TL;DR style notes from articles I read today.
The hidden costs of serverless
- API Gateways tend to be a huge chunk of your serverless costs when you connect to a lot of APIs.
- The switch to serverless may not be worth it if data storage and networking are the largest chunks of your application’s costs.
- Two unknown costs of moving to serverless come in the shape of code maintenance and cold starts.
- Assess the cost of extra code maintenance and the extra time spent switching to serverless.
- Look for the pricing advantages of serverless providers that suit you best.
- Utilize the free tiers from vendors. Sometimes they will be enough for you to run smaller workloads.
Full post here, 6 mins read
Mitigating serverless lock-in fears
- Think lock-in cost = migration cost - opportunity gain from the migration. Maximize opportunity gain and minimize migration costs.
- To maximize opportunity gain, deploy existing tools such as serverless framework, apex, claudia.js & be as cloud-native as possible using the backend service provided by your cloud vendor.
- To minimize migration costs, choose a programming language that's supported by multiple vendors. Separate application domain from the platform and invest in a good architecture pattern.
- Avoid integration tests heavily dependent on the cloud vendor and think of reusable abstractions instead.
- Use standardized technology such as HTTP and SQL.
Full post here, 6 mins read
9 serverless security best practices
- Map your application - consider the data involved, its value and services that access it.
- Keep using your WAF and API Gateway but apply perimeter security at the function level too.
- Secure application dependencies to prevent new vulnerable packages from being used.
- Look out for bad code that can trigger a self-inflicted denial-of-service attack from within your application.
- Add tests for service configuration to CI/CD & PROD.
- Make FaaS containers refresh to limit the lifetime of function instances.
Full post here, 4 mins read
Top comments (0)