Hi, welcome to the first weekly update of 2020!
First of all, I want to give a shout out to my Patreon supporters:
Andre Silva, Boseok In, Ebru Cucen, Hrafnkell Palsson, Joe Kearney, Jon Barber, Jonathan Kosgei, Luis Gutierrez, Marko @ Serverless Life, Sal DiStefano, Shawn MacIntyre, Will Saunders, Yinan Xue
Thank you guys so much for your continued support!
If you're looking for expert training to level-up your AWS and serverless skills? Or perhaps you're looking for a solid foundation to start from?
I might have just the workshop for you :-)
I'm taking my Production-Ready Serverless workshop to several cities in Europe this year, starting with Amsterdam on March 19th and 20th.
- Amsterdam - March 19-20th
- Helsinki - May 4-5th
- Stockholm - May 14-15th
- Dublin - June 16-17th
- London - September 24-25th
The agenda for the 2-day workshop is as follows:
- AWS Lambda 101
- Serverless framework 101
- Building APIs with API Gateway and Lambda
- Securing APIs with IAM authorization
- Cognito 101
- Securing APIs with Cognito User Pools
- API Gateway best practices
- Writing integration tests for Lambda
- Writing acceptance tests for Lambda
- Setting up CI/CD pipelines
- CI/CD security best practice
- Configuration management with SSM Parameter Store
- How best to secure credentials & API keys
- Project organization
- Processing events in realtime Lambda
- How to choose the right application integration service (SNS vs SQS vs Kinesis vs EventBridge)
- Error handling for realtime event processing systems
- Per-function IAM roles
- Setting up log aggregation for Lambda functions
- Structured logging
- Sample debug logs in production
- Distributed tracing with X-Ray
- Capture and forward correlation IDs
Year in review, 2019. Here’s a quick look at my 2019 in terms of things I did and their reach. In short, I produced a lot of content – blog posts, talks, podcasts, webinars and open-source projects. If you’re interested, you can find all of my serverless content from 2019 in one place here.
The Amazon Builders’ Library was arguably the most exciting announcement at re:invent 2019. Many of you expressed an interest in my reading notes which boils down each article to the most insightful and actionable points. So I’m kicking off a new series of blog posts over on the Lumigo blog to share my notes with you all.
Yan CuiI'm making my own notes as I'm going through the AWS builders library articles, would people be interested in these? They're significantly shorter (1 pager instead of 20), but assume you are familiar with the problem domain and lingo already. #aws #reinvent15:44 PM - 06 Dec 2019
The first two posts have dropped and cover the area of building resilient systems using techniques such as load shedding and best practices around handling timeouts and retries. These articles are not written with serverless in mind, but some of the advice is still applicable for serverless applications.
I’m doing a couple of talks this month.
On Thursday, 9th Jan I’m sharing with the AWS user group in Amsterdam the common mistakes companies make when they first transition to serverless.
And finally, I’m doing a new talk on the essential open source tools for serverless developers at the AWS Community Day Nordics in Stockholm on Jan 31st. It’s a free event, and you can register for it here.
On a personal front, I passed my AWS certification for security specialty with a score of 901/1000 :-D My previous certifications had expired late 2019, and with AWS IQ hopefully hitting the European shores later this year I thought it a good time to recertify.
A few of you have asked how long I had to study and what (if any) resources did I use.
I spent 4 days in preparation, studying around 2-4 hours per day. As some of you know, I have run production workloads on AWS for 10 years so I have a lot of hands-on experience to fall back on. However, I still found A Cloud Guru’s certification course quite useful as both a reference handbook, directing me towards the important area to focus on. It also helped me brush up on a few services and updates which I had missed over the years, or never had to work with – e.g. CloudHSM. If you’re also taking the security specialty test then make sure you know KMS like the back of your hand, it accounted for about 30% of my test questions!
The certification page itself has some example questions, which you can download for free. You can also pay $40 to take a mock test online. A Cloud Guru also has an exam simulator which gives you a full bank of mock test questions. They are a good approximation to the kind of questions you get in the real thing, but I found the exam questions to be slightly more ambiguous because important contexts/assumptions are often omitted. When in doubt, use the process of elimination to help you narrow down the choices.
I have updated my Step Functions course to include the latest updates from re:invent 2019:
- Express Workflows
- Dynamic parallelism with the Map state
And I’m also running a 50% off sale until 10th January. Get the course here.
I added new commands to lumigo-cli to help you work with EventBridge and CloudWatch Events more easily. With these new commands, you can tail an EventBridge rule or bus to see what events are captured by the rule/bus in realtime. e.g.
- lumigo-cli tail-eventbridge-rule –region us-east-1 –ruleName my-rule
- lumigo-cli tail-eventbridge-bus –region us-east-1 –eventBusName my-bus
I also recorded a quick video to show these commands in action:
If you work with EventBridge or CloudWatch Events regularly then you’re gonna want to check it out!
On the other hand, for ANYONE who’s using AWS and find it a pain to switch between named profiles, I also updated the whoami and switch-profile commands to support assumed roles (normally configured in your .aws/config).
You can run lumigo-cli switch-profile to switch to another named profile in either the shard credential file (.aws/credential) or the config file (.aws/config). Switching to a named profile would override the default profile in the shared credential file. You can then use lumigo-cli whoami to see which profile you’re currently logged in as.
Following the theme of supporting EventBridge and CloudWatch Events, the dazn-lambda-powertools now allows you to auto-propagate correlation IDs through both EventBridge and CloudWatch Events!
To make it work, install @dazn/lambda-powertools-pattern-basic and wrap your function handler.
Amongst other things, this wrapper applies the correlation IDs middleware which automatically extracts correlation IDs from the invocation event and stores them. Whenever you use the dazn-lambda-powertools-logger, the captured correlation IDs would be automatically added to the JSON log message. This way, you don’t need to manually extract correlation IDs from invocation events and always remember to include them in your log messages. Just use our packages and correlation IDs would flow through your functions automatically!
Equally, when you use the EventBridge client or CloudWatch Events client to publish events – they are direct replacements for the corresponding AWS SDK clients – then the captured correlation IDs are automatically included in the outgoing events. The functions that process these events would then be able to extract them (via the wrapper) and automatically add them to their logs, and forward them on. So on and so forth.
Here’s a short demo of how the whole thing fits together:
A lot of recent updates to share here:
- support the new Express Workflows (v2.13.0)
- one IAM role per state machine (v2.14.0) – better security (least privilege principle) and resolves the issue of circular dependencies when creating nested workflows
- EventBridge trigger (v2.15.0)
- support serverless.js (v2.16.0)
- support custom response headers and response template (v2.17.0)
Finally, a quick shout out to Luciano for pushing middy 1.0.0 into beta! This is a long-awaited release which gives us individual packages to help keep the middy core as small as possible and helping everyone reduce their cold start time.
Liked this article? Support me on Patreon and get direct help from me via a private Slack channel or 1-2-1 mentoring.
Hi, my name is Yan Cui. I’m an AWS Serverless Hero and the author of Production-Ready Serverless. I specialise in rapidly transitioning teams to serverless and building production-ready services on AWS.
Are you struggling with serverless or need guidance on best practices? Do you want someone to review your architecture and help you avoid costly mistakes down the line? Whatever the case, I’m here to help.