Off-by-none: Issue #183

April 5, 2022

Only have a few minutes? Check out this week's MOST POPULAR links as chosen by our email subscribers.

Thinking about Serverless Security 🔒

Welcome to Issue #183 of Off-by-none! This issue is sponsored by our friends at Courier, Conclave, and Lumigo.

In our last issue, Lambda got a storage upgrade, Serverless Cloud went Full Stack, and PlanetScale added Rewind. This week, AWS starts to treat accounts like cattle, we think about the future of WebSockets, and we top off our serverless Kool-Aid. Plus, we have some amazing content from the serverless community.

Before we begin, check out this video on How to Improve or Rebuild a Modern Product Notification System. Sponsored

Serverless News & Announcements 📣

AWS announced that AWS Organizations now provides central AWS account closure to enable easier end-to-end account lifecycle management. Sounds great (and rightfully excited some), but the emphasis should be on the word “easier” here. There are still limits to the number of accounts that can be closed over a 30 day period, and while I appreciate this as a first step, AWS accounts under AWS Organizations need to be completely disposable.

In financing news, Docker (remember them?) raised a $105M Series C to build better tools for serverless, WASM, and Web3. Note the buzzword soup if you’re looking to raise money for your startup. 🙄

Garden.io raised $16M in Series A funding to keep building out their end-to-end testing framework for the cloud, tech which is clearly needed. And Pinecone announced a $28M Series A for a purpose-built serverless database aimed at data scientists.

Fastly bought Fanout, a company that was working on real-time and streaming APIs to reduce the complexity of things like WebSockets. The edge space is incredibly fascinating, and these are the right types of strategic moves by Fastly. I’ll say it again, keep your eye on them.

In other really interesting “edge” news, Cloudflare announced the end of the road for CAPTCHAs on their platform (sort of). We all hate selecting the boxes with streetlights, and apparently Cloudflare does, too, so they are taking a new approach that uses telemetry from the interaction to determine if they need to challenge the user. I wish AWS would take a similar approach, because it generally takes me two tries to pass their CAPTCHA when signing into the console.

And there was even more “edge” news with the introduction of the new Azure Front Door offering from Microsoft. The new version now supports “modern architecture”, “fast global delivery”, and “intelligent security”, basically all the things you’d expect from an Edge provider. And in true Microsoft style, you can still use “Azure Front Door (classic)” and “Azure CDN from Microsoft (classic)” if you’d like to actually see the pricing.

A new company called Fintechless says it’s building “The Serverless Platform for Financial Institutions and Fintechs.” A couple of weeks ago we also saw Solodev launching a “Serverless Health Cloud.” I find these emerging vertical-specific serverless offerings to be quite interesting, especially since the complexity (and compliance requirements) of bespoke solutions in these verticals can be quite high.

And finally, I published a post introducing the Serverless Cloud Full Stack Experience that we launched the other week. It is some really cool stuff that is flipping full stack development on its head, and my team would love to hear your feedback.

Serverless Concepts 🏗

Lumigo | AWS Lambda Monitoring Platform | Get set up in minutes Sponsored

Ayooluwa Isaiah has an excellent introduction to AWS CloudFront Functions that you should check out. And if you’re wondering about performance, Paul Foryt wrote an in depth piece that compares CloudFront Functions to CloudFlare Workers and Lambda@Edge.

Danny Reed has some ideas for implementing debounce in event-driven serverless applications. These solutions get complicated quickly, and while there might be other ways to solve this (like with batch or tumbling windows), this is one of those DX things that drives me nuts. Same goes with Brian Foody trying to schedule post deployment actions as part of a CloudFormation deploy. These things shouldn’t be this hard.

Since we should always be thinking about the security of our apps, this post on the importance of security in serverless technologies provides a good primer (or reminder for those that keep forgetting 😉.)

Daniele Frasca is going down the multi-region road with a new series, and I truly hope it won’t be sugar-coated. Multi-region is really, really hard to do well, so don’t let anyone tell you it’s not. Anyway, godspeed Daniele, and I look forward to following along with your journey.

Matthew O’Riordan wrote a piece on the challenge of scaling WebSockets. It’s not a bad outline of the problem, and for those thinking about building real-time apps at scale, it should sufficiently raise your blood pressure. There is a big opportunity for innovation here, which is why the latest move by Fastly is interesting, and why other “notification” companies like Courier could play a significant role.

Here’s a super handy list of 10 CloudWatch Logs Insights examples for serverless applications from Tomasz Łakomy, and 5 specific ways to level up your Step Function workflows from Rawad Haber.

I also came across this post from Loïc Mathieu on 2nd gen Google Cloud Functions and I learned that you can create functions that will receive events in the Cloud Events specification format, not the proprietary Google Cloud format. I don’t know how useful that really is right now, but makes me wonder if other CSPs will follow suit. Expectations remain low.

Serverless Tutorials 👷‍♀️

Here are a few tutorials to level up some of your serverless skills.

Vishal Dhameliya shows you how to use an AWS API Gateway Step Function integration with exception handling, Allen Helton explains how to build lightning fast APIs with AWS Step Functions, and Daniel Fyhr shares how to send emails only once with AWS Step Functions.

And for you security-minded folks (that should be all of you), Dustin Whited shows you how to do auto remediation with Eventbridge, Step Functions, and the AWS SDK Integration.

Netanel Basal says ‘Yes’ to Yup (and Middy) to perform simple schema validation for Node.js Lambda handlers, Daniele Frasca gives you some alternatives for implementing serverless geolocation, and John Taylor shows you how to build highly scalable serverless WebSocket infrastructure on AWS.

Privacy Preserving, Serverless Compute
Conclave Cloud is coming soon! A new confidential computing platform providing a serverless execution environment with built-in privacy-preserving features using Intel SGX. Host, execute, and scale your stateless functions on demand whilst ensuring your data is always encrypted—even during processing. Be the first to try it. Sign up for early access. Sponsored

Serverless Reads 🤓

Brent Mitchell says that after 5 years, he’s out of the “serverless compute cult.” I mentioned this on Twitter and the responses were pretty consistent: garbage in, garbage out. While I can certainly empathize with many of the challenges mentioned, most of this comes down to bad development practices that aren’t specific to serverless. Has serverless been overhyped? Sure, what new technology hasn’t been? But the reality is that you’re probably already using serverless in some form or another in your cloud applications (most likely with managed services). If you’re not, well then good luck to you, buddy!

And if you’re not convinced by my rambling, have a look at how well it’s going for the BBC Online.

Daniele Frasca wrote a fictional tale of migration to serverless, Louis Latreille shared his journey with Pulumi and the Serverless Framework, and Zachary Przybilski used 11ty to bend time.

Shawn “swyx” Wang discusses the Third Age of JavaScript, and gives some pretty thorough analysis into the programming language that everyone seems to love to hate (maybe even more than PHP).

Podcasts, Videos, and more 🎧

On Serverless Chats Episode #131: Security in the Cloud, Rebecca and I chat with Merritt Baer and Megan O’Neil about how to think about security choices around services and resources in the cloud, the need for leadership and education, how serverless extends the shared security model, and so much more.

Marcia Villalba shows you how to manage dependencies using AWS Lambda Layers with NodeJS and AWS SAM, ShreyTheCray interviewed Gareth McCumskey to talk about the Serverless Framework, and the Serverless Craic team asks what should a Modern CTO do on the modern cloud?

And finally, Sam Williams asks if AWS Amplify is better than the Serverless Framework?

New from AWS 🆕

Here are some highlights from AWS this past week:

Upcoming Serverless Events 🗓

If you have an event, webinar, etc. that you’d like me to mention, please email me.

April 4–6, 2022 – Serverless Architecture Conference

May 3–5, 2022 – Reactathon 2022 & Serverless in the Park

June 22, 2022 – ServerlessDays Paris 2022

June 24, 2022 – ServerlessDays New York 2022

Serverless Star of the Week ⭐️

There is a very long list of people who are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please nominate them.

This week’s star is Clare Liguori (@clare_liguori). Clare is a Senior Principal Engineer for AWS Container Services. In December 2020, she led the creation and development of the new AWS Proton application deployment service. Previously, she worked in AWS Developer Tools building AWS CodeBuild and AWS CodeCommit. Clare has contributed to several open source projects, including AWS Cloud Development Kit (CDK) and Spinnaker, a multi-cloud continuous delivery platform. Thank you, Clare, for your amazing contributions to the community, and congrats on the recent promotion!

Final Thoughts 🤔

Phew, that was a lot to get through, but I hope we all learned something new. And speaking of learning, don’t forget to sign up for email updates on my upcoming DynamoDB modeling course. I’ll be announcing the launch date soon!

Have a great week,
Jeremy

I hope you enjoyed this newsletter. We’re always looking for ideas and feedback to make it better and more inclusive, so please feel free to reach out to me via Twitter, LinkedIn, Facebook, or email.

Previous Issue

Issue #182March 29, 2022

Next Issue

Issue #184April 12, 2022

Sign up for the Newsletter

Stay up to date on using serverless to build modern applications in the cloud. Get insights from experts, product releases, industry happenings, tutorials and much more, every week!

 

This Week's Top Links

We share a lot of links each week. Check out the Most Popular links from this week's issue as chosen by our email subscribers.

 

This Week's Sponsors

Check out all of our amazing sponsors and find out how you can help spread the #serverless word by sponsoring an issue.

 

About the Author

Jeremy is the CEO and Founder of Ampt and an AWS Serverless Hero that has a soft spot for helping people solve problems using serverless. He frequently consults with companies and developers transitioning away from the traditional “server-full” approach. You can find him ranting about serverless on Twitter, in several forums and Slack groups, hosting the Serverless Chats podcast, and at conferences around the world.

 

Nominate a Serverless Star

Off-by-none is committed to celebrating the diversity of the serverless community and recognizing the people who make it awesome. If you know of someone doing amazing things with serverless, please nominate them to be a Serverless Star ⭐️!