To round out our series on the serverless open source community, Itay Herskovits, CTO of Funzing.com – a community marketplace for local experiences – picks 10 must-have Serverless Framework plugins.
As serverless technology has evolved, a few early-movers have become staples of serverless development. One of these is Serverless Framework, an extensible serverless application management tool that helps you maintain, support, and deploy your serverless code.
The framework offers integration with multiple cloud function providers, as well, giving you the opportunity to circumvent vendor lock-in with a multi-cloud approach. With this wide of a target flexibility is key for a successful tool, and Serverless Framework is no slouch in the expandability category.
In this article we’ll explore some of the more useful plugins available for the Serverless Framework. We’ll give a quick overview of the tool, as well as links to appropriate repositories.
The Serverless Framework is an application framework designed to help you build, deploy, and maintain your serverless code. Originally built around a CLI, it has expanded into an extensible suite of tools. These plugins can provide crucial flexibility in your development pipeline, letting you deliver features – and value – to your users more quickly. By tying various platforms together using well-maintained open-source serverless tools, you can build a dependable and maintainable pipeline that is application-independent, giving you the power you need to define and maintain your serverless application’s infrastructure.
As mentioned above, one of the benefits of using Serverless Framework to drive your serverless development is its extensibility. The Serverless Framework plugin repository has dozens of packages you can incorporate into your pipeline, handling any of a number of deployment situations and architectures. Below we wanted to highlight two specific packages which, when used in concert with other tools, can greatly improve your serverless delivery speed.
Python is a popular and powerful web development language that drives many applications on the web. If developers on your application team have worked in python before, they probably have a set of preferred PyPI packages that make their day-to-day lives easier. This is a capability that needs to be built into AWS Lambda functions, which requires you to upload your dependencies to a specific directory that must be built for each deploy.
The Python Requirements serverless plugin solves the pain point of deploying python serverless functions with third-party dependencies to AWS Lambda. The plugin automatically bundles package requirements from requirements.txt, making them available in your PYTHONPATH environment variable. This lets you expand the scope of your python-language Lambda functions, expanding the scope of functionality that can be expressed in a serverless manner.
A common challenge in serverless applications is finding out when something has gone wrong. As your application’s infrastructure is split across servers that live for only a short while, oftentimes the observable symptoms of an issue are gone by the time you notice something is off. Without dedicated effort to monitoring, these events can slip past your development team and result in an outage that impacts your user base.
The Serverless AWS Alerts Plugin gives you the tools to set up real-time alerts, letting you catch issues as they happen. This plugin lets you quickly and easily add CloudWatch alarms to your functions, creating the monitoring and warning systems you need to ensure your application is running smoothly. The Serverless AWS Alerts Plugin offers several features that ease working with CloudWatch in serverless applications, including support for multiple topic definitions, SNS queue publishing for alerts, metric log filters, and more.
Monitoring and debugging remain two of the major challenges when it comes to developing and maintaining serverless applications. Distributed tracing is key to gaining the necessary observability to run serverless in production with the confidence that everything is functioning correctly, and that you can quickly troubleshoot when things go wrong.
The serverless-lumigo plugin works for Node.js and Python functions, and once installed it automatically downloads and applies the Lumigo tracer to your functions during deployment, taking much of the effort out of getting end-to-end visibility over your AWS serverless application.
As organizations grow, securing your application shifts focus from protecting your user data from attackers, to protecting your user data from inappropriate access altogether. This subtle distinction is the core of legislation like Sarbanes-Oxley (SOX) in the US and the General Data Protection Regulation (GDPR) in the EU. The ability to comply with both of these specifications, among other legal requirements and restrictions for your jurisdiction, often defines the success or failure of mid-to-late-stage startups seeking IPO or acquisition.
The IAM Roles Per Function plugin allows you to assign specific IAM roles to each serverless function, ensuring only the appropriate individuals can access the components of the application that touch your sensitive user data. Coupling this with a robust security management process will give your engineers all the tools they need to control who can view the functional characteristics of your live code, access user data related to its execution, and generally fit into your larger organizational security approach.
Cognito user pools can be complex to manage without some additional bookkeeping. Without paying appropriate attention to how you label; and maintain your user pools, you risk creating a significant amount of additional complexity to your application’s configuration. The Cognito Custom Attributes plugin fixes this hole in CloudFormation, letting you add and modify attributes in your CloudFormation user pools with ease.
Validating request parameters is a critical component of application security. With serverless functions, this common task needs to be duplicated across all of your functions that deal with the same request object. The Reqvalidator plugin for the Serverless Framework addresses this issue by letting you leverage the tools already present in API Gateway. This plugin lets you set a specific API Gateway request validator for each serverless function you deploy, giving you the validation you need for your serverless application without the attendant code complexity and duplication.
Factor 10 of 12 factor apps states that your dev and prod environments should have parity to reduce issues arising from differences in hardware, call patterns, and so on. The Serverless Offline project supports this by giving you a local environment that emulates both AWS Lambda and AWS API Gateway. By providing parity in both call paths and the execution hardware in which your code operates, the Serverless Offline plugin will give you all the tools you need to be confident that your code will behave identically in both development and production.
Finite-State Automata are common control flow mechanisms in computer science. While many applications operate based on the principles of these state machines, serverless functions face a challenge when having to maintain these automata. As each execution of your Lambda functions takes place in isolation, you are unable to persist data between each execution of your function, making tracking state in your serverless application problematic.
Serverless Step Functions solve this by giving you ties into AWS Step Functions from your serverless application. These finite state machines maintain their state independently of your main application execution context, solving the problems introduced by the ephemeral hardware of your code’s execution environment. Proper application of these step functions can reduce the overall complexity of your codebase, providing a simple and configurable control flow mechanism tying multiple disparate serverless functions together into a cohesive whole.
The Web Server Gateway Interface (WSGI) is a common specification followed by many python development frameworks with a web focus. It is supported by frameworks like Flask, Django, and Pyramid, among others. The Serverless WSGI plugin eases the process of deploying these WSGI-compliant applications, handling the complexity of configuring API Gateway, application load balancers, and other attributes of your architecture in a way that allows your WSGI-compliant code to execute correctly in a serverless environment.
As a first-mover in the serverless toolchain space, the Serverless Framework has gained a strong foothold in the cloud function development community.
While it comes with a powerful CLI and dashboard, and includes multi-cloud support out-of-the-box, the true power of the framework shines through in its extensibility.
From officially-released extensions to open-source plugins, choosing the right extensions for the Serverless Framework will play a significant part in the success of your application’s deployment pipeline. With the tools set out above, you should be able to hit the ground running with a re-usable, iterable architecture that lets you deploy changes with full confidence.
About the author: Itay Herskovits has more than 20 years of experience in software and product development, including leadership roles at Mobix, Ask.com, Esurance.com, and currently serves as CTO at Funzing.com.
What Serverless Framework plugins can you not live without? Any glaring omissions? Share your picks and let’s continue the conversation!