Off-by-none: Issue #102

August 11, 2020

Only have a few minutes? Check out this week's MOST POPULAR links as chosen by our email subscribers.

Serverless security strategies... ๐Ÿ”

Welcome to Issue #102 of Off-by-none. I’m happy you’re here!

Last week, we shared some dissenting opinions on serverless, but also got a bunch of awesome new tools. This week, we have some awesome insights into serverless and cloud security, we take a look at serverless machine learning, and try something a little different with the newsletter format. Plus, we have lots of great serverless content for you to explore.

When you’re curious what’s new with serverless… ๐Ÿ“ฃ

Check out the TriggerMesh guide โ€œWhat Every CIO Needs to Know about Serverlessโ€ for feature comparisons of major offerings and an introduction to basic concepts like cloud native and microservices. Use it to inform your peers / managers on serverless benefits and available options. Sponsored

The Dashbird has a busy week. Not only did they just turn 3 years old, they also introduced Dashbird Atlas, a new real-time 3D map view of your entire serverless environment. And if that’s not enough, they also added insights for AWS Kinesis and Step Functions.

In other, sort of serverless news, WayScript just raised $5 Million. Last week we mentioned Paragon, which seems quite similar. Sort of like IFTTT, but with a lot more flexibility and customizations. I have a feeling we’ll see more and more systems like this that’ll continue to build higher level abstractions on top of serverless infrastructure.

When everyone starts adding buzzwords back into their pitch decks… ๐Ÿ“ˆ

Machine Learning is all the rage nowadays, and unlike several years ago when ML/AI was the cornerstone of every investor presentation, lots of companies are now actually able to deliver on that promise. An oft repeated criticism of Lambda (and most FaaS in general) has been its inability to handle machine learning use cases. But thanks to the recent addition of EFS support, and a clever post by Shitij Mathur, setting up serverless machine learning inference with AWS Lambda couldn’t be easier. ๐Ÿ˜‰

There are plenty more examples, include Mike Palei’s post that shows you how to serve a Tensorflow 2 model on AWS Lambda. Or Joshua Jarvis’s Going Serverless for Your ML Backend with SAM CLI. For a more in depth discussion on what’s possible with ML and serverless, check out Datacast Episode 39: Serverless Machine Learning In Action with Carl Osipov.

What to do if PHP is still your jam… ๐Ÿ•บ

Not to worry, the “Serverless LAMP stack” is definitely a thing. Ben Smith from AWS has another installment in his Serverless LAMP stack series, this time showing you how to build a serverless Laravel application and deploy it with AWS SAM.

And before you say, “hey, I bet Ben just made this whole thing up!”, Chandresh Singh also has a post that will show you how to setup a queue with Serverless Laravel using bref. If Laravel isn’t your thing, Smaine Milianni has a post that’ll show you how to deploy a Symfony application in AWS Lambda.

When you don’t want to repeat someone else’s mistakes… ๐Ÿคฆโ€โ™‚๏ธ

The Interwebs is filled with stories of success, but oftentimes learning what not to do can be even more instructive. Chris Plankey has a great post titled How I Failed at Generating Revenue with Alexa In-Skill Purchases that details his attempt to bring in some extra cash with a side hustle. We’re all prone to making bad assumptions, but maybe this will help you avoid a few.

Even if all your assumptions are correct, you’re still bound to hit some roadblocks when building out your serverless applications. Dimitri Saeys recounts how Sporza created a real-time sport data api (in tremendous detail). His team followed an interesting process, and there’s plenty to learn from their journey.

When you’re looking for a serverless solution to your problem… ๐Ÿ—บ

If you still list DevOps on your LinkedIn profile, then perhaps using serverless for IAM user monitoring or sending bash commands to an EC2 cluster with AWS Lambda and SSM might be interesting to you.

For some simpler automations, Harish Aravindan can show you how to get notified on pull requests via Slack using AWS Lambda or you can see how Javaad Patel gets page views from Google Analytics using a Netlify Serverless function.

For the truly ambitious, Nghia Dang has an excellent post that shows you how to implement a highly available, scalable and cost-efficient video processing service using AWS Lambda, SNS and SQS. And if that’s not big enough for you, take a look at how AWS serverless architecture drives SBA’s Lender Gateway for PPP loans.

Where to go to level up your serverless knowledge… ๐Ÿ—

Yan Cui compares choreography vs orchestration when dealing with serverless function composition. As he points out, both have their pros and cons, with Step Functions being the clear winner for mission critical workflows. Lots of useful information in here, but I still think there are cross-service use cases for Step Functions. Perhaps a discussion for another day.

Of course, Step Functions can get expensive, which is why Renato Byrro offers some suggestions on cutting Step Functions costs on enterprise-scale workflows. He mentions “orchestration” with EventBridge, but even though there are strong guarantees, this still falls into the “choreography” bucket for me.

If you’re still not fully up to speed on the magical service that is EventBridge, then perhaps this post on migrating applications to cloud with Amazon EventBridge by Emrah Samdan will fill in some gaps.

And speaking of magic, the new Direct Lambda Resolvers for AppSync are pretty darn cool as well. John Connerton not only helped build this new feature, but also explains why they are really effective.

Still thirsty for some serverless know-how? You can learn about Netlify Functions in 2-ish minutes, let Michael Bahr show you how to archive your AWS data to reduce storage costs, or get help from Ran Ribenzaft on how distributed tracing differs from logging. Plus, Lou Bichard can tell you why youโ€™re alerting wrong with CloudWatch and Yossi Ittach will give you a rundown of your options for pub-sub services on AWS.

When you want to get hands-on with serverless… ๐Ÿ‘ทโ€โ™€๏ธ

Even though your code coverage is probably zero (don’t worry, I know you’ll eventually get to it), Mohammed Izzy shows you how to easily perform tests on your IaC code with Pulumi, so one less excuse. ๐Ÿ˜‰

For those of you looking for a full-stack experience, Fidel Vazquez has a tutorial on designing and deploying a full-stack web application using AWS Amplify. Ashan Fernando shows you the simplest way to host a Gatsby website in AWS without servers, and Atila Fassina gives you the deets on deploying Netlify Functions with TypeScript.

Yi Ai has another excellent tutorial that shows you how to create an instance scheduler using AWS CDK, a common use case that I’m sure you’ll need to address at some point. You’re also likely going to need to process large S3 files with AWS Lambda, so give that one a look as well.

Simran Kaur Kahlon shows you how easy it is to setup an AWS Private API using Serverless Framework, and if you need multiple API versions in serverless microservices, Venkatachalam Dekshinamurthy will tell you how he does it (without using Route53).

If you’re ready to go with Go in Lambda, you might find this Ultimate Guide by Sebastian Karasiewicz handy. For something a little less involved, take a look at Adis Kovacevic’s post on how to add Algolia Search to Firestore using a cloud function.

When you need some serverless security best practices… ๐Ÿ”’

ICYMI: Serverless Security Strategies – A Recorded Session with AWS Principal Engineers
AWS Senior Principal Engineers Becky Weiss and Marc Brooker cover the most common areas of vulnerability including misapplied patches and updates, malicious code and runtime security, overly permissive access, and network segmentation, and share the ways that serverless technologies address these areas. This talk gives you a solid understanding of how a serverless security strategy functions technically and how it can be operationalized in your business. Sponsored

In addition to the excellent recommendations from Becky and Marc above, Anthony DiMarco offers up some best practices for serverless endpoints on AWS. For more insights into dealing with serverless security vulnerabilities, hereโ€™s how Cloudflare handles them.

Serverless certainly shifts more responsibility onto the developers, so it’s no surprise that security analysts want more help from developers to improve DevSecOps. After all, “only 15% of respondents said that a majority of developers participate in formal security training.” Couple that with the fact that a recent report showed misconfigured cloud storage services were prevalent in 93% of analyzed cloud deployments, it’s no wonder that the research suggests that cloud breaches will become faster and bigger. If you’re using serverless, you’re already in a much better position.

When you’re looking for some good serverless reads… ๐Ÿค“

Corey Quinn brilliantly explains why multi-cloud is the worst practice. Not only does it force you to choose the least common denominator, but the likelihood of cloud agnostic workloads actually existing, is probably quite slim.

Sheen Brisals extends his theory of thinking and developing serverless applications as “Set-Pieces” in his most recent piece. This ties in nicely with Haim Raitsev’s Monolithic to Microservices post.

David Anderson explains how serverless helps enterprises scale DevOps, and how they did it at Liberty Mutual, while Brian Foody suggests that startups should be โ€œDay Oneโ€ Cloud Native Organizations.

I’m not sure who gave Forrest Brazeal the title of “Cloud bard”, but it’s spot on! He was interviewed on theCube and outlines common paths to failures (and successes) in enterprise cloud native evolutions. Unfortunately, there are no rap battles or cloud ballads performed during the interview. ๐ŸŽน

Ben Ellerby has a great piece on Serverless BI and how serverless helps companies on their path towards data-driven Business Intelligence. And speaking of data, this early Twitter engineer has a suggestion for your next database.

When you’re looking for something serverless to listen to… ๐ŸŽง

I had a great chat with Heitor Lessa on Episode #61 of the Serverless Chats Podcast. We discussed the the Well-Architected Serverless Lens and how best practices are defined, how services are chosen for the serverless lens, and what new services will be added to the Lens this year. You can also watch it on YouTube.

On Episode #23 of the Real World Serverless Podcast, Yan Cui talks with Ari Palo about how they do serverless at Alma Media and the third-party development tools they use to optimize their workflow.

When you’re curious what’s new with AWS… ๐Ÿ†•

AWS AppSync releases Direct Lambda Resolvers for GraphQL APIs, which we already mentioned, but it’s so cool that it deserves to be mentioned again. I’ve got nothing against VTL, but if you are rapidly prototyping something, this just feels like an easier way to get started. Ed Lima does a better job explaining it than I can.

AWS Lambda now provides IAM condition keys for VPC settings so you can ensure that users can only deploy functions connected to one or more allowed VPCs. Julian Wood gives some good use cases for it and why it might be right for you.

I just found out that Amazon API Gateway HTTP APIs now support wildcard custom domain names, which I didn’t realize wasn’t possible before they announced this. I’ve still yet to make HTTP APIs my go-to flavor of API Gateway. ๐Ÿฆ

In AWS ML news, Amazon Transcribe launches custom language models to let you add “out-of-lexicon terms.” In my experience, that includes most words in the English language ๐Ÿ˜ฌ, but I’m sure it’s getting better all the time. Plus, Amazon Lex launches accuracy improvements and confidence scores, which will allow you to use business logic to help clarify intents. And AWS Step Functions adds support for Amazon SageMaker Processing with help from the Step Functions Data Science SDK. So that’s another thing I’ll add to my “probably need to learn this someday” list.

When you need some helpful serverless tools… ๐Ÿ› 

Neiman Marcus open sourced a Serverless Framework Plugin that gives you better control over Provisioned Concurrency Autoscaling.

Dynatron is a new NPM package that can “bridge between AWS DynamoDB Document Client and real world usage.” Gevorg Galstyan explains that this can find missing optimizations and hidden issues that are very hard to catch. Sounds interesting to me.

Midway Serverless is a “serverless framework used to build Node.js cloud functions and it helps you significantly reduce maintenance costs and focus more on product development in the cloud-native era.” Who doesn’t need another serverless framework? ๐Ÿ˜€

Serverless Jobs ๐Ÿ‘ฉโ€๐Ÿ’ป Sponsored

Serverless Engineer – stedi.com
At Stedi, we’re working in one of the biggest markets on the planet โ€“ EDI, the technological backbone of the physical product economy. Weโ€™re building a next-generation platform: a ubiquitous commercial trading network to automate the trillions of dollars in B2B transactions exchanged by nearly every company on Earth. If you’re interested in what we’re building and how weโ€™re building it, we’d love to hear from you.

Have a job listing you’d like to share? Please contact me for more information.

Upcoming Serverless Events ๐Ÿ—“

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

September 1, 2020 – Deliver Business Value Faster with AWS Step Functions

September 3, 2020 – ServerlessDays Warsaw

October 1-2, 2020 – ServerlessDays Hamburg 2019

Serverless Star of the Week โญ๏ธ

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This weekโ€™s star is George Mao (@georgemao). George is the WW Technical Leader for Serverless Computing at AWS. He is a regular speaker at AWS Summits, re:Invent, and various tech events. George also contributes to open source projects and works with customers to design their applications in the cloud. Thanks for all of your contributions and work on serverless, George! ๐Ÿ™Œ

Final Thoughts ๐Ÿค”

So, for those of you that have been around for a while, you may have noticed that I changed the format of the newsletter a bit. I’ve received a tremendous amount of feedback from a lot of you (which I greatly appreciate), and I’ve tried to start incorporating some of your suggestions. The biggest issue for me with the old format was that it had become terribly limiting, and in many cases, didn’t give me an opportunity to add the right amount of context. I have many more thoughts and ideas on additional changes that I plan on making (which I’ll share in a blog post soon), but I’m a sucker for feedback, so I’d love to know your thoughts.

I hope you enjoyed this newsletter. We’re always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email.

Take care,
Jeremy

Previous Issue

Issue #101August 4, 2020

Sign up for the Newsletter

Stay up to date on using serverless to build modern applications in the cloud. Get insights from experts, product releases, industry happenings, tutorials and much more, every week!

 

This Week's Top Links

We share a lot of links each week. Check out the Most Popular links from this week's issue as chosen by our email subscribers.

 

This Week's Sponsors

Check out all our amazing sponsors and find out how you can help spread the #serverless word by sponsoring an issue.

 

About the Author

Jeremy is an AWS Serverless Hero that has a soft spot for helping people solve problems using serverless, and frequently consults with companies and developers transitioning away from the traditional โ€œserver-fullโ€ approach. You can find him ranting about serverless on Twitter, in several forums and Slack groups, the Serverless Chats podcast, and at (virtual) conferences around the world.

 

Nominate a Serverless Star

Off-by-none is committed to celebrating the diversity of the serverless community and recognizing the people who make it awesome. If you know of someone doing amazing things with serverless, please nominate them to be a Serverless Star โญ๏ธ!