November 27, 2018
Welcome to Issue #13 of Off-by-none. We’re coming to you LIVE from AWS re:Invent in Las Vegas!
Last week we looked at some clever use cases for Step Functions, revisited serverless microservices, and made the serverless case for startups. This week we rethink serverless+RDBMS, challenge the objections of laggards, protect ourselves from DoS and other attacks, and of course, look at some new AWS product launches.
So many amazing things to get to today, so let’s jump right in!
Many of us wished for RDS HTTP Endpoints, and the other day, AWS announced that you can now access your Amazon Aurora Serverless Database with the New Data API (Beta). No VPCs, no connection management, and automatic scaling with Aurora Serverless. Almost sounds too good to be true. 😳
And… it sort of is (for now). In Aurora Serverless Data API: A First Look, I share the results of a few experiments I ran as well as some of my initial thoughts on the implementation. TLDR; The latency is really bad and this isn’t ready for primetime. But like all things AWS, it’ll get much better before GA.
Is RDBMS in serverless applications even a good idea? Paul Johnston shares his thoughts on Serverless and Data Rigidity and argues that other technologies (like NoSQL) have removed the need for them. He’s not wrong, but there are still plenty of use cases that relational databases work well for. One thing we can definitely agree on: AVOID ORMs! 🙌
Serverless, Inc. is wrapping up #NoServerNovember with the re:Invent serverless virtual hackathon. Build a serverless app for a non-profit, feel good about yourself, and win some swag.
If you want to get a bit more complex, try building a chat application using AWS AppSync and Serverless.
Are you writing your code in Python? AWS SAM CLI just introduced the sam build Command that lets you easily package all your dependencies. Or you can learn How To Package External Code In AWS Lambda Using the Serverless Framework.
James Beswick outlines five common objections to adopting serverless in his new post, Scared Serverless — How do you handle opposition from your IT group? Lots of ammunition in here if you find yourself needing to defend your (very wise) decision.
If they’re still not convinced, maybe this Twitter thread will help. Simon Wardley says, “The overwhelming output of most businesses is waste. Serverless is way larger than you think. More significant than cloud was.” It’s definitely worth the read (plus there’s maps).
Avi Shulman from PureSec wrote a great post on Lambda DoS Mitigation Strategies. See how different invocation types and retry policies can be leveraged by attackers to wreak havoc on your serverless applications. Lots of practical tips in here including a number of best practices and tips to minimize your exposure.
Want to add even more security to your serverless app? Amazon API Gateway has added support for AWS WAF, which means no more creating regional endpoints and using your own CloudFront distribution. It still won’t prevent event injection, but it’s a good start.
And just when you think that
npm audit will protect you from third-party package vulnerabilities, we discover another widely used open source software that contained a bitcoin-stealing backdoor. Luckily it only has 2 million weekly downloads. 🤦🏻♂️ A friendly reminder to minimize dependencies in your serverless applications.
There’s only been one full day of re:Invent and AWS has already announced a number of products and services that are pushing serverless to a whole new level. I’ve heard a lot of whispers, so expect many more to come over the next few days. 🤘🏻
There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.
This week’s star is Chris Munns (@chrismunns). Chris is a Principal Developer Advocate for Serverless at Amazon Web Services and a great resource for anyone working with (or interested in) serverless. He’s a regular speaker at events, an AWS blog contributor, a host on Serverless Bytes, and he also puts on the occasional webinar. Even though he works for AWS, he’s a huge advocate for serverless computing in general and will always jump into a good debate on Twitter. This week he’s not only giving a number of talks at re:Invent, but also finding some time to spend with members of the serverless community.
The buzz around serverless at re:Invent is absolutely amazing. Every session I’ve attended so far has been bursting with people that are either already using it in production, or are hoping to start. I know we are in a bit of bubble here, but it’s clear that AWS is continuing to make massive investments in serverless technologies and wants to continue to be the market leader. Exciting times ahead.
I hope you’ve enjoyed this issue of Off-by-none. Your feedback and suggestions are always welcome and much appreciated. It helps me make this newsletter better each week. Please feel free to contact me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, and if you’d like to contribute to Off-by-none.
Go build some amazing serverless apps and enjoy the rest of re:Invent! ⚡️
I’ll be here all week, 😉
P.S. If you liked this newsletter, please share with your friends and coworkers. I’d really appreciate it. Thanks!
Stay up to date on using serverless to build modern applications in the cloud. Get insights from experts, product releases, industry happenings, tutorials and much more, every week!
Check out all our amazing sponsors and find out how you can help spread the #serverless word by sponsoring an issue.
Jeremy is an AWS Serverless Hero that has a soft spot for helping people solve problems using serverless, and frequently consults with companies and developers transitioning away from the traditional “server-full” approach. You can find him ranting about serverless on Twitter, in several forums and Slack groups, the Serverless Chats podcast, and at (virtual) conferences around the world.
Off-by-none is committed to celebrating the diversity of the serverless community and recognizing the people who make it awesome. If you know of someone doing amazing things with serverless, please nominate them to be a Serverless Star ⭐️!