AWS Bites Episode 135: Serverless is Making a Comeback Where You Least Expect It

Published: November 15, 2024
Hosts: Eoin Shanaghy & Luciano Mammino

Episode Overview

This episode dives into the evolving perception and adoption of serverless technologies, particularly in large enterprises. Eoin and Luciano address the recent skepticism around serverless, analyze its drawbacks and strengths, and discuss real-world experiences and data on costs, complexity, security, and maintainability. They aim to offer a balanced, nuanced look at when serverless fits and when it might not, countering social media “hot takes” with practical insights.

1. Defining Serverless and Setting the Context

• What does “serverless” mean?

  • Offloading as much infrastructure management as possible to the cloud vendor (AWS primarily) so developers focus on business-unique work.
  • Traits include:
    • No server or advanced container management (but yes, there are physical servers “somewhere”).
    • Fine-grained scaling based on demand.
    • Event-driven, decoupled, asynchronous architectures.
    • Pay-as-you-go pricing: you don’t pay for idle capacity.
    • Main examples: AWS Lambda, but also S3, SQS, SNS, EventBridge, API Gateway, AppSync, etc.
  • (00:56, Eoin): “When we say serverless, we are talking about architecture and technology selection with a few different traits...You don’t need to manage [the servers].”

• Why all the noise about serverless’ future?

  • Recent social media trends have focused on serverless’ cost and complexity horror stories.
  • There’s a misconception that monoliths and VMs never had problems, and that serverless’ promise was oversold.
  • In reality, while some startups may hit snags, many large enterprises are finding significant benefits.

2. Unpacking the Criticisms: Cost & Complexity

Cost: Is Serverless Really More Expensive?

• The raw per-unit price for compute with serverless (especially Lambda) is typically higher than EC2 or Fargate.

• However, looking only at unit cost is misleading:

  • Idle capacity: EC2s are often under-utilized, leading to wasted spend; serverless charges only for use.
  • Serverless can be far cheaper for unpredictable workloads with lots of idle time.
  • For workloads with 100% predictable, high utilization, EC2 may be much cheaper.

• (04:10, Luciano): “Serverless allows you to eliminate waste...if you have very unpredictable traffic, if you have lots of idle time, actually serverless might be a much cheaper solution for you.”

• Total Cost of Ownership:

  • Don’t just count runtime cost—factor in developer and maintenance time.
  • Serverless, with properly trained teams, enables faster development and fewer operational distractions.
  • The cost of hiring/maintaining sysops, patching, and updating is higher with EC2.
  • (05:46, Luciano): “When you have teams that are well trained to use serverless technologies, they are generally much faster at developing solutions and put them in production.”

Complexity and Mental Overhead

• Serverless apps are naturally distributed and often end up as complex systems of many small components.
• For devs used to monoliths (Rails/Django), visualizing and managing this sprawl can be daunting.
• There’s a trade-off: this complexity often reflects actual business complexity—serverless just makes it more visible.
• Memorable moment: Luciano references Yan Cui’s perspective:
  • (07:00, Luciano): “...the complexity would exist anyway. If you have hundreds of lambdas, probably you have hundreds of processes...they would just have been hidden in a monolith.”
• Not all devs share their success stories—negative takes can dominate online conversations.

3. Understated Serverless Advantages for Enterprises

Rapid Experimentation

• Serverless makes it cheap and fast to experiment, especially in large organizations.
• You can quickly “throw together” prototypes, try, discard, and iterate—without huge upfront investments.
• Encourages a “swappable component” mindset, reducing design paralysis and making architectures more evolvable.
• (08:37, Eoin): “What may have taken you weeks or months can be achieved in hours or days with this approach.”

Enterprise Economics: The Broader Picture

• Citing Industry Research:
  • Deloitte study: 45-80% reduction in maintenance cost moving from EC2 to serverless.
  • AWS whitepaper: 4-9% five-year ROI, 89% reduction in deployment time, 33% increase in developer productivity.
• Hidden “devops” and firefighting costs in traditional infra are often much higher than realized.
• (12:29, Luciano): “If you stop for a second and look...you will see in a company how much time is being spent by many engineers just addressing stuff that is not the pure business logic...”
• Compute cost is important, but “the human costs and total cost of ownership” matter more for decision making.

4. Security and Compliance Benefits

• Serverless increases the cloud provider’s share of responsibility, reducing your exposure.
• Less custom code and fewer self-managed servers significantly lower attack surface and patching overhead.
• Lambda’s fine-grained, short-lived nature (15 min timeout, one event at a time) shrinks the “blast radius” in case of an exploit.
• Tight IAM policies per function further reduce scope for attackers.
• (14:13, Eoin): “The blast radius of a single Lambda execution is incredibly small compared to other options...there’s a very limited temporal blast radius there for any attack to take effect.”

5. Evolvability and Modularity: Designing for Change

• Serverless naturally nudges design toward small, decoupled, event-driven components.
• Modular design makes technical debt from frameworks and language upgrades less painful.
• With monoliths, upgrading a core framework (Django, Java, ASP.NET) can force an all-at-once rewrite; in serverless, you upgrade individual components as needed.
• Trying a new programming language or runtime becomes feasible “by lambda,” not all-or-nothing.
• (17:16, Luciano): “Modular architectures are by default more evolvable...when you need to do those big changes, they’re not going to be as big as with a monolith.”

6. The Real-World Fit: When Serverless Makes Sense… and When It Doesn’t

• Hybrid approaches are pragmatic: It’s rarely “all or nothing.” Use what fits your context.

• In small teams/companies, simple tech might take priority due to constraints on skills, budget, or time.

• Enterprises can afford to diversify and iterate, investing steadily in serverless where it fits—often starting with a subset of workloads.

• Some monoliths are best left alone; migration just for migration’s sake is a trap.

  • (18:28, Eoin): “You can be pragmatic and go with a less serverless approach when you don’t have the time or budget, or just when it doesn’t suit.”

• Notably, enterprises now may lead on serverless adoption, while some startups might stick to “boring monoliths” for speed and focus.

• The key is avoiding tribal, dogmatic thinking and honestly evaluating trade-offs.

  • (19:28, Eoin): “Remember that there’s no need for tribal, all-or-nothing thinking...If you’ve got a pragmatic mindset and can evaluate trade-offs, you’ve got a great chance of success no matter what technology you pick.”

7. Notable Quotes & Moments

• Eoin: “We’re notoriously hit and miss when it comes to naming things. Serverless is yet another example of a term that doesn’t quite capture what it’s all about.” (00:36)
• Luciano: “Serverless allows you to eliminate waste.” (04:10)
• Luciano, referencing Yan Cui: “The complexity would exist anyway...serverless in a way is just making it more evident that you have all these pieces combined together.” (07:00)
• Eoin: “What may have taken you weeks or months can be achieved in hours or days with this approach.” (08:37)
• Luciano: “If you stop for a second and look at it, you will see in a company how much time is being spent by many engineers just addressing stuff that is not the pure business logic of your own applications.” (12:29)
• Eoin: “The blast radius of a single Lambda function execution is incredibly small compared to other options.” (14:13)
• Luciano: “Modular architectures are by default more evolvable...when you need to do those big changes, they’re not going to be as big as with a monolith.” (17:16)
• Eoin: “You don’t necessarily have to go all in on serverless just because it feels like the right thing to do.” (18:52)
• Eoin: “There’s no need for tribal, all-or-nothing thinking...pragmatic mindset and trade-offs.” (19:28)

8. Key Takeaways

• Serverless remains powerful, especially for enterprises: When complexity, security, and scale matter, serverless unlocks agility, safety, and productivity.
• Cost isn’t just about compute: Dev time, maintenance, “firefighting,” and opportunity for rapid innovation tilt the cost equation in favor of serverless for many.
• Complexity is not unique to serverless: It often just surfaces existing business logic you’d have to deal with anyway.
• Security posture improves: Smaller attack surfaces, less patching, and finer-grained IAM controls.
• Modularity enables easier evolution: Updates, language shifts, and integration experiments are simpler.
• Adoption is contextual: No “one true way”—use what fits your team’s needs and constraints, and consider hybrid approaches.
• Balanced conversation is crucial: Online negativity may not capture the true enterprise adoption patterns and benefits.

If you're considering serverless for your organization, this episode helps you see through the hype and horror stories to evaluate whether it fits your context—and why larger companies might be finding serverless more beneficial than ever before.

Have your own experience?
The hosts encourage listeners—especially those in enterprises—to share whether you're bullish or bearish on serverless post-hype.