#Issue39
3 posts

The hidden costs of serverless

API Gateways tend to be a huge chunk of your serverless costs when you connect to a lot of APIs. The switch to serverless may not be worth it if data storage and networking are the largest chunks of your application’s costs.
Read more

The hidden costs of serverless

  • API Gateways tend to be a huge chunk of your serverless costs when you connect to a lot of APIs.
  • The switch to serverless may not be worth it if data storage and networking are the largest chunks of your application’s costs.
  • Two unknown costs of moving to serverless come in the shape of code maintenance and cold starts.
  • Assess the cost of extra code maintenance and the extra time spent switching to serverless.
  • Look for the pricing advantages of serverless providers that suit you best.
  • Utilize the free tiers from vendors. Sometimes they will be enough for you to run smaller workloads.

Full post here, 6 mins read

9 serverless security best practices

Map your application - consider the data involved, its value and services that access it. Keep using your WAF and API Gateway but apply perimeter security at the function level too.
Read more

9 serverless security best practices

  • Map your application - consider the data involved, its value and services that access it.
  • Keep using your WAF and API Gateway but apply perimeter security at the function level too.
  • Secure application dependencies to prevent new vulnerable packages from being used.
  • Look out for bad code that can trigger a self-inflicted denial-of-service attack from within your application.
  • Add tests for service configuration to CI/CD & PROD.
  • Make FaaS containers refresh to limit the lifetime of function instances.

Full post here, 4 mins read

Mitigating serverless lock-in fears

Deploy existing tools such as serverless framework, apex, claudia.js & be as cloud-native as possible using the backend service provided by your cloud vendor. choose a programming language that's supported by multiple vendors.
Read more

Mitigating serverless lock-in fears

  • Think lock-in cost = migration cost - opportunity gain from the migration. Maximize opportunity gain and minimize migration costs.
  • To maximize opportunity gain, deploy existing tools such as serverless framework, apex, claudia.js & be as cloud-native as possible using the backend service provided by your cloud vendor.
  • To minimize migration costs, choose a programming language that's supported by multiple vendors. Separate application domain from the platform and invest in a good architecture pattern.
  • Avoid integration tests heavily dependent on the cloud vendor and think of reusable abstractions instead.
  • Use standardized technology such as HTTP and SQL.

Full post here, 6 mins read