DEV Community: Thijs de Z

Crowdstrike enters the Serverless market

Thijs de Z — Tue, 22 Oct 2024 04:53:00 +0000

By now everyone knows Crowdstrike for its brilliant no-QA'ed BSOD update that took worldwide critical infrastructures by the balls. Not exactly a stock price booster, that one. But Crowdstrike isn't only doing Windows. Let's dive into their latest venture:

Entering the Serverless Space

Serverless functions are great for DevOps teams because they let developers build and run apps without worrying about the infrastructure. But like anything in tech, they come with their own security headaches.

The Bad of Serverless

Here are 3 security risks right off the top of my head:

Hard to Track: Serverless functions come and go quickly, versions get updated, making it tough to keep track of what's vulnerable when. It's like playing whack-a-mole with your codebase.
More Entry Points: Each function is a potential entry point for attackers. More functions? More ways for the bad guys to say "hello world".
Overwhelmed Teams: Dev teams are already swamped trying to fix vulnerabilities while still pushing out new features. Add serverless to the mix, and you've got a recipe for burnout.

CrowdStrike Steps Up

CrowdStrike has noticed these issues and added new features to their Falcon Cloud Security tool. It now covers serverless functions from the big three:

Amazon's Lambda
Google's Cloud Functions
Azure's Functions

What's this Crowdstrike Falcon, then?

Function Discovery: Falcon Cloud Security finds all your serverless functions and what they depend on, putting it all in one place. It's using cloud provider APIs to build a dependency graph, which is pretty neat.
Pre-Execution Scanning: It scans your code before it goes live, looking for weak spots and misconfigurations. We're talking static code analysis, dependency checks, and configuration audits. No runtime overhead here.
AI-Powered Prioritization: They're using AI (they call it ExPRT.AI) to figure out which problems you should fix first. It's not just CVSS scores; it's looking at real-world attack data and your specific setup.

Is the AI Thing Just Hype?

When companies talk about AI, it's easy to roll your eyes. But CrowdStrike might be onto something here. Regular vulnerability scores (like CVSS) don't always tell the whole story. An AI system that looks at real threats and your specific setup could actually be useful.

That said, don't treat AI like magic. It's a tool to help you make decisions, not make them for you. And remember, AI models can be biased or manipulated. Trust, but verify.

What This Means for Serverless

CrowdStrike adding these features is a sign that serverless security is growing up. It shows that big players are taking these risks seriously.

This will probably push other security companies to up their game too. That's good news for anyone using serverless functions - we'll likely see better, more tailored security options coming soon.

Expect to see:

More focus on serverless-specific security standards
Cloud providers beefing up their native security tools
A push to integrate security earlier in the serverless development process

Three Alternatives to Crowdstrike Falcon Cloud Security

Falcon Cloud Security is aiming for an advanced position in the market with their ExPRT.AI. However, CrowdStrike doesn't have the only serverless security product on the market. If, for no reason in particular, you'd like to explore other options, we have listed the following alternatives:

Aqua Serverless Security

Aqua Website

Integrations: AWS Lambda, Azure Functions, Google Cloud Functions

Key Features:

Vulnerability scanning and compliance monitoring for serverless applications.
Broader approach that includes both serverless and containerized environments, including Docker and Kubernetes

Snyk for Serverless

Snyk Website

Integrations: AWS Lambda, Heroku

Key Features:

Development-time vulnerability identification and remediation.
Monitoring of Node.js dependencies for vulnerabilities with Serverless Snyk Plugin.
Continuous monitoring similar to CrowdStrike’s threat prevention.

Sysdig Serverless Security

Sysdig Website

Integrations: AWS Lambda, Google Cloud Run, AWS Fargate

Key Features:

Runtime protection through active monitoring of serverless functions.
Continuous compliance monitoring for standards like PCI, NIST, and SOC2.
Observability via AWS logs and full Prometheus compatibility for performance monitoring.
Automated image scanning for vulnerabilities in serverless containers.
Threat detection based on open-source Falco.

Wrapping Up

Serverless computing is cool, but it needs solid security. CrowdStrike's new features are a step in the right direction. They're trying to make it easier to spot and fix problems before they become real issues.

As serverless keeps growing, expect to see more focus on keeping it secure. For now, if you're using serverless functions, it's worth looking into tools that can protect your whole cloud setup.

We're not at perfect serverless security yet, but we're getting there. Keep an eye on this space - it's going to be an interesting ride. And maybe, just maybe, we'll make it through without too many security nightmares.

Read the crowdstrike post about Falcon here: Crowdstrike blog

First published on srvrlss.io

Debug Lamba's faster with Live Lambda Debugger

Thijs de Z — Mon, 14 Oct 2024 02:55:00 +0000

About the Author

This article was originally written by Marko.
Marko is an AWS-certified professional and serverless advocate with over 20 years of experience in the industry. He has been passionate about serverless technologies since 2017. Marko is also the author of the blog Serverless Life, where he shares insights on serverless architectures and best practices.

Intro

He has contributed to the open-source community with projects like Lambda Live Debugger and ServerlessSpy. His dedication to advancing serverless technology has earned him the title of AWS Community Builder.

Lambda Live Debugger is an open-source tool that elevates the serverless development workflow by eliminating the cumbersome redeployment cycle. It allows developers to debug their deployed Lambda functions locally while maintaining the same permissions as if the code were running in the cloud. With support for JavaScript, TypeScript, and any framework, Lambda Live Debugger addresses the common challenges developers face when working with serverless environments, enabling faster, more efficient debugging and development.

Why I Built Lambda Live Debugger

As a developer working in serverless environments, I often found myself frustrated with the slow and repetitive process of writing code, deploying it, testing, finding issues, and then redeploying. Serverless solutions promised efficiency but fell short when it came to rapid development and debugging cycles.

The goal of Lambda Live Debugger was simple: to allow seamless, real-time debugging of deployed Lambda functions, streamlining the process so developers can fix issues faster, without disrupting their workflow. I built it to solve my own frustrations and in doing so, realized that many developers working with serverless functions face the same challenges.

Alternatives

A common alternative is to run your Lambda code locally within an IDE like VSCode, by invoking the Lambda handler like any regular function with a mocked event.

While running Lambda code locally with mocked events may work for simple cases, it has several limitations. First, you would need to spend time configuring the local environment and preparing a relevant mocked event.

Even with local testing, you won't be able to fully simulate IAM permissions or integrations with other AWS services such as DynamoDB, S3, or SNS. Additionally, you won't be able to fully validate the entire event-driven workflow, which is an important aspect of serverless applications.

In the end, if you have an issue on the system, you would need to replicate the exact event and environment through mocking to reproduce and troubleshoot the problem.

Multiple tools are also available that simulate AWS environments locally, but they often fail to replicate the actual cloud environment closely enough.

How Lambda Live Debugger Works

Lambda Live Debugger connects your deployed functions to your local machine via AWS IoT. It intercepts requests, routes them to your local environment for real-time debugging, and then sends the responses back to the deployed Lambda in the cloud. This seamless integration allows you to inspect, step through code, and interact with your functions as if they were running locally but with full access to the cloud environment and permissions.

In case of any code changes, the debugger reloads your code instantly without the need for redeployment or restarting the debugger. For TypeScript functions, the tool automatically transpiles them into JavaScript.

Easy Configuration with the Wizard

One of the most convenient features of Lambda Live Debugger is the wizard, which simplifies configuration. The wizard configures essential parameters, such as AWS profile, region, and more.

The wizard automatically generates a configuration file and sets up your debugging environment in VSCode. With this setup, you can instantly start debugging by pressing F5, setting breakpoints, and inspecting variables directly in your IDE.

Seamless Switching Between Development Modes

Lambda Live Debugger lets you effortlessly switch between debugging and normal execution modes. Re-enabling debugging is just as fast, with no need for redeployment, unlike many alternative solutions.

Focus on the Lambdas That Matter

A key feature of Lambda Live Debugger is the ability to attach the debugger to only specific Lambda functions. This allows you to focus on debugging the exact areas of your system that need attention without the distraction of unrelated functions.

Observability Mode for Non-Intrusive Debugging

Developers usually use personal AWS environments to avoid interfering with shared development systems. However, when personal environments aren't available due to technical or organizational constraints, Observability Mode is the perfect solution.

Observability Mode allows you to debug AWS Lambda functions without altering their normal behavior. Requests are intercepted and sent to your local machine for inspection, while the deployed Lambda continues running as usual. This mode is ideal for debugging in real environments where you can't pause execution or modify the code. Lambda Live Debugger samples requests every 3 seconds by default, ensuring system performance isn't affected.

Flexibility to Support Any Framework

Lambda Live Debugger works seamlessly with popular frameworks like CDK, Serverless Framework v3, AWS SAM, and Terraform. It also offers the flexibility to support any custom setup by defining your own list of Lambda functions, or adjust code paths and transpilation settings as needed.

Conclusion

Lambda Live Debugger was created to simplify the serverless development process by enabling real-time debugging of deployed Lambda functions without the need for redeployment. Whether you are looking to troubleshoot bugs, refine logic, or test specific Lambda functions, Lambda Live Debugger provides a seamless integration into your workflow. With support for a wide range of frameworks and environments, it ensures that developers can debug efficiently, focus on delivering serverless applications.

For more information or to try it out, visit Lambda Live Debugger.

First published on srvrlss.io

Deno 2: JavaScript's New Superhero or Just Another Cape?

Thijs de Z — Sun, 13 Oct 2024 12:21:00 +0000

By now, anyone dabbling in JavaScript has heard of Deno—the brainchild of Node.js creator Ryan Dahl. But with Deno 2 hitting production ~~soon~~now, it's time to see if it's a game-changer or just another flash in the pan.

The Good of Deno 2

Deno 2 is making some serious waves, and here's why:

Full Node.js Compatibility: Deno 2 now plays nice with Node.js and npm packages. That's right, you can bring over your favorite npm modules without jumping through hoops.
TypeScript Support Out of the Box: No more setting up TypeScript configurations or dealing with transpilers. Deno 2 has you covered from the get-go.
Simplified Code Quality Checks: Forget about ESLint and the usual suspects. Deno 2 simplifies code linting and formatting, making your life a tad easier.

Deno Deploy vs. Deno Subhosting

But wait, there's more to Deno's ecosystem than meets the eye. Let's talk about Deno Deploy and Deno Subhosting.

Deno Deploy

For developers looking for the simplest way to host web apps and APIs, Deno Deploy is a fully managed serverless solution that's globally distributed. It comes with built-in key/value databases, queues, cron jobs, and seamless integration with GitHub. It's the go-to for getting your app up and running without fuss.

Deno Deploy

Deno Subhosting

On the flip side, Deno Subhosting is tailored for SaaS companies that need to run user code securely. It offers secure sandboxed functions with automatic scaling and provisioning, all globally distributed. You manage everything via a simple API. Think of it as Deno's answer to providing a secure, scalable environment for executing user-generated code without compromising on performance.

So, What's the Difference?

While Deno Deploy is all about simplicity and getting your own code deployed quickly, Deno Subhosting focuses on security and scalability for running third-party or user-submitted code. If you're building a platform that lets users inject their own scripts or customize functionality, Deno Subhosting is designed to handle that securely.

The Bad (or Maybe Just the Quirky)

But it's not all sunshine and rainbows:

For-Profit Governance: Unlike Node.js's community-driven approach, Deno is steered by a for-profit entity. Raises some eyebrows about long-term support and open-source credibility.
Mental Overload Reduced, but at What Cost?: The enhanced standard library is supposed to make things simpler, but sometimes it feels like swapping one set of complexities for another.

Unique Tricks Up Deno's Sleeve

Built-in Package Registry

Deno introduces a built-in package registry to streamline installations. No more npm install commands clogging up your terminal history.

Commands Like deno compile

Ever wanted to turn your JavaScript into a standalone binary? With Deno's deno compile, you can. It's like giving your script a superhero cape.

Jupyter Kernel Integration

Deno integrates with the Jupyter ecosystem, allowing for interactive coding notebooks. Data scientists and educators might find this nifty.

Is Deno 2 Worth Your Time?

Deno 2 is shaking things up in the JavaScript back-end world. It's got some neat features, sure. But is it enough to make you jump ship from Node.js? That's the million-dollar question.

One thing is for sure, this second version is a hell of an upgrade from Deno v1!

Three Alternatives to Deno 2

If Deno 2 isn't tickling your fancy, here are three alternatives to consider:

Bun

Website: Bun.sh

Highlights:

Ultra-fast JavaScript runtime
Native TypeScript support
Built-in bundler, transpiler, and task runner

Node.js (The Old Faithful)

Website: Nodejs.org

Highlights:

Massive community and ecosystem
Time-tested and stable
Regular updates and LTS versions

Cloudflare Workers

Website: Cloudflare Workers

Highlights:

Serverless functions at the edge
Write in JavaScript, run globally
Integrates with Cloudflare's suite of tools

Learn more about Cloudflare Workers

Wrapping Up

Deno 2 is making some bold moves, and it's worth keeping an eye on. The addition of services like Deno Deploy and Deno Subhosting shows that Deno isn't just a runtime—it's building an ecosystem.

At the end of the day, Deno 2 is worth a look. Kick the tires, take it for a spin, and see if it fits into your development workflow.

And remember, in the ever-evolving world of tech, today's hot new thing might be tomorrow's forgotten fad. Stay curious, stay critical, and keep coding.

You can try out Deno 2 yourself by running:

deno upgrade

S3 compatible storage providers

Thijs de Z — Wed, 05 Jan 2022 20:17:40 +0000

Found this list of s3 enabled storage providers, something I couldn't quite find before. I'm sure there are more, but this is quite a nice list in my opinion.

https://www.storageprovider.info/blog/all-s3-storage-providers/