Hi, welcome to another weekly update.
Production-Ready Serverless is live!
It’s been a long time coming, my Manning video course Production-Ready Serverless is officially completed! All postscripts and other course materials have been added to the course. Manning is also running a special promotion for March so that ALL video courses are $25 each, what better time to learn about serverless? ;-)
Welcome PureSec as our sponsor for March!
It is my pleasure to welcome PureSec as sponsor for this month. Here’s a message from PureSec to explain what they’re building and their vision for Serverless security.
PureSec: The Leading Serverless Security Solution.PureSec’s Serverless Security Platform is designed exclusively for serverless applications, and provides an end-to-end application security solution for serverless, which is tightly integrated into the CI/CD process. The platform provides protection for applications using public cloud serverless architecture such as AWS Lambda, so you can ensure that your functions are free from risk and safe from threats at every stage of the application lifecycle.Key platform features:
- Serverless asset inventory and unparalleled real time threat visibility
- Risk management and security posture analysis
- Automatically generates IAM Roles – makes sure your AWS Lambda permissions are least-privileged
- Serverless-focused static analysis for detection and mitigation of weaknesses, vulnerabilities and misconfigurations during development
- Serverless application firewall capable of detecting and stopping event-data injection attacks such as: SQL injection, Cross-Site-Scripting, External XML entities, Runtime code injection, Local file include and Command injections
- ML-based behavioral protection capable of detecting and preventing malicious behavior such as data leakage through outbound network connections, execution of malicious processes, unauthorized access to the file-system
- Integration with SIEM systems and data analysis platforms such as Splunk.
Give PureSec a try and enjoy a 30-days free trial at https://www.puresec.io/get-puresec
Chaos test your Lambda functions with Thundra. I wrote a guest post for Thundra on their new SDK and how you can use its failure injection capabilities to chaos test your function. These tests help you identify weaknesses in your code so that you can patch them before these failure modes actually happen in production. Weaknesses such as missing timeout handling so that slow response from a dependency can cause the function to timeout, or missing error handling or fallbacks.
All three episodes of my mini-series with Forrest Brazeal from Trek10 are now live!
Part 1 – Serverless in production. We spoke about my experience with running serverless in production, my course with Manning and some of the mistakes I see people make when adopting serverless.
Part 2 – Bursting the serverless bubble. We discussed challenges with serverless adoption and what can we do to burst the serverless bubble.
Part 3 – From DevOps to FinDev. We discussed the idea of FinDev. What should the finance department and the engineering organization have in common, and why is serverless a catalyst for this transformation.
I gave a new talk at NDC Porto this week on “How to build a social network on serverless”. In this talk I discussed my journey of migrating Yubl to serverless, and how we were able to improve performance, scalability and time to market. I discussed how serverless technologies such as Lambda are used to implement each part of the system, including search, push notifications, timeline, user recommendations, and business intelligence.
I’m an AWS Serverless Hero and the author of Production-Ready Serverless. I have run production workload at scale in AWS for nearly 10 years and I have been an architect or principal engineer with a variety of industries ranging from banking, e-commerce, sports streaming to mobile gaming. I currently work as an independent consultant focused on AWS and serverless.
Here is a complete list of all my posts on serverless and AWS Lambda. In the meantime, here are a few of my most popular blog posts.
- Lambda optimization tip – enable HTTP keep-alive
- You are thinking about serverless costs all wrong
- Many faced threats to Serverless security
- We can do better than percentile latencies
- I’m afraid you’re thinking about AWS Lambda cold starts all wrong
- Yubl’s road to Serverless
- AWS Lambda – should you have few monolithic functions or many single-purposed functions?
- AWS Lambda – compare coldstart time with different languages, memory and code sizes
- Guys, we’re doing pagination wrong