You can become a serverless blackbelt. Enrol to my 4-week online workshop Production-Ready Serverless and gain hands-on experience building something from scratch using serverless technologies. At the end of the workshop, you should have a broader view of the challenges you will face as your serverless architecture matures and expands. You should also have a firm grasp on when serverless is a good fit for your system as well as common pitfalls you need to avoid. Sign up now and get 15% discount with the code yanprs15!
I have been working with a US client to build a first-of-its-kind application to manage your consent to share your data amongst healthcare providers in your state. The project falls within HIPAA, so we need to meet all the HIPAA compliance requirements, including having a full history of the user data. To meet that audit requirement we used DynamoDB Streams and Lambda to get the change history out of the main transactional table.
However, we also considered switching from DynamoDB to QLDB. But ultimately we decided that it’s not ready for our use case yet. Big thanks to Matt Lewis for sharing their experience of working with QLDB at DVLA.
For anyone who’s considering QLDB for their project, here are the factors that lead to our decision.
- You get audit history out of the box with the
Select * From History(tableName, startDate?, endDate?) WHERE metadata.id = ...
- It supports more flexible queries than DynamoDB, you’re not limited by Hash + Range key. And there is no need for managing lots of composite keys and secondary indices to support querying on different fields.
- It has built-in support for transactions.
- It supports indices for improving read performance for attribute lookups.
- It’s completely schemaless (yup, don’t even need to specify a primary key).
- It supports nested fields.
- It’s pay-as-you-go, no need to pay for server uptime, yay!
- It uses IAM for authentication and authorization, don’t need to deal with VPCs.
- Its query performance (average ~30ms) is good, if not on par with DynamoDB.
- It has built-in support for optimistic concurrency control. For example, if a read was interrupted by another write, then the Ledger rejects the read and the app has to retry.
- There is no “hard” drop table. Dropped tables are simply marked as “inactive” and can be restored with
- You can stream data changes out to Kinesis in order to popular other read models – e.g. to ElasticSearch to support search features.
- Lots of Partiql operations are not supported yet, but most importantly..
- No support for
Order By, so we can’t implement some of the required sorting in the app
- No support for
LIMIT, so we can’t implement pagination.
- No support for
Historyqueries require the document id, which is generated by QLDB and you only find out AFTER you run
INSERT INTO. This makes querying histories a little awkward… A workaround for this (thanks to Matt Lewis for this tip!) is to capture it after the insert and then run
UPDATEto add the id to the document. Fortunately, this can be done atomically in a transaction.
- No support for conditional checks. Instead, you have to do a read to check if the document already exists, then decide whether to add the document. Fortunately, the read and then write can be done inside a transaction. The optimistic concurrency control ensures there are no race conditions here, and ensures that you don’t end up adding the same document twice.
- You can only have 5 indices per table.
- Indices can only be created when the table is empty.
- Unknown performance at scale without indices.
- Long cold start (the client library needs to init socket pool) time. During testing, this took around 300ms on average.
- No CloudFormation support for table and indices.
- There’s no support for KMS CMKs for server-side encryption, only QLDB-managed KMS keys.
- IAM permission is not granular, it’s just
- While you can export ION documents to S3, there is no way to restore them right now.
- There is no direct integration with AppSync. But this 2-part blog post shows you how to build a reusable Lambda resolver that can make integrating AppSync with QLDB relatively straight-forward.
Although we decided not to go with QLDB for now, it is a very exciting piece of technology that we would love to use in the future. For now, some of these limitations are showstoppers for us. And while it makes some things easier (e.g. implementing audit history) it makes other things more difficult (e.g. implementing conditional checks, backup and restore, and integrating with our AppSync API). All and all, we don’t feel there would be any net gain in terms of development effort and velocity.
Hi, I’m Yan. I’m an AWS Serverless Hero and I help companies go faster for less by adopting serverless technologies successfully.
Are you struggling with serverless or need guidance on best practices? Do you want someone to review your architecture and help you avoid costly mistakes down the line? Whatever the case, I’m here to help.
Skill up your serverless game with this hands-on workshop.
My 4-week Production-Ready Serverless online workshop is back!
This course takes you through building a production-ready serverless web application from testing, deployment, security, all the way through to observability. The motivation for this course is to give you hands-on experience building something with serverless technologies while giving you a broader view of the challenges you will face as the architecture matures and expands.
We will start at the basics and give you a firm introduction to Lambda and all the relevant concepts and service features (including the latest announcements in 2020). And then gradually ramping up and cover a wide array of topics such as API security, testing strategies, CI/CD, secret management, and operational best practices for monitoring and troubleshooting.
If you enrol now you can also get 15% OFF with the promo code “yanprs15”.
Check out my new podcast Real-World Serverless where I talk with engineers who are building amazing things with serverless technologies and discuss the real-world use cases and challenges they face. If you’re interested in what people are actually doing with serverless and what it’s really like to be working with serverless day-to-day, then this is the podcast for you.
Check out my new course, Learn you some Lambda best practice for great good! In this course, you will learn best practices for working with AWS Lambda in terms of performance, cost, security, scalability, resilience and observability. We will also cover latest features from re:Invent 2019 such as Provisioned Concurrency and Lambda Destinations. Enrol now and start learning!
Check out my video course, Complete Guide to AWS Step Functions. In this course, we’ll cover everything you need to know to use AWS Step Functions service effectively. There is something for everyone from beginners to more advanced users looking for design patterns and best practices. Enrol now and start learning!
Here is a complete list of all my posts on serverless and AWS Lambda. In the meantime, here are a few of my most popular blog posts.
- All you need to know about caching for serverless applications
- Lambda optimization tip – enable HTTP keep-alive
- You are wrong about serverless and vendor lock-in
- You are thinking about serverless costs all wrong
- Just how expensive is the full AWS SDK?
- Check-list for going live with API Gateway and Lambda
- How to choose the right API Gateway auth method
- CloudFormation protip: use !Sub instead of !Join
- AWS Lambda – should you have few monolithic functions or many single-purposed functions?
- Guys, we’re doing pagination wrong
- Top 10 Serverless framework best practices
- How to break the “senior engineer” career ceiling
- My advice to junior developers