let’s just add this to the list.

Jerry Hargrove continues to create more Cloud Diagrams & Notes for our viewing pleasure. His AWS Lambda and Aurora Serverless ones are awesome.

Yan Cui shows us how to perform Error Handling in AWS Lambda With Wrappers. He talks about the need for middleware in our serverless applications and how we can use it to capture errors and help us debug our systems.

Speaking of debugging, Hamit Burak Emre over at Thundra shows us how to Debug Your Python Functions Locally. Step-by-step debugging in Lambda functions with breakpoints? Yes, please.

Finally, Slobodan Stojanović, author and serverless wizard, answers the question, “What do you use for scheduling AWS Lambdas?” His answer gives us cron jobs and delayed triggers, all without servers to manage or maintain. 👍

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Farrah Campbell (@FarrahC32). Farrah is the Ecosystems Manager at Stackery, a visual tool for building serverless applications. Farrah has become another positive voice in the serverless community, helping to organize ServerlessDays Portland and other workshops, and an ever present figure at conferences helping to spread the serverless word. She was also recently featured as a Serverless Superhero in How serverless is breaking down barriers in tech. Diversity in tech has always been a challenge, so it’s great to have people like Farrah as part of the serverless community working to make it more inclusive.

Final Thoughts 🤔

Week #1 of 2019 is in the books, and if this is any indication, it is going to be a banner year for the serverless community! There has already been a ton of great serverless content so far, plus Paul Johnston pointed out that there are EIGHT ServerlessDays conferences between now and April 11th. One of which is Boston, so be sure to buy your tickets soon! I know I’m excited.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Off-by-none: Issue #18

Happy (Serverless) New Year! 🎉

Welcome to Issue #18 of Off-by-none. It’s 2019, and it’s going to be a great year for serverless! 🙌

Last week we looked at the new WebSocket support for API Gateway, saw some more serverless love from startups, and I argued that we should Stop Calling Everything Serverless! This week we’re going to reflect back on 2018, I’ll share my 2019 plans for Off-by-none, and we’ve got plenty of great stories from the community.

Let’s jump right in. It’s going to be another busy year! 👨🏻‍💻👨🏻‍🔬👨🏻‍🎨👨🏻‍🏫

When you need to look back so you can look forward… 🔭

2018 was quite a busy year. Being the CTO of a startup certainly keeps my to-do list full, plus I consulted for several additional companies in the serverless space. However, my passion for creating, writing and helping out others (or at least trying to) is too powerful a force to keep contained.

Even though I have been blogging for quite some time, last year was when I started writing almost exclusively about serverless. I also spent time working on some open source projects and thinking about new ones I’d like to create. I thought it would be a proper exercise to look back at all the things I worked on last year, reflect on what was helpful, and then plan to do more of that in 2019.

In January, I launched the first stable version of Lambda API and then wrote How To Build a Serverless API with Serverless, AWS Lambda and Lambda API. Soon thereafter, I created Securing Serverless: A Newbie’s Guide to capture some serverless security best practices for those just starting out.

Then I shared some tips on How To: Manage RDS Connections from AWS Lambda Serverless Functions as well as How To: Stub “.promise()” in AWS-SDK Node.js. I weighed in on Solving the Cold Start Problem and proposed some additional solutions with How To: Optimize the Serverless Optimizer Plugin. I also came up with a list of 10 Things You Need To Know When Building Serverless Applications.

I did some more security research and wrote about Event Injection: A New Serverless Attack Vector and then shared 5 Reasons Why Your Serverless Application Might Be A Security Risk. I ran some experiments using Serverless Consumers with Lambda and SQS Triggers as soon as AWS announced support. I also started to share serverless microservice concepts and published Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices.

In July, I met Chris Munns for the first time and wrote 15 Key Takeaways from the Serverless Talk at AWS Startup Day. This gave me more insight into the cold start issue, so I created the open source package, Lambda Warmer, so you could Optimize AWS Lambda Function Cold Starts. I then shared some thoughts on Thinking Serverless (Big and Small) and why serverless is great for workloads of all sizes.

As I converted several workflows over to serverless applications, I started making use of tags to keep things organized. I captured my best practices in How To: Tag Your Lambda Functions for Smarter Serverless Applications. The more I wrote about serverless, the more people I found in the community, so I published my list of Serverless Peeps You Need To Follow. 😃

I put together a guide on How To: Add Test Coverage to your Serverless Applications, and then wrote a fictional story called A Tale of Two Teams, about two startups that made vastly different technology choices (serverless versus containers). It was fun to write and there was a lot of interesting feedback. Next up was Aurora Serverless: The Good, the Bad and the Scalable, an in-depth look at AWS’s new “serverless” MySQL database offering.

In August I published Serverless Microservice Patterns for AWS, which is a really handy resource. It eventually made its way to #7 on Hacker News and crashed my site. FYI: WordPress does not scale. Speaking of scaling, I created a solution for Managing MySQL at Serverless Scale with the open source serverless-mysql NPM package. I’ve been using it in production ever since.

In September I launched Off-by-none! It’s been quite a bit of work, but all of your feedback has been incredibly encouraging (more on this later). I then shared a piece called Serverless Security: Locking Down Your Apps with FunctionShield, and wrote up An Introduction to Serverless Microservices. In What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I shared some thoughts about AWS’s new execution limits and why it’s an important step forward.

I also shared some Takeaways from ServerlessNYC 2018, took a first look at the Aurora Serverless Data API, and then spent a week in Las Vegas for AWS re:Invent. My re:Capping re:Invent: AWS goes all-in on Serverless post explains why AWS is lightyears ahead of other providers in the serverless space. I also shared a serverless tip so you Don’t overpay when waiting on remote API calls, and I finished up the year with my Stop Calling Everything Serverless rant.

I’m exhausted just thinking about all that, but at the same time, I’m super excited for 2019. I received a tremendous amount of constructive feedback, met some really amazing people, and learned a ton in the processes. I’ve got plenty of content planned for this year, most of which will be highly practical so that you can apply the concepts straight away. I’m also working on a course or two, plus some other creative ways to talk about and explore serverless applications and the methodology used to build them. I’m hoping you’ll find all of this useful.

When you’re wondering what’s next for Off-by-none… 🧙‍♂️

When I first launched Off-by-none, it was a bit of an experiment. I wanted to create a sort of “un-newsletter”, something that was more interactive than just some links to recent articles, blog posts, and handy tools. Don’t get me wrong, I love getting my weekly newsletters, and there are plenty of good ones to choose from, but I still think we can do something even bigger and more helpful.

Don’t worry, I’m still going to write the weekly newsletter, but in the next couple of weeks, Off-by-none will be launching its own site. This new site will host archives, resources, and plenty of additional ways for the community to interact, contribute, and help steer the conversation. I’m really excited about this and the possibilities it creates. I still believe that Off-by-none is about working together to build better cloud-based products, so I’m hoping this new site will open it up to a bigger audience and help to expand the serverless community.

When you’ve heard enough about me and just want some good serverless content… 📚

Gal Bashan over at Epsagon wrote The Hitchhiker’s Guide to Serverless. Earlier this year we talked quite a bit about the serverless echo-chamber and how foreign some of these concepts are to those that are new to serverless. Gal outlines a number of key components that make up serverless applications and explains what they are and when to use them.

Getting started with AWS Lambda Layers for Python is a new post from Adrian Hornsby that lays out the basics for harnessing the power of Lambda Layers. Lots of really good stuff in here.

I also came across Contemporary Views on Serverless and Implications by Subbu Allamaraju the other day. Subbu is an engineer with Expedia and wrote this really interesting piece about the differing views of serverless and the conflicting nature of the term. Another piece that shows just how much further we have to go to bring serverless to the masses.

Syed Jaffry, a solutions architect at Amazon Web Services, wrote a really great article regarding Best practices for securing sensitive data in AWS data stores. When we’re building serverless applications (or any application in the cloud), understanding how to keep sensitive data secure is extremely important. This piece gives you an overview of some general security patterns that you can use. Definitely worth the read.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erik Peterson (@silvexis). Erik is the Founder and CEO of CloudZero (@cloudzeroinc), a startup that helps you monitor your cloud computing costs. Erik has been building on AWS for over a decade, he’s a frequent speaker at conferences and meetups, and is a regular contributor to the CloudZero blog. He’s a big proponent of #FinDevOps, which is all about leveraging cost as a first class metric when designing serverless systems. Serverless applications generally have a lower TCO than most traditional applications, so it’s good to have people like Erik think through how cost affects our organizations up and down the value chain.

Final Thoughts 🤔

Last year was quite a whirlwind. There were so many amazing advancements in the serverless space, that it’s hard to keep track. AWS announced a number of new services that will be available in 2019, plus I’m hoping that other cloud providers will continue to invest heavily in this space as well. I’m thinking that 2019 is going to be a very good year for the serverless community. ⚡️

I plan on producing lots of serverless content this year, plus I’m co-organizing ServerlessDays Boston on March 12, 2019, and I hope to do some speaking as well. I look forward to spending 2019 with all of you!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none even better.

Here’s to 2019, 🍾🥂
Jeremy

Off-by-none: Issue #16

Premature Serverless Optimization…

Welcome to Issue #16 of Off-by-none. Thanks for joining us. 🤘🏻

Last week we looked at Lambda Layers and custom runtimes. This week we’re going to talk about when we should worry about optimizations, plus highlight some recent discussions about the term “serverless” and what that actually means. We’ve also got some interesting articles, several product announcements, and (somehow) more stuff from re:Invent.

Let’s get started. 👍

When you spend too much time optimizing the wrong things… ⚙️

Mark Schwartz published an article on the AWS Cloud Strategy Blog entitled: Micro-Optimization: Activity-Based Costing for Digital Services? In it he outlines the fact that we can now meter individual units of compute to analyze costs. Simon Wardley (and others, including me) have been talking about capital flow for quite some time. Erik Peterson over at CloudZero uses the term FinDevOps to described it. But knowing your costs is different than trying to prematurely optimize them.

I wrote a post last week about the potential to overpay when waiting on remote API calls. This was a micro-optimization, and for my use case and company, it made sense. However, there are two slippery slopes that this type of fine-grained metering can introduce. The first is to tie your costs directly to customer pricing. Some services make sense to use metered billing, but don’t let this level of cost granularity influence the value your service provides to customers.

Second, is premature optimization. Compared to building and maintaining your own systems, cloud computing is ridiculously inexpensive, especially when you’re starting out and haven’t achieved significant scale. Don’t waste your developers’ time trying to shave off nickels and dimes from your bill. Focus on creating more value by delivering and iterating on features faster and worry about cost optimizations later.

Choosing serverless, however, is a MACRO optimization. I have some thoughts on that.

When you’re still confused by what serverless actually means… 🤷‍♂️

You’re not alone. Ben Kehoe called serverless a spectrum at one point, CloudZero wrote a post about it. AWS calls it an operational construct. Simon Wardley has his definition. Jeff Hollan wasn’t happy with the mischaracterizations in this paper that argues that current serverless offerings are “a bad fit for cloud innovation.” And Paul Johnston says that teaching people to do serverless is hard because it’s not about technology, but culture.

I have plenty of my own thoughts on this as well, but one thing is for sure, this debate won’t be settled any time soon. Regardless of the exact definition, I believe many of us “know it when we see it” and are starting to embrace the benefits it brings. And if you’re looking for some of those benefits, Zack Kanter makes the business case for serverless in his new post on TechCrunch.

What to do when you’re looking for some light serverless reading… 📚

Ory Segal published some Security Considerations for AWS Lambda Runtime API and Layers. AWS does a lot to protect you and your application from security issues, opening up custom runtimes, while a good thing, means more to consider from a security standpoint. Read this post to get an idea of some of these new risks.

Serverless Latency has been a common objection amongst the anti-serverless crowd for quite some time. Tim Bray dives deep into this and gives us some things to think about regarding state hydration, database considerations, and how we should really be thinking/talking about latency in our applications.

Yan Cui (AKA The Burning Monk), talks about Holistic Problem Solving using serverless. Yan just wrapped up his Production Ready Serverless course, which is a favorite among many of us in the serverless community.

For more on custom runtimes in Lambda, you can check out Adnan Rahic’s crash course on Serverless with AWS – Running Node.js 11 on Lambda. But just because it’s possible, doesn’t mean it’s a good idea. 😃

When you’re looking for more serverless announcements… 📣

Serverless, Inc. announced the release of the Serverless Framework v1.35. Good news for you Ruby folks, plus support for cross-region CloudFormation outputs and a bunch of bug fixes.

AWS announced that Amazon SQS now Supports Amazon VPC Endpoints using AWS PrivateLink. It’s a pain to need NATs just to connect to some AWS services, so for bunkered apps, this removes another external call to the Internet.

AWS also announced support for nested applications for AWS SAM and the AWS Serverless Application Repository. Nested applications were announced at re:Invent, but now that AWS SAM supports them, I’m guessing we’ll see some interesting use cases emerging. Easier reusability in our serverless applications is a big deal.

If you really want to geek out, there’s a post on How to use the new Amazon DynamoDB key diagnostics library to visualize and understand your application’s traffic patterns. Not sure I would spend a lot of time with this one, but it’s nice to know it’s there if you need it.

Beyond some of these bigger announcements, there were also quite a few Invisible Improvements made by AWS. Alex DeBrie broke them all down for us in his new post.

When weeks go by and we’re still talking about re:Invent…

It seems that no matter how many hours you’ve spent watching re:Invent videos and reading recaps, there’s always more to discover. There’s another post here that lists several great talks, and here are two more that I really enjoyed.

Accelerate Innovation & Maximize Business Value w/ Serverless Apps (SRV212)
Linda Lian talks about how Amazon thinks about serverless. It’s explained as an operational construct, rather than an architectural model or a way to think about packaging and deploying code. Christopher Dixon from Comcast then shows us how Xfinity used serverless to integrate Netflix streaming into their set top boxes. Pretty cool stuff.
Watch the talk

CI/CD for Serverless and Containerized Applications (DEV309)
Clare Ligouro, Principal Engineer at AWS Container Services walks us through the three pillars of releasing modern applications. Lots of great information in here about blue-green and canary deployments, plus how to use Lambda to add verification hooks and automatically rollback ones that fail.  Watch the talk

Also, if you want a bit of an inside look at re:Invent, check out Marcia Villalba’s video series on her Foo Bar channel. She interviewed a lot of people, so it’ll be great when the full versions come out. Maybe start with Day 2 if you want to see a snippet of yours truly. 😉

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ory Segal (@orysegal). Ory is the CTO and Co-Founder of PureSec, a serverless security platform. Beyond their core product, Ory and his team are responsible for a number of innovations around serverless security. These include their free FunctionShield and Least Privileged Role Generator tools for Lambda, their creation and contribution to the OWASP Serverless Top 10 project, and their collaboration with AWS to bring application security to Lambda using Layers. Ory is also active on the PureSec Blog and just launched a new eBook all about AWS Lambda Security Best Practices. Serverless empowers developers to build and release software quickly, but that can introduce significant security risks. I feel much better knowing that Ory is watching our backs. 👀

Final Thoughts 🤔

The more popular “serverless” gets, the more people try to overload the term and subscribe it to everything. I’m a firm believer that serverless is not a buzzword, and that it means something very specific, even if the definition continues to be blurred by marketing departments. If I thought this was just an argument about semantics, then I’d probably let it go. But I think there is more to it than just that, and that the distinction will become important. More thoughts to come on this.

I hope you’ve enjoyed this issue of Off-by-none. All of your feedback and suggestions are incredibly helpful, so please keep them coming. Reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

Until next time,
Jeremy

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…