Serverless, or Where Agility Meets Cost Benefits at Scale

That is, when you don't want to settle for more. The emergence of innovative APIs tailored for serverless applications is reshaping cloud-native architectures at scale.

Oct 21, 2024

Serverless is where extreme granularity meets agility at scale, and where cloud-native resilience intersects with cost controls. That’s what they make you think.

Reference implementation of a multi-tier serverless application in the AWS cloud. (image credit: AWS)

At the Heart of Serverless Computing

The modularity of serverless applications offers a unique performance profile: cloud-native elasticity without the usual cost overhead that’s otherwise typical for Infrastructure as a Service (IaaS). In a serverless model, there’s no infrastructure to manage. Services are consumed strictly via API calls, scaling dynamically based on demand.

A serverless implementation of an application in a multi-cloud environment. (image credit: Microsoft)

At the heart of serverless computing lies function code that’s executable on platforms known as Functions as a Service (FaaS), such as AWS Lambda, Azure Functions, or Google Cloud Functions.

The concept sounds convincing, on the face of it. You write function code, while your cloud provider scales the infrastructure required for execution. What could possibly go wrong?

Lead by example

The following is an example of an AWS Lambda function written in Python.

import json

def lambda_handler(event, context):

name = event['queryStringParameters']['name']

# Create response

response = {

'statusCode': 200,

'headers': {

'Content-Type': 'application/json'

},

'body': json.dumps({

'message': f'{name}, Subscribe to CloudInsidr!'

})

}

# Return response to API Gateway

return response

The function accesses incoming request data via the event parameter and retrieves runtime details through the context parameter. It returns an HTTP response containing status codes, headers, and a JSON message body, which is then forwarded by API Gateway to the client—without the need to manage servers or worry about managing the infrastructure.

It is granular, but it is slow. Plus, when it comes to serverless, vendor lock-in is the name of the game.

Do you know someone this post could help? Sharing CloudInsidR is caring about CloudInsidR—and about your friends!

Event-Driven Architectures with Serverless Microservices

The rise of serverless computing offers new opportunities for microservice architectures, with each microservice implemented as an independent function. This ensures better isolation and simplifies the deployment of large-scale applications when executed properly, but it does nothing to address lame initialization nor does it lift the spectre of vendor lock-in.

**Baqend**: Example of an architectural pattern for a serverless backend on AWS. (image credit: Baqend)

Serverless is billed as a natural fit for Event-Driven Architectures (EDA). Here, the flow of the application is dictated by events or state changes, such as HTTP requests or IoT metrics.

In a web shop, for example, a serverless function could trigger an SMS notification when an order is shipped, as demonstrated with AWS Lambda and SNS in this example:

import boto3

import logging

logger = logging.getLogger()

logger.setLevel(logging.INFO)

def send_notification(event, context):

try:

order_id = event['order_id']

tracking_number = event['tracking_number']

user_phone = event['user_phone']

message = f"Your order {order_id} has been shipped! Tracking number: {tracking_number}"

if not all([order_id, tracking_number, user_phone]):

raise ValueError("Missing required information")

sns_client = boto3.client('sns')

response = sns_client.publish(

PhoneNumber=user_phone,

Message=message,

MessageAttributes={

'AWS.SNS.SMS.SenderID': {'DataType': 'String', 'StringValue': 'CloudInsidR'},

'AWS.SNS.SMS.SMSType': {'DataType': 'String', 'StringValue': 'Transactional'}

}

)

logger.info("SMS sent successfully")

return {'status': 'SMS sent', 'response': response}

except Exception as e:

logger.error(f"Error sending SMS: {str(e)}")

return {'status': 'Error', 'error': str(e)}

You need a critical mass to make it worthwhile in terms of latency and you shouldn’t bet the (server) farm on it.

What about Storage?

Serverless services such as AWS Lambda or Azure Functions operate in a stateless fashion. Each function runs independently from the others. State must be stored externally: in databases, caches, or other storage services.

The AWS service Amplify DataStore, for example, offers a storage solution with offline capabilities and cloud synchronization for serverless. You see how the vendor lock-in is creeping in? Little by little, they get you pinned down.

What about the backend? Glad that you asked.

Serverless Backends, BaaS

Serverless Backend as a Service (BaaS) services such as Google Firebase or AWS Amplify provide scalable backends, including database management, authentication, and push notifications, through easy-to-use APIs or SDKs. This allows developers to focus on frontend development without worrying about the backend too much. In theory.

GraphQL, an API query language, complements serverless architectures, enabling clients to request precisely the data they need. This interaction between GraphQL and serverless functions ensures both efficiency and scalability.

Again, in theory. Because your reliance on the fast-food of serverless service delivery can cost you dearly in the end.

Security Considerations in Serverless Applications

Serverless computing is not without its perils.

Despite its advantages, serverless introduces security challenges that require careful consideration. Traditional security measures may not suffice. Best practices include:

Using API gateways with built-in security features (e.g., rate limiting, authentication).
Implementing fine-grained access controls using services such as Amazon Cognito, Azure Active Directory B2C, and others.
Conducting dependency audits with tools like Snyk.
Monitoring applications with specialized tools like Datadog or Splunk.
Employing threat detection tools such as PureSec or Protego.

Weighing the Benefits and Risks

Serverless computing offers rapid feature deployment, granular scalability, cost advantages (depending on usage), and simplified operations by eliminating server infrastructure management in its the entirety. However, it brings its own complications.

Serverless functions are constrained by maximum execution time constraints and resource limitations, making them unsuitable for long-running processes. Cold starts can introduce latency, and the reliance on multiple APIs has its own perils. Additionally, initial cost savings can turn into surprises under heavy load, necessitating close monitoring and extensive debugging.

Vendor lock-in and compliance issues some of the other downsides of the serverless deployment model. Each serverless platform has its own APIs and its unique quirks, which complicate multi-cloud operations and migrations from one provider to another. Vendor lock-in reigns supreme.

Ultimately, adopting serverless technologies necessitates thoughtful planning, a thorough evaluation of the long-term impact on system architecture, maintainability, and operational flexibility. Otherwise, the promise of serverless could turn out to be too good to be true.