Off-by-none: Issue #38

May 21, 2019

Introducing Serverless Chats… 🎙

Welcome to Issue #38 of Off-by-none. Thanks for being here! 🙌

Last week we looked at a number of exciting updates to the Serverless Framework and the AWS Lambda Node.js runtime. This week, we’re introducing the new Serverless Chats Podcast, we take on some serverless contrarians, and we share a ton of great content from the serverless community.

Another busy week for serverless. So let’s get to it. 💥

When you like chatting about Serverless… 🎙

Talking to other people about serverless is one of my favorite things to do. It seems that no matter whom I talk to, I always learn something new. Whether it’s an unknown product feature, an interesting architectural pattern, or simply a validation of the way I was approaching something, the takeaways are always incredibly helpful. The more conversations I have with smart people, the better I become at understanding the nuances of serverless and the possibilities that come with it. I want to have more of those conversations, and I want to share them with you!

For the last few months, I’ve been working to create a new podcast that will do just that. Today, I am excited to announce Serverless Chats! Each week, I’ll be joined by an expert guest to geek out on all things serverless. We’ll have detailed discussions about serverless architectures, best practices, monitoring and observability, tooling, security, and so much more. I have a number of amazing guests lined up, and I’m looking forward to sharing the first episode on Monday, June 17th.

Serverless Chats serves as a way to bring those in the serverless community together. The podcast aims to introduce serverless newcomers to new ideas and perspectives, and invite serverless veterans into the dialogue and to investigate the nuances of the craft. For more information (and to sign up for the mailing list), visit the show’s website at ServerlessChats.com. You can also follow the show on Twitter at @ServerlessChats. This is going to be a lot of fun, and I’m really hoping you’ll join me and spread the word.

Serverless News & Product Announcements 📢

Registration for AWS re:Invent 2019 is now open!
AWS’s massive developer conference is scheduled for December 2-6, 2019 in Las Vegas. I went last year and it was amazing, so I’ll definitely be there in 2019 (this time as an AWS Serverless Hero). 😊

Get ready to write — Workers KV is now in GA!
Workers KV is a highly distributed, eventually consistent, key-value store that spans Cloudflare’s global edge. It allows you to store billions of key-value pairs and read them with ultra-low latency anywhere in the world. 😳 Wow.

Collaborating for Serverless Observability on Thundra!
Thundra announced “Team Support” this past week. You now have the ability to collaborate with teammates over your serverless architectures while troubleshooting, debugging, or just monitoring. Great stuff!

Announcing Modules for AWS Lambda – NodeSource
N|Solid for AWS Lambda continuously scans your projects for existing security vulnerabilities, license concerns, code risk and code quality. It also checks packages from the npm registry and computes a score based on a number of weighted criteria.

Serverless Use Cases 🗺

Colorise your cat pics with Serverless!
I can’t think of a better use case for serverless than to colorize pictures of cats. Alex Ellis shows you how to do it with OpenFaaS.

Create Twitter Image Recognition Bot with Serverless and AWS
Maciek Grzybek gives us a complete tutorial for using serverless to recognize images from Twitter.

Tracking and Reminders in AWS Amplify
Jan Hesters shows us an incredibly powerful use case using Amplify Analytics and Amazon Pinpoint to reengage customer based on their app usage. Very, very cool.

Building a Multi Streaming Alexa Skill with the Alexa Skills Kit
Creating voice skills is a perfect serverless use case. Yi Ai shows us how to build a straightforward radio skill with Lambda and DynamoDB.

Building a Serverless Lumen API with AWS Lambda and DynamoDB
PHP on Lambda, sure, but what about using Laravel? Pietro Iglio shows you how to use the Lumen “micro-framework” to deploy your very own Laravel-esque API.

Querying CSV files using S3 Select
This is another really great use case when you need to run simple queries against static files in S3. Dhaval Nagar gives you the basics and shows you a sample Lambda function to access this programatically.

When you’re thinking about going serverless… 🤔

AWS Lambda Pricing: Low, But Unpredictable
In my experience, serverless reduces the TCO of your applications, but this short piece by Katy Stalcup does point out a valid concern. Probably not a big deal for startups, but larger companies might not be as comfortable using the OPEX approach.

3 ways serverless is a game changer
You probably already knew these, but Lee Atchison from New Relic gives you three compelling reasons to go serverless.

How To Create Serverless API Functions With AWS Lambda
If you’ve never used serverless before and you want a really basic “Hello World” tutorial, this should get you started.

Serverless Tutorials 🏗

Enterprise CI/CD on AWS: a pragmatic approach
According to Forrest Brazeal, nobody cares how cool your CI/CD pipeline is. Well, the examples he gives in this post are pretty darn cool. So I care. 😉

Using the Serverless framework to deploy hybrid serverless/cluster workflows
Rustem Feyzkhanov teaches you how to build hybrid workflows using AWS Step functions, AWS Batch, AWS Fargate, and AWS Lambda using the Serverless Framework.

Using AWS CloudWatch Insights to fine tune your Lambda functions
Over provisioning your Lambdas probably isn’t go to break the bank right away, but Kyle Galbraith gives you a few tips on how to optimize the cost, especially once you start getting some significant usage.

Using multiple authorization types with AWS AppSync GraphQL APIs
AWS AppSync now allows you to use multiple authorization types with GraphQL APIs. This post runs through all the technical details of implementing it.

A self-healing Kinesis function that adapts its throughput based on perform
Yan Cui shares how he helped a client create a Kinesis ingestion pipeline that automatically updates its batch size based on current throughput.

AWS SAM + Cloudformation macros, a patch made in heaven
I think I need to create a “Yan Cui” section of my newsletter! In this post, he shows you how to use CloudFormation macros to customize a SAM template’s behavior. It’s a complex workaround, but sometimes they are necessary.

Building a To-Do List with Workers and KV
What can you do with a massively scalable Key-Value store that’s globally distributed to the edge? Build a To-Do list app, of course!

Serverless Security 🔒

Exploiting Common Serverless Security Flaws in AWS
Chris McQuaid has an excellent post that outlines a number of possible exploits that you should watch out for, and how to mitigate them.

Event-driven Security Remediation with AWS Auto Remediate
Marat Levit and Jay Kim have developed an open source application to perform automatic security remediation based on compliance events from AWS Config. And it’s completely serverless.

Yes, there are security ramifications to serverless computing
I think there are some good arguments in here, but serverless has a default security posture that is very, very good. Application security best practices obviously still apply.

Serverless Authentication with AWS Lambda@Edge & Auth0
Brandon Wallace has a great piece that shows you how Expero uses Lambda@Edge to authorize users at the edge instead of at the API Gateway level. Great use case and an interesting way to separate security from your underlying applications.

Serverless Reads 🤓

The Best of Both Worlds with AWS Fargate
Wow, Fargate has been getting a lot of attention lately. Here’s another post that explains more about the services and how it can fit into your overall serverless solution.

AWS Lambda Node.js 10 Support and Benchmark
Here’s something interesting. Ran Ribenzaft from Epsagon ran some benchmarks against the Node.js 10.x runtime and it’s actually…slower. Hmm. 🐢

Lambda and Kinesis – beware of hot streams
Yan apparently doesn’t sleep, he just writes amazing blog posts all the time. In this piece, he shows us how Kinesis Analytics can be used to fan out events to specialized streams.

The Urlist — An application study in Serverless and Azure
Burke Holland and Cecil Phillip have launched a new serverless app (The Urlist), and they wrote an excellent piece about how they built it, the challenges they faced, and what they learned. It’s a cool app, too.

Why Serverless Won’t Replace Traditional Servers
This week on Opposing Viewpoints… 😉 For now, yes, there are workloads that serverless doesn’t excel at, but that was true for when the “cloud” first started, too. Serverless has come a long way, and as I have said before, current limitations are just tomorrow’s AWS announcements.

What makes Google Cloud Platform unique compared to Azure and Amazon
Here is another interesting piece worth reading. I personally think Google’s approach to serverless (i.e. containers) is adding too many layers of abstraction. The closer we can get to the metal, the better, at least IMO. I’m also not sure I agree that AWS and Microsoft haven’t approached “cloud transitions” effectively. I’m pretty sure that Amazon Outpost is still a thing.

Thoughts from Twitter… 🐦

Speaking of not loving the way the new nodejs10.x runtime bootstrap JS is written, turns out there’s a bug in it that prevents your handler from ever being called if you have events in the event loop (eg, setInterval). ~ Michael Hart
The release of Node.js v10.x in Lambda has raised a few concerns. Michael’s thread is a great read to see some of the issues (including with the logger) that have been discovered.

Look, I really try to be nice when people make Medium posts that aren’t really accurate because we’re all learning. However, I don’t try as hard when the article is hidden behind a company’s name instead of a particular engineer. This article is bad. ~ Richard Boyd
My mother taught me that whole “if you don’t have anything nice to say” bit when I was a kid, but I have to agree with Richard on this one. This thread points out quite a few misrepresentations made with this post.

It took us 4.5 years, but we finally hit the AWS Lambda code storage limit (75 GB) in one account/region. Unfortunately, the AWS Limit Monitor (AWS Solution) did not warn us, because the AWS Lambda code storage limit is not one of the limits checked by the AWS Trusted Advisor. ~ Eric Hammond
Sorry, Lindsay Lohan, but in this case, the limit does exist. Eric shares the issue he ran into, the possible solutions, and the stellar response from AWS’s customer service to help them resolve the issue.

When you don’t feel like reading… 🍿

Start Right: Automate Your Serverless Application Deployments Using AWS SAM
This is a great video from Eric Johnson that shows you step-by-step how to create an automated CI/CD pipeline.

Using AWS Rekognition from AWS Lambda
Marcia Villalba has another video that shows you how to build a serverless application that uses Rekognition to detect cats. Yes, more cats. 🐈

DevOps Defined – DevOps and the Serverless World
Tom McLaughlin, the founder of ServerlessOps, discusses the future of DevOps and the move to a serverless world.

“Ancient Wisdom” – FaaS and Furious
Forrest Brazeal shares some “Ancient Wisdom” in his latest FaaS and Furious cartoon.

When you want to know what AWS has been up to… 👩‍🚀

AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs
AWS AppSync now supports configuring more than one authorization type simultaneously for GraphQL APIs. For example, you can configure your GraphQL API to authorize some schema fields using OpenID Connect (OIDC), while authorizing other schema fields through Amazon Cognito User Pools and/or AWS Identity and Access Management (IAM).

Amazon Transcribe now supports Hindi and Indian-accented English
This brings the total number of languages and dialects supported up to lucky number 13. 🦇

Amazon SNS Adds Support for Cost Allocation Tags
New SNS tagging support is a great addition. Now you can apply fine-grained monitoring to SNS topics and associate the costs with specific serverless workloads and client applications.

Amazon GuardDuty Adds Two New Threat Detections
GuardDuty is a great way to monitor your AWS accounts for suspicious activity. This new update adds a PrivilegeEscalation alert that can show if an IAM User is granted Administrative Permissions. Super helpful for monitoring IAM roles for serverless deployments.

Upcoming Serverless Events 🗓

There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.

May 22, 2019 – Building Event-Driven Serverless Apps with AWS Event Fork Pipelines. Hosted by James Hood.

May 25, 2019 – Webinar: Comic Relief’s Journey to Serverless for Red Nose Day (IOpipe)

May 29, 2019 – Build On Serverless, hosted by Heitor Lessa (with me as a guest)

May 29, 2019 – Webinar: Running Serverless with Full Observability (Thundra)

June 4, 2019 – ServerlessDays Tel Aviv.

June 11-12, 2019 – Designing Serverless Architecture with AWS Lambda with Yan Cui

June 17, 2019 – Premiere episode of the Serverless Chats Podcast. 🙂

June 21, 2019 – ServerlessDays Milan.

June 25-26, 2019 – AWS re:Inforce. I’ll be doing a Dev Chat on Serverless Security.

Serverless Star of the Week ⭐️

There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.

This week’s star is Eric Johnson (@edjgeek). Eric is a Senior Developer Advocate for Serverless at AWS (no, not the Cliffs of Dover guy), and the proud owner of a glorious goatee. But more importantly, he has been putting out some amazing serverless content lately. You can follow his #ServerlessForEveryone hashtag on Twitter, tune into his Building Happy Little APIs Twitch show, or read some of his excellent posts on the AWS Serverless blog. You can tell that Eric is truly passionate about the products he promotes, and the work he’s been doing to share that passion and knowledge with the community is truly appreciated. Thanks, Eric! 👏

Final Thoughts 🤔

First they ignore you, then they laugh at you, then they fight you, then you win. ~ Mahatma Gandhi

Serverless is eating the software world. In my (and others’) experience, it’s cheaper, faster to develop, and allows you to rapidly deliver new features and value to your customers. Which is what really matters. All without worrying about the underlying infrastructure, the scaling capacity, or the operational overhead. Serverless is not a one-size-fits-all solution, and yes, there are still plenty of edge cases that it doesn’t work well for. But I think that anyone who doesn’t see the writing on the wall will be left behind. There is so much more to discuss, so I hope you’ll join me for some Serverless Chats so we can explore the possibilities together.

I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none.

If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless. 👍

See you soon,
Jeremy