Don’t botch serverless cloud applications ⋆ FGR* Blog
It’s a funny business. Once we remove some core steps from application development (such as having to provision cloud resources like storage and compute) developers take this freedom to an illogical yet understandable conclusion.
In some cases, planning and design is being tossed out the window. Why? Considering that serverless is self-provisioning, and applications can be designed and built dynamically on the fly, and if we’re not doing infrastructure planning, well, why not?
I have three reasons we should reconsider.
First, we still should focus on the efficiency of the application, even if it is serverless. Resources are automatically allocated based on the profile of the serverless application, or what the serverless system thinks it needs. If you’re all over the place with how and when requests are made, the serverless system is likely to overprovision resources, resulting in more cost and less efficiency.
Systems that react to the state of the application need to make assumptions based on the design patterns they see or don’t see. Much like the world of fourth-generation languages from years ago, the power of the development platform means you can easily shoot yourself in the foot as well. Serverless is the same.
Second, the application needs to be managed, so points of management still need to be built in. This means that we need to design APIs into the application and the data for external management tools to monitor, as well as stop and start processes.
Although applications can be managed without these interfaces, most can’t be managed well longer term. For this you need a design and an approach to how your serverless systems work with cloudops processes and toolsets.
Third, security needs to be designed in. Show me an application that wasn’t designed or planned, and I’ll show you an application that’s typically less secure. Missing good foundational design means that those charged with securing the application missed opportunities to make the application more secure by design.
Breaches often start with developer error and design. So, keep your eye on the design of serverless apps. Don’t give in to temptation.