So, What is Serverless?
Serverless is a cloud computing execution model where the cloud provider dynamically manages the allocation and provisioning of servers. A serverless application runs in stateless compute containers that are event-triggered, ephemeral (may last for one invocation), and fully managed by the cloud provider. Pricing is based on the number of executions rather than pre-purchased compute capacity, isn’t it the ideal framework for that project you have been planning since a long time? Well, go ahead do it.
Serverless platforms need infrastructures where they can be executed, provider agnostic frameworks provide a platform agnostic way to define and deploy Serverless code on various cloud platforms or commercial services.
- Sparta (Golang)
- Zappa (Python)
How secure is serverless computing?
Security considerations must be taken into account in every line of code for any app developer, no matter what the application or where it is to run. This much is standard operating practice today. With serverless computing, however, it becomes even more important.
Serverless functions, delivering microservices, are modular pieces of code that behave in particular ways when provided with particular inputs. They reside in a Function-as-a-Service (FaaS) service provider’s cloud platform and, as such, are protected to a degree by the provider’s own security infrastructure.
So you can expect the physical infrastructure wrapper components — data centre, network, servers and operating systems — to be secured. This on its own reduces the likelihood of a successful exploit, as unpatched servers are counted among the biggest vulnerabilities.
That said, security challenges remain for the serverless app developer. Developers are still responsible for the secure execution of their code, including application logic, code and data.
Who uses Serverless?
208 companies reportedly use Serverless in their tech stacks, including lido, Dubsmash, and peoplefund.
331 developers on StackShare have stated that they use Serverless.
AWS Lambda, Amazon API Gateway, Azure Functions, Prisma Cloud, and Kubeless are some of the popular tools that integrate with Serverless.
What serverless architecture is?
Serverless architecture covers two different but overlapping areas: backend as a service and functions as a service.
The Serverless App
A Serverless solution consists of a web server, Lambda functions (FaaS), security token service (STS), user authentication and database.
- Web Server — Amazon S3 provides a robust and simple web server. All of the static HTML, CSS and JS files for our application can be served from S3.
- Lambda functions (FaaS) — They are the key enablers in Serverless architecture. Some popular examples of FaaS are AWS Lambda, Google Cloud Functions and Microsoft Azure Functions. AWS Lambda is used in this framework. The application services for logging in and accessing data will be built as Lambda functions. These functions will read and write from your database and provide JSON responses.
- Security Token Service (STS) — generates temporary AWS credentials (API key and secret key) for users of the application. These temporary credentials are used by the client application to invoke the AWS API (and thus invoke Lambda).
- User Authentication — AWS Cognito is an identity service which is integrated with AWS Lambda. With Amazon Cognito, you can easily add user sign-up and sign-in to your mobile and web apps. It also has the options to authenticate users through social identity providers such as Facebook, Twitter or Amazon, with SAML identity solutions, or using your own identity system.
- Database — AWS DynamoDB provides a fully managed NoSQL database. DynamoDB is not essential for a serverless application but is used as an example here.