Off-by-none: Issue #15

It’s all about Layers…

Welcome to Issue #15 of Off-by-none. I’m glad that you could join us. 😀

Last week we recapped re:Invent and took a look at some of the excellent talks and AWS product releases. This week we’ll dig deeper into Lambda Layers and see how people are having a bit of fun with custom runtimes. Plus we’ve got more talks from re:Invent and plenty of other serverless tidbits for your mental ingestion.

Lots to get to, so let’s get started! 🚄

What to do when AWS gives people access to Custom Lambda Runtimes… ⚙️

AWS already took care of C++ and Rust for us, plus some launch partners have already added PHP and Cobol support as well. But it seems that the community is taking advantage of this new feature in a big way.

The team over at The Agile Monkeys added a Haskell runtime. Think about it, a purely functional programming language running pure functions on stateless serverless functions! Okay, maybe that’s a bit much, but if you’re a hardcore functional programmer, you may want to give this a look. 😎

Graham Krizek added Bash support, which is pretty darn cool. He even included executables like aws, scp, git, wget and a whole lot more. Think about all the interesting and powerful use cases this opens up. Just this git support alone adds a number of possibilities. 🤓

Data scientists rejoice! You can now run R on Lambda thanks to this tutorial by Philipp Schirmer. There might be some memory limitations, but overall this looks like a workable solution for all you number crunchers. 📊

There’s also this proof of concept for a Serverless Open Runtime for AWS Lambda. Definitely an interesting concept, especially the language agnostic middlewares piece. Could turn out to be a terrible idea, but definitely something to keep your eye on. 🤷‍♂️

When you want to know how to use AWS Lambda Layers… 🥞

You can certainly build Lambda Layers on your own, but several companies are now providing them as a way for you to easily instrument your code. Epsagon, PureSec, Thundra, DataDog, IOpipe, and more, have all built Layers that you can simply plug in to your existing Lambda functions without modifying your code. That’s pretty easy.

Of course, our friend Paul Johnston has some thoughts on Lambda Layers and Custom Runtimes, including initial thoughts on best practices.

If you’re looking to help influence the future of Lambda Layers, take a look at this RFC on how to handle permissions with LayerVersions in SAM. AWS always appreciates feedback from the community, so feel free to throw your hat in the ring and add your comments. 🎩

When you refuse to believe you’ve watched all the good re:Invent talks… 📺

Not all of these are available to watch, but there is still a ton of amazing re:Invent content out there that you probably missed, even if you were at re:Invent! Here are three more talks that I found to be super interesting.

Inside AWS: Technology Choices for Modern Applications (SRV305)
Tim Bray, a Senior Principal Engineer from AWS, talks us through how AWS dogfoods serverless to power many of their own services. Even API Gateway runs on Lambda. He notes that “capacity planning sucks” and that you should “use serverless whenever possible.” This talk is full of great advice, including ways to “minimize state hydration”, plus some helpful notes on the three integration patterns. Watch the talk

Reddit’s Serverless & Compute Infrastructure at Scale (STP18)
Anand Mariappan & Jesjit Birak from Reddit take us through their latest redesign process and the steps they took to avoid another incident like “the Digg Mass Exodus of 2010.” The overall process was helpful to understand, but their method for scaling their video ingestion system using serverless tech is really interesting. A great lesson for enterprises here, as they built this to run along side their existing monolith. Watch the talk

Close Loops & Opening Minds: How to Take Control of Systems, Big & Small (ARC337)
Colm MacCárthaigh, another Senior Principal Engineer from AWS, lays out ten patterns to use while building control planes for distributed systems. Since all of our serverless applications are distributed, this makes for a really useful guide when building our own applications. Colm dives a bit into control theory, but keeps the advice practical so that you can apply these techniques immediately. Watch the talk

When you’re still debating what database to use with your serverless app… ⚖️

If you plan on using DynamoDB, you may want to look at Alex DeBrie’s DynamoDB On-Demand: When, why and how to use it in your serverless applications. Plus, lots of your burning DynamoDB questions are answered in here.

If you still want to go the relational database route, check out A crash course on Serverless with AWS — Building APIs with Lambda and Aurora Serverless by Adnan Rahić. This is a great post to get you started, I just wish he didn’t use an MySQL ORM. 🤦🏻‍♂️

And speaking of MySQL, I released a new version of serverless-mysql that fixes an ENQUEUE issue. If you’re not familiar with it, this module helps you with Managing MySQL at Serverless Scale.

What to do when you need more serverless content… 🙏

Jon Vines gives us some ideas about Breaking Down the Serverless Monolith. It’s tempting to load up functions with a lot of capabilities as it keeps things “simple” and is familiar to most developers. Some good lessons learned are outlined in this post.

If you’re interested in learning some more best practices, take a look at Five Essential Principles for Developing Lambdas. I think most of these are pretty solid (especially single-purpose lambdas), plus there are some examples, which is quite helpful.

Another great thing about single-purpose functions is that they can be optimized for their specific job. Case in point, don’t overpay when waiting on remote API calls by using the appropriate memory configurations.

For you serverless security buffs, take a look at Ory Segal’s 6 Cloud Security Predictions for 2019. And if you want some hands-on experience, try going through this Serverless Security Workshop. 🔒

When you remember that Microsoft Azure has serverless functions too… ⚡️

Mikhail Shilkov is Making Sense of Azure Durable Functions for you with his new (very detailed) post. Though the title suggests this is all about Microsoft’s solution, there is quite a bit of background on microservices, event-driven applications, serverless function composition and more. Definitely worth the read if you’ve got 20 minutes or so to spare. 📖

Kate Baroni, a Software Architect at Microsoft Azure, shows us how an Azure Function can orchestrate a real-time, serverless, big data pipeline.  Plus, if you’re interested, there are some links to related posts that go into more detail. I love finding interesting use cases like this, but it’s curious to me that Azure is doing complex orchestrations within a single function (with no mention of Durable Functions). This has always been a big anti-pattern with AWS Lambda, but maybe not with Microsoft? 😕

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Simon Wardley (@swardley). Simon invented Wardley Maps, which changes the way we look at strategic planning. You can read all about how it works here (and I suggest you do). Beyond that, Simon is a huge proponent of serverless and has been predicting for quite some time that it is the future of computing. He has a number of brilliant talks about serverless (including ServerlessDays Hamburg and Serverlessconf San Francisco 2018), plus his Twitter feed often contains entertaining back-and-forth arguments as to why serverless adoption is inevitable (see this recent Twitter thread). I’m a big fan of Simon and appreciate the work he is doing to make the case for serverless.

Final Thoughts 🤔

Lambda Layers is exposing serverless computing to a number of new communities, and people have been rushing to add support for all kinds of runtimes and service integrations. A recent report by Gartner identified “serverless computing” as the number one key trend for 2019 and noted that “more than 20 percent of global enterprises will have deployed serverless computing technologies by 2020.”

We are still early in this journey, but as Simon Wardley says, “No more questions on serverless. It’s not an ‘if’ but ‘when’. Get on with learning.” This is sage advice, and what we’re encouraging with this newsletter.

I hope you’ve enjoyed this issue of Off-by-none. I love getting your feedback. It is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps!

Take care,
Jeremy

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…

Off-by-none: Issue #14

re:Capping re:Invent…

Welcome to Issue #14 of Off-by-none. I just spent a week in Vegas at AWS re:Invent and have I got a lot to share with you!

Last week we pondered if RDBMS were a good fit for serverless, overcame some common serverless objections and geeked out over serverless security. This week we’ll recap re:Invent, take a look at some of the amazing sessions and speakers, and review another 7,000 AWS product announcements (or something like that).

Buckle your seatbelt and let’s get started! 🏎

What to do if you’re suffering from re:FOMO… 😿

Unless you’ve been asleep for the last several months, you’re probably aware that AWS threw quite the shindig last week in Las Vegas. If you weren’t able to attend, don’t worry about it, we’ve got you covered. Because remember, what happens in Vegas, ends up on the Internet.

re:Capping re:Invent: AWS goes all-in on Serverless is my post that outlines some of the key announcements and what they all mean. I think I learned enough to write several books, so expect more posts to be coming.

What I learned from AWS re:Invent 2018 by James Beswick is also another great recap with a warning for cloud consultants and an important message about TCO. Paul Swail asks the question, What new use cases do the re:Invent 2018 serverless announcements open up? (answers included, of course). And if you want to read about all the Serverless announcements at re:Invent 2018, Alex DeBrie and Jared Short from Serverless, Inc. give you the full rundown.

When you’re looking for some really good conference talks… 👨‍🏫👩‍🏫

Advanced Design Patterns for DynamoDB (DAT401) 🤯
Rick Houlihan gave one of the most impressive talks of the entire conference. There were so many insights in this session that it was hard to keep track. He said, “We invented relational databases because storage was expensive” and “When people say NoSQL is missing JOINs, you say you’re missing the point.” He stressed that modeling NoSQL is difficult because you need to know and understand your access patterns upfront. But once you do, you can create a single table that can support 20 or more access patterns with just two or three Global Secondary Indexes (GSIs). Seriously mind-blowing stuff. Plus he stressed using serverless to validate your products. One of his best quotes was, “Don’t fail fast, fail cheap.” This could be the best 60 minutes you ever spend.

Watch the talk and checkout Best Practices for DynamoDB

From Monolith to Modern Apps: Best Practices (SRV322) 🎸
Paras Bhuva and Tom Laszewski (with a little help from Fender’s VP of IT, Chris Ingraham) gave an excellent talk that outlined how enterprises are adopting serverless for a variety of use cases. Companies like Reuters and Hearst are using it for analytics, Finra is using it for fraud detection, and Expedia is using it for operations. Paras walks us through the design of a modern application and stresses that teams want/need to “reduce their undifferentiated heavy lifting.” It is a very interesting session that really highlights the power, speed, and diversity of serverless applications.

Watch the talk

Serverless Architectural Patterns and Best Practices (ARC305) 🗺
Drew Dennis and Maitreya Raganath gave another really interesting talk that explored some architectural patterns and best practices. I see many people struggle with their serverless application designs because they aren’t quite sure how to stitch together all the managed services to create efficient pipelines. This talk looks at several common patterns including those for web applications, stream data processing, and data lakes.

Watch the talk

Applying Principles of Chaos Engineering to Serverless (DVC305)
Yan Cui (aka @theburningmonk), gave an awesome talk on Chaos Engineering and how we can apply those principles to serverless. The topics in here are so good that I don’t think I can do it justice by trying to sum this session up. Just do yourself a favor and watch it.

Watch the talk

A Serverless Journey: AWS Lambda Under the Hood (SRV409) 👩‍🔧
Holly Mesrobian and Marc Booker took us on a deep dive into how Lambda actually works. Lots of really interesting information, but perhaps the best part of the talk was this…

Reducing the cold start VPC issue by using a secure tunnel with a remote NAT and no longer stealing hundreds of IPs from CIDR blocks in your VPC subnets? Yeah, that’s a pretty big deal.

Watch the talk

There were so many amazing talks that I can’t possibly list them all. Be sure to check out AWS’s playlist on YouTube for an extensive list of recorded sessions. You can also check out this post by Jennine Townsend that lists some of the more notable sessions.

Just when you think that AWS might be running out of ideas… 🚀

Nope. Not only does AWS continue to make massive investments in its global infrastructure, hardware components and product offerings, but it also continues to break through the limits of serverless computing. Here are some of the important serverless announcements from last week.

When you’re still looking for some more serverless content… 👍

Joe Emison wrote a really great article that discusses The Serverless Sea Change. The post goes deep into the impact that serverless can have on companies and outlines an example of the dramatic cost savings that can be achieved. He makes an astute point that “ten times more lines of code, is ten times more technical debt.” Spending more time researching and less time coding will make maintaining your serverless applications much easier and a heckuva lot cheaper. 💰

Marcin Zasepa pointed out that Version 3 of the AWS SDK for JavaScript is written in TypeScript, so that’s pretty cool. 🤓

If you’re looking to jump in and start using some new AWS features, you can learn How to publish and use AWS Lambda Layers with the Serverless Framework.

You can also learn What’s New with Serverless at AWS during a webinar on December 11, 2018 @ 2pm ET. There are a lot of new things happening, so this might be a good opportunity to get a crash course.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Corey Quinn (@QuinnyPig). Corey is a cloud economist that helps companies save money on their AWS bills. But he’s also the brains behind the Last Week in AWS newsletter, host of Screaming in the Cloud, occasional blogger, regular conference speaker, and all around nice guy. Don’t let the snark fool you, he is a huge proponent (and user) of serverless technologies, but also a vocal critic of AWS when necessary (which keeps them honest and on their toes). Corey shared this newsletter last week with his audience and many of you are reading this because of him. So here’s a huge thank you to Corey for helping me spread the serverless word. 🙌

Final Thoughts 🤔

This was another long one, but last week was a whirlwind of information and announcements that have cemented serverless as the future of cloud computing. I want to thank AWS and all the support staff that helped put together and run this amazing conference. And I also want to thank AWS for continuing to support their customers and pushing serverless innovation. The next few years are going to be really exciting.

I hope you’ve enjoyed this issue of Off-by-none. Your feedback is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

AWS just released enough products and features to keep us busy until next year’s re:Invent. So let’s go build some amazing serverless apps!

See you next week,
Jeremy

re:Capping re:Invent: AWS goes all-in on Serverless

Last week I spent six incredibly exhausting days in Las Vegas at the AWS re:Invent conference. More than 50,000 developers, partners, customers, and cloud enthusiasts came together to experience this annual event that continues to grow year after year. This was my first time attending, and while I wasn’t quite sure what to expect, I left with not just the feeling that I got my money’s worth, but that AWS is doing everything in their power to help customers like me succeed.

There have already been some really good wrap-up posts about the event. Take a look at James Beswick’s What I learned from AWS re:Invent 2018, Paul Swail’s What new use cases do the re:Invent 2018 serverless announcements open up?, and All the Serverless announcements at re:Invent 2018 from the Serverless, Inc. blog. There’s a lot of good analysis in these posts, so rather than simply rehash everything, I figured I touch on a few of the announcements that I think really matter. We’ll get to that in a minute, but first I want to point out a few things about Amazon Web Services that I learned this past week.

Continue Reading…

Off-by-none: Issue #13

Live from AWS re:Invent…

Welcome to Issue #13 of Off-by-none. We’re coming to you LIVE from AWS re:Invent in Las Vegas!

Last week we looked at some clever use cases for Step Functions, revisited serverless microservices, and made the serverless case for startups. This week we rethink serverless+RDBMS, challenge the objections of laggards, protect ourselves from DoS and other attacks, and of course, look at some new AWS product launches.

So many amazing things to get to today, so let’s jump right in!

When you’re not sure if RDBMS and serverless mix… ☯

Many of us wished for RDS HTTP Endpoints, and the other day, AWS announced that you can now access your Amazon Aurora Serverless Database with the New Data API (Beta). No VPCs, no connection management, and automatic scaling with Aurora Serverless. Almost sounds too good to be true. 😳

And… it sort of is (for now). In Aurora Serverless Data API: A First Look, I share the results of a few experiments I ran as well as some of my initial thoughts on the implementation. TLDR; The latency is really bad and this isn’t ready for primetime. But like all things AWS, it’ll get much better before GA.

Is RDBMS in serverless applications even a good idea? Paul Johnston shares his thoughts on Serverless and Data Rigidity and argues that other technologies (like NoSQL) have removed the need for them. He’s not wrong, but there are still plenty of use cases that relational databases work well for. One thing we can definitely agree on: AVOID ORMs! 🙌

When you’re looking for some serverless inspiration… 💡

Serverless, Inc. is wrapping up #NoServerNovember with the re:Invent serverless virtual hackathon. Build a serverless app for a non-profit, feel good about yourself, and win some swag.

If you want to get a bit more complex, try building a chat application using AWS AppSync and Serverless.

Are you writing your code in Python? AWS SAM CLI just introduced the sam build Command that lets you easily package all your dependencies. Or you can learn How To Package External Code In AWS Lambda Using the Serverless Framework.

What to do when your boss won’t let you play with serverless… 👨🏻‍💻

James Beswick outlines five common objections to adopting serverless in his new post, Scared Serverless — How do you handle opposition from your IT group? Lots of ammunition in here if you find yourself needing to defend your (very wise) decision.

If they’re still not convinced, maybe this Twitter thread will help. Simon Wardley says, “The overwhelming output of most businesses is waste. Serverless is way larger than you think. More significant than cloud was.” It’s definitely worth the read (plus there’s maps).

When you realize you’re still responsible for securing your serverless application… 🔒

Avi Shulman from PureSec wrote a great post on Lambda DoS Mitigation Strategies. See how different invocation types and retry policies can be leveraged by attackers to wreak havoc on your serverless applications. Lots of practical tips in here including a number of best practices and tips to minimize your exposure.

Want to add even more security to your serverless app? Amazon API Gateway has added support for AWS WAF, which means no more creating regional endpoints and using your own CloudFront distribution. It still won’t prevent event injection, but it’s a good start.

And just when you think that npm audit will protect you from third-party package vulnerabilities, we discover another widely used open source software that contained a bitcoin-stealing backdoor. Luckily it only has 2 million weekly downloads. 🤦🏻‍♂️ A friendly reminder to minimize dependencies in your serverless applications.

What to expect when 50,000 AWS fans in Vegas are waiting for more product updates… 🚀

There’s only been one full day of re:Invent and AWS has already announced a number of products and services that are pushing serverless to a whole new level. I’ve heard a lot of whispers, so expect many more to come over the next few days. 🤘🏻

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Chris Munns (@chrismunns). Chris is a Principal Developer Advocate for Serverless at Amazon Web Services and a great resource for anyone working with (or interested in) serverless. He’s a regular speaker at events, an AWS blog contributor, a host on Serverless Bytes, and he also puts on the occasional webinar. Even though he works for AWS, he’s a huge advocate for serverless computing in general and will always jump into a good debate on Twitter. This week he’s not only giving a number of talks at re:Invent, but also finding some time to spend with members of the serverless community.

Final Thoughts 🤔

The buzz around serverless at re:Invent is absolutely amazing. Every session I’ve attended so far has been bursting with people that are either already using it in production, or are hoping to start. I know we are in a bit of bubble here, but it’s clear that AWS is continuing to make massive investments in serverless technologies and wants to continue to be the market leader. Exciting times ahead.

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always welcome and much appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps and enjoy the rest of re:Invent! ⚡️

I’ll be here all week😉
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks!

Aurora Serverless Data API: A First Look

On Tuesday, November 20, 2018, AWS announced the release of the new Aurora Serverless Data API. This has been a long awaited feature and has been at the top of many a person’s #awswishlist. As you can imagine, there was quite a bit of fanfare over this on Twitter.

Obviously, I too was excited. The prospect of not needing to use VPCs with Lambda functions to access an RDS database is pretty compelling. Think about all those cold start savings. Plus, connection management with serverless and RDBMS has been quite tricky. I even wrote an NPM package to help deal with the max_connections issue and the inevitable zombies 🧟‍♂️ roaming around your RDS cluster. So AWS’s RDS via HTTP seems like the perfect solution, right? Well, not so fast. 😞

Continue Reading…

Off-by-none: Issue #12

Leaving on a jet plane (to re:Invent)… ✈️

Welcome to Issue #12 of Off-by-none. I’m glad to see all the new faces here and I can’t wait to meet several of you at re:Invent next week!

Last week we looked at a number of resources for serverless beginners as well as some advanced topics for devs looking to level up. This week we’ll continue to dig deeper and explore more about microservices and step functions, plus we’ll look at how startups can benefit from using serverless.

Before we jump in, I wanted to mention Mark Hinkle’s post that compiles a bunch of serverless survey results. Serverless Adoption by the Numbers is a great overview of the serverless landscape. Some key takeaways include: searches for the term “serverless” have increased 20x in the last 3 years, serverless will overtake containers-as-a-service in 2018, and many companies are leveraging multiple cloud providers. There’s also a list of resources at the end if you want to check out the different surveys. Very encouraging news.

Okay, there is a ton to get to today. Let’s get started! 🤘🏻

What to do when you want to take serverless to the next level… ⛷

Toby Fee from Stackery has a great post that outlines 6 Best Practices for High-Performance Serverless Engineering. Lots of useful tips in here.

A few weeks ago I went to ServerlessNYC and outlined a few key takeaways from Gwen Shapira‘s talk about handling data in serverless applications. Mark Boyd from The New Stack has written a post about her talk that goes into a little more detail. You can watch her talk as well.

Thinking about doing some queue processing with your serverless application? Mikhail Shilkov ran some experiments and documented them in his post From 0 to 1000 Instances: How Serverless Providers Scale Queue Processing. He compares Lambda, Google Cloud Functions and Azure Functions to see how they handle 100,000 messages flooded into a queue. The results are very interesting.

Are you prepared to build a production-ready serverless application? Yan Cui (aka @theburningmonk) has completed his Production-Ready Serverless video course! If you want to get a complete overview of testing, debugging, CI/CD, monitoring, error handling, and more, check out his serverless course.

When you realize the power of Step Functions… 🔌

If you’re still using servers, like Chad Van Wyhe at PCI, you can reduce AWS Costs with Step Functions simply by automating the shutdown and snapshotting of your instances. This is an interesting use case that could be applied to a number of applications.

Paul Swail discovered how to Schedule emails without polling a database using Step Functions. I thought this was quite clever, so I posted the link on Twitter.

Apparently other people thought it was clever as well. 😉 Perhaps this use case was already discovered, but thanks to Paul for documenting it. Plus, there are plenty of applications that would be perfect for. This is most likely going to be my go to strategy for building scheduling services.

When you’re curious what all the fuss is about microservices… 🤓

I’m a huge fan of microservices and have written extensively about them (see here and here, oh and here). So whenever I find content about microservices, I have to take a look. There were a few good resources I came across this week that I wanted to share.

Kyle Galbraith tells us 6 Interesting Things You Need to Know from Creating Serverless Microservices. Kyle is just building a small application, but many of his observations are spot on. I’m not sure I would start by creating separate AWS accounts for each microservice, but it certainly is a valid approach for fine-grained scoping of resource limits plus avoiding other services being noisy neighbors and exhausting concurrent executions.

I recently went down the YouTube rabbit hole when I discovered a talk by Sam Newman from GOTO Berlin earlier this month. Sam Newman is the author of Building Microservices, which is a must read, btw. Anyway, his talk, Insecure Transit – Microservice Security, dives deep into things like the Confused Deputy problem and proposes solutions (like using an internal JSON Web Token to pass context to downstream services). Really good stuff.

I then found a talk he did at GOTO Amsterdam called, Confusion in the Land of Serverless, which is another excellent talk. This ultimately led me to his course: Serverless Fundamentals for Microservices: An Introduction to Core Concepts and Best Practices. I didn’t get a chance to watch this yet, but it looks like a really good, in-depth courses for building microservices with serverless.

When you’re considering what tech to use for your startup… 👨🏻‍💻

James Beswick‘s new post, Serverless for startups — it’s the fastest way to build your technology idea, is a great overview of how serverless can be used to quickly and inexpensively test your product concept. Unless your application needs to do something that serverless can’t do (🤔), there really isn’t a better way to build a greenfield application.

Along the same lines, Necmettin Karakaya wrote a piece that gives you a Full-Stack Serverless MVP recipe for cash-trapped Startups. This might not be the perfect recipe for your use case, but it shows you that there are enough tools and services out there to build your applications without the need to manage servers.

Finally, a while back I wrote a fictional story about two different startup teams. One chose serverless technology, the other did not, and the outcomes are very different. A Tale of Two Teams is a fun read that draws from real experiences that I’ve had over the course of my 20 years spent writing software and building applications.

When you want to get started with serverless… 🚼

New Relic gives us some Tips and Practical Guidance for Getting Started with AWS Lambda. There is plenty of good bits of information in here. Worth the read if you’re new to Lambda and serverless.

It’s amazing how many open source serverless platforms there are. In 7 open source platforms to get started with serverless computing, Daniel Oh lays out a number of popular choices. He also gives a great overview of Knative. Helpful if you’re interested in orchestrating and serving up your own serverless function containers.

When you want to bring serverless workflows to the enterprise… 🏢

Forrest Brazeal and Chris Munns put on a great webinar on Serverless Workflows for the Enterprise. There were some excellent ideas in there for segregating shared services accounts and setting up Dynamic Feature Pipelines. There were also lots of best practices for testing, secrets management, and multi-account security. You can watch the video and download the slides.

You can also listen to Forrest and Jared Short talk about the Future of FaaS  (and Jared’s new role at Serverless, Inc.) on the Think FaaS podcast.

When AWS makes it impossible for you to keep up with their product updates… 🤯

And I thought there were a lot of updates last week! AWS is continuing to pump out new features before re:Invent next week. Below is just a sample of some announcements that make their total serverless offering even better.

Also, Forrest Brazeal noticed this in the CloudFormation schema for AppSync the other day:

Looks like we might be getting RDS HTTP Endpoints after all. #gamechanger 👍

Project Update: Lambda API v0.9 Released 🚀

This past week I finally released Lambda API v0.9. Lambda API v0.9 adds new features to give developers better control over error handling and serialization. A TypeScript declaration file has also been added along with some additional API Gateway inputs that are now available in the REQUEST object. You can contribute to the project on GitHub or install it via npm.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Paul Swail (@paulswail). Paul is a full-stack web developer/cloud architect from Northern Ireland who has a consulting company called, Winter Wind Software. He’s got a great blog about serverless and a weekly newsletter. He also built this handy Lambda Scaling Calculator. Earlier we mentioned his latest article, Schedule emails without polling a database using Step Functions, but it is worth mentioning again. It’s use case ideas like this that help developers and businesses realize the power of serverless. Keep up the great work, Paul!

Final Thoughts 🤔

That was a lot to get through, but I hope you’re encouraged (as I am) by all the progress being made with serverless. Some new patterns are starting to emerge that are expanding use case examples, plus more experiments and tales from developers using it in production are making the case for serverless even stronger. There’s always more to do, plus with re:Invent next week, we’re sure to see a number of great new features.

I’ll be at re:Invent next week, so I look forward to sharing all the things I learn! And please ping me if you want to meet up to chat about serverless or grab a drink. 😀🍻

I hope you’ve enjoyed this issue of Off-by-none. Please send me your feedback and suggestions. They are always welcome and appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Now go build some amazing serverless apps! ⚡️

Take care,
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks! 😉

Off-by-none: Issue #11

After this, there is no turning back

Welcome to Issue #11 of Off-by-none. I’m happy that you’re here! 🙌

Last week we recapped ServerlessNYC and talked quite a bit about serverless adoption. This week we’re going to point out some more resources for those getting started, as well as offer up plenty of options if you’re looking to take the red pill and go down the serverless rabbit hole. 🐇

Here we go! 🕺

What to read when you want to amp up your serverless knowledge… 🔈

Danilo Poccia has written a free ebook, Agile Development for Serverless Platforms. This book is over 100 pages and has a great section on architectural patterns. There is plenty to learn from this free resource and it is well worth a look. 📖

The team over at Financial Engines wrote a guide to help us with managing disaster recovery with DynamoDB. AWS DynamoDB: Backup and Restore Strategies looks at both Point-in-Time Recovery and On-Demand Backups. Lots of useful information here including configuration and pricing. 👨🏻‍💻

Finally, Thundra published a great piece that shows us how to Debug AWS Lambda Node.js Functions in Production Without Code Change. I really like the idea of automated instrumentation as it cuts down the burden on developers and keeps your code a bit cleaner. It can also ensure we don’t lock ourselves in to a specific software vendor. 📈

When you want to get started with serverless… 🏋️‍♂️

There have been a lot of new “Getting Started with Serverless” posts this week. I really like that more people are starting to create this type of content. The more that’s out there, the more likely someone is to come across it and get to that serverless “aha” moment. If you’re new to serverless, here are a few posts to get you started:

And don’t forget that the #NoServerNovember Challenge (hosted by Serverless, Inc.) is still going on. These challenges will give you something interesting to work on and let you go beyond the standard “Hello World” tutorial.

When you’re not ready to give up RDBS with serverless… 🤓

In our inaugural issue we introduced the serverless-mysql package with my Managing MySQL at Serverless Scale post. David Zhang (@Zigzhang) has taken this even further and created a five part series to help others get started. In his first post, Serverless & RDBS (Part 1) — Set up AWS RDS Aurora and Lambda with serverless, David lays out some background, then gives you full examples to get you up and running.

He’s also published Part 2 (Set up EC2 instance to securely connect to your Aurora DB) and Part 3 (Set up database migrations with umzug) with the final two parts (Set up continuous deployment to migrate database with CircleCI and Set up local development environment with serverless-offline and Docker) coming soon. These are sure to be helpful guides for anyone looking to build serverless apps with RDBS backends.

Of course, re:Invent is right around the corner, so let’s hope we get HTTP endpoints for RDS! 😬

When you feel like there are a lot of conferences… ✈️

Speaking of re:Invent, it is less than two weeks away! 🎉 This is the first year that I’m attending so I’ve been looking for tips like this and this. I’m excited for some of the sessions I’m attending and will be at several events as well. If we haven’t connected already, please contact me so we can meet up.

In other conference news, Serverless Computing London is happening right now and it is chockfull of great speakers. Follow their Twitter feed to see some snippets from the event. Some of the slide decks have been posted as well, so check those out. I was looking at Timirah James’ Function Composition in a Serverless World talk, good stuff. Hopefully we’ll see the videos posted soon. ⚡️

Also, ServerlessDays BOSTON finally has a date! The event is scheduled for March 12, 2019 at the Microsoft New England Research & Development Center. More information about our call for papers and sponsorship opportunities is coming soon. 🎊

When you realize that AWS has no plans to slow down their serverless innovations… 🚀

AWS has released several new features recently that could have a profound impact on our serverless applications. Some of these are pretty exciting. Now just imagine what they are going to announce at re:Invent! Here are just a few of the recent updates:

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex Casalboni (@alex_casalboni). Alex is an AWS Technical Evangelist, Serverless champion, co-organizer of ServerlessDays Milan and the serverless meetup there, contributor to serverless open source projects, and a regular conference speaker spreading the serverless gospel. He also helps coordinate ServerlessDays conferences around the word, including helping me and the Boston team. Thanks for all you do, Alex!

Final Thoughts 🤔

As much as I still worry that serverless adoption will be slower than I had hoped, the amount of innovation and new faces in the community is really encouraging. I’m already aware of a few announcements planned for re:Invent, but I also know that there will be a ton more. Other cloud providers are also pushing serverless innovations, and I expect Google and Azure to be announcing new things soon as well.

Serverless still has a long way to go, but all of these new tools, platforms, cloud provider features, conferences, and enthusiasm from the community, is helping to expose this paradigm to a much larger audience. I’m going to continue to write and promote it as much as I can, because there is little doubt in my mind that this is the future of application development.

I hope you’ve enjoyed this issue of Off-by-none. Feedback and suggestions are always welcome and appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some great serverless apps and spread the word. 📣

See you next week,
Jeremy

P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it! 😉

Off-by-none: Issue #10

Do you hear what I hear? 👂

Welcome to Issue #10 of Off-by-none. Thanks for joining us! 👍

Last week we talked about how serverless was starting to gain quite a bit of momentum with things like the announcement of more tools and conferences. However, my attendance at the ServerlessNYC conference was a bit of an eye-opener for me. I spoke with a lot of people about a “serverless bubble” (although echo chamber is probably a better way to describe it). I knew that the serverless community was still relatively small, but have we gotten to the point where we’re just feeding the community and not doing enough to expand it?

This week we’re going to explore the topic of serverless adoption and offer up some resources to help companies and developers get started with this amazing technology. Let’s go! 🏎

When you realize you might be in a serverless echo chamber… 🙉

I posted this tweet a couple of days after the ServerlessNYC conference and I got quite a bit of feedback. There were several people pushing back on the idea, but I think many of those who did are in the “serverless echo chamber” themselves. There was a lot of discussion here that needs to be boiled down and researched a bit more, but I think it is clear that there are a number of factors that are hampering serverless adoption. I’d love to know your thoughts on this, so please weigh-in on the Twitter thread, or send me a note.

When you’re sad that you missed ServerlessNYC… 🗽

It really was a great event. But cheer up, my friend, there’s no need for #FOMO. I’ve put together a recap of the event with all the key takeaways and lessons learned.

TLDR; Kelsey Hightower made you rethink the barriers to serverless adoption, Jason Katzer told us that unlimited still has limits, Gwen Shapira gave us new ways to think about serverless data flow, Ben Kehoe made us adopt a new serverless native mindset, Tyler Love showed us that serverless can easily handle billions of requests, Chase Douglas filled some gaps for us in the serverless development lifecycle, and an open source serverless panel told us we need to work on standardization.

When you realize that serverless is more than functions… 🎉

Epsagon recently launched their distributed tracing product for serverless applications, and decided to kick it off with a star-studded webinar (plus me 🤣). But seriously, Shannon, Nitzan and Ran are doing some great things around serverless observability. This discussion, with insights from Yan Cui and Corey Quinn, was really interesting. You can watch, listen, or read it here.

Speaking of webinars, Forrest Brazeal is hosting an AWS Online Tech Talk called Serverless Workflows for the Enterpise on November 14, 2018 at 12pm ET. This will focus on how to seamlessly build and deploy serverless applications across multiple teams in large organizations. Should be a great intro for enterprises looking to adopt serverless.

When you’re still on the fence about adopting serverless… 🎓

7 tools that ease serverless adoption outlines a few of the tools we’ve been talking about for a while. While this isn’t an exhaustive list, the article does give recommendations for the three major areas of serverless applications: development, monitoring and security. There are a lot of other tools out there (like the Serverless Framework) that can help you jump into the serverless waters, but this is a good list to get you started. ⚡️

Ben Kehoe was interviewed by the Wall Street Journal about serverless computing requiring a shift in mindset. I like the way Ben thinks about serverless, especially when he says things like, “Your developers should care about solving business problems and not solving technology problems, but we’ve been solving technology problems for so long that that’s what we tend to care about first.” (🎤 drop)

Another key component to adopting a tech like serverless, is to make sure that developers can leverage their existing skills. Programming language options are a big piece of that. Yan Cui’s new AWS Lambda Programming Language Comparison post gives us a great overview of supported languages and the pros/cons to think about when choosing a serverless runtime. ⚖️

Finally, security tends to be a sticking point (especially with SysAdmins) when it comes to adopting serverless (and the cloud in general). Luckily for us, Ory Segal at PureSec has put together some AWS Security Best Practices for AWS Lambda. Serverless gives us the ability to develop applications that are more secure and more resilient if designed properly. Also check out my Securing Serverless: A Newbie’s Guide for an overview of serverless security in general.

When you discover the meaning of Occam’s razor

“The simplest solution tends to be the correct one.” I’ve talked to a lot of people this past week about serverless adoption, and it wasn’t surprising to hear what the use case was for most early adopters. According to The New Stack, 73% of people using serverless are using it for HTTP REST APIs and web applications. This was echoed by many of the people I spoke with, and also evident from a number of candidates I recently screened that had listed “serverless” as one of their skills.

It seems that “migrating an Express.js app to Lambda with a [pick your favorite database] backend” is how most people tend to get started. Of course, migrating a monolith to a serverless function might not be the best (or most efficient) use of serverless (read Yan Cui’s: AWS Lambda — should you have few monolithic functions or many single-purposed functions?). However, it is familiar enough to lower the bar for adoption. But once we’ve taken that step, how do we start optimizing our applications?

There are a ton of options, and I know that many people (including myself) love GraphQL. AWS even has their AppSync service that can make building GraphQL endpoints much easier, but like everything managed, it comes with a cost. Plus, sometimes our APIs go beyond simple CRUD operations and we need something more expressive, powerful, and familiar. If you’re looking for an alternative, check out the open source Lambda API project.

It’s an alternative to Express.js, Koa, Restify and other Node.js web frameworks, and is built specifically for serverless applications. There are a lot of built-in features to get you up and running fast, plus support for things like middleware, logging, and much more. We’re always looking for contributors, so please give it a try and help us make adopting this type of serverless use case even easier.

When you finally have a reason to try serverless… 👩‍💻

Serverless, Inc. (creators of the fabulous Serverless Framework) are hosting the #NoServerNovember Challenge this month. Every week they will be releasing a series of serverless challenges that will help experienced users level up, and brand new users get started. If you’ve been wanting to try serverless, these challenges will give you something a little more interesting to do than following a “hello world” tutorial. Plus there’s some swag in it for the winners.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Soenke Ruempler (@s0enke). Soenke is the co-founder of , a cloud and serverless consulting firm in Hamburg, Germany. He’s also an organizer for  as well as the . He recently shared his slides from his talk at code.talks last month. Serverless vs. (Backend) Developers is a really interesting look at the state of serverless adoption and provides some great insights for serverless 🥑s to change the way they are advocating.

Final Thoughts 🤔

As much traction as serverless has gained, there is a loooooong way to go. Information Technology is a multi-trillion dollar market and public cloud computing is only a tiny fraction of that. According to Chris Munns, “MOST cloud is still VM. On prem most compute is still bare metal. Containers adoption at scale is still so so so tiny.” So where is serverless in all this?

Lots of people are experimenting with containers, but the vast majority of companies and developers are still using traditional architectures (on-prem or cloud-based VMs) to build their applications. It’s very possible that serverless could completely leapfrog containers in terms of adoption if it evolves to support both startup and enterprise use cases. Is the echo chamber that is the serverless community making the case to help expand serverless adoption, or are we simply feeding on our own hype? I’d love to know your thoughts.

I hope you enjoyed this issue of Off-by-none. Feedback and suggestions are always appreciated and help to make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Now go spread the word by telling your friends about serverless. See you next week! 👋

Thanks again,
Jeremy