Serverless Best Practices in software development

by Lucy Brudo on Jul 25, 2022 Software 447 Views

Serverless function-based compute platforms like AWS Lambda are built for scale. They automatically provision computing resources as needed and are designed to handle tens of thousands of requests per second. This makes them a great fit for modern web applications and APIs.

But “serverless” doesn’t mean you don’t have to think about servers or architecture anymore, or that you can completely ignore best practices used in software development. It just means you don’t have to worry about infrastructure management and scaling, so your focus can shift to building new features and delivering value faster, which is the ultimate goal of serverless.

Here are some best practices we’ve learned at Serverless over the past few years while building serverless applications on AWS Lambda.

What is serverless?

Serverless computing is a cloud-computing codeless execution model in which the cloud provider runs the server and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity. It is a form of utility computing. The name “Serverless Computing” was created by Amazon Web Services (AWS) to describe AWS Lambda.

Serverless best practices

Start locally

From day one, this is the best practice for working with serverless code. If you can code it locally, you can likely deploy it to AWS Lambda and run it successfully in production. Start locally and build your function using the same language runtime and same SDK as you would use on Lambda and AWS. The role of Lambda is to execute your code on-demand, so focus on writing good code first and then start exploring how to deploy that code on Lambda.

Use 1 function per route

This will help in debugging and code maintenance. If you want to change the execution path of your API, you can do it by changing a single file instead of making changes to multiple files and routes.

Use error handling middleware

Anything can go wrong in your API request and you should be prepared for it. Your API might get a request that is not valid or an internal error can occur during the processing of the request. You should be able to handle these errors gracefully and inform the client about what happened and the possible next steps for them.

Manage code, not configurations

The serverless programming model requires a different approach to configuration management. Rather than managing configurations across all your services, you should manage code. You can use Lambda layers to do this. Layers allow you to separate concerns and reuse code across all the functions. As a best practice, use Lambda layers to manage shared dependencies like libraries, frameworks, SDKs, or runtimes. This approach also has the benefit of reducing deployment package sizes (and thus deployment times) because only changes in your function code need to be packaged and deployed.

Serverless best security practices

Deploy API gateways for security

API gateways are a standard feature of modern software architecture, and they have several important functions, including the handling of authentication and authorisation. API gateways provide a single point of entry for a variety of services and allow you to hide direct access to other downstream services. This can make it easier to work with third-party APIs and also provide some added security. If you are using an API gateway to connect with other services, be sure to use HTTPS protocols throughout so that you don’t accidentally expose sensitive data at any point in the process.

 

Properly Handling Secrets

To secure your serverless applications, you must focus on managing the secrets that your functions use. The first step is to avoid hardcoding secrets into the code itself. Hardcoded secrets are a security concern because they are visible to anyone who can view the source code. AWS Lambda provides a Secrets Manager that you can access from any function, and it makes it easy to rotate secrets without redeploying your application.

Limiting Permissive IAM Policies

When using a serverless stack, most of the permissions for AWS resources need to be set in an IAM role. In general, these roles should be given the least amount of permission needed to function properly. However, this can be difficult to accomplish with serverless functions because the code is not necessarily known at the time the role is created. Therefore, it is common practice to give a serverless function’s role full access to AWS resources.

 

Article source: https://article-realm.com/article/Computers/Software/25320-Serverless-Best-Practices-in-software-development.html

Comments

No comments have been left here yet. Be the first who will do it.
Safety

captchaPlease input letters you see on the image.
Click on image to redraw.

Reviews

Guest

Overall Rating:

Statistics

Members
Members: 16691
Publishing
Articles: 78,294
Categories: 202
Online
Active Users: 786
Members: 11
Guests: 775
Bots: 19362
Visits last 24h (live): 1784
Visits last 24h (bots): 45879

Latest Comments

Great article! It's fascinating to learn about the rich history and unique experience of the Darjeeling Himalayan Railway. Well-written and informative. As a pitch deck design agency , we...
This content effectively details welfare programs in Andhra Pradesh. Chandrababu Naidu's initiatives are clearly outlined, demonstrating a focus on community and transparency. Just like a player...
That's a really insightful post about picking the right web design company! It truly highlights how crucial it is to align the design with your business model. I especially resonate with the point...
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog, I will keep visiting...
I genuinely like you're making style, inconceivable information, thankyou for posting 텐바이텐  
You have a good point here!I totally agree with what you have said!!Thanks for sharing your views...hope more people will read this article!!  트랜드 도메인 주소    
Logging into your Chime account is a quick and secure process designed for instant financial access. To begin, visit the official Chime website or open the mobile app on your device. Navigate to...
on Jul 13, 2026 about Blogging
This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing...
This is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing...
The sophisticated online platform for Escorts Gurgaon features intuitive filtering options that allow potential clients to narrow their search based on specific preferences and availability.  

Translate To: