Off-by-none: Issue #15

It’s all about Layers…

Welcome to Issue #15 of Off-by-none. I’m glad that you could join us. 😀

Last week we recapped re:Invent and took a look at some of the excellent talks and AWS product releases. This week we’ll dig deeper into Lambda Layers and see how people are having a bit of fun with custom runtimes. Plus we’ve got more talks from re:Invent and plenty of other serverless tidbits for your mental ingestion.

Lots to get to, so let’s get started! 🚄

What to do when AWS gives people access to Custom Lambda Runtimes… ⚙️

AWS already took care of C++ and Rust for us, plus some launch partners have already added PHP and Cobol support as well. But it seems that the community is taking advantage of this new feature in a big way.

The team over at The Agile Monkeys added a Haskell runtime. Think about it, a purely functional programming language running pure functions on stateless serverless functions! Okay, maybe that’s a bit much, but if you’re a hardcore functional programmer, you may want to give this a look. 😎

Graham Krizek added Bash support, which is pretty darn cool. He even included executables like aws, scp, git, wget and a whole lot more. Think about all the interesting and powerful use cases this opens up. Just this git support alone adds a number of possibilities. 🤓

Data scientists rejoice! You can now run R on Lambda thanks to this tutorial by Philipp Schirmer. There might be some memory limitations, but overall this looks like a workable solution for all you number crunchers. 📊

There’s also this proof of concept for a Serverless Open Runtime for AWS Lambda. Definitely an interesting concept, especially the language agnostic middlewares piece. Could turn out to be a terrible idea, but definitely something to keep your eye on. 🤷‍♂️

When you want to know how to use AWS Lambda Layers… 🥞

You can certainly build Lambda Layers on your own, but several companies are now providing them as a way for you to easily instrument your code. Epsagon, PureSec, Thundra, DataDog, IOpipe, and more, have all built Layers that you can simply plug in to your existing Lambda functions without modifying your code. That’s pretty easy.

Of course, our friend Paul Johnston has some thoughts on Lambda Layers and Custom Runtimes, including initial thoughts on best practices.

If you’re looking to help influence the future of Lambda Layers, take a look at this RFC on how to handle permissions with LayerVersions in SAM. AWS always appreciates feedback from the community, so feel free to throw your hat in the ring and add your comments. 🎩

When you refuse to believe you’ve watched all the good re:Invent talks… 📺

Not all of these are available to watch, but there is still a ton of amazing re:Invent content out there that you probably missed, even if you were at re:Invent! Here are three more talks that I found to be super interesting.

Inside AWS: Technology Choices for Modern Applications (SRV305)
Tim Bray, a Senior Principal Engineer from AWS, talks us through how AWS dogfoods serverless to power many of their own services. Even API Gateway runs on Lambda. He notes that “capacity planning sucks” and that you should “use serverless whenever possible.” This talk is full of great advice, including ways to “minimize state hydration”, plus some helpful notes on the three integration patterns. Watch the talk

Reddit’s Serverless & Compute Infrastructure at Scale (STP18)
Anand Mariappan & Jesjit Birak from Reddit take us through their latest redesign process and the steps they took to avoid another incident like “the Digg Mass Exodus of 2010.” The overall process was helpful to understand, but their method for scaling their video ingestion system using serverless tech is really interesting. A great lesson for enterprises here, as they built this to run along side their existing monolith. Watch the talk

Close Loops & Opening Minds: How to Take Control of Systems, Big & Small (ARC337)
Colm MacCárthaigh, another Senior Principal Engineer from AWS, lays out ten patterns to use while building control planes for distributed systems. Since all of our serverless applications are distributed, this makes for a really useful guide when building our own applications. Colm dives a bit into control theory, but keeps the advice practical so that you can apply these techniques immediately. Watch the talk

When you’re still debating what database to use with your serverless app… ⚖️

If you plan on using DynamoDB, you may want to look at Alex DeBrie’s DynamoDB On-Demand: When, why and how to use it in your serverless applications. Plus, lots of your burning DynamoDB questions are answered in here.

If you still want to go the relational database route, check out A crash course on Serverless with AWS — Building APIs with Lambda and Aurora Serverless by Adnan Rahić. This is a great post to get you started, I just wish he didn’t use an MySQL ORM. 🤦🏻‍♂️

And speaking of MySQL, I released a new version of serverless-mysql that fixes an ENQUEUE issue. If you’re not familiar with it, this module helps you with Managing MySQL at Serverless Scale.

What to do when you need more serverless content… 🙏

Jon Vines gives us some ideas about Breaking Down the Serverless Monolith. It’s tempting to load up functions with a lot of capabilities as it keeps things “simple” and is familiar to most developers. Some good lessons learned are outlined in this post.

If you’re interested in learning some more best practices, take a look at Five Essential Principles for Developing Lambdas. I think most of these are pretty solid (especially single-purpose lambdas), plus there are some examples, which is quite helpful.

Another great thing about single-purpose functions is that they can be optimized for their specific job. Case in point, don’t overpay when waiting on remote API calls by using the appropriate memory configurations.

For you serverless security buffs, take a look at Ory Segal’s 6 Cloud Security Predictions for 2019. And if you want some hands-on experience, try going through this Serverless Security Workshop. 🔒

When you remember that Microsoft Azure has serverless functions too… ⚡️

Mikhail Shilkov is Making Sense of Azure Durable Functions for you with his new (very detailed) post. Though the title suggests this is all about Microsoft’s solution, there is quite a bit of background on microservices, event-driven applications, serverless function composition and more. Definitely worth the read if you’ve got 20 minutes or so to spare. 📖

Kate Baroni, a Software Architect at Microsoft Azure, shows us how an Azure Function can orchestrate a real-time, serverless, big data pipeline.  Plus, if you’re interested, there are some links to related posts that go into more detail. I love finding interesting use cases like this, but it’s curious to me that Azure is doing complex orchestrations within a single function (with no mention of Durable Functions). This has always been a big anti-pattern with AWS Lambda, but maybe not with Microsoft? 😕

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Simon Wardley (@swardley). Simon invented Wardley Maps, which changes the way we look at strategic planning. You can read all about how it works here (and I suggest you do). Beyond that, Simon is a huge proponent of serverless and has been predicting for quite some time that it is the future of computing. He has a number of brilliant talks about serverless (including ServerlessDays Hamburg and Serverlessconf San Francisco 2018), plus his Twitter feed often contains entertaining back-and-forth arguments as to why serverless adoption is inevitable (see this recent Twitter thread). I’m a big fan of Simon and appreciate the work he is doing to make the case for serverless.

Final Thoughts 🤔

Lambda Layers is exposing serverless computing to a number of new communities, and people have been rushing to add support for all kinds of runtimes and service integrations. A recent report by Gartner identified “serverless computing” as the number one key trend for 2019 and noted that “more than 20 percent of global enterprises will have deployed serverless computing technologies by 2020.”

We are still early in this journey, but as Simon Wardley says, “No more questions on serverless. It’s not an ‘if’ but ‘when’. Get on with learning.” This is sage advice, and what we’re encouraging with this newsletter.

I hope you’ve enjoyed this issue of Off-by-none. I love getting your feedback. It is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps!

Take care,
Jeremy

Off-by-none: Issue #12

Leaving on a jet plane (to re:Invent)… ✈️

Welcome to Issue #12 of Off-by-none. I’m glad to see all the new faces here and I can’t wait to meet several of you at re:Invent next week!

Last week we looked at a number of resources for serverless beginners as well as some advanced topics for devs looking to level up. This week we’ll continue to dig deeper and explore more about microservices and step functions, plus we’ll look at how startups can benefit from using serverless.

Before we jump in, I wanted to mention Mark Hinkle’s post that compiles a bunch of serverless survey results. Serverless Adoption by the Numbers is a great overview of the serverless landscape. Some key takeaways include: searches for the term “serverless” have increased 20x in the last 3 years, serverless will overtake containers-as-a-service in 2018, and many companies are leveraging multiple cloud providers. There’s also a list of resources at the end if you want to check out the different surveys. Very encouraging news.

Okay, there is a ton to get to today. Let’s get started! 🤘🏻

What to do when you want to take serverless to the next level… ⛷

Toby Fee from Stackery has a great post that outlines 6 Best Practices for High-Performance Serverless Engineering. Lots of useful tips in here.

A few weeks ago I went to ServerlessNYC and outlined a few key takeaways from Gwen Shapira‘s talk about handling data in serverless applications. Mark Boyd from The New Stack has written a post about her talk that goes into a little more detail. You can watch her talk as well.

Thinking about doing some queue processing with your serverless application? Mikhail Shilkov ran some experiments and documented them in his post From 0 to 1000 Instances: How Serverless Providers Scale Queue Processing. He compares Lambda, Google Cloud Functions and Azure Functions to see how they handle 100,000 messages flooded into a queue. The results are very interesting.

Are you prepared to build a production-ready serverless application? Yan Cui (aka @theburningmonk) has completed his Production-Ready Serverless video course! If you want to get a complete overview of testing, debugging, CI/CD, monitoring, error handling, and more, check out his serverless course.

When you realize the power of Step Functions… 🔌

If you’re still using servers, like Chad Van Wyhe at PCI, you can reduce AWS Costs with Step Functions simply by automating the shutdown and snapshotting of your instances. This is an interesting use case that could be applied to a number of applications.

Paul Swail discovered how to Schedule emails without polling a database using Step Functions. I thought this was quite clever, so I posted the link on Twitter.

Apparently other people thought it was clever as well. 😉 Perhaps this use case was already discovered, but thanks to Paul for documenting it. Plus, there are plenty of applications that would be perfect for. This is most likely going to be my go to strategy for building scheduling services.

When you’re curious what all the fuss is about microservices… 🤓

I’m a huge fan of microservices and have written extensively about them (see here and here, oh and here). So whenever I find content about microservices, I have to take a look. There were a few good resources I came across this week that I wanted to share.

Kyle Galbraith tells us 6 Interesting Things You Need to Know from Creating Serverless Microservices. Kyle is just building a small application, but many of his observations are spot on. I’m not sure I would start by creating separate AWS accounts for each microservice, but it certainly is a valid approach for fine-grained scoping of resource limits plus avoiding other services being noisy neighbors and exhausting concurrent executions.

I recently went down the YouTube rabbit hole when I discovered a talk by Sam Newman from GOTO Berlin earlier this month. Sam Newman is the author of Building Microservices, which is a must read, btw. Anyway, his talk, Insecure Transit – Microservice Security, dives deep into things like the Confused Deputy problem and proposes solutions (like using an internal JSON Web Token to pass context to downstream services). Really good stuff.

I then found a talk he did at GOTO Amsterdam called, Confusion in the Land of Serverless, which is another excellent talk. This ultimately led me to his course: Serverless Fundamentals for Microservices: An Introduction to Core Concepts and Best Practices. I didn’t get a chance to watch this yet, but it looks like a really good, in-depth courses for building microservices with serverless.

When you’re considering what tech to use for your startup… 👨🏻‍💻

James Beswick‘s new post, Serverless for startups — it’s the fastest way to build your technology idea, is a great overview of how serverless can be used to quickly and inexpensively test your product concept. Unless your application needs to do something that serverless can’t do (🤔), there really isn’t a better way to build a greenfield application.

Along the same lines, Necmettin Karakaya wrote a piece that gives you a Full-Stack Serverless MVP recipe for cash-trapped Startups. This might not be the perfect recipe for your use case, but it shows you that there are enough tools and services out there to build your applications without the need to manage servers.

Finally, a while back I wrote a fictional story about two different startup teams. One chose serverless technology, the other did not, and the outcomes are very different. A Tale of Two Teams is a fun read that draws from real experiences that I’ve had over the course of my 20 years spent writing software and building applications.

When you want to get started with serverless… 🚼

New Relic gives us some Tips and Practical Guidance for Getting Started with AWS Lambda. There is plenty of good bits of information in here. Worth the read if you’re new to Lambda and serverless.

It’s amazing how many open source serverless platforms there are. In 7 open source platforms to get started with serverless computing, Daniel Oh lays out a number of popular choices. He also gives a great overview of Knative. Helpful if you’re interested in orchestrating and serving up your own serverless function containers.

When you want to bring serverless workflows to the enterprise… 🏢

Forrest Brazeal and Chris Munns put on a great webinar on Serverless Workflows for the Enterprise. There were some excellent ideas in there for segregating shared services accounts and setting up Dynamic Feature Pipelines. There were also lots of best practices for testing, secrets management, and multi-account security. You can watch the video and download the slides.

You can also listen to Forrest and Jared Short talk about the Future of FaaS  (and Jared’s new role at Serverless, Inc.) on the Think FaaS podcast.

When AWS makes it impossible for you to keep up with their product updates… 🤯

And I thought there were a lot of updates last week! AWS is continuing to pump out new features before re:Invent next week. Below is just a sample of some announcements that make their total serverless offering even better.

Also, Forrest Brazeal noticed this in the CloudFormation schema for AppSync the other day:

Looks like we might be getting RDS HTTP Endpoints after all. #gamechanger 👍

Project Update: Lambda API v0.9 Released 🚀

This past week I finally released Lambda API v0.9. Lambda API v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. You can contribute to the project on GitHub or install it via npm.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Paul Swail (@paulswail). Paul is a full-stack web developer/cloud architect from Northern Ireland who has a consulting company called, Winter Wind Software. He’s got a great blog about serverless and a weekly newsletter. He also built this handy Lambda Scaling Calculator. Earlier we mentioned his latest article, Schedule emails without polling a database using Step Functions, but it is worth mentioning again. It’s use case ideas like this that help developers and businesses realize the power of serverless. Keep up the great work, Paul!

Final Thoughts 🤔

That was a lot to get through, but I hope you’re encouraged (as I am) by all the progress being made with serverless. Some new patterns are starting to emerge that are expanding use case examples, plus more experiments and tales from developers using it in production are making the case for serverless even stronger. There’s always more to do, plus with re:Invent next week, we’re sure to see a number of great new features.

I’ll be at re:Invent next week, so I look forward to sharing all the things I learn! And please ping me if you want to meet up to chat about serverless or grab a drink. 😀🍻

I hope you’ve enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They are always welcome and appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Now go build some amazing serverless apps! ⚡️

Take care,
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks! 😉

Takeaways from ServerlessNYC 2018

I had the opportunity to attend ServerlessNYC this week (a ServerlessDays community conference) and had an absolutely amazing time. The conference was really well-organized (thanks Iguazio), the speakers were great, and I was able to have some very interesting (and enlightening) conversations with many attendees and presenters. In this post I’ve summarized some of the key takeaways from the event as well as provided some of my own thoughts.

Note: There were several talks that were focused on a specific product or service. While I found these talks to be very interesting, I didn’t include them in this post. I tried to cover the topics and lessons that can be applied to serverless in general.

Update November 16, 2018: Some videos have been posted, so I’ve provided the links to them.

Audio Version:

Continue Reading…

An Introduction to Serverless Microservices

Thinking about microservices, especially their communication patterns, can be a bit of a mind-bending experience for developers. The idea of splitting an application into several (if not hundreds of) independent services, can leave even the most experienced developer scratching their head and questioning their choices. Add serverless event-driven architecture into the mix, eliminating the idea of state between invocations, and introducing a new per function concurrency model that supports near limitless scaling, it’s not surprising that many developers find this confusing. 😕 But it doesn’t have to be. 😀

In this post, we’ll outline a few principles of microservices and then discuss how we might implement them using serverless. If you are familiar with microservices and how they communicate, this post should highlight how these patterns are adapted to fit a serverless model. If you’re new to microservices, hopefully you’ll get enough of the basics to start you on your serverless microservices journey. We’ll also touch on the idea of orchestration versus choreography and when one might be a better choice than the other with serverless architectures. I hope you’ll walk away from this realizing both the power of the serverless microservices approach and that the basic fundamentals are actually quite simple.  👊

Audio Version:

Continue Reading…

Managing MySQL at Serverless Scale

“What? You can’t use MySQL with serverless functions, you’ll just exhaust all the connections as soon as it starts to scale! And what about zombie connections? Lambda doesn’t clean those up for you, meaning you’ll potentially have hundreds of sleeping threads blocking new connections and throwing errors. It can’t be done!”  ~ Naysayer

I really like DynamoDB and BigTable (even Cosmos DB is pretty cool), and for most of my serverless applications, they would be my first choice as a datastore. But I still have a love for relational databases, especially MySQL. It had always been my goto choice, perfect for building normalized data structures, enforcing declarative constants, providing referential integrity, and enabling ACID-compliant transactions. Plus the elegance of SQL (structured query language) makes organizing, retrieving and updating your data drop dead simple.

But now we have SERVERLESS. And Serverless functions (like AWS Lambda, Google Cloud Functions, and Azure Functions) scale almost infinitely by creating separate instances for each concurrent user. This is a MAJOR PROBLEM for RDBS solutions like MySQL, because available connections can be quickly maxed out by concurrent functions competing for access. Reusing database connections doesn’t help, and even the release of Aurora Serverless doesn’t solve the max_connections problem. Sure there are some tricks we can use to mitigate the problem, but ultimately, using MySQL with serverless is a massive headache.

Well, maybe not anymore. 😀 I’ve been dealing with MySQL scaling issues and serverless functions for years now, and I’ve finally incorporated all of my learning into a simple, easy to use NPM module that (I hope) will solve your Serverless MySQL problems.

Continue Reading…

25 Serverless Peeps You Need To Follow

In my never ending quest to consume all things serverless, I often find myself scouring the Interwebs for new and interesting serverless articles, blog posts, videos, and podcasts. There are more and more people doing fascinating things with serverless every day, so finding content is becoming easier and easier. However, this increase in content comes with an increase in noise as well. Cutting through that noise isn’t always easy. 🙉

Great content with valuable insights

I personally love reading articles that introduce new use cases or optimizations for serverless. Stories about companies using serverless in production and how their architectures are set up are also extremely interesting.. I’ve been working in the serverless space for several years now, and have come across a number of people who produce and/or share really great content. I’ve put together a list of 25 people that I follow and enjoy their content regularly. Hopefully these people will help you learn to love serverless as much as I do. ❤️⚡️

Continue Reading…

Event Injection: A New Serverless Attack Vector

As more and more developers and companies adopt serverless architecture, the likelihood of hackers exploiting these applications increases dramatically. The shared security model of cloud providers extends much further with serverless offerings, but application security is still the developer’s responsibility. There has been a lot of hype about #NoOPS with serverless environments 🤥, which is simply not true 😡. Many traditional applications are frontended with WAFs (web application firewalls), RASPs (runtime application self-protection), EPPs (endpoint protection platforms) and WSGs (web security gateways) that inspect incoming and outgoing traffic. These extra layers of protection can save developers from themselves when making common programming mistakes that would otherwise leave their applications vulnerable. With serverless, these all go away. 😳

Continue Reading…