October 22, 2019
Welcome to Issue #60 of Off-by-none. Thanks for joining us! 👋
Last week, we shared some AWS re:Invent news and learned how AWS built a production service using serverless technologies. This week, we look at options for function composition, introduce some new serverless platforms, and share lots of great serverless content from the community.
☝️Also, don’t forget to register for the #ServerlessForEveryone Community Party @ AWS re:Invent 2019. We’ve got lots of great guests and some amazing sponsors (Stackery, Thundra, AWS, CloudZero, Lumigo, Protego, and Serverless, Inc). I hope you’ll join us for a night of serverless camaraderie!
Plenty to get to this week, so let’s jump in! 🏊♂️
It’s been awhile, but I was finally able to sit down and write a new serverless blog post. The Dynamic Composer (an AWS serverless pattern) is a serverless pattern that utilizes asynchronous invocation chaining of Lambda functions. Yes, it’s Lambdas calling Lambdas, but as the post outlines, there are several reasons why you might favor this pattern over using AWS Step Functions.
There are also a number of guarantees that come with asynchronous invocations. If you design your functions to allow errors to bubble up to the Lambda service, you get automatic retries, error handling, durability and replay, and even throttling management. Take a look at the post and let me know your thoughts.
So this is really interesting. Zoho, the company that has like 40 different SaaS apps, apparently has been building them all on a serverless backend. Now, they are offering developers the ability to use their tools and infrastructure to build your own serverless applications.
This thing looks like a super-charged IFTTT. I watched the video and the interface is very impressive. I’m not sure if you would use this to build an entire serverless application, but for a number of workflows, this could be a useful tool.
Introducing Twilio’s SOCless: Automated Security Runbooks
This is very cool. Twilio’s SecOps team has spent the last several years working on automating cloud security workloads and codifying them in “runbooks.” They’ve now made this open source so that you can implement the same level of security automation and threat intelligence in your AWS environments. It’s also 100% serverless (running on Lambda and Step Functions) and it use the Serverless Framework.
A Different Lens to Monitor your Serverless Architecture: Operations Search!
Here’s another nice feature that Thundra has introduced. You can now capture, monitor, and search for errors that occur against non-function resources from the resource’s perspective. This gives you the ability to see which resources (like DynamoDB, SQS, etc.) had failed calls, instead of needing to find the function or service that made the initial call.
Announcing: Epsagon, First Provider of Distributed Tracing for AWS AppSync
More good stuff from Epsagon. Now you can monitor and see traces for AWS AppSync with no coding changes or agents.
Serverless App from Design to Production: A Case Study
Tariku Tessema wanted to learn more about serverless and get a better understanding of the implementation. So he started working on a Roku Channel app that displays a screensaver of photos submitted via text message, and he’s been documenting it.
RepairApp: A serverless overview
Kim Lauwers discusses how his team at Kunlabora built the RepairApp. Lots of good detail in here about their decision making process and their architecture.
Deploying Code Faster with Serverless Framework and AWS Service Catalog
This is a really great use of the AWS Service Catalog. This post outlines how GoDaddy used the Serverless Framework along with the AWS Service Catalog to quickly and securely deploy standardized serverless templates.
Serverless Orchestration with AWS Step Functions: Lessons Learned
Fatlum Vranovci outlines a very good use case for Step Functions and why his team chose them over simple function chaining.
Build a real-time voting application
This is an incredibly in-depth tutorial that shows you how to build a realtime voting application using IBM Cloud Functions, IBM Cloudant, Twilio, and PubNub. Plus, it’s a great serverless use case.
Cron job on a Nodejs Express Serverless app using AWS CLI
Here’s a simple use case for serverless: using it to run cron jobs.
What are facets in NoSQL Workbench for Amazon DynamoDB
If you haven’t played around with the NoSQL Workbench for Amazon DynamoDB yet, you really should. And if you’re a bit confused by facets, this post will help clear things up for you.
Serverless circuit breakers with Durable Entities
I love the Circuit Breaker pattern, and with the near-limitless scale of serverless applications, the need for it greatly increases. Jeff Hollan explains what a circuit breaker is, why you need it, what a typical scenario looks like, and how to implement one with Azure Functions.
Querying DynamoDB by Date Range
I love articles that dive into the details of DynamoDB. Kathy Daniels has a great post that gives you some how-tos for querying and sorting DynamoDB tables by Date Range.
Amazon Aurora Serverless scaling driven by application metrics
Here’s an overview of how scaling works with Amazon Aurora Serverless. There’s also an interesting real world use case in there that utilizes the API to pre-warm your capacity for predictable traffic spikes.
Real world integration testing with Serverless
Chris Andrews has an interesting approach to serverless integration testing. He’s using the
serverless-localstack plugin for service discovery and incorporating the outputs into his tests.
Testing Cloudflare workers
Dani Hodovic is right about testing serverless applications, it’s not always easy, and they’re often hard to debug. In this post, he consolidates and documents all his knowledge for testing Cloudflare workers, so you don’t have to.
Deploying your first AWS Lambda function using Serverless Framework
For those of you that have yet to make the leap, Omal Vindula shows you how to deploy a Lambda function using the Serverless Framework.
How To Build a Serverless API With DynamoDB, AWS Lambda, and API Gateway
I wouldn’t suggest building a serverless API entirely through the console like Andrew Bestbier shows you here, but this post deserves to be included due to the sheer number of screenshots it has! Infrastructure as Code (IaC) is the way to build production serverless applications, but seeing how it’s all configured in the console is likely a useful exercise.
How to Unit Test with NodeJS?
Not specifically targeted for serverless, but knowing how to run unit tests on your serverless applications is super important. The Serverless Guru’s post gives you some of the basics of unit tests, test runners, and testing asynchronous code. And BTW, you can use these same test runners to do serverless integration testing as well.
How to protect APIs with JWT and API Gateway Lambda Authorizer
Mariano Calandra gives you an overview of how API Gateway Lambda Authorizers work, how they fit into a serverless microservices world, and how you can use them to authorize requests with JSON Web Tokens (JWT).
Inside the Capital One Breach, and How to Block It
There’s a short video in here that shows how Tal Melamed (one of Protego’s ethical hackers) is able to execute an XML External Entity (XXE) attack against a Lambda function with a weak XML parser. This is similar to the attack used to breach Capital One. Really interesting stuff.
The State of Serverless, circa 2019
Tim Wagner gives his observations from Serverlessconf NYC along with his thoughts on the current state of serverless, the ecosystem, the friction, and the innovation happening in the space.
Make your business more resilient in the digital age
Excellent post by Ricardo Sueiras that discusses resiliency and chaos engineering in the enterprise world, and more importantly, the things that executives need to be thinking about to ensure continuity for their customers.
Serverless: Adventures in a New Dimension
Richard Forshaw makes a really good case for serverless and offers up some insights into how he sees it. I really like his take on “requests” being a more natural unit of business currency.
The Serverless API Gateway
Interesting article by Wilfred Springer that experiments with CloudFlare Workers to implement the “useful” features of an API gateway. There are some interesting ideas in here, like using the KV store to implement rate limiting.
The (Real) 11 Reasons I Don’t Hire You
Nothing to do with serverless here, but just a really great, honest post from Charity Majors about the hiring process in tech.
Serverless Chats Podcast – Episode #19: Pushing the Limits of Lambda with Michael Hart (Part 2)
In this episode, I continue my talk with Michael Hart about pushing the limits of Lambda. We discuss Michael’s new “yumda” project, how to use Lambda for machine learning hyperparameter optimization, and whether or not Lambdas should call Lambdas.
The 4 pillars of the Serverless First Mindset
This is a great interview with Jared Short from Trek10. He covers his four pillars of the serverless-first mindset, whether or not he thinks Knative is actually “serverless”, and opines on the future of the serverless ecosystem.
Cloud Conformity: Serverless at Scale
A really interesting episode of This is my Architecture. Cloud Conformity is running over 2,000 Lambdas and delivers over 230 million well-architected framework checks a day. Crazy.
Event-driven serverless applications with Amazon EventBridge – AWS Meetup Stockholm October 16 2019
Here are Gunnar Grosch’s slides from his presentation about Event-driven serverless applications with Amazon EventBridge.
Building resilient serverless systems with non-serverless components – Serverlessconf NYC 2019
Here are my slides from my talk at Serverlessconf NYC.
Amazon API Gateway now supports access logging to Amazon Kinesis Data Firehose
This is an incredibly cool (and useful) feature now available in API Gateway. You can take all your API access logs, transform them, stick them in S3, and easily query them with Athena.
Amazon API Gateway now supports wildcard custom domain names
And here’s another cool feature for API Gateway. Custom domains with wildcards will allow you to build all kinds of customer-branded URLs without needing to create separate custom domains.
Amazon CloudWatch now sends alarm state change events to Amazon EventBridge
Amazon EventBridge now integrates with Amazon CloudWatch so that when CloudWatch alarms are triggered, a matching EventBridge rule can execute targets.
Amazon CloudWatch Anomaly Detection is now available in all commercial AWS regions
Another really handy tool that you can add to your CloudWatch metrics. And it’s relatively inexpensive as well. Read more about it here.
Amazon SNS Now Supports Additional Mobile Push Notification Headers as Message Attributes
If you’re using SNS for Mobile Push Notifications, your universe just got a lot bigger.
Analyze Lambda cold starts with lumigo-cli
lumigo-cli keeps adding features, and this new one lets you analyze cold starts for your Lambda functions.
The why, when and how of API Gateway service proxies
API Gateway service proxies can be incredibly powerful for the right workloads. Yan Cui’s latest post explains why and when they make sense, and then introduces the new
serverless-apigateway-service-proxy plugin for the Serverless Framework to make implementing a service proxy super simple.
“Stick to monolith”, “you don’t need kubernetes”, “GraphQL adds unnecessary complexity”, “use boring tech”. On the other hand fancy and shiny tech keeps developers happy and excited. How do you balance these two in a project, that really doesn’t need fancy tech? ~ Maciej Walkowiak
Good discussion on this post from Maciej Walkowiak. I’m a big fan of “shiny and new”, but it has to make sense for the outcome you’re trying to achieve.
The average lifetime of a Lambda run-time between AWS support for it to EOL is 2 years and 23 days (for those that have been given EOL dates so far). The idea of only needing to worry about your code with serverless has some exceptions. #aws_breaking_changes ~ Scott Piper
I get Scott’s point, but at the same time, end-of-life doesn’t mean it’s going to stop working entirely. Plus, if the runtime creators no longer provide security updates for a specific version, I kind of like the fact that my cloud provider is implementing a forcing function to update my runtime.
There are a lot of upcoming serverless events, webinars, livestreams, and more. If you have an event you’d like me to mention, please email me.
October 24, 2019 – ServerlessDays Stockholm
October 30, 2019 – Retail at the Scale of Serverless with AWS – Webinar
October 30, 2019 – Managing Serverless Applications with SAM Templates
November 6-8, 2019 – Serverless Computing London
There is a very long list of people that are doing #ServerlessGood and contributing to the Serverless community. These people deserve recognition for their efforts. So each week, I will mention someone whose recent contribution really stood out to me. I love meeting new people, so if you know someone who deserves recognition, please let me know.
This week’s star is Tim Wagner (@timallenwagner). Tim is a legend in the serverless community. When he was at AWS, he and his team created Lambda, which basically kicked off this whole serverless thing. He’s written several great serverless blog posts, and he’s feared by servers whenever he does a conference talk. He just recently started a new venture that’s working on Serverless Networking, which will open up a multitude of new serverless use cases. Plus, he’s helping other companies in the serverless space as well, and recently joined the board of Stackery. It’s always exciting to see what Tim is working on and what he’ll come up with next. Your contributions to the serverless community have been invaluable, Tim. Thank you for all that you do! 🙌
The pace of innovation in the serverless space is really astounding. I’ve spent the last two months heads down on a new serverless application, and I found myself doing several things differently, following new leading practices, and stripping away lots of boilerplate code in favor of native tools that handle the complexity for me. We still have a long way to go, and my general line of thinking is that serverless is going to get harder before it gets easier. I might have some more thoughts on that soon.
I hope you enjoyed this issue of Off-by-none. Please send me your feedback and suggestions as they help to make this newsletter better each week. You can reach me via Twitter, LinkedIn, Facebook, or email and let me know your thoughts, criticisms, or (perhaps) even how you’d like to contribute to Off-by-none. If you like this newsletter, and think others would too, please do me the honor of sharing it with friends and coworkers who are interested in serverless.
Stay up to date on using serverless to build modern applications in the cloud. Get insights from experts, product releases, industry happenings, tutorials and much more, every week!
Check out all our amazing sponsors and find out how you can help spread the #serverless word by sponsoring an issue.
Jeremy is the GM of Serverless Cloud at Serverless, Inc. and an AWS Serverless Hero that has a soft spot for helping people solve problems using serverless. He frequently consults with companies and developers transitioning away from the traditional “server-full” approach. You can find him ranting about serverless on Twitter, in several forums and Slack groups, hosting the Serverless Chats podcast, and at (virtual) conferences around the world.
Off-by-none is committed to celebrating the diversity of the serverless community and recognizing the people who make it awesome. If you know of someone doing amazing things with serverless, please nominate them to be a Serverless Star ⭐️!