How To: Use SNS and SQS to Distribute and Throttle Events

An extremely useful AWS serverless microservice pattern is to distribute an event to one or more SQS queues using SNS. This gives us the ability to use multiple SQS queues to “buffer” events so that we can throttle queue processing to alleviate pressure on downstream resources. For example, if we have an event that needs to write information to a relational database AND trigger another process that needs to call a third-party API, this pattern would be a great fit.

This is a variation of the Distributed Trigger Pattern, but in this example, the SNS topic AND the SQS queues are contained within a single microservice. It is certainly possible to subscribe other microservices to this SNS topic as well, but we’ll stick with intra-service subscriptions for now. The diagram below represents a high-level view of how we might trigger an SNS topic (API Gateway → Lambda → SNS), with SNS then distributing the message to the SQS queues. Let’s call it the Distributed Queue Pattern.

Distributed Queue Pattern

This post assumes you know the basics of setting up a serverless application, and will focus on just the SNS topic subscriptions, permissions, and implementation best practices. Let’s get started!

Continue Reading…

Off-by-none: Issue #19

Starting off the new year with a serverless bang… 💥

Welcome to Issue #19 of Off-by-none. I’m so glad you’re here to talk about serverless! 🙌

Last week we reminisced about 2018 and laid out some plans for the new year. This week we’ll sort through all the serverless content that people created over the holiday break. Plus we look at some serverless use cases, share some upcoming webinars, and give you links to plenty of great talks to keep you busy for awhile.

We’ve got a lot to get to today, but before we jump in, I wanted to share that Lambda API v0.10 was released. Lambda API is a lightweight web framework for your serverless applications. It’s open source, fast, free, and now supports seamless integration with ALBs. v0.10 also added support for multi-value headers and query string parameters, plus new method-based middleware and much more. I’d love for you to check it out and send me feedback.

Okay, back to our regularly scheduled program. Here we go! 🚀

When you’d rather just sit back and watch some serverless videos… 🍿

ServerlessDays Milan 2018 released videos of all the talks from their event in October of last year. Lots of really great talks in here from Yan Cui, Ian Massingham, Danilo Poccia, and many more.

Serverless Computing London has also released some additional videos including Mikhail Shilkov’s Performance Tales of Serverless, Nate Taggart’s Rethinking Testing For Serverless, and Guy Podjarny’s Serverless Security: What’s Left To Protect?

Heitor Lessa announced that the second season of Build on Serverless is going to be about “Building a Serverless Airline App from scratch + leading practices applied.” This is a fun (and educational) thing to watch. You can (and should) RSVP on Twitch.

Also, Marcia Villalba released the first video in her Serverless Interviews series which just so happens to feature yours truly. So if you want to see me ramble on about serverless for 15 minutes while admiring the view of the Mirage in the background, this video is for you.

When you want to learn more about serverless security… 🔒

The team over at Protego created a Damn Vulnerable Serverless Application and donated it to OWASP so that you can learn what not to do when building serverless application. You can read more about it here. Now we have this AND the Serverless GOAT project that PureSec donated last month. These are both great resources to see how easily serverless vulnerabilities can be exploited and what to do to protect your application.

If you’re interested in discussing the OWASP Top 10 and how they apply to serverless applications, Ory Segal and I are hosting a Foundations of Lambda Security webinar on January 24, 2019 at 11am ET. Lots on information to cover, plus an interactive Q&A session at the end. Should be fun. 😉

What to do when you’re ready to use Lambda Layers… 🍰

Injecting Chaos to AWS Lambda functions using Lambda Layers by Adrian Hornsby, introduces us to a great use case for Layers. Werner said it best, “Everything fails all the time.” Using Chaos Engineering to test the resiliency of your distributed cloud applications is a great way to ensure that when things do fail, that your application will handle those issues gracefully and minimize the blast radius.

Gojko Adzic and his team created some public layers so you can now use FFmpeg, SOX, Pandoc and RSVG with your AWS Lambda projects. One more thing you don’t have worry about.

And if you want to take a Deep Dive Into Lambda Layers and the Lambda Runtime API, sign up for this webinar hosted by Chris Munns, Principal Developer Advocate at AWS. It’s scheduled for January 31, 2019 at 2pm ET.

When you’re having trouble choosing the right database for your serverless app… ⚖️

Alex DeBrie posted a tweet mentioning Rick Houlihan’s Match Your Workload to the Right Database (DAT301) talk at re:Invent. If you thought his Advanced Design Patterns for DynamoDB (DAT401) talk was amazing, prepare for another mind-blowing experience watching this one. Lots of practical advice to help you choose the right backend for your workload. 🤯

Speaking of DynamoDB, Forrest Brazeal from Trek10 spent his holiday break resurrecting the Northwind database from the annals of MS Access and teaches us how to convert it to NoSQL. From relational DB to single DynamoDB table: a step-by-step exploration is a great guide that shows us both the pros and cons of attempting to move relational workflows to DynamoDB. If you’re thinking about moving to NoSQL, please take a few minutes to read this.

When you’re wondering what AWS has been up to… Δ

AWS announced the Amazon API Gateway Service Level Agreement, which may have you scratching your head thinking, don’t all AWS services have SLAs? Just ask Scott Piper from SummitRoute. He put together an AWS Service Support table that shows just how few AWS services actually have them. Something for the 2019 #AWSwishlist.

The AWS Toolkit for Visual Studio Code project seems to be coming along nicely as well. Whether you just want to try it out, or contribute in some way, it’s pretty cool to see AWS developing more things like this out in the open.

They also keep making strides with Nested Applications. If you’d like to learn more, there is a Nested Applications: Accelerate Serverless Development Using AWS SAM and the AWS Serverless Application Repository webinar scheduled for January 31, 2019.  It’s hosted by James Hood, Sr. Software Dev Engineer at AWS, so you know it’s going to be good.

When you’re looking for some sample serverless use cases… 🔍

I love finding people that are applying serverless to new and interesting use cases. Whether they are solving complex workflows, or just a simple function that accomplishes a single task that makes your life easier, seeing the broad application of serverless is quite fascinating. Here are a few I found this week.

Building a serverless data analytics pipeline by Rodrigo Reis shows us a simple, but effective way to capture a stream of web events. They use an SQS queue and reserved concurrency to help throttle requests to their Elasticsearch cluster, which is both simple, and a great approach at their stage. They’re also smartly using IOpipe for observability.

Blog URL to PDF to Amazon Kindle by Dhaval Nagar outlines a simple app for automatically sending blog posts to a Kindle. There are probably multiple ways that this type of workflow could be used.

Serverless Function to Sync Data from a Database to Google Spreadsheet is another simple workflow that would be perfect for marketing teams, sales, or your billing department. No need to build interfaces for reporting data when there are already tools that people are familiar with.

If you want to get a bit more complex, check out How to build a React chat app with AWS API Gateway WebSockets, Custom Lambda Authorizer. Lots to chew on here, but if you’re heading down the WebSockets path, this is a good resource for you.

When you just want some interesting serverless content… 🤓

Save time and money with AWS Lambda using asynchronous programming by James Beswick provides some great tips for handling synchronous calls in your serverless functions. Also be sure that you Don’t overpay when waiting on remote API calls either.

Mike Vizard predicts the Battle Over Serverless Computing Frameworks to Heat Up in 2019. There is a lot of discussion in this piece about other companies (read: NOT AWS) embracing Knative and other open source “serverless” middleware to power their FaaS solutions. I think this goes to show how popular serverless is becoming and the thrashing that’s going on to catch up with AWS. I’m not sure this is going to play out the way these companies think it will.

There’s a new serverless framework called BAM! I haven’t used it yet, but let’s just add this to the list.

Jerry Hargrove continues to create more Cloud Diagrams & Notes for our viewing pleasure. His AWS Lambda and Aurora Serverless ones are awesome.

Yan Cui shows us how to perform Error Handling in AWS Lambda With Wrappers. He talks about the need for middleware in our serverless applications and how we can use it to capture errors and help us debug our systems.

Speaking of debugging, Hamit Burak Emre over at Thundra shows us how to Debug Your Python Functions Locally. Step-by-step debugging in Lambda functions with breakpoints? Yes, please.

Finally, Slobodan Stojanović, author and serverless wizard, answers the question, “What do you use for scheduling AWS Lambdas?” His answer gives us cron jobs and delayed triggers, all without servers to manage or maintain. 👍

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Farrah Campbell (@FarrahC32). Farrah is the Ecosystems Manager at Stackery, a visual tool for building serverless applications. Farrah has become another positive voice in the serverless community, helping to organize ServerlessDays Portland and other workshops, and an ever present figure at conferences helping to spread the serverless word. She was also recently featured as a Serverless Superhero in How serverless is breaking down barriers in tech. Diversity in tech has always been a challenge, so it’s great to have people like Farrah as part of the serverless community working to make it more inclusive.

Final Thoughts 🤔

Week #1 of 2019 is in the books, and if this is any indication, it is going to be a banner year for the serverless community! There has already been a ton of great serverless content so far, plus Paul Johnston pointed out that there are EIGHT ServerlessDays conferences between now and April 11th. One of which is Boston, so be sure to buy your tickets soon! I know I’m excited.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions so I can continue to make this newsletter better. Feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or how you’d like to contribute to Off-by-none.

Take care,
Jeremy

🚀 Project Update:

Lambda API: v0.10 Released

Lambda API v0.10 adds the ability for you to seamlessly switch your Lambdas between API Gateway and Application Load Balancers. New execution stacks enables method-based middleware and more wildcard functionality. Plus full support for multi-value headers and multi-value query string parameters. Read More...

Off-by-none: Issue #18

Happy (Serverless) New Year! 🎉

Welcome to Issue #18 of Off-by-none. It’s 2019, and it’s going to be a great year for serverless! 🙌

Last week we looked at the new WebSocket support for API Gateway, saw some more serverless love from startups, and I argued that we should Stop Calling Everything Serverless! This week we’re going to reflect back on 2018, I’ll share my 2019 plans for Off-by-none, and we’ve got plenty of great stories from the community.

Let’s jump right in. It’s going to be another busy year! 👨🏻‍💻👨🏻‍🔬👨🏻‍🎨👨🏻‍🏫

When you need to look back so you can look forward… 🔭

2018 was quite a busy year. Being the CTO of a startup certainly keeps my to-do list full, plus I consulted for several additional companies in the serverless space. However, my passion for creating, writing and helping out others (or at least trying to) is too powerful a force to keep contained.

Even though I have been blogging for quite some time, last year was when I started writing almost exclusively about serverless. I also spent time working on some open source projects and thinking about new ones I’d like to create. I thought it would be a proper exercise to look back at all the things I worked on last year, reflect on what was helpful, and then plan to do more of that in 2019.

In January, I launched the first stable version of Lambda API and then wrote How To Build a Serverless API with Serverless, AWS Lambda and Lambda API. Soon thereafter, I created Securing Serverless: A Newbie’s Guide to capture some serverless security best practices for those just starting out.

Then I shared some tips on How To: Manage RDS Connections from AWS Lambda Serverless Functions as well as How To: Stub “.promise()” in AWS-SDK Node.js. I weighed in on Solving the Cold Start Problem and proposed some additional solutions with How To: Optimize the Serverless Optimizer Plugin. I also came up with a list of 10 Things You Need To Know When Building Serverless Applications.

I did some more security research and wrote about Event Injection: A New Serverless Attack Vector and then shared 5 Reasons Why Your Serverless Application Might Be A Security Risk. I ran some experiments using Serverless Consumers with Lambda and SQS Triggers as soon as AWS announced support. I also started to share serverless microservice concepts and published Mixing VPC and Non-VPC Lambda Functions for Higher Performing Microservices.

In July, I met Chris Munns for the first time and wrote 15 Key Takeaways from the Serverless Talk at AWS Startup Day. This gave me more insight into the cold start issue, so I created the open source package, Lambda Warmer, so you could Optimize AWS Lambda Function Cold Starts. I then shared some thoughts on Thinking Serverless (Big and Small) and why serverless is great for workloads of all sizes.

As I converted several workflows over to serverless applications, I started making use of tags to keep things organized. I captured my best practices in How To: Tag Your Lambda Functions for Smarter Serverless Applications. The more I wrote about serverless, the more people I found in the community, so I published my list of Serverless Peeps You Need To Follow. 😃

I put together a guide on How To: Add Test Coverage to your Serverless Applications, and then wrote a fictional story called A Tale of Two Teams, about two startups that made vastly different technology choices (serverless versus containers). It was fun to write and there was a lot of interesting feedback. Next up was Aurora Serverless: The Good, the Bad and the Scalable, an in-depth look at AWS’s new “serverless” MySQL database offering.

In August I published Serverless Microservice Patterns for AWS, which is a really handy resource. It eventually made its way to #7 on Hacker News and crashed my site. FYI: WordPress does not scale. Speaking of scaling, I created a solution for Managing MySQL at Serverless Scale with the open source serverless-mysql NPM package. I’ve been using it in production ever since.

In September I launched Off-by-none! It’s been quite a bit of work, but all of your feedback has been incredibly encouraging (more on this later). I then shared a piece called Serverless Security: Locking Down Your Apps with FunctionShield, and wrote up An Introduction to Serverless Microservices. In What 15 Minute Lambda Functions Tells Us About the Future of Serverless, I shared some thoughts about AWS’s new execution limits and why it’s an important step forward.

I also shared some Takeaways from ServerlessNYC 2018, took a first look at the Aurora Serverless Data API, and then spent a week in Las Vegas for AWS re:Invent. My re:Capping re:Invent: AWS goes all-in on Serverless post explains why AWS is lightyears ahead of other providers in the serverless space. I also shared a serverless tip so you Don’t overpay when waiting on remote API calls, and I finished up the year with my Stop Calling Everything Serverless rant.

I’m exhausted just thinking about all that, but at the same time, I’m super excited for 2019. I received a tremendous amount of constructive feedback, met some really amazing people, and learned a ton in the processes. I’ve got plenty of content planned for this year, most of which will be highly practical so that you can apply the concepts straight away. I’m also working on a course or two, plus some other creative ways to talk about and explore serverless applications and the methodology used to build them. I’m hoping you’ll find all of this useful.

When you’re wondering what’s next for Off-by-none… 🧙‍♂️

When I first launched Off-by-none, it was a bit of an experiment. I wanted to create a sort of “un-newsletter”, something that was more interactive than just some links to recent articles, blog posts, and handy tools. Don’t get me wrong, I love getting my weekly newsletters, and there are plenty of good ones to choose from, but I still think we can do something even bigger and more helpful.

Don’t worry, I’m still going to write the weekly newsletter, but in the next couple of weeks, Off-by-none will be launching its own site. This new site will host archives, resources, and plenty of additional ways for the community to interact, contribute, and help steer the conversation. I’m really excited about this and the possibilities it creates. I still believe that Off-by-none is about working together to build better cloud-based products, so I’m hoping this new site will open it up to a bigger audience and help to expand the serverless community.

When you’ve heard enough about me and just want some good serverless content… 📚

Gal Bashan over at Epsagon wrote The Hitchhiker’s Guide to Serverless. Earlier this year we talked quite a bit about the serverless echo-chamber and how foreign some of these concepts are to those that are new to serverless. Gal outlines a number of key components that make up serverless applications and explains what they are and when to use them.

Getting started with AWS Lambda Layers for Python is a new post from Adrian Hornsby that lays out the basics for harnessing the power of Lambda Layers. Lots of really good stuff in here.

I also came across Contemporary Views on Serverless and Implications by Subbu Allamaraju the other day. Subbu is an engineer with Expedia and wrote this really interesting piece about the differing views of serverless and the conflicting nature of the term. Another piece that shows just how much further we have to go to bring serverless to the masses.

Syed Jaffry, a solutions architect at Amazon Web Services, wrote a really great article regarding Best practices for securing sensitive data in AWS data stores. When we’re building serverless applications (or any application in the cloud), understanding how to keep sensitive data secure is extremely important. This piece gives you an overview of some general security patterns that you can use. Definitely worth the read.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Erik Peterson (@silvexis). Erik is the Founder and CEO of CloudZero (@cloudzeroinc), a startup that helps you monitor your cloud computing costs. Erik has been building on AWS for over a decade, he’s a frequent speaker at conferences and meetups, and is a regular contributor to the CloudZero blog. He’s a big proponent of #FinDevOps, which is all about leveraging cost as a first class metric when designing serverless systems. Serverless applications generally have a lower TCO than most traditional applications, so it’s good to have people like Erik think through how cost affects our organizations up and down the value chain.

Final Thoughts 🤔

Last year was quite a whirlwind. There were so many amazing advancements in the serverless space, that it’s hard to keep track. AWS announced a number of new services that will be available in 2019, plus I’m hoping that other cloud providers will continue to invest heavily in this space as well. I’m thinking that 2019 is going to be a very good year for the serverless community. ⚡️

I plan on producing lots of serverless content this year, plus I’m co-organizing ServerlessDays Boston on March 12, 2019, and I hope to do some speaking as well. I look forward to spending 2019 with all of you!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none even better.

Here’s to 2019, 🍾🥂
Jeremy

Off-by-none: Issue #17

WebSockets are so hot right now…

Welcome to Issue #17 of Off-by-none. Thanks for being here! 👋

Last week we talked about when to optimize our apps and discussed what the term “serverless” actually means. This week I’ll share some more thoughts on that, plus we’ll explore the new API Gateway WebSocket support, share some great serverless articles, and look at a few more announcements from the world of serverless.

Let’s get to it. 😀

What to do when you want to call every managed service and SaaS app “serverless”… 😳

Maybe let’s not. Last week there was a bit of Twitter chatter about what “serverless” actually meant. Is it a technology, a compute model, an architectural pattern, a spectrum, an operational construct? I contend that it can’t be all of these things. I went into rant mode and wrote a post called Stop Calling Everything Serverless! It’s quite a long post, but I think it’s important that we don’t overload the term to the point that it no longer has any meaning.

In my opinion, serverless is a methodology for planning, building, and deploying software in a way that maximizes value by minimizing undifferentiated heavy lifting. It touches everything up and down the value chain, not only affecting how engineers approach development, but also influencing product strategy, design, budgeting, resource planning and much more.

I got a lot of feedback on this post. Several people disagreed with me, but I think it is a healthy debate. I’d love to hear your feedback as well.

When you’re looking for a reason to use serverless WebSockets just because you can…

AWS finally released support for WebSocket APIs in Amazon API Gateway. Which is very cool. I spent some time playing around with them and the implementation is really good. I can see lots of great use cases for this.

If you want to get a thorough walk-through of how they work, George Mao from AWS has a webinar that covers Building Real Time Applications using WebSocket APIs Supported by Amazon API Gateway.

There is also a simple-websockets-chat-app available on GitHub that you can launch using SAM. Or if you prefer, you can start Using API Gateway WebSockets with the Serverless Framework. Jared Short shows you how to use the new serverless-websockets-plugin, plus gives us a really cool DynamoDB streams pattern that we can use in all sorts of scenarios. 🤘🏻

When you realize that serverless and startups are a perfect match… 💖

Serverless and startups, the beginning of a beautiful friendship by Slobodan Stojanović, takes us through how he and his team built Vacation Tracker using serverless and a hexagonal architecture. He’s not the first to say it, but it’s certainly worth repeating: serverless give startups a huge advantage.

Speaking of Slobodan, he and Aleksandar Simović have finished their book: Serverless Applications with Node.js. Definitely worth taking a look if you’re building your serverless apps with Node.js.

If you’re looking for other startups that bet big on serverless, check out SQQUID: a 100% serverless startup. It seems like there are more and more stories like this every day.

When you can’t get enough serverless input… 🤖

Michael Vargas wrote a great piece about Using Design Patterns with AWS Lambda. Some good lessons in there about separating our business logic from the cloud provider’s interface.

Yan Cui shares his Thoughts on the Serverless Announcements at re:Invent 2018. He also lays out some Considerations for the Beginner Serverless Developer. Good place to start for those of you just getting into serverless.

I’ve spent some time working with the new Lambda support for Application Load Balancers, and there are plenty of pitfalls in there. If you’re interested in finding out more, Jeremy Thomerson has got you covered with his post API Gateway vs Application Load Balancer—Technical Details.

Serverless & SaaS — Part 1: The New Build Versus Buy by Tom McLaughlin is an interesting piece that advocates the use of SaaS products over AWS building blocks whenever possible. It might be easy to glue services together, but that doesn’t mean that your team has the right domain expertise.

Building sandcastles and securing WordPress by James Beswick is a great piece that talks about the state of content management and how it is starting to evolve to serverless backends. WordPress may be the 800 pound guerrilla, but James contends that its days may be numbered.

When you’re looking beyond relational database patterns… 🤓

How to use Amazon DynamoDB global tables to power multi-region architectures by Adrian Hornsby is a pretty cool look at how to geographically disperse your applications for lower latency and disaster recovery.

And if you’re looking for more DynamoDB goodies, Faux-SQL or NoSQL? Examining four DynamoDB Patterns in Serverless Applications by Alex DeBrie is great way to expand your mind and start drinking the NoSQL Kool-Aid.

“Serverless” CQRS using Azure Event Grid and Durable Functions by Duncan Edwards Jones, is great primer on the CQRS pattern and how you could apply that to your serverless applications. Decoupling commands and queries makes for a tremendously scalable approach.

When you’re looking for some more hands-on serverless tutorials…

Angela Wang put together A curated collection of hands-on workshops for learning AWS. There’s a few great serverless ones in there, but plenty of other AWS services are covered too.

Authentication & Authorization in GraphQL with AWS AppSync (MOB402) with Karthik Saligrama is another awesome re:Invent talk. If you’re using AppSync, I really hope you’ve got your authentication locked down. You might want to double check after you watch this video.

Eric Hammond has some ideas on Using AWS SSM Parameter Store With Git SSH Keys. Interesting approach that you might find useful.

And Marcia Villalba released a new video: Lambda layers with Serverless Framework and good practices.

When AWS keeps pumping out new features… 🏭

I was all excited when they introduced AWS Client VPN to Securely Access AWS and On-Premises Resources. Too bad the pricing is quite ridiculous.

Amazon Route 53 Adds Alias Record Support For API Gateway and VPC Endpoints, so no more additional Route 53 charges when mapping your domains to your regional or edge-optimized endpoints.

Amazon DynamoDB Accelerator (DAX) Adds Support for DynamoDB Transactions, which closes the open loop with the new DynamoDB transactions.

Amazon DynamoDB Increases the Number of Global Secondary Indexes and Projected Index Attributes You Can Create Per Table. For those of you that found five global secondary indexes to be too few, now you automatically get 20. Plus you can always ask for more if you need them.

Plus, a New SAM PUBLISH Command Simplifies Publishing Applications to the AWS Serverless Application Repository. This is a nice little addition. Hopefully we’ll see more apps in the repository soon.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Alex DeBrie (@alexbdebrie). Alex is a big part of the team over at Serverless, Inc., you know, the ones that brought us the amazing Serverless Framework ⚡️. Alex is constantly working to bring us new features to make our lives easier as serverless developers. He is a regular contributor to the Serverless blog, but has also started posting some great stuff to his personal blog as well. I’m looking forward to keeping up with his content and his continued work on the Serverless Framework.

Final Thoughts 🤔

WebSockets are awesome, I just need to find a reason to use them with some of my apps 😂. But seriously, there are a few use cases that are still beyond the scope of serverless. All the recent additions to DynamoDB, plus now with WebSockets, that list is getting smaller every single day. I’m really excited about what the future of serverless holds, just so long as we don’t keep misappropriating the term. 😉

🎄 Merry Christmas and Happy Holidays to all of you! I wish you all a happy, healthy and prosperous new year!

I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always incredibly helpful, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

See you next year,
Jeremy

Stop Calling Everything Serverless!

I’ve been building serverless applications since AWS Lambda went GA in early 2015. I’m not saying that makes me an expert on the subject, but as I’ve watched the ecosystem mature and the community expand, I have formed some opinions around what it means exactly to be “serverless.” I often see tweets or articles that talk about serverless in a way that’s, let’s say, incompatible with my interpretation. This sometimes makes my blood boil, because I believe that “serverless” isn’t a buzzword, and that it actually stands for something important.

I’m sure that many people believe that this is just a semantic argument, but I disagree. When we refer to something as being “serverless”, there should be an agreed upon understanding of not only what that means, but also what it empowers you to do. If we continue to let marketers hijack the term, then it will become a buzzword with absolutely no discernible meaning whatsoever. In this post, we’ll look at how some leaders in the serverless space have defined it, I’ll add some of my thoughts, and then offer my own definition at the end.

Continue Reading…

Off-by-none: Issue #16

Premature Serverless Optimization…

Welcome to Issue #16 of Off-by-none. Thanks for joining us. 🤘🏻

Last week we looked at Lambda Layers and custom runtimes. This week we’re going to talk about when we should worry about optimizations, plus highlight some recent discussions about the term “serverless” and what that actually means. We’ve also got some interesting articles, several product announcements, and (somehow) more stuff from re:Invent.

Let’s get started. 👍

When you spend too much time optimizing the wrong things… ⚙️

Mark Schwartz published an article on the AWS Cloud Strategy Blog entitled: Micro-Optimization: Activity-Based Costing for Digital Services? In it he outlines the fact that we can now meter individual units of compute to analyze costs. Simon Wardley (and others, including me) have been talking about capital flow for quite some time. Erik Peterson over at CloudZero uses the term FinDevOps to described it. But knowing your costs is different than trying to prematurely optimize them.

I wrote a post last week about the potential to overpay when waiting on remote API calls. This was a micro-optimization, and for my use case and company, it made sense. However, there are two slippery slopes that this type of fine-grained metering can introduce. The first is to tie your costs directly to customer pricing. Some services make sense to use metered billing, but don’t let this level of cost granularity influence the value your service provides to customers.

Second, is premature optimization. Compared to building and maintaining your own systems, cloud computing is ridiculously inexpensive, especially when you’re starting out and haven’t achieved significant scale. Don’t waste your developers’ time trying to shave off nickels and dimes from your bill. Focus on creating more value by delivering and iterating on features faster and worry about cost optimizations later.

Choosing serverless, however, is a MACRO optimization. I have some thoughts on that.

When you’re still confused by what serverless actually means… 🤷‍♂️

You’re not alone. Ben Kehoe called serverless a spectrum at one point, CloudZero wrote a post about it. AWS calls it an operational construct. Simon Wardley has his definition. Jeff Hollan wasn’t happy with the mischaracterizations in this paper that argues that current serverless offerings are “a bad fit for cloud innovation.” And Paul Johnston says that teaching people to do serverless is hard because it’s not about technology, but culture.

I have plenty of my own thoughts on this as well, but one thing is for sure, this debate won’t be settled any time soon. Regardless of the exact definition, I believe many of us “know it when we see it” and are starting to embrace the benefits it brings. And if you’re looking for some of those benefits, Zack Kanter makes the business case for serverless in his new post on TechCrunch.

What to do when you’re looking for some light serverless reading… 📚

Ory Segal published some Security Considerations for AWS Lambda Runtime API and Layers. AWS does a lot to protect you and your application from security issues, opening up custom runtimes, while a good thing, means more to consider from a security standpoint. Read this post to get an idea of some of these new risks.

Serverless Latency has been a common objection amongst the anti-serverless crowd for quite some time. Tim Bray dives deep into this and gives us some things to think about regarding state hydration, database considerations, and how we should really be thinking/talking about latency in our applications.

Yan Cui (AKA The Burning Monk), talks about Holistic Problem Solving using serverless. Yan just wrapped up his Production Ready Serverless course, which is a favorite among many of us in the serverless community.

For more on custom runtimes in Lambda, you can check out Adnan Rahic’s crash course on Serverless with AWS – Running Node.js 11 on Lambda. But just because it’s possible, doesn’t mean it’s a good idea. 😃

When you’re looking for more serverless announcements… 📣

Serverless, Inc. announced the release of the Serverless Framework v1.35. Good news for you Ruby folks, plus support for cross-region CloudFormation outputs and a bunch of bug fixes.

AWS announced that Amazon SQS now Supports Amazon VPC Endpoints using AWS PrivateLink. It’s a pain to need NATs just to connect to some AWS services, so for bunkered apps, this removes another external call to the Internet.

AWS also announced support for nested applications for AWS SAM and the AWS Serverless Application Repository. Nested applications were announced at re:Invent, but now that AWS SAM supports them, I’m guessing we’ll see some interesting use cases emerging. Easier reusability in our serverless applications is a big deal.

If you really want to geek out, there’s a post on How to use the new Amazon DynamoDB key diagnostics library to visualize and understand your application’s traffic patterns. Not sure I would spend a lot of time with this one, but it’s nice to know it’s there if you need it.

Beyond some of these bigger announcements, there were also quite a few Invisible Improvements made by AWS. Alex DeBrie broke them all down for us in his new post.

When weeks go by and we’re still talking about re:Invent…

It seems that no matter how many hours you’ve spent watching re:Invent videos and reading recaps, there’s always more to discover. There’s another post here that lists several great talks, and here are two more that I really enjoyed.

Accelerate Innovation & Maximize Business Value w/ Serverless Apps (SRV212)
Linda Lian talks about how Amazon thinks about serverless. It’s explained as an operational construct, rather than an architectural model or a way to think about packaging and deploying code. Christopher Dixon from Comcast then shows us how Xfinity used serverless to integrate Netflix streaming into their set top boxes. Pretty cool stuff.
Watch the talk

CI/CD for Serverless and Containerized Applications (DEV309)
Clare Ligouro, Principal Engineer at AWS Container Services walks us through the three pillars of releasing modern applications. Lots of great information in here about blue-green and canary deployments, plus how to use Lambda to add verification hooks and automatically rollback ones that fail.  Watch the talk

Also, if you want a bit of an inside look at re:Invent, check out Marcia Villalba’s video series on her Foo Bar channel. She interviewed a lot of people, so it’ll be great when the full versions come out. Maybe start with Day 2 if you want to see a snippet of yours truly. 😉

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Ory Segal (@orysegal). Ory is the CTO and Co-Founder of PureSec, a serverless security platform. Beyond their core product, Ory and his team are responsible for a number of innovations around serverless security. These include their free FunctionShield and Least Privileged Role Generator tools for Lambda, their creation and contribution to the OWASP Serverless Top 10 project, and their collaboration with AWS to bring application security to Lambda using Layers. Ory is also active on the PureSec Blog and just launched a new eBook all about AWS Lambda Security Best Practices. Serverless empowers developers to build and release software quickly, but that can introduce significant security risks. I feel much better knowing that Ory is watching our backs. 👀

Final Thoughts 🤔

The more popular “serverless” gets, the more people try to overload the term and subscribe it to everything. I’m a firm believer that serverless is not a buzzword, and that it means something very specific, even if the definition continues to be blurred by marketing departments. If I thought this was just an argument about semantics, then I’d probably let it go. But I think there is more to it than just that, and that the distinction will become important. More thoughts to come on this.

I hope you’ve enjoyed this issue of Off-by-none. All of your feedback and suggestions are incredibly helpful, so please keep them coming. Reach out to me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and ideas for making Off-by-none better.

Until next time,
Jeremy

Off-by-none: Issue #15

It’s all about Layers…

Welcome to Issue #15 of Off-by-none. I’m glad that you could join us. 😀

Last week we recapped re:Invent and took a look at some of the excellent talks and AWS product releases. This week we’ll dig deeper into Lambda Layers and see how people are having a bit of fun with custom runtimes. Plus we’ve got more talks from re:Invent and plenty of other serverless tidbits for your mental ingestion.

Lots to get to, so let’s get started! 🚄

What to do when AWS gives people access to Custom Lambda Runtimes… ⚙️

AWS already took care of C++ and Rust for us, plus some launch partners have already added PHP and Cobol support as well. But it seems that the community is taking advantage of this new feature in a big way.

The team over at The Agile Monkeys added a Haskell runtime. Think about it, a purely functional programming language running pure functions on stateless serverless functions! Okay, maybe that’s a bit much, but if you’re a hardcore functional programmer, you may want to give this a look. 😎

Graham Krizek added Bash support, which is pretty darn cool. He even included executables like aws, scp, git, wget and a whole lot more. Think about all the interesting and powerful use cases this opens up. Just this git support alone adds a number of possibilities. 🤓

Data scientists rejoice! You can now run R on Lambda thanks to this tutorial by Philipp Schirmer. There might be some memory limitations, but overall this looks like a workable solution for all you number crunchers. 📊

There’s also this proof of concept for a Serverless Open Runtime for AWS Lambda. Definitely an interesting concept, especially the language agnostic middlewares piece. Could turn out to be a terrible idea, but definitely something to keep your eye on. 🤷‍♂️

When you want to know how to use AWS Lambda Layers… 🥞

You can certainly build Lambda Layers on your own, but several companies are now providing them as a way for you to easily instrument your code. Epsagon, PureSec, Thundra, DataDog, IOpipe, and more, have all built Layers that you can simply plug in to your existing Lambda functions without modifying your code. That’s pretty easy.

Of course, our friend Paul Johnston has some thoughts on Lambda Layers and Custom Runtimes, including initial thoughts on best practices.

If you’re looking to help influence the future of Lambda Layers, take a look at this RFC on how to handle permissions with LayerVersions in SAM. AWS always appreciates feedback from the community, so feel free to throw your hat in the ring and add your comments. 🎩

When you refuse to believe you’ve watched all the good re:Invent talks… 📺

Not all of these are available to watch, but there is still a ton of amazing re:Invent content out there that you probably missed, even if you were at re:Invent! Here are three more talks that I found to be super interesting.

Inside AWS: Technology Choices for Modern Applications (SRV305)
Tim Bray, a Senior Principal Engineer from AWS, talks us through how AWS dogfoods serverless to power many of their own services. Even API Gateway runs on Lambda. He notes that “capacity planning sucks” and that you should “use serverless whenever possible.” This talk is full of great advice, including ways to “minimize state hydration”, plus some helpful notes on the three integration patterns. Watch the talk

Reddit’s Serverless & Compute Infrastructure at Scale (STP18)
Anand Mariappan & Jesjit Birak from Reddit take us through their latest redesign process and the steps they took to avoid another incident like “the Digg Mass Exodus of 2010.” The overall process was helpful to understand, but their method for scaling their video ingestion system using serverless tech is really interesting. A great lesson for enterprises here, as they built this to run along side their existing monolith. Watch the talk

Close Loops & Opening Minds: How to Take Control of Systems, Big & Small (ARC337)
Colm MacCárthaigh, another Senior Principal Engineer from AWS, lays out ten patterns to use while building control planes for distributed systems. Since all of our serverless applications are distributed, this makes for a really useful guide when building our own applications. Colm dives a bit into control theory, but keeps the advice practical so that you can apply these techniques immediately. Watch the talk

When you’re still debating what database to use with your serverless app… ⚖️

If you plan on using DynamoDB, you may want to look at Alex DeBrie’s DynamoDB On-Demand: When, why and how to use it in your serverless applications. Plus, lots of your burning DynamoDB questions are answered in here.

If you still want to go the relational database route, check out A crash course on Serverless with AWS — Building APIs with Lambda and Aurora Serverless by Adnan Rahić. This is a great post to get you started, I just wish he didn’t use an MySQL ORM. 🤦🏻‍♂️

And speaking of MySQL, I released a new version of serverless-mysql that fixes an ENQUEUE issue. If you’re not familiar with it, this module helps you with Managing MySQL at Serverless Scale.

What to do when you need more serverless content… 🙏

Jon Vines gives us some ideas about Breaking Down the Serverless Monolith. It’s tempting to load up functions with a lot of capabilities as it keeps things “simple” and is familiar to most developers. Some good lessons learned are outlined in this post.

If you’re interested in learning some more best practices, take a look at Five Essential Principles for Developing Lambdas. I think most of these are pretty solid (especially single-purpose lambdas), plus there are some examples, which is quite helpful.

Another great thing about single-purpose functions is that they can be optimized for their specific job. Case in point, don’t overpay when waiting on remote API calls by using the appropriate memory configurations.

For you serverless security buffs, take a look at Ory Segal’s 6 Cloud Security Predictions for 2019. And if you want some hands-on experience, try going through this Serverless Security Workshop. 🔒

When you remember that Microsoft Azure has serverless functions too… ⚡️

Mikhail Shilkov is Making Sense of Azure Durable Functions for you with his new (very detailed) post. Though the title suggests this is all about Microsoft’s solution, there is quite a bit of background on microservices, event-driven applications, serverless function composition and more. Definitely worth the read if you’ve got 20 minutes or so to spare. 📖

Kate Baroni, a Software Architect at Microsoft Azure, shows us how an Azure Function can orchestrate a real-time, serverless, big data pipeline.  Plus, if you’re interested, there are some links to related posts that go into more detail. I love finding interesting use cases like this, but it’s curious to me that Azure is doing complex orchestrations within a single function (with no mention of Durable Functions). This has always been a big anti-pattern with AWS Lambda, but maybe not with Microsoft? 😕

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Simon Wardley (@swardley). Simon invented Wardley Maps, which changes the way we look at strategic planning. You can read all about how it works here (and I suggest you do). Beyond that, Simon is a huge proponent of serverless and has been predicting for quite some time that it is the future of computing. He has a number of brilliant talks about serverless (including ServerlessDays Hamburg and Serverlessconf San Francisco 2018), plus his Twitter feed often contains entertaining back-and-forth arguments as to why serverless adoption is inevitable (see this recent Twitter thread). I’m a big fan of Simon and appreciate the work he is doing to make the case for serverless.

Final Thoughts 🤔

Lambda Layers is exposing serverless computing to a number of new communities, and people have been rushing to add support for all kinds of runtimes and service integrations. A recent report by Gartner identified “serverless computing” as the number one key trend for 2019 and noted that “more than 20 percent of global enterprises will have deployed serverless computing technologies by 2020.”

We are still early in this journey, but as Simon Wardley says, “No more questions on serverless. It’s not an ‘if’ but ‘when’. Get on with learning.” This is sage advice, and what we’re encouraging with this newsletter.

I hope you’ve enjoyed this issue of Off-by-none. I love getting your feedback. It is always most welcome and much appreciated. Your suggestions help me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.

Go build some amazing serverless apps!

Take care,
Jeremy

Serverless Tip: Don’t overpay when waiting on remote API calls

Our serverless applications become a lot more interesting when they interact with third-party APIs like Twilio, SendGrid, Twitter, MailChimp, Stripe, IBM Watson and others. Most of these APIs respond relatively quickly (within a few hundred milliseconds or so), allowing us to include them in the execution of synchronous workflows (like our own API calls).  Sometimes we run these calls asynchronously as background tasks completely disconnected from any type of front end user experience.

Regardless how they’re executed, the Lambda functions calling them need to stay running while they wait for a response. Unfortunately, Step Functions don’t have a way to create HTTP requests and wait for a response. And even if they did, you’d at least have to pay for the cost of the transition, which can get a bit expensive at scale. This may not seem like a big deal on the surface, but depending on your memory configuration, the cost can really start to add up.

In this post we’ll look at the impact of memory configuration on the performance of remote API calls, run a cost analysis, and explore ways to optimize our Lambda functions to minimize cost and execution time when dealing with third-party APIs.

Continue Reading…