Off-by-none: Issue #24

Serverless will become the default computing paradigm of the Cloud Era…

Welcome to Issue #24 of Off-by-none. I’m glad you’re here! 🤘🏻

Last week we looked at how we could use serverless to deal with third-party API quotas, watched some helpful videos, and introduced “Serverless Stories.” This week, we geek out on a recent UC Berkeley paper about serverless, share some more great stories and use cases, and discuss how SaaS providers should be thinking about serverless integrations.

So much to get to this week, so let’s get to it. 🏎

When you get excited by an academic paper that says serverless is the future… 🕺💃

Cloud Programming Simplified: A Berkeley View on Serverless Computing is a new paper recently published by the University of California at Berkeley. For those of you that don’t want to read all 20 pages, here’s a quick synopsis: “Serverless computing will become the default computing paradigm of the Cloud Era, largely replacing serverful computing and thereby bringing closure to the Client-Server Era.”

If you’re interested in the details, I highly suggest reading the entire paper as it gives both a realistic look at the current limitations, but also points out how they could be (and most likely will be) solved. I wrote a recent post called Stop Calling Everything Serverless that pointed out (similar to this paper) that cloud providers monitored how their customers used virtual machines and built additional services to make those use cases better, faster, and easier. The same is true for serverless environments, with the ecosystem and available suite of services getting better each day.

The paper points out other important advantages that serverless has over (what they call) serverful architectures, and helps to clarify how modern FaaS implementations are superior to previous generations. It also notes that container technologies, like Kubernetes, are “a technology that simplifies serverful computing” and that the economies of cloud scale will eventually “diminish the importance of such hybrid applications.” This is noteworthy as we start to look at computing at the edge, and how that will affect application design.

And while there are obviously still limitations, the paper suggests advancements such as faster ephemeral and durable storage, lower startup times, and better coordination between functions, will eventually solve current system challenges. The paper also suggested introducing access to more cores, sharing of computation graphs, and collocation of functions to solve some of the networking problems and throughput issues.

The bottomline is that the cloud business is growing by 50% year-over-year, and 24% of serverless users are using the cloud for the first time. Serverless adoption is only going to grow, and as limitations get innovated out of existence, the need for serverful computing and the underutilization associated with it, are going to become less relevant. The paper doesn’t give a suggested timeline, but Forbes has some 2019 Serverless Computing Predictions.

When you’re looking for some serverless innovations and announcements… 🗣

Epsagon announced One-Click Serverless Monitoring, which lets you instrument your Lambdas functions without any configuration changes. This is the perfect use case for Lambda Layers, and it looks like they are monitoring updates to configurations, which will ensure that the layer is added on every deployment. Enforcing monitoring compliance without developers having to do anything is a huge advancement.

Dashbird announced their new incident management platform, a new component that lets you set alert conditions based on Lambda metrics. Reducing notification fatigue is a helpful way to make sure real issues are identified and addressed quickly. You can read about it in their public changelog (which I just realized they had). They also announced that they are now an AWS Advanced Technology Partner, which is pretty cool.

A new article, Lumigo: End-to-End Serverless Monitoring and Troubleshooting, gives a great overview of Erez Berkner and Aviad Mor’s new serverless observability company. There are several providers in this space now, but they’re all trying to do things a little differently. A helpful video is included with the article that shows how Lumigo deals with transaction reporting.

And congratulations to Serverless, Inc. for winning a Technology of the Year award from InfoWorld. The year’s best in software development, cloud, and machine learning highlights the Serverless Framework for being an outstanding tool that has had a massive influence on the adoption of serverless technologies. 🏆

When you feel the need to add an extra deadbolt to your serverless applications… 🔒

Hillel Solow makes the case for serverless, but points out several Serverless Computing Security Risks & Challenges. But who’s responsible for securing your serverless applications? Hillel suggests that we make it everyone’s problem by creating closer relationships with other teams in your organization.

In Serverless Computing: ‘Function’ vs. ‘Infrastructure’ as-a-Service, Ory Segal does a great job calculating the drop in security responsibilities when moving to FaaS solutions. Not all the requirements are created equal, but this is a fairly good estimate. I’d much rather be responsible for less than half of the security components versus the roughly 92% required using the IaaS approach.

Ed Moyle discusses the security implications of serverless cloud computing with a particular focus on CloudFlare Workers. While segmentation attacks and Rowhammer concerns are certainly valid in a containerized world, I think most cloud providers have a pretty good handle on this.

Puresec did some ethical hacking and took down a newsletter’s Lambda-backed signup form. Serverless Security And The Weakest Link (Or How Not to Get Nuked by App-DoS) documents how they did it (and graciously points out that it was not Off-by-none 😉). While Puresec did a good job anonymizing the victim, he was proud to take ownership (hint: it rhymes with “Maury Schwinn”). Even though this was a bit of fun, the community working together like this is a great way to learn and make our applications safer.

It was only a matter of time before McAfee jumped into the serverless security realm. The Exploit Model of Serverless Cloud Applications is a high-level overview of possible threats to your serverless applications. This picture looks scarier than the reality. Key thing to remember is that the cloud provider is handling the vast majority of network and infrastructure security for you. TLDR; Use best practices to write secure apps, scan your dependencies, and protect your secrets. Do this and your serverless applications will likely be more secure than traditional ones.

Where to go for some awesome serverless events… 🗓

IOpipe is hosting a Stories of serverless in the wild with Saks Fifth Avenue at the Serverless Seattle Meetup on February 22, 2019. Always fun to hear real world problems being solved by serverless.

Stackery also has a webinar coming up tomorrow entitled New serverless workflows, build faster than ever before. Great opportunity to brush up on your (or learn some) infrastructure-as-code skills.

And we are getting into the ServerlessDays season with several events coming one after another. Hamburg is this week, followed by Austin in just 10 days. Boston is four weeks away (and recently announced an amazing agenda), Amsterdam is in late March, and Atlanta has a crazy three-day event planned, with Zürich right on its tail. Also Tel Aviv was just announced and scheduled for June 4, 2019. Looks like you’ll need to choose between that and NYC. 🗽

Also, don’t forget that the Serverless Architecture conference in The Hague, Netherlands is being held from April 8th to the 10th. I’m actually giving two talks now, so that should be a lot of fun. There are plenty of great speakers, so be sure to get your tickets soon.

When you’re looking for some encouraging Serverless Stories… 👂

How We Moved Towards Serverless Architecture highlights the struggles that a team encounters when transitioning to serverless. Pravash Raj Upreti reviews the technologies his team used, some advantages and disadvantages of using serverless, and the choices they made in order to launch their first serverless application.

In Serverless Event Sourcing in AWS (Lambda, DynamoDB, SQS), Dom Kriskovic explains the serverless architecture used to build Beenion. He uses the CQRS pattern along with DynamoDB to capture and distribute events. I don’t agree with all of the choices, but this article does a great job exposing the tough decisions that need to be made.

Serverless GitLab Runner Builds on Lambda gives a developer’s account of experimenting with using Lambda to executed GitLab builds, inherit IAM permissions, and use additional binaries and its dependencies to execute things like terraform during the build. There some Lambda Layer experiments in there as well.

Joshua Toth built a serverless Node.js, AWS native, Serverless, IoT, FinTech project. Lots of really good information in here about the different technology choices made. Plus, the realization that the velocity of a serverless project was “mind-blowing.” 🤯

Antonio Terreno tells us about the Startup Pre-series A tech choices you can’t compromise on. Great story about a small company using serverless to build and iterate quickly. Now they have a team of 20 people.

When you’re looking for real-world serverless use cases… 🔍

While the Berkeley paper argued that certain machine learning tasks might be too much for serverless right now, Michael Hart and the team over at Bustle has news for them. In Massively Parallel Hyperparameter Optimization on AWS Lambda, they explain how they used the concepts from the Asynchronous Successive Halving Algorithm paper and applied them to text-classification with Lambda. This is a really great read and an amazing use case.

Renato Byrro from Dashbird discusses Building a Serverless News Articles Monitor that can be used to extract article data in a structured format. They also made it open source for you to use.

Generating thumbnails is a common use case given for serverless, but what about generating complex PDFs? Marc Mathijssen came up with a way to do this using the power of Apache FOP in a .NET world using Azure Functions.

Nader Dabit takes us through Building Chatt – A Real-time Multi-user GraphQL Chat App in his recent post. The code is also open source, so not only is this a good use case, but also a helpful template to get you started with serverless.

What to do if you’re craving some good serverless reads… 📖

Alex DeBrie put together the Complete Guide to Custom Authorizers with AWS Lambda and API Gateway for you, and it is an awesome resource. Anyone who has played around with custom authorizers is sure to have some of their own war stories, so having this as a reference could be a lifesaver (metaphorically speaking).

Gojko Adzic introduces us to BaDaaS and the future of cloud integration. He explains that there is a new pattern called “Business action deployment as a service” (or BaDaaS), that allows service providers to offer application components that interact directly with FaaS services instead of passing data through webhooks. Twilio is already doing it, and last week we mentioned Braintree’s serverless payment functions initiative. Pay attention SaaS providers, a new standard might be emerging.

The New Stack’s How Serverless Platforms Could Power an Event-Driven AI Pipeline is another take on how to bring machine learning into the serverless world. It rightly suggests that “event-driven artificial intelligence (AI) can lead to faster and smarter decisions” and will take a “hybrid architecture structure that takes the best of serverless and combines it with stateful database stores” in order for it to be applied successfully. Obviously we need a database to store training data, but I think we’ll see more serverless alternatives to this sooner rather than later.

If you’d rather not read, you can watch Marcia Villalba talking about Serverless with Ben Kehoe. Another insightful interview featuring someone definitely worth listening to.

Finally, Cory Schimmoeller says that Using AWS Amplify feels like cheating, and he may be right. This is a good overview of how simple it is to use Amplify and the CLI to connect to your AWS backends.

What to do if you’re new to serverless… 🐣

Have no fear, Toby Fee from Stackery takes you through the Anatomy of a Serverless App. This post explains the three layers of a serverless application (business logic, building blocks, and workflow dependencies) and acts as a great primer for the newly initiated.

Serverless Computing 101 is another overview of what serverless computing is, how it works with other resources (or BaaS), and highlights some use cases. Not all the “demerits” are created equally, but certainly gives you something to think about.

Eric Sales De Andrade helps you answer if serverless is right for your next application in Should I go “Serverless” — How to choose the right solution for Your Product and Business. Like most of these types of posts, the pros and cons are laid out for you. But my suggestion, just go serverless. 😉

When you want to get hands-on with some serverless how-tos and tutorials… 🛠

Yan Cui gives us the lowdown on AWS Lambda and Secret Management in a recent post. Should you choose Parameter Store, Secrets Manager, or HashiCorp’s Vault? Yan walks you through the when, why and how.

Many people associate the terms “machine learning” and “artificial intelligence” with lots of math and complexity that make them seem unapproachable. But the reality is that powerful ML and AI services are readily available and easy to integrate with your applications. James Beswick show us how to build a serverless Twitter bot using sentiment analysis so that you can automatically like positive comments on your tweets. And it’s much easier to do that you probably think.

Debugging Chronicles: Missing Lambda Invocation is more of a tip (and a warning) from Davide de Paolis. TLDR; make sure you pass the Authorization header for every request that is using Congito with API Gateway. 🤦🏻‍♂️

Optimizing your Node.js lambdas with Webpack and Tree shaking is a great post by Erez Rokah that shows you how to use Webpack to remove unused modules when packaging your Node.js files for deployment to a serverless environment. He gives an example of reducing his deployment package from 740.6kB to 6.6kB.

If you’re using the .NET runtime, it might be helpful to know How to Unwrap an AggregateException Thrown by AWS Lambda. Zac Charles shares the secret of setting the right environment variable. He also shared how to make .NET AWS Lambda Functions Start 10x Faster using LambdaNative, a handy Lambda Layer that you can use.

If you’re working with Azure, David Pallmann has a full tutorial on how to build a Document Search Engine using Azure Functions and Cosmos DB.

Julian Tellez from DAZN gives us some tips for Handling complexity in lambda functions using his Lambcycle middleware component for AWS Lambda.

If you still haven’t played around with Lambda Layers yet, Eric Johnson’s Working with AWS Lambda and Lambda Layers in AWS SAM post is an awesome overview to get you started (or take you even further down the rabbit hole).

And why not combine the power of WebSockets, Machine Learning, and Translation services to build a better chat application? Danilo Pocci gave a recent presentation called Serverless real-time apps: Let’s build a “positive” chat that does just this. The architecture is all in the slides, plus you can check out the demo here.

Finally, if you are building Large (Java) Applications on Apache OpenWhisk, James Thomas has some very helpful tips and tricks for you.

When you’re wondering what AWS has been up to… 🧙‍♂️

Keeping up with AWS announcements is a full-time job in itself, never mind figuring out when CloudFormation adds support for a new feature. AWS CloudFormation: 2018 in review documents all the new features added to CloudFormation in 2018. And if you really want to stay current with new information, their release history page is always up-to-date.

Speaking of CloudFormation support, you can now Automate WebSocket API Creation in Amazon API Gateway Using AWS CloudFormation. Expect support in other serverless frameworks to be added soon.

Amazon SNS Message Filtering Adds Support for Multiple String Values in Blacklist Matching, which is actually much more exciting than it seems. Filtering messages at the broker level dramatically simplifies (and reduces costs for) pub/sub implementations. Having the ability to add several items to the blacklist is a very handy feature.

AWS also announced an open source project for Deploying a personalized API Gateway serverless developer portal. Using this project, you can make your API Gateway APIs available to your customers by enabling self-service discovery of those APIs. They can then use the portal to browse API documentation, get API keys, test published APIs, and monitor their own API usage. Another thing you don’t need to worry about. 👍

I’m not a .NET guy, so I didn’t even know there wasn’t support for this already. In any case, AWS X-Ray SDK for .NET Core is Now Generally Available, so good news for those utilizing that runtime.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Aleksandar Simovic (@simalexan). Aleksander is the co-author of Serverless applications with Node.js, a core team member for Claudia.js, and an AWS Serverless Hero. He has done a tremendous amount of work on Jarvis, an Alexa skill that allows you to create serverless applications using only voice commands, which is pretty cool. He also has 20 applications published to the Serverless Application Repository that you can use to get started with serverless quickly. Aleksandar continues to make valuable contributions to the serverless community, and we’re all lucky to have him!

Final Thoughts 🤔

There are so many amazing things happening with serverless right now, and this recent Berkeley paper is so incredibly encouraging. There is certainly a place for containers and servers right now, but it’s important to remember that today’s limitations are tomorrow’s opportunities, and the cloud providers all see the writing on the wall. Expect more and more advancements that address these limitations, and soon, serverless will in fact become, the default computing paradigm.

I hope you enjoyed this issue of Off-by-none. I love hearing feedback and suggestions so I can keep making this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

And don’t forget to share this newsletter with your friends and coworkers who are interested in serverless. I’d really appreciate it.

Until next time,
Jeremy

Off-by-none: Issue #23

The State of Serverless…

Welcome to Issue #23 of Off-by-none. It’s so great to have you all here! 🤗

Last week we looked at recent investments into the serverless ecosystem, highlighted some serverless events, and offered some thoughts for picking a database for your next project. This week we’re going to look at how we can use serverless to deal with third-party API quotas, watch some helpful videos, introduce “Serverless Stories”, and so much more.

It’s been another really busy week for serverless, so let’s get right to the good stuff. 🚀

When your third-party API imposes quota limits… 🙅‍♂️

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

One way in which our serverless applications can be limited, is when using third-party APIs that enforce quotas. In my new post, Throttling Third-Party API calls with AWS Lambda, we look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Not only is this solution extremely robust and flexible, it’s also very cost effective (like < $2/mth).

When AWS has a slow week… 🐌

I’m sure the AWS teams are all working hard on their next big releases, but in the meantime, they managed to release a few interesting serverless-related updates.

Speaking of state management, AWS Step Functions are an excellent way to add orchestration to your serverless workflows. Now you can Develop and Test AWS Step Functions Workflows Locally, which is a pretty cool feature. Integration testing in the cloud is still necessary, but the more we can do locally, the better.

And for more local testing goodness, Amazon DynamoDB Local Added Support for Transactional APIs, On-Demand Capacity Mode, and 20 GSIs. For many of us that use DynamoDB, these features for the local version are a welcome addition. Uber cool feature: track and return the capacity units consumed by your queries. 👍

Not so serverless, but perhaps “server-less”, is the announcement that AWS Ops Automator v2 now features vertical scaling. Unfortunately, most of us still have to use servers for some of our workloads. But this new vertical scaling feature lets you increase instance sizes instead of simply adding more instances. Scaling up instead of scaling out can be much more cost effective (plus it uses Lambda to do the work 😉).

When you’re looking for innovations in serverless… 👩‍🔬

Epsagon introduced their new Issues Manager that allows you to easily track issues in your serverless applications, identify trends, and quickly jump to Trace Search to troubleshoot them.

IOPipe now enables auto-tracing of HTTP/S calls by default, giving you insight into what external (and internal) API calls are being made and how long they take. You can read all about this new feature at The Secret Life of HTTP(S) Calls in a Serverless World.

Braintree, the payments service, is Introducing Serverless Payment Functions. According to this, “developers will be able to use Braintree to write and deploy serverless functions to instrument their transaction lifecycles, enable 3rd party connections, hook into existing business processes, streamline data exports, and more, all via Braintree tooling.” Not quite sure how this will all work yet, but could be an interesting approach for other SaaS companies to allow for more seamless serverless integrations.

CloudFlare introduced the Workers Cache API, which now lets you modify the REQUEST and RESPONSE objects from within your workers. This is similar to the functionality that Lambda@Edge provides, which is very cool functionality for many use cases.

And Google announced that Cloud Firestore has gone GA. Cloud Firestore is Google’s answer to DynamoDB, but they’ve sprinkled in a handy little feature that lets you export data directly to BigQuery to do additional analysis. Nice way to reduce a data replication step.

What to do if you prefer Prime Video over the Kindle store… 🍿

Good news, the serverless community has been busy producing some really helpful and interesting video content.

Chris Munns and AWS take you on a Deep Dive into AWS SAM and the SAM CLI, plus another Deep Dive Into Lambda Layers and the Lambda Runtime API. Lots of great information packed into these sessions.

James Hood from AWS also shows us how to Accelerate Serverless Development Using AWS SAM & the AWS Serverless Application Repository. This is an excellent intro to Nested Applications, which can be a very handy feature.

Alex Ellis’ talk from GOTO 2018 is now available. Serverless Beyond the Hype is a great talk that starts by giving you an overview of the serverless landscape, and then gets into the nuts and bolts of what makes OpenFaaS different from alternatives such as Knative. If you’re a member of the “serverless on top of containers” crowd, you’ll enjoy this.

The team at Epsagon held a webinar with plenty of insights into Serverless Monitoring in Practice. Interesting look at how complex tracing can be, and what companies like theirs are doing to make it easier.

Our friend Marcia Villabla released two more re:Invent interviews. In the first interview she is Talking about Serverless with Forrest Brazeal, another AWS Serverless Hero and all around serverless expert. She then talks about building AWS communities with Martin Buberl.

I also discovered this site (thanks to Corey Quinn) that organizes a collection of AWS re:Invent videos and podcasts of past and current breakout sessions. Plus they’re searchable, which is really helpful. And if you missed re:Invent last year, you can sign up for the on-demand version of AWS Innovate re:Invent Recap 2018.

Where to look for some interesting serverless use cases… 🕵️‍♀️

I love seeing people apply serverless in new and interesting ways. Below is a handful of nifty little use cases that will hopefully inspire you to do something amazing. 😉

In Lord of the Patch — Story of the PatchBot, Vladyslav Cherednychenko from About You, explains how his team used AWS Lambda to automate vulnerability scans on their EC2 cluster.

Maxime Preaux built a simple Serverless Mailchimp Subscription service using Webtask.io, but you could easily apply this to other providers.

If you’d prefer that your applications do more listening, Apoorva Dave walks us through Building your own Alexa Skill from scratch. I think voice control is only going to become more prevalent, so my advice: start thinking about how your apps can leverage it to create better user experiences.

How to build a Serverless Twitter bot demonstrates another great serverless use case. Lorenzo Tenti builds one using the Serverless Framework, Python and Lambda. Bots are another useful tool when done correctly, and running them on serverless makes a whole ton of sense.

Maybe more of a tool rather than a use case, but Running Jenkins Pipelines in AWS Lambda is possible with a tool called Jenkinsfile-Runner-Lambda. This might be one of those square peg, round hole situations, but Carlos Sanchez points out that “it could make sense to run Jenkinsfiles in Lambda when you are building AWS related stuff.” Maybe, but I think the point is that Lambda is a potential fit for any type of automation.

Finally, Sam Breed (aka Baby Wolfman) created a Lambda WebSocket chess ♟ demo. Could your next MMO be 100% serverless? Might be worth thinking about.

When you’re looking for some encouraging Serverless Stories… 🏆

I’ve been speaking with several people lately about new voices in the serverless community. While I try to recognize people that create helpful content and companies that are innovating in the space, we tend to get stuck in our own echo chamber. This week I’m introducing “Serverless Stories” (or maybe Serverless Voices 🤔), that shares posts from people who are just starting out with serverless or have been adopting serverless in their organizations. I think there is a lot to learn from these folks, especially for those of us trying to foster and build the community. I’d love to know your thoughts on this.

My Serverless Story is a short read that outlines a developer’s foray into the serverless world. It’s interesting to hear their thoughts on the cost of API Gateway, the limited interfaces into managed services (as opposed to traditional methods), and how they believe that it’s not ready for latency-sensitive workloads.

Jordan Finneran wrote a post about Going Serverless where he discusses the migration of an Express.js app. Lack of tooling, reliance on a single provider, cold starts, and of course, event-driven architecture, are his top concerns.

In Lessons learned from launching TubeStats: a completely serverless service, Joshua Khan talks about the execution timeout limits of AWS Lambda functions and how they built their own state management component to overcome it. Interesting takeaway here: he didn’t use Step Functions for orchestration because of “unfamiliarity” and wanting to get “something launched” as soon as possible.

In part 2 of Dirty Old Code, Pierre Bails discusses the process his company used to move their monolithic Ruby on Rails application to a serverless infrastructure. Interesting step-by-step approach which could be a useful template for other companies looking to make the switch.

When you’re looking for some insights into the state of the serverless ecosystem… 📈

John Demian says that Businesses are overcoming challenges with serverless and that “2019 will be the year of serverless.” He points out that cost and speed of development continue to be the motivating factors for companies to push for adoption.

Likewise, TechRadar points out that 2019 will be A year of reckoning for digital transformation. Key takeaway here is the prediction that serverless will be central to a company’s success.

Then there are stories like this: Developers find cautious optimism for serverless platforms. There is a lot of FUD here that purports that tools don’t work as expected and that the developer learning curve is causing problems. 🤦🏻‍♂️

This doesn’t seem to be stopping investment into the space, however, especially since a new report says that Global Serverless Architecture Market Share will Hit USD 18.04 billion by 2024. Serverless is still new, and it has its share of challenges, but the market is growing, and every day implementation gets easier.

The 2019 Microservices Ecosystem by Tobias Kunze is a great read that outlines all the major players and gives some insights into how they all fit in to the larger ecosystem. Serverless is mentioned, of course, but the vast majority are supporting containers and other types of “server-full” approaches.

Why Amazon’s AWS Cloud Business Will Continue to Grow is another interesting piece that gives a bit of insight into AWS’s growth strategy. While they continue to grow their virtual machine business with EC2, they are also supporting container management, and obviously, serverless. More interestingly (which we saw at re:Invent), AWS is saying, “if you don’t want to come to the cloud, we’ll bring the cloud to you.” Support for On-prem, along with the multitude of other offerings, is helping to build up the cloud computing market for all providers.

And speaking of growing the cloud market, a recent piece titled Capital One’s public cloud strategy at odds with industry, points out the benefits of using a public cloud versus a private one. Perhaps most importantly for a bank, the combined security expertise of public cloud providers supplies the trust needed to let Capital One focus on other parts of their stack.

When you’re finally ready to abandon WordPress… 🤬

In case you missed it, generating static sites is all the rage nowadays, and for good reason. I’d venture a guess that 99.9999% of all website traffic are simple GET requests to essentially static pages. Serving those pages up from an edge location cache makes a whole bunch of sense. But whether you’re looking to go fully-static, or leverage new features to reduce your dependencies on servers, there are plenty of options available.

A Greater Gatsby: Modern, Static-Site Generation by Toby Fee answers all your Gatsby-related questions.

If you’re not ready to go fully static, try Going serverless with React and AWS Amplify. Peter Mbanugo walks you through creating a single page app that uses GraphQL to power your dynamic features.

Adam Henson points out that You Might Not Need Server Side Rendering. But what about SEO? Adam does a pretty good job answering why not.

On the other hand, Dan Quackenbush would probably disagree. He talks about how Caching SPAs for SEO with Lamdba@Edge actually increased their crawl rate by 900%.

And let’s not forget that AWS can help you move ALL THE WAY up the stack in some cases. So What AWS service should you use to publish a web site?  Adrian Hall might have the answer for you.

When serverless security shows up on your cloud audit questionnaire… 🔐

Chris Tozzi outlines some Serverless security best practices for cloud dev and ops teams. Pretty standard stuff, but it seems that best practices need to be repeated over and over again.

If you want a really in-depth look at serverless security, you can now watch the Foundations of AWS Lambda Security webinar that Ory Segal and I did, on-demand. Lots of really good stuff in there.

We talked about adding voice control to ours apps a bit earlier, but how do we secure those, especially if they control sensitive internal components?  Aravind Kodandaramaiah from AWS shows us how to Secure and distribute Alexa skills with Alexa for Business. Which, besides the security aspect, could also make for some great internal tooling for your business.

While this story isn’t about serverless, it is a cautionary tale about being a little too paranoid when it comes to security. Digital exchange loses $137 million as founder takes passwords to the grave is an example of failed redundancy. Be smart about your secrets management, even if you think you’re invincible.

When you need the right tool for your serverless job… 🔨

Remember that time you were asking for more serverless frameworks? Well, here you go. Meet TyX, a TypeScript-based serverless backend framework designed for deployment into AWS Lambda.

If you want some more TypeScript, try IFTO: A simple debugging module for AWS Lambda (λ) timeouts.

OPTASY points out the 6 Best Serverless Plugins to tailor the Serverless Framework to your project-specific needs.

If you’re using Lambda@Edge to do redirects, middy-reroute can make your life a lot simpler.

And if you need to debug your serverless applications, Yan Cui shows us how to do it with Dashbird.

StackShare announce their Top 50 Developer Tools of 2018. There were some nice serverless mentions in there including Architect, OpenWhisk, CloudFlare Workers and AWS CloudFront.

What to do if you’re an audiophile, but also love serverless… 🔊

A recent episode of the ThoughtWorks Podcast does some Diving into serverless architecture.  Mike Roberts offers some of his insights.

The Cloudcast: A Serverless Look Ahead for 2019 features special guest, Paul D. Johnston, chatting about the current state of serverless, how to economically think about functions, and areas where serverless needs to improve.

In Diving into Data with Amazon Athena, Simon Elisha shares how Amazon Athena can give you powerful SQL querying capabilities over text files in your S3 buckets. If you’re not familiar with Amazon Athena, you seriously need to check it out.

When you want to get hands-on with serverless tutorials… 👨🏻‍💻

Here is an insanely complete, and step-by-step guide to building a full-stack application using AWS Lambda and React-native.

Binaris also has a Full Stack Tutorial with Serverless & React that includes all the code you need to get up and running in no time.

Yan Cui offers a quick Lambda optimization tip that can speed up HTTP API calls from your serverless applications. TLDR; enable HTTP keep-alive.

For those of you that might be interested in Connecting to AWS DocumentDB from a Lambda function, this post will walk you through it in painstaking detail.

Step Functions can be a bit confusing, but in AWS Step Functions – Doing Serverless is Easier Than You Think, the team at Thundra gives you the all basics.

James Beswick teaches us How to add file upload features to your website with AWS Lambda and S3.

Richard Freeman, PhD, has a great tutorial for Building a Serverless Microservice CRUD RESTful API with MongoDB.

Another thing that can trip you up is Configuration management for serverless AWS applications. Marcin Z-Pa has some thoughts on how to make it easier for you.

If you’re a GitLab CI user, Forrest Brazeal will show you How to set up multi-account AWS SAM deployments.

And finally, if you’re interested in Migrating an Express App into AWS Lambda the Easy Way, this post will give you some practical tips.

Where to go for some interesting serverless reads… 📚

Finding Serverless’ Hidden Costs is an important reminder that pay-per-use can lead to costly mistakes if you aren’t properly monitoring your serverless functions.

In AWS SLA: Are you able to keep your availability promise?, Andreas Wittig show us how to use the new AWS SLAs to calculate our own SLAs. Key point is to make sure you account for other variables besides just AWS’s promises.

Debunking Serverless Tropes by Ryan Marsh has a bit of fun at serverless naysayers’ expense. It made me laugh. 😀

🔥 Multi-region serverless backend — reloaded by Adrian Hornsby is an updated version of his old post on the topic. This time he discusses how the new Global Accelerator service works to eliminate DNS caching for better DR. Highly recommended read for anyone building out a serious, highly-available serverless application.

Raoul Meyer’s AppSync: Basically GraphQL as a service, is a good overview of what AppSync is and provides a few examples to help you get your head around it.

The Top 7 Takeaways from our 2018 Serverless Shows is a look back at Protego’s podcast episodes from last year. They had some great guests with some very good insights.

Nuweba published their Top Serverless Resources You Should Know About. A good list for those interested in staying current with what’s happening in the serverless world.

In Why DevOps Engineers Love AWS Lambda, Ran Ribenzaft from Epsagon gives us a number of great Lambda use cases for automating DevOps processes. These types of practical use cases are a great way for companies to get started with serverless.

Think you can run Kubernetes better than a cloud provider? Think again. Matt Asay argues that building your own Kubernetes cluster is a waste of valuable time. This is based off of a great Twitter thread from Ben Kehoe.

On Infrastructure at Scale: A Cascading Failure of Distributed System by Dan Woods, isn’t really about serverless, but I thought it highlighted some interesting challenges that arise from running distributed systems.

When you want to try something other than AWS… 🤷‍♂️

Ride the Serverless Wave with DigitalOcean’s One-click Droplet shows you how to get OpenFaaS up and running in DigitalOcean with just one click (sort of).

Azure Functions now has moves like Swagger (sorry, bad joke). Introducing Swagger UI on Azure Functions show you how to use a few services to generate your own API docs.

The Mixology Playbook: Kubernetes and Serverless is a well-written piece that talks about the values of a hybrid approach. While I believe there is room for a lot of players at this point, I think serverless (in whatever form it ends up taking) will ultimately win the war.

Hey Google, help me use Cloud Functions is another piece that points out how voice automation could be used to enhance a user experience. Susie Coleman works for the Guardian’s Voice Lab, which is trying to bring the “Guardian’s voice” to Google Assistant. If you’re not thinking about voice automation for your app, you might miss out on a huge opportunity.

Anchal Bhalla teaches you how to Build a Serverless App with Facial Recognition using IBM Cloud Functions. Simple tutorial, but it shows you how powerful some of this stuff is.

And last but not least, Simona Cotin shows us how to use the Azure Resource Manager to write Infrastructure as code for Serverless APIs using just a bit of JSON.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is James Beswick (@jbesw). James is a developer, author, AWS-Certified builder, and cofounder of Indevelo, a consulting firm that builds products on AWS. He’s also a speaker, a blogger, and an active member of the serverless community. He recently launched Ask James About AWS, a video series that walks you through a number of common AWS tasks. Through his writings, videos, and talks, James is helping to spread the benefits of serverless, as well as providing useful insights and education to those looking to adopt the cloud. Thanks for what you do, James!

Final Thoughts 🤔

I’ve had a number of really interesting talks with people over the last few weeks about the overall state of serverless. There is a tremendous amount of innovation, lots of great use cases emerging, and new people joining the community every day. However, we have a long way to go before serverless becomes top of mind. We need to continue to encourage collaboration between everyone in this space so that we can educate and spread the word.

Speaking of spreading the word, there are a number of ServerlessDays events coming up that are a great way to support and expand the community. ServerlessDays Boston just announced an amazing speaker lineup, and Hamburg and Austin are right around the corner. I hope you all get a chance to attend one of these events.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better each week. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Throttling Third-Party API calls with AWS Lambda

In the serverless world, we often get the impression that our applications can scale without limits. With the right design (and enough money), this is theoretically possible. But in reality, many components of our serverless applications DO have limits. Whether these are physical limits, like network throughput or CPU capacity, or soft limits, like AWS Account Limits or third-party API quotas, our serverless applications still need to be able to handle periods of high load. And more importantly, our end users should experience minimal, if any, negative effects when we reach these thresholds.

There are many ways to add resiliency to our serverless applications, but this post is going to focus on dealing specifically with quotas in third-party APIs. We’ll look at how we can use a combination of SQS, CloudWatch Events, and Lambda functions to implement a precisely controlled throttling system. We’ll also discuss how you can implement (almost) guaranteed ordering, state management (for multi-tiered quotas), and how to plan for failure. Let’s get started!

Continue Reading…

Off-by-none: Issue #21

The serverless takeover…

Welcome to Issue #21 of Off-by-none. I hope you’re ready to talk serverless! 😃

Last week we got hands-on and learned how to handle “not-so-scalable” systems in our serverless applications. This week we look at some more ways to scale your serverless apps, highlight some recent innovations, examine how serverless and the cloud is affecting the IT landscape, and so much more.

Lots to get to, so let’s jump right in! 🏊‍♂️

When you’re trying to get your serverless application to scale… 📈

Mikhail Shilkov has a brilliant post titled: Serverless at Scale: Serving StackOverflow-like Traffic. In this post he runs experiments across AWS, GCP, and Azure, to test how serverless functions and blob-storage scales to 1,000 requests per second. The results are quite fascinating.

We often talk about scaling “non-serverless” downstream systems in this newsletter, and Tirumarai Selvan has presented us with another option for Scaling RDBMS for GraphQL backends on serverless. Connection management is an ongoing problem with serverless functions. AWS is working to fix this with their Data API for Aurora Serverless (and of course there’s my serverless-mysql package), but overall, not a bad (albeit, non-serverless) approach.

Paul Johnston has some thoughts on Serverless Compute and Serverless Data. It is an interesting way to compartmentalize serverless applications. Without the proper design, ephemeral compute is certainly limited by the underlying datastore. Designing for scale is the new default, and this is a skill that many developers have never really needed to worry about.

Tim Bray started this thread on Twitter that goes deep into microservices and temporal coupling through synchronous communication. 🤓 I love these types of discussions, especially when Marc Brooker and Sam Newman jump in.

And James Thomas tells us about loosely-coupled serverless functions with Apache Openwhisk. Good read that looks at the difference between triggers and queues and how they can affect the scalability of your severless application. A bit specific to Openwhisk, but I think the general concepts are quite universal.

When people are having way too much fun with custom runtimes… 👩‍💻

Danil Smirnov shows you how to access the latest JavaScript SDK from Lambda functions using Layers. You might think that AWS would keep this updated, but you’d be wrong. I ran into this problem a few times, which means you must package the aws-sdk with your Lambda functions. This way is much better. 👍

The team over at Thundra developed their own Node.js Custom Runtime to let you monitor your Lambda functions without making any changes to your code. We’ve seen this type of use case before, but Thundra went the extra step to show us how they actually built it.

Have you ever wondered how to run Elixir on Lambda? Me neither, but Arjan Molenaar has figured it out for us just in case. Building an Elixir runtime for AWS Lambda gives you a brief overview of his motivations, and ultimately leads you to the GitHub repository if you’d like to try it yourself.

And PHP fans can also rejoice! Bref, a serverless framework for PHP, is incorporating a custom PHP runtime into v0.3. Look forward to better performance, PHP-FPM support, and local development with Docker and AWS SAM.

Where to look for serverless events… 🗓

ServerlessDays Cardiff is coming up on January 30th. Tickets are still available, so if you’re going to be in the area, I’d highly suggest you attend. Can’t go wrong with talks from the likes of Yan Cui, Simona Cotin, the Ian MassinghamSlobodan Stojanović and so many more.

And if you’re state-side, ServerlessDays Boston is coming up on March 12th. We just announced the one and only Charity Majors as our opening keynote speaker. And I’m happy to announce that the, wait for it… legendary Chris Munns from AWS will be giving the closing keynote. The remaining speakers will be announced early next week. This is going to be good. 🙌

If you’re looking for something a bit more remote-friendly, Stackery has some upcoming serverless webinars that you can join. They’ll walk you through how to build your serverless applications without needing to write a bunch of YAML.

Feel like doing some traveling? Thundra put together a great list of Serverless Events You Should Be Aware Of in 2019. I’m going to try and get to a few of these myself.

For those of you that are visual learners… 👀

I stumbled across some videos that Cloud Path had created, and I was impressed with how well-produced they were. In AWS S3 & AWS Lambda Integration, they walk you through setting up an S3 trigger and the code required to process the event. Beginner level stuff, but I’m going to keep my eye on this channel.

Marcia Villalba dropped another re:Invent interview where she’s Talking about testing Serverless applications with Slobodan Stojonovic. Slobodan was our very first Serverless Star at Off-by-none and is an awesome serverless resource.

If you can’t get enough of Marcia, check out her Getting ready for AWS reInvent 2018 vlog series. If you’re thinking about going to re:Invent this year, these videos provide a first hand look at this amazing experience.

CloudFlare workers are a relatively new addition to the serverless ecosystem, and they’re quite passionate about how this type of edge computing could change how applications run. How Serverless Platforms are Changing to Enable New Applications is a talk by Zack Bloom that digs deep into this concept.

What to do if you’ve been ignoring serverless security and user privacy… 🔒

If you thought that you didn’t need to worry about GDPR, think again. It was just reported that France fined Google nearly $57 million for an alleged violation. Now this might just be France being France, or it’s a sign of things to come. If you’re not familiar with GDPR, or you’ve already forgot the requirements, Stripe has a great guide to help you out. C’est la vie. 🇫🇷

Last time I’ll mention this (promise). Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. It will be packed full of practical serverless security advice including risks associate with AWS Lambda, IAM permissions, governance and regulatory compliance, and scalability.

When you’re looking for innovation in the serverless ecosystem… 🔍

Epsagon continues to make serverless observability easier with the introduction of Trace Search. This is a very cool feature that lets you find and drill down into traces using a bunch of different filters. Plus they have created plug-in packages to make integrating tracing and cleaning up your old Lambda versions much easier.

But serverless observability and tracing is a hot space to be in, and Adam Johnson and the team over at IOpipe has their own long list of accomplishments and future plans. In Auld Lang Servers, Adam outlines IOpipe’s milestones and innovations over the last year. Their product continues to get better and better, giving serverless practitioners plenty of options when choosing an observability tool.

And don’t count out OpenWhisk. Release 0.17.0 (18.01.2019) of the Serverless Framework OpenWhisk plugin was recently released, with added support for concurrent actions, which should speed up your deployments.

When you find out that Google Cloud Functions finally supports Go… 🤷‍♂️

Google announced that Go 1.11 is now a supported language for Google Cloud Functions. You’d think that since they invented it, they might have beat Amazon to the punch. Oh well, at least GCP is still innovating its serverless offerings.

Not to be outdone by AWS’s classic serverless example, Adil H has put together a post showing us how to do Image Resizing with Go and Cloud Functions. Code included.

If you’re looking to push the envelope a bit more, Saurabh Deoras has a great article on combining TensorFlow, Go and Cloud Functions. I like when people experiment with stuff like this, and even though his final solution isn’t ideal, it still works. He even waxes-poetic at the end. #deep

When the zombie apocalypse might not be the apocalypse you need to worry about… 🧟‍♂️

Forrest Brazeal wrote a rather depressing (but necessary) piece about the The Creeping IT Apocalypse. With AWS reportedly working on a secretive low-code/no-code project, there is an entire class of engineers that could get automated out of existence. TLDR; learn to code and keep your skills current.

Along the same lines, James Beswick’s latest post, The cloud skills shortage and the unemployed army of the certified, comes at it from a slightly different angle. Of course IT head counts are dropping because of automation, but James argues it isn’t just about keeping your skills current. It’s about the unreasonable expectation that a single developer must now do the jobs of what used to require several highly-specialized people to do. TLDR; become a coding superstar.

Other people are writing about this trend, perhaps without even realizing it. Nader Dabit gives his take on what it means to do Full-Stack Development in the Era of Serverless Computing“This means you basically have a team of specialized engineers that have built out and iterated on something that you or your team simply could not do alone without investing an impractical number of hours.” I think this type of innovation is great, but don’t get caught watching shadows on the wall, this type of undifferentiated development work is going away. Now look who’s being poetic. 😉

When you really like seeing serverless use cases… 🤗

I think we are all in agreement that CloudWatch is not the best place to be digging into our application logs. There are plenty of options out there, but the team at BBC iPlayer shows us how they put Lambda Logs in ELK. It’s a DIY option, but highly effective for their needs.

This is a bit of an old post, but in How I export, analyze, and resurface my Kindle highlights, Sawyer Hollenshead show us how he created a serverless pipeline that extracted his highlights, analyzed them with NLP, and published them to his site to reflect on what he read. Pretty interesting use case, IMO.

Gavin Lewis shows us How To Build a Serverless CI/CD Pipeline On AWS. There is quite a bit of complexity to his approach, but he has it all laid out for you.

When you’re a big fan of the horror genre… 👹

Henning Jacobs has compiled a list of wonderful Kubernetes Failure Stories for us. He claims that these stories “should make it easier for people dealing with Kubernetes operations… to learn from others and reduce the unknown unknowns of running Kubernetes in production.” I say it’s just another opportunity for serverless fans to say I told you so 😂. But seriously, if you want to take a stab at Kubernetes, this is a good list to get you started (or maybe scare you away).

Corey Quinn recounts a horror story of his own in this Twitter thread. The story of an ambitious young man trying to set up his own infrastructure in a shared datacenter goes horribly awry, hilarity ensues. I remember these days myself, but now that the cloud is here, this type of tragedy can easily be avoided.

Where to go for some more serverless reading… 📚

Chris Feist wrote a post called Making serverless variables work for you to accompany his new serverless-plugin-composed-vars plugin for the Serverless framework. I do this a bit differently, but this looks like a handy plugin.

Migrating a Serverless application backend to the Serverless Framework highlights Tai Nguyen Bui’s journey moving away from the console and into the world of serverless deployment automation.

Speaking of serverless journeys, How I Got Comfortable Building with Serverless highlights how Jun Fritz went from code bootcamp graduate, to Stackery employee, to confident serverless builder in just a few months. There is still much to learn, but it is fascinating how quickly people can get things up and running.

The state of serverless: 6 trends to watch highlights a fairly obvious (IMO) evolution of any new technology. However, I think that betting Knative will drive standardization is a bit off. We can argue about what serverless means all day long, but with CloudFlare workers moving compute to the edge, and AWS loading VMs closer to the metal with Firecracker, I personally see anything that adds more layers of abstraction to ephemeral functions being a step in the wrong direction. Maybe it’s just me.

In Dear Go — Thank You For Teaching Me PHP Was A Waste of My Time, Vern Keenan is pretty harsh about the future prospects of PHP. Not sure I agree with him on that, but he does make some good points about Go potentially becoming the dominant serverless runtime.

And finally, Zac Charles asks, What happens to running threads when a Lambda finishes executing? If you’re interested in the inner workings of Lambda functions and container reuse, give this short article a read.

When you’re curious what AWS has been working on… ☁️

There were a lot of serverless announcements and innovations at AWS over the last few months. If you’re having a hard time keeping up, take a look at Eric Johnson’s full recap: ICYMI: Serverless Q4 2018

The new AWS Backup lets you automate and centrally manage your backups across AWS services. Jerry Hargrove (aka @awsgeek) wasted no time putting together a cloud diagram for you. He’s also got a great one for the new Amazon DocumentDB service as well.

AWS also added S3 as a deployment action provider in CodePipeline. Check out this tutorial to learn how to Create a Pipeline That Uses Amazon S3 as a Deployment Provider. Plenty of cool use cases with this.

Two weeks ago AWS announced that AWS Step Functions would support resource tagging. Now they’re getting their very own Service Level Agreement with three 9s.

And Step Functions isn’t the only one getting SLAs. Amazon announced 99.9% Service Level Agreements for Amazon Kinesis Data Streams and Amazon Kinesis Data Firehose.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Mikhail Shilkov (@MikhailShilkov). Mikhail is a Microsoft Azure MVP, a frequent conference speaker, and an advocate for all things serverless. His blog is loaded with insanely thorough articles about serverless (and functional programming) that are sure to help you level up your own skills. He mostly focuses on Microsoft, but has articles like this and this that can give you some much needed perspective in the overall serverless ecosystem. And today is his birthday, so Happy Birthday, Mikhail, and thanks for what you do! 🎂🎉🎈

Final Thoughts 🤔

Thank you for all the responses from last week. Everyone that sent me a message said they like the length and that they found it easy to skim and pick out the articles they were interested in. I’m glad you all like it. If you have any other thoughts, I’d be happy to hear them.

I hope you enjoyed this issue of Off-by-none. I love hearing your feedback and suggestions, it helps me make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

Off-by-none: Issue #20

Let’s get hands-on…

Welcome to Issue #20 of Off-by-none. It’s great to have you here! 🤘🏻

Last week we sifted through quite a bit of serverless content to start the new year. This week we’re going to get a bit more hands-on, and dig into some useful applications of serverless that we can start using right now. We also have some more insights into the future of serverless, plus some really compelling research regarding TCO of serverless infrastructures.

We’ve got a bunch of stuff to get to today, so let’s get into it! 👇

When your downstream systems aren’t infinitely scalable… 😳

There is an ongoing debate about the “serverlessness” of certain services and downstream systems. While that may be a useful exercise from an operational perspective, from a practical standpoint, the bigger issue has to do with scalability. It is likely that most of the services that make up your serverless applications will not scale as well as Lambda. This can create significant pressure on downstream services during heavy traffic spikes, sometimes resulting in unplanned downtime. So what can we do when certain parts of our application simply can’t scale?

An extremely useful pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple queues to “buffer” events so that we can throttle processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that calls a third-party API, this pattern would be a great fit.

In my new post, How To: Use SNS and SQS to Distribute and Throttle Events, I walk you through how to automate this and add it to your serverless applications. Full working code examples are provided and explained, so give it look, and see if this would be right for your application.

When you want more serverless use cases… 🙋‍♀️

Last week I shared some interesting serverless use cases that I came across. I think it’s helpful to see how other people are using serverless, and then be able to apply some of those ideas to your own systems. Here are a few I found this week.

Creating A Serverless Answer For eCommerce  shows us how a team created a completely serverless ecommerce system and the resulting benefits. The quote at the end of the article may seem a bit obvious to those of use who live and breathe serverless, but it sums up the business case quite nicely: “By moving to a Serverless solution, businesses can achieve an affordable solution that will rapidly scale up and down with demand, removing wasted resources and expenditure during down times, while ensuring you’re able to handle larger peak volumes whenever they occur.”

Bob Thomas shows us how and why KYD joined the serverless train. There are some great insights into why they went serverless as well as some code examples for CI/CD with Gitlab.

There are plenty of third party ESPs to choose from, but Vinicius Kiatkoski Neves gives us a complete walk-through and shows us how to send e-mails through AWS SES and Lambda.

When serverless security should be your #1 concern… 🔒

Marcia Villalba is back with another great interview from re:Invent. This week she is Talking about Serverless Security with Ory Segal.

Speaking of Vegas and serverless security, I came across this talk from Erez Yalon at BSides called Serverless Infections. It has some really good security tips in there, plus there are some demos that show how hackers can both infiltrate and exfiltrate your serverless functions.

And don’t forget that Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Make sure you signup to see how the OWASP Top 10 applies to your serverless applications.

When you want to build serverless apps on something other than AWS… ⚡️

I’m a big AWS fan, and with 70% of the serverless market, it’s hard to ignore. But others continue to make strides in the space, and lots of developers are utilizing the service offerings of other cloud providers. Here are few interesting resource I came across this week that do serverless sans AWS.

Serverless Notes is a site dedicated to helping developers build applications on Azure. They’ve recently launched there Azure Serverless Tips series with helpful bits of information from technology leaders and experienced people, all in one place.

Another great resource is the Azure Serverless Community Library. Think of it a bit like the AWS Serverless Application Repository. I browsed through these and there are A LOT of covered use cases already built for you.

And if you’re using the Microsoft cloud and you need to Scale Azure Functions to Make 500,000 Requests to Weather.com in Under 3 minutes, David Barkol has you covered.

And let’s not leave Google out! Wassim Chegham wrote a great post called Building Your Next Serverless Application: The Complete Guide. It is an in-depth, step-by-step, code included walk-through that’s a great resource for those working in the Google Cloud.

When you think about the future of serverless… 🔮

Nate Taggart from Stackery has some predictions for Serverless in 2019. According to him, we can look forward to monolith conversions and executive buy-in, but will face resistance from the IT-Industrial complex.

Ben Moore from ChannelLife New Zealand reports that KBV research predicts the Serverless architecture market to reach $14B by 2024. That’s a compound annual growth rate of 23.4%. 🐨

Adrian Colyer has some thoughts on the Serverless computing: one step forward, two steps back paper that was released recently. Lots of us saw the paper as highly critical of serverless, especially since it focused on use case that were not a good fit. Adrian has a bit of a different perspective on this.

And whenever we look at the future, it’s always helpful to take look at the past. Our friends over at Thundra have a nice post that recaps their journey in 2018. It is really exciting to see companies in the serverless space growing up and being successful. There are so many opportunities in the serverlesss space, and Thundra is just one example.

When you’re finally thinking about migrating to serverless… 🤷‍♂️

Ready to move all your applications to a serverless architecture? Yan Cui says Not so FaaS! He points out that there are lots of viable use cases for serverless, but that user experience should trump everything else. TLDR; don’t try to fit a square peg into a round hole, even if the square peg is serverless. 😜

The team at Nuweba has put together a serverless ebook to help you understand The Top 4 Challenges In Serverless. Handy little guide if you’re new to the serverless world.

There’s also an interesting interview with Red Hat’s Michael Hausenblas on learning to walk before running into a Serverless mess. There are some good points in here about the operations culture changing as well as pointing out a few places where serverless might not make sense.

And if you are planning on going serverless, the biggest culture shock will most likely be with observability, or the lack thereof. The team over at Epsagon has an upcoming webinar that will explain Serverless Monitoring in Practice. Definitely worth a look.

What to do if you can’t let go of your Ruby or PHP framework… 👋

Are you a Ruby on Rails developer that is feeling left out by this whole serverless thing? Check out Jets: Ruby Serverless Framework, and see if that gets you excited.

What about all the PHP fans? I’ve heard that Laravel is doing some work to make the framework more serverless, but in the meantime, Rob Allen will show you how to run Serverless PHP on AWS Lambda. AWS also has a post that can help you as well.

When you’re curious if serverless will actually reduce your costs… 💰

Remember that Serverless computing: one step forward, two steps back paper that we previous mentioned? Well it also got Yan Cui fired up. He tells us why You are thinking about serverless costs all wrong and points out that TCO (total cost of ownership) is the better metric to evaluate costs.

Kevin O’Hara shared a typical #AWS bill for a startup building their MVP primarily on serverless technology like Lambda. Production APIs, static sites, databases, and messaging all for under a few bucks a month. This is not uncommon.

Mark Schwartz had some recent thoughts on Switching Costs and Lock-In that are worth reading. However, the new Generating Value Through IT Agility and Business Scalability with AWS Serverless Platform report is definitely worth a skim. Some of the highlights include a 33% increase in developer productivity, 18% increase in applications/logic created, and an over 200% increase in the number of features. Add to this massive drops in unexpected downtime and MTTR, 60% lower operations costs, and a 53% reduction in infrastructure and hardware costs over a five year period. This is some great data if you’re trying to make the serverless case to the higher-ups.

When you’re looking for some interesting serverless reads and resources… 📚

Your Quintessential Guide to AWS Athena is just that. No need to be paying for RedShift if you store your data correctly in S3.

Mike Roberts and John Chapin over at Symphonia created a lambda-benchmarking project that generates and saves benchmarks for cold start latencies of the AWS Lambda service. It will be really interesting to see these latencies decrease as AWS continues to optimize for them.

And Ray Camden has a new article about Adding Serverless Functions to Your Netlify Static Site. I think I’ve read most of Ray’s books, so it will be awesome if he becomes a serverless advocate too!

When you get overly excited about AWS announcements…🗣

There was an AWS Fargate Price Reduction – Up to 50%. This is thanks to the Firecracker virtualization technology they announced at re:Invent last year. Good news for those of you that still need containers.

AWS also announced Amazon DocumentDB (with MongoDB Compatibility). I wouldn’t suggest building greenfield on it, but if you are moving an existing workload, this could make your managing a MongoDB cluster nightmares go away.

Speaking of migrating MongoDB, AWS Database Migration Service Now Supports Amazon DocumentDB with MongoDB compatibility as a target. Live migrate right from your replica sets or sharded clusters.

And AWS Step Functions Now Supports Resource Tagging, which is pretty cool. The more you tag the better. Read How To: Tag Your Lambda Functions for Smarter Serverless Applications for a bunch of reasons why.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Heitor Lessa (@heitor_lessa). Heitor is a Specialist Solutions Architect at AWS that focuses on serverless. Beside being an all around nice guy and serverless expert, Heitor is the host of the Build on Serverless Twitch series. The first season featured a number of great guests with lots of hands-on, real-world serverless problem solving. Season 2 is in the works, so be sure to RSVP so you can learn more best practices while watching Heitor and his guests build a Serverless Airline App from scratch. Great stuff!

Final Thoughts 🤔

I realize that this newsletter keeps getting longer every week. Maybe I’m looking too hard for serverless content, or maybe there is just a lot more of it out there. Either way, I feel like it is getting a little unwieldy. There is obviously a lot of information to share each week, but I don’t want it to be too overwhelming. Should I cut this down a bit? Do you like all this content? Should I add more!? I’d love to hear your thoughts on it.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

See you next time,
Jeremy

How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

Off-by-none: Issue #19

Starting off the new year with a serverless bang… 💥

Welcome to Issue #19 of Off-by-none. I’m so glad you’re here to talk about serverless! 🙌

Last week we reminisced about 2018 and laid out some plans for the new year. This week we’ll sort through all the serverless content that people created over the holiday break. Plus we look at some serverless use cases, share some upcoming webinars, and give you links to plenty of great talks to keep you busy for awhile.

We’ve got a lot to get to today, but before we jump in, I wanted to share that Lambda API v0.10 was released. Lambda API is a lightweight web framework for your serverless applications. It’s open source, fast, free, and now supports seamless integration with ALBs. v0.10 also added support for multi-value headers and query string parameters, plus new method-based middleware and much more. I’d love for you to check it out and send me feedback.

Okay, back to our regularly scheduled program. Here we go! 🚀

When you’d rather just sit back and watch some serverless videos… 🍿

ServerlessDays Milan 2018 released videos of all the talks from their event in October of last year. Lots of really great talks in here from Yan Cui, Ian Massingham, Danilo Poccia, and many more.

Serverless Computing London has also released some additional videos including Mikhail Shilkov’s Performance Tales of Serverless, Nate Taggart’s Rethinking Testing For Serverless, and Guy Podjarny’s Serverless Security: What’s Left To Protect?

Heitor Lessa announced that the second season of Build on Serverless is going to be about “Building a Serverless Airline App from scratch + leading practices applied.” This is a fun (and educational) thing to watch. You can (and should) RSVP on Twitch.

Also, Marcia Villalba released the first video in her Serverless Interviews series which just so happens to feature yours truly. So if you want to see me ramble on about serverless for 15 minutes while admiring the view of the Mirage in the background, this video is for you.

When you want to learn more about serverless security… 🔒

The team over at Protego created a Damn Vulnerable Serverless Application and donated it to OWASP so that you can learn what not to do when building serverless application. You can read more about it here. Now we have this AND the Serverless GOAT project that PureSec donated last month. These are both great resources to see how easily serverless vulnerabilities can be exploited and what to do to protect your application.

If you’re interested in discussing the OWASP Top 10 and how they apply to serverless applications, Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Lots on information to cover, plus an interactive Q&A session at the end. Should be fun. 😉

What to do when you’re ready to use Lambda Layers… 🍰

Injecting Chaos to AWS Lambda functions using Lambda Layers by Adrian Hornsby, introduces us to a great use case for Layers. Werner said it best, “Everything fails all the time.” Using Chaos Engineering to test the resiliency of your distributed cloud applications is a great way to ensure that when things do fail, that your application will handle those issues gracefully and minimize the blast radius.

Gojko Adzic and his team created some public layers so you can now use FFmpeg, SOX, Pandoc and RSVG with your AWS Lambda projects. One more thing you don’t have worry about.

And if you want to take a Deep Dive Into Lambda Layers and the Lambda Runtime API, sign up for this webinar hosted by Chris Munns, Principal Developer Advocate at AWS. It’s scheduled for January 31, 2019 at 2pm ET.

When you’re having trouble choosing the right database for your serverless app… ⚖️

Alex DeBrie posted a tweet mentioning Rick Houlihan’s Match Your Workload to the Right Database (DAT301) talk at re:Invent. If you thought his Advanced Design Patterns for DynamoDB (DAT401) talk was amazing, prepare for another mind-blowing experience watching this one. Lots of practical advice to help you choose the right backend for your workload. 🤯

Speaking of DynamoDB, Forrest Brazeal from Trek10 spent his holiday break resurrecting the Northwind database from the annals of MS Access and teaches us how to convert it to NoSQL. From relational DB to single DynamoDB table: a step-by-step exploration is a great guide that shows us both the pros and cons of attempting to move relational workflows to DynamoDB. If you’re thinking about moving to NoSQL, please take a few minutes to read this.

When you’re wondering what AWS has been up to… Δ

AWS announced the Amazon API Gateway Service Level Agreement, which may have you scratching your head thinking, don’t all AWS services have SLAs? Just ask Scott Piper from SummitRoute. He put together an AWS Service Support table that shows just how few AWS services actually have them. Something for the 2019 #AWSwishlist.

The AWS Toolkit for Visual Studio Code project seems to be coming along nicely as well. Whether you just want to try it out, or contribute in some way, it’s pretty cool to see AWS developing more things like this out in the open.

They also keep making strides with Nested Applications. If you’d like to learn more, there is a Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository webinar scheduled for January 31, 2019.  It’s hosted by James Hood, Sr. Software Dev Engineer at AWS, so you know it’s going to be good.

When you’re looking for some sample serverless use cases… 🔍

I love finding people that are applying serverless to new and interesting use cases. Whether they are solving complex workflows, or just a simple function that accomplishes a single task that makes your life easier, seeing the broad application of serverless is quite fascinating. Here are a few I found this week.

Building a serverless data analytics pipeline by Rodrigo Reis shows us a simple, but effective way to capture a stream of web events. They use an SQS queue and reserved concurrency to help throttle requests to their Elasticsearch cluster, which is both simple, and a great approach at their stage. They’re also smartly using IOpipe for observability.

Blog URL to PDF to Amazon Kindle by Dhaval Nagar outlines a simple app for automatically sending blog posts to a Kindle. There are probably multiple ways that this type of workflow could be used.

Serverless Function to Sync Data from a Database to Google Spreadsheet is another simple workflow that would be perfect for marketing teams, sales, or your billing department. No need to build interfaces for reporting data when there are already tools that people are familiar with.

If you want to get a bit more complex, check out How to build a React chat app with AWS API Gateway WebSockets, Custom Lambda Authorizer. Lots to chew on here, but if you’re heading down the WebSockets path, this is a good resource for you.

When you just want some interesting serverless content… 🤓

Save time and money with AWS Lambda using asynchronous programming by James Beswick provides some great tips for handling synchronous calls in your serverless functions. Also be sure that you Don’t overpay when waiting on remote API calls either.

Mike Vizard predicts the Battle Over Serverless Computing Frameworks to Heat Up in 2019. There is a lot of discussion in this piece about other companies (read: NOT AWS) embracing Knative and other open source “serverless” middleware to power their FaaS solutions. I think this goes to show how popular serverless is becoming and the thrashing that’s going on to catch up with AWS. I’m not sure this is going to play out the way these companies think it will.

There’s a new serverless framework called BAM! I haven’t used it yet, but let’s just add this to the list.

Jerry Hargrove continues to create more Cloud Diagrams & Notes for our viewing pleasure. His AWS Lambda and Aurora Serverless ones are awesome.

Yan Cui shows us how to perform Error Handling in AWS Lambda With Wrappers. He talks about the need for middleware in our serverless applications and how we can use it to capture errors and help us debug our systems.

Speaking of debugging, Hamit Burak Emre over at Thundra shows us how to Debug Your Python Functions Locally. Step-by-step debugging in Lambda functions with breakpoints? Yes, please.

Finally, Slobodan Stojanović, author and serverless wizard, answers the question, “What do you use for scheduling AWS Lambdas?” His answer gives us cron jobs and delayed triggers, all without servers to manage or maintain. 👍

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Farrah Campbell (@FarrahC32). Farrah is the Ecosystems Manager at Stackery, a visual tool for building serverless applications. Farrah has become another positive voice in the serverless community, helping to organize ServerlessDays Portland and other workshops, and an ever present figure at conferences helping to spread the serverless word. She was also recently featured as a Serverless Superhero in How serverless is breaking down barriers in tech. Diversity in tech has always been a challenge, so it’s great to have people like Farrah as part of the serverless community working to make it more inclusive.

Final Thoughts 🤔

Week #1 of 2019 is in the books, and if this is any indication, it is going to be a banner year for the serverless community! There has already been a ton of great serverless content so far, plus Paul Johnston pointed out that there are EIGHT ServerlessDays conferences between now and April 11th. One of which is Boston, so be sure to buy your tickets soon! I know I’m excited.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Off-by-none: Issue #18

Happy (Serverless) New Year! 🎉

Welcome to Issue #18 of Off-by-none. It’s 2019, and it’s going to be a great year for serverless! 🙌

Last week we looked at the new WebSocket support for API Gateway, saw some more serverless love from startups, and I argued that we should Stop Calling Everything Serverless! This week we’re going to reflect back on 2018, I’ll share my 2019 plans for Off-by-none, and we’ve got plenty of great stories from the community.

Let’s jump right in. It’s going to be another busy year! 👨🏻‍💻👨🏻‍🔬👨🏻‍🎨👨🏻‍🏫

When you need to look back so you can look forward… 🔭

2018 was quite a busy year. Being the CTO of a startup certainly keeps my to-do list full, plus I consulted for several additional companies in the serverless space. However, my passion for creating, writing and helping out others (or at least trying to) is too powerful a force to keep contained.

Even though I have been blogging for quite some time, last year was when I started writing almost exclusively about serverless. I also spent time working on some open source projects and thinking about new ones I’d like to create. I thought it would be a proper exercise to look back at all the things I worked on last year, reflect on what was helpful, and then plan to do more of that in 2019.

In January, I launched the first stable version of Lambda API and then wrote How To Build a Serverless API with Serverless, AWS Lambda and Lambda API. Soon thereafter, I created Securing Serverless: A Newbie’s Guide to capture some serverless security best practices for those just starting out.

Then I shared some tips on How To: Manage RDS Connections from AWS Lambda Serverless Functions as well as How To: Stub “.promise()” in AWS-SDK Node.js. I weighed in on Solving the Cold Start Problem and proposed some additional solutions with How To: Optimize the Serverless Optimizer Plugin. I also came up with a list of 10 Things You Need To Know When Building Serverless Applications.

I did some more security research and wrote about Event Injection: A New Serverless Attack Vector and then shared 5 Reasons Why Your Serverless Application Might Be A Security Risk. I ran some experiments using Serverless Consumers with Lambda and SQS Triggers as soon as AWS announced support. I also started to share serverless microservice concepts and published Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices.

In July, I met Chris Munns for the first time and wrote 15 Key Takeaways from the Serverless Talk at AWS Startup Day. This gave me more insight into the cold start issue, so I created the open source package, Lambda Warmer, so you could Optimize AWS Lambda Function Cold Starts. I then shared some thoughts on Thinking Serverless (Big and Small) and why serverless is great for workloads of all sizes.

As I converted several workflows over to serverless applications, I started making use of tags to keep things organized. I captured my best practices in How To: Tag Your Lambda Functions for Smarter Serverless Applications. The more I wrote about serverless, the more people I found in the community, so I published my list of Serverless Peeps You Need To Follow. 😃

I put together a guide on How To: Add Test Coverage to your Serverless Applications, and then wrote a fictional story called A Tale of Two Teams, about two startups that made vastly different technology choices (serverless versus containers). It was fun to write and there was a lot of interesting feedback. Next up was Aurora Serverless: The Good, the Bad and the Scalable, an in-depth look at AWS’s new “serverless” MySQL database offering.

In August I published Serverless Microservice Patterns for AWS, which is a really handy resource. It eventually made its way to #7 on Hacker News and crashed my site. FYI: WordPress does not scale. Speaking of scaling, I created a solution for Managing MySQL at Serverless Scale with the open source serverless-mysql NPM package. I’ve been using it in production ever since.

In September I launched Off-by-none! It’s been quite a bit of work, but all of your feedback has been incredibly encouraging (more on this later). I then shared a piece called Serverless Security: Locking Down Your Apps with FunctionShield, and wrote up An Introduction to Serverless Microservices. In What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I shared some thoughts about AWS’s new execution limits and why it’s an important step forward.

I also shared some Takeaways from ServerlessNYC 2018, took a first look at the Aurora Serverless Data API, and then spent a week in Las Vegas for AWS re:Invent. My re:Capping re:Invent: AWS goes all-in on Serverless post explains why AWS is lightyears ahead of other providers in the serverless space. I also shared a serverless tip so you Don’t overpay when waiting on remote API calls, and I finished up the year with my Stop Calling Everything Serverless rant.

I’m exhausted just thinking about all that, but at the same time, I’m super excited for 2019. I received a tremendous amount of constructive feedback, met some really amazing people, and learned a ton in the processes. I’ve got plenty of content planned for this year, most of which will be highly practical so that you can apply the concepts straight away. I’m also working on a course or two, plus some other creative ways to talk about and explore serverless applications and the methodology used to build them. I’m hoping you’ll find all of this useful.

When you’re wondering what’s next for Off-by-none… 🧙‍♂️

When I first launched Off-by-none, it was a bit of an experiment. I wanted to create a sort of “un-newsletter”, something that was more interactive than just some links to recent articles, blog posts, and handy tools. Don’t get me wrong, I love getting my weekly newsletters, and there are plenty of good ones to choose from, but I still think we can do something even bigger and more helpful.

Don’t worry, I’m still going to write the weekly newsletter, but in the next couple of weeks, Off-by-none will be launching its own site. This new site will host archives, resources, and plenty of additional ways for the community to interact, contribute, and help steer the conversation. I’m really excited about this and the possibilities it creates. I still believe that Off-by-none is about working together to build better cloud-based products, so I’m hoping this new site will open it up to a bigger audience and help to expand the serverless community.

When you’ve heard enough about me and just want some good serverless content… 📚

Gal Bashan over at Epsagon wrote The Hitchhiker’s Guide to Serverless. Earlier this year we talked quite a bit about the serverless echo-chamber and how foreign some of these concepts are to those that are new to serverless. Gal outlines a number of key components that make up serverless applications and explains what they are and when to use them.

Getting started with AWS Lambda Layers for Python is a new post from Adrian Hornsby that lays out the basics for harnessing the power of Lambda Layers. Lots of really good stuff in here.

I also came across Contemporary Views on Serverless and Implications by Subbu Allamaraju the other day. Subbu is an engineer with Expedia and wrote this really interesting piece about the differing views of serverless and the conflicting nature of the term. Another piece that shows just how much further we have to go to bring serverless to the masses.

Syed Jaffry, a solutions architect at Amazon Web Services, wrote a really great article regarding Best practices for securing sensitive data in AWS data stores. When we’re building serverless applications (or any application in the cloud), understanding how to keep sensitive data secure is extremely important. This piece gives you an overview of some general security patterns that you can use. Definitely worth the read.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erik Peterson (@silvexis). Erik is the Founder and CEO of CloudZero (@cloudzeroinc), a startup that helps you monitor your cloud computing costs. Erik has been building on AWS for over a decade, he’s a frequent speaker at conferences and meetups, and is a regular contributor to the CloudZero blog. He’s a big proponent of #FinDevOps, which is all about leveraging cost as a first class metric when designing serverless systems. Serverless applications generally have a lower TCO than most traditional applications, so it’s good to have people like Erik think through how cost affects our organizations up and down the value chain.

Final Thoughts 🤔

Last year was quite a whirlwind. There were so many amazing advancements in the serverless space, that it’s hard to keep track. AWS announced a number of new services that will be available in 2019, plus I’m hoping that other cloud providers will continue to invest heavily in this space as well. I’m thinking that 2019 is going to be a very good year for the serverless community. ⚡️

I plan on producing lots of serverless content this year, plus I’m co-organizing ServerlessDays Boston on March 12, 2019, and I hope to do some speaking as well. I look forward to spending 2019 with all of you!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none even better.

Here’s to 2019, 🍾🥂
Jeremy

Off-by-none: Issue #17

WebSockets are so hot right now…

Welcome to Issue #17 of Off-by-none. Thanks for being here! 👋

Last week we talked about when to optimize our apps and discussed what the term “serverless” actually means. This week I’ll share some more thoughts on that, plus we’ll explore the new API Gateway WebSocket support, share some great serverless articles, and look at a few more announcements from the world of serverless.

Let’s get to it. 😀

What to do when you want to call every managed service and SaaS app “serverless”… 😳

Maybe let’s not. Last week there was a bit of Twitter chatter about what “serverless” actually meant. Is it a technology, a compute model, an architectural pattern, a spectrum, an operational construct? I contend that it can’t be all of these things. I went into rant mode and wrote a post called Stop Calling Everything Serverless! It’s quite a long post, but I think it’s important that we don’t overload the term to the point that it no longer has any meaning.

In my opinion, serverless is a methodology for planning, building, and deploying software in a way that maximizes value by minimizing undifferentiated heavy lifting. It touches everything up and down the value chain, not only affecting how engineers approach development, but also influencing product strategy, design, budgeting, resource planning and much more.

I got a lot of feedback on this post. Several people disagreed with me, but I think it is a healthy debate. I’d love to hear your feedback as well.

When you’re looking for a reason to use serverless WebSockets just because you can…

AWS finally released support for WebSocket APIs in Amazon API Gateway. Which is very cool. I spent some time playing around with them and the implementation is really good. I can see lots of great use cases for this.

If you want to get a thorough walk-through of how they work, George Mao from AWS has a webinar that covers Building Real Time Applications using WebSocket APIs Supported by Amazon API Gateway.

There is also a simple-websockets-chat-app available on GitHub that you can launch using SAM. Or if you prefer, you can start Using API Gateway WebSockets with the Serverless Framework. Jared Short shows you how to use the new serverless-websockets-plugin, plus gives us a really cool DynamoDB streams pattern that we can use in all sorts of scenarios. 🤘🏻

When you realize that serverless and startups are a perfect match… 💖

Serverless and startups, the beginning of a beautiful friendship by Slobodan Stojanović, takes us through how he and his team built Vacation Tracker using serverless and a hexagonal architecture. He’s not the first to say it, but it’s certainly worth repeating: serverless give startups a huge advantage.

Speaking of Slobodan, he and Aleksandar Simović have finished their book: Serverless Applications with Node.js. Definitely worth taking a look if you’re building your serverless apps with Node.js.

If you’re looking for other startups that bet big on serverless, check out SQQUID: a 100% serverless startup. It seems like there are more and more stories like this every day.

When you can’t get enough serverless input… 🤖

Michael Vargas wrote a great piece about Using Design Patterns with AWS Lambda. Some good lessons in there about separating our business logic from the cloud provider’s interface.

Yan Cui shares his Thoughts on the Serverless Announcements at re:Invent 2018. He also lays out some Considerations for the Beginner Serverless Developer. Good place to start for those of you just getting into serverless.

I’ve spent some time working with the new Lambda support for Application Load Balancers, and there are plenty of pitfalls in there. If you’re interested in finding out more, Jeremy Thomerson has got you covered with his post API Gateway vs Application Load Balancer—Technical Details.

Serverless & SaaS — Part 1: The New Build Versus Buy by Tom McLaughlin is an interesting piece that advocates the use of SaaS products over AWS building blocks whenever possible. It might be easy to glue services together, but that doesn’t mean that your team has the right domain expertise.

Building sandcastles and securing WordPress by James Beswick is a great piece that talks about the state of content management and how it is starting to evolve to serverless backends. WordPress may be the 800 pound guerrilla, but James contends that its days may be numbered.

When you’re looking beyond relational database patterns… 🤓

How to use Amazon DynamoDB global tables to power multi-region architectures by Adrian Hornsby is a pretty cool look at how to geographically disperse your applications for lower latency and disaster recovery.

And if you’re looking for more DynamoDB goodies, Faux-SQL or NoSQL? Examining four DynamoDB Patterns in Serverless Applications by Alex DeBrie is great way to expand your mind and start drinking the NoSQL Kool-Aid.

“Serverless” CQRS using Azure Event Grid and Durable Functions by Duncan Edwards Jones, is great primer on the CQRS pattern and how you could apply that to your serverless applications. Decoupling commands and queries makes for a tremendously scalable approach.

When you’re looking for some more hands-on serverless tutorials…

Angela Wang put together A curated collection of hands-on workshops for learning AWS. There’s a few great serverless ones in there, but plenty of other AWS services are covered too.

Authentication & Authorization in GraphQL with AWS AppSync (MOB402) with Karthik Saligrama is another awesome re:Invent talk. If you’re using AppSync, I really hope you’ve got your authentication locked down. You might want to double check after you watch this video.

Eric Hammond has some ideas on Using AWS SSM Parameter Store With Git SSH Keys. Interesting approach that you might find useful.

And Marcia Villalba released a new video: Lambda layers with Serverless Framework and good practices.

When AWS keeps pumping out new features… 🏭

I was all excited when they introduced AWS Client VPN to Securely Access AWS and On-Premises Resources. Too bad the pricing is quite ridiculous.

Amazon Route 53 Adds Alias Record Support For API Gateway and VPC Endpoints, so no more additional Route 53 charges when mapping your domains to your regional or edge-optimized endpoints.

Amazon DynamoDB Accelerator (DAX) Adds Support for DynamoDB Transactions, which closes the open loop with the new DynamoDB transactions.

Amazon DynamoDB Increases the Number of Global Secondary Indexes and Projected Index Attributes You Can Create Per Table. For those of you that found five global secondary indexes to be too few, now you automatically get 20. Plus you can always ask for more if you need them.

Plus, a New SAM PUBLISH Command Simplifies Publishing Applications to the AWS Serverless Application Repository. This is a nice little addition. Hopefully we’ll see more apps in the repository soon.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex DeBrie (@alexbdebrie). Alex is a big part of the team over at Serverless, Inc., you know, the ones that brought us the amazing Serverless Framework ⚡️. Alex is constantly working to bring us new features to make our lives easier as serverless developers. He is a regular contributor to the Serverless blog, but has also started posting some great stuff to his personal blog as well. I’m looking forward to keeping up with his content and his continued work on the Serverless Framework.

Final Thoughts 🤔

WebSockets are awesome, I just need to find a reason to use them with some of my apps 😂. But seriously, there are a few use cases that are still beyond the scope of serverless. All the recent additions to DynamoDB, plus now with WebSockets, that list is getting smaller every single day. I’m really excited about what the future of serverless holds, just so long as we don’t keep misappropriating the term. 😉

🎄 Merry Christmas and Happy Holidays to all of you! I wish you all a happy, healthy and prosperous new year!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always incredibly helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

See you next year,
Jeremy