Had a great time at AWS Serverless Days Bengaluru last week—here are some valuable takeaways!

• Serverless is for everyone [Sheen Brisals]

  • Evolution of Computing and Serverless computing
  • The need for serverless computing in the ever-changing technological demands of applications and solutions.
  • Principles of serverless adoption:
    • Domain-first
    • Team-first
    • API-first
    • Microservices-first
    • Event-Driven-first
    • Serverless-first
  • Extensive capabilities of AWS Services to meet Industry demands
  • Emphasis on sustainability over maintenance

• Future of Serverless [Eric Johnson]

  • Revolution in computing - Enhanced computing capabilities
  • Is your application suitable for serverless?
    • Service-oriented and ephemeral compute
    • Coupling between Resources used and resources Billed
    • Small and abstract control plane
  • Integrating Generative AI into serverless application architecture
  • Addressing ever-evolving real-time problems

• Visualize and design your serverless applications [Gunnar Grosch]

  • Building a serverless application:
    • Build with a visual designer and IaC framweork
    • Employ a Generative AI-powered assistant
    • Test in the cloud
    • Start simple, evolve, and sustain the application throughout its lifecycle
    • Deploy with an automated deployment pipeline
  • Amazon Q: Generative AI Assistant for Building Applications
  • AWS Application Composer: Application architecture visualizer

• Serverless Under Siege [Sankalp Paranjpe]

  • Top 10 Serverless Threats and Vulnerabilities:
    • Injections
    • Broken Authentication
    • Broken Access Control
    • Sensitive Data Disclosure
    • Security Misconfigurations
    • Cross-Site scripting (XSS)
    • Insecure 3rd-party dependencies
    • Insufficient Monitoring and logging
    • Insecure Deserialization
    • Denial of Service (DoS) and Resource Exhaustion
  • Mitigation Strategies:
    • Always validate and sanitize input
    • Follow the principle of least privilege for service roles and executions (Minimize function roles)
    • Secure event trigger endpoints
    • Use API Gateways to set rate limits and throttle requests per user or API key (Security Buffers)
    • Set concurrency limits on Lambda functions to prevent resource exhaustion
    • Use a firewall to filter malicious requests
    • Develop an incident response plan
    • Implement in-depth monitoring and logging

• Serverless Sherlock: Unveiling the Mysteries of Fargate Debugging [Avinash Dalvi]

  • Enhanced Logging:
    • Application-level logging
    • Firelens
    • CloudWatch
    • Custom destinations
  • AWS Firelens:
    • Fluentd/ Fluent Bit for routing and transforming logs
    • Log Groups and Log Streams
    • Export CloudWatch logs to Amazon S3
    • Export CloudWatch logs to other destinations like Elasticsearch and Kinesis Data Streams
    • ECS task definitions with awslogs driver to send JSON-formatted logs to destinations like CloudWatch, S3, ELK, etc.
  • Lambda for CloudWatch alarms and triggers via SNS
  • Amazon OpenSearch for querying and visualizing logs
  • ECS Exec: AWS ECS execute command - Interactive container command line utility
  • Apache status page

• Beyond Lambda: Embracing Service Integrations for Advanced Serverless Architectures [Subodh Dubey, Dimple Sharma]

  • When NOT to use Lambdas?
    • Use Lambda for data transformation, not data transport. Employ messaging services for data transportation
    • Apply filters before invoking functions: S3 event filters, SNS filters, EventBridge filters, etc.
  • Orchestrate workflows with Step Functions
  • Choreograph events with EventBridge
  • Prefer configurations over code for easier maintenance
  • Decompose services into smaller, manageable components

• Panel Discussion - Journey of Serverless and its Future