🦸 Serverless Superhero

Our serverless superhero this week is Teri Radichel, founder and principal pentester at 2nd Sight Lab and AWS Security Hero. Every time I listen to Teri talk, I admire her relentless attention and positioning on security. In an era where we seem to be moving as fast as possible throwing security to the wayside, we need people like her. Thank you, Teri, for keeping us safe with your attention to detail and for always being willing to share your knowledge!

💯 Spotlight

Event-driven architectures are sneaky. Just when you think you really have the hang of them, your events go missing and are completely untraceable. I loved the video from James Eastham last week where he sets up this exact problem and tells you how to address it the right way. If you’re unfamiliar with the outbox pattern, give this video a watch - it’s as entertaining as it is educational.

🔥 My Favorite Content

It was a model context protocol (MCP) heavy week, with content from lots of smart people offering their insights into it. First, we had Anton Aleksandrov who shared a wonderfully quirky and in-depth article on how to build an MCP server using Lambda. His build features Peppa Pig and brought lots of humor to the post, which makes it a fun read.

Michael Walmsley shared his Lambda Powertools docs MCP server that lets you interact with the Powertools documentation. It’s a neat take on an MCP server that almost acts like a RAG pipeline when you think about it 🤔

I did a live stream with Andres Moreno on consuming remote MCP servers with AI agents. We show how to deploy an MCP server into Cloudflare, build an AI agent that consumes it using LangChain, and create a Lambda function to dynamically build and prompt the agent. To me, this is the next step with MCP and is where our attention needs to start focusing. Bonus - I also posted a blog on how trust will make or break AI agent success.

For whatever reason I feel like we’ve stopped talking about testing in serverless environments. Elias Brange brought the topic up last week with a fantastic article on improving DX through better testing. Elias explains the difference between inner and outer feedback loops and gives great resources on how he implements his tests throughout his entire stack. He also touches on ephemeral environments and debugging in the cloud. This article is absolutely 💯

For a dose of practical security, I highly recommend watching Ayhan Setirekli’s talk on enhancing S3 security with GuardDuty malware protection. This quick-but-impactful talk walks through the architecture of a project he built to scan files shared via SFTP while keeping his security team in the loop. It’s a really cool and pragmatic solution to a problem most of us will have at one point in time.

💡 Tip of the Week

I was intrigued by a post from Gunnar Morling last week where he thought about what he would do differently if we rebuilt Kafka from scratch. I love deep posts like this from technologists who fundamentally understand how things work. Great read.

🐣 New Releases

Amazon Q Developer released a new agent for feature development. They say it’s state of the art compared to teh industry benchmark. I’d be interested to hear what you guys think about this one.

AWS App Config now supports IPv6. There’s been a lot of work on IPv6 support across AWS services recently.

The biggest release of the week was from AppSync Events, which now supports data source integrations for channel namespaces. This means when messages are published, you can hook up event handlers via Lambda, DynamoDB, Aurora, and more. This is a big, big deal.

Last Words

I’m excited about the possibilities we’re moving toward with the recent advancements in AI. It seems like the world is changing and small, personal agents are something that’s going to be quite popular and effective for consumers. What do you see coming in the next year?

If you’d like to make a recommendation for the serverless superhero or for an article you found especially useful, send me a message on Twitter, LinkedIn, or email.

Happy coding!

Allen