What are serverless functions? Streamlined development and scalable deployment

Traditional servers come with scaling challenges from complex infrastructure to unpredictable costs.

Serverless functions are an alternative to this: a highly scalable hosting solution that is optimized for cost.

This post explains what serverless computing is and how serverless functions work, with examples of why and how to implement this emerging technology.

What is serverless computing?

A traditional server is a full computer (virtual or physical) that runs continuously listening for and processing incoming requests. Keeping a server running at all times incurs costs — virtualized servers (hosted on cloud platforms like AWS or Azure) incur fees for every second of operation, and physical servers have up-front hardware and ongoing operational costs. Both require ongoing maintenance to keep them properly configured, patched, and secure.

In serverless architecture, the cloud platform manages the underlying virtual machines, operating systems, and scaling for you. All of the underlying configuration (including networking, firewalls, and load balancing) and maintenance is abstracted away, and you are given a consistent execution environment that runs your application. 

What are serverless functions?

Serverless functions are provided by serverless computing providers to run your code in a stateless manner. They can use different languages and expose different functionality, but they all provide automated scalability, reduced configuration, and a cost reduction (as, unlike traditional servers, they only run when there is an active request).

Serverless functions are loosely coupled and event driven, which means they will only run when triggered by specific events. These events include HTTP requests (like when a user visits a URL or submits a form), scheduled triggers like a cron job, database changes when you insert or delete a document, or custom events in your application.

Serverless functions and microservice architectures

A microservice architecture breaks an application into independent services that communicate through events or APIs, making the system more modular and maintainable. Serverless functions work well with this architectural pattern, as each function can be modified independently, scaled automatically, and built to handle a single responsibility.

A monolithic architecture is the traditional development paradigm where all of the code is tightly coupled in one codebase. While serverless functions are more suited to event-driven systems where decoupling is a priority, you can still use them with monoliths for specific event-driven tasks. For example, you may use serverless functions to handle real-time communication in an otherwise monolithic app or extend an existing monolithic application to perform new, compute-intensive tasks using serverless functions.

How serverless functions work

A simple web form submission can illustrate how serverless functions work in practice.

The flow starts with the user entering their information and submitting the form, triggering an HTTP request, which then sends the data to an API gateway. The gateway can then handle tasks like sanitizing data and performing authentication or authorization. It then routes the request to your serverless function.

The serverless function then starts, handles the request (this could be anything from saving the data to a database, sending an email, or performing any other custom logic), and then sends an HTTP response back to the client before ending. 

Multiple serverless functions can run concurrently as requests come in, each serving its request before terminating. This means you only pay for what you use, not a fixed bandwidth or a certain number of servers running constantly. You also get automatic scaling, so there's no need to worry about capacity and load balancing.

While you don't need to manage servers directly, relations to other parts of the architecture, such as databases, will need to be configured (in AWS, you have security groups and virtual private clouds to set up). To further reduce infrastructure-related workloads, you can employ managed databases (Database as a Service, or DBaaS).

When to use serverless functions

Serverless functions are frequently used to provide backend APIs for web and mobile apps. Whether running custom logic, interacting with databases, or rendering server-side applications, serverless functions are perfect for building the back ends that run your web or mobile apps.

Serverless functions are also used for resource-intensive tasks like multimedia and data processing to reduce costs. You can use them to process images, audio, or video; for example, you might use them to transcribe audio or compress large files as they're uploaded.

Serverless functions are great for handling Internet of Things (IoT) device events and triggering other services without the need for a dedicated server running continuously.

Serverless functions are also a great fit for chatbots because both are event driven, responding to events like messages or voice commands. Serverless functions are also cost effective, and their ability to scale automatically means they can handle sudden traffic spikes without extra setup. This makes them ideal for chatbots that need to stay responsive during bursts of activity without running 24/7.

Edge computing, which includes services like Cloudflare Workers, Lambda Edge, and Vercel Edge, allows serverless functions to run closer to the user by executing code at edge locations worldwide. You can set up these services to handle things like running authentication logic closer to the user's location at the edge before hitting the server, which can reduce latency and improve performance.

Serverless in the real world

A successful example of using serverless functions comes from the BBC’s website, which uses AWS Lambda to render their React front end server-side. When there's a breaking news story, their traffic levels can increase rapidly. They found that serverless functions were faster than EC2 auto-scaling for this use case.

One caveat of serverless functions is cold start latency — you're not running a server 24/7 waiting for requests to come in. If the function hasn't been invoked for a while, it may take a little time to start, introducing a delay in response time. 

Vendor lock-in can also present a problem: Serverless functions from each cloud platform use specific tooling, APIs, and configurations, which may make it hard to migrate to another cloud provider later down the line. Serverless is a useful tool that can simplify your infrastructure, but it's important to weigh these trade-offs depending on your project's needs.

How to debug serverless functions

Because serverless functions are short-lived and stateless, you have to rely on logs and monitoring to debug and understand problems with your application. Most cloud providers have built-in tools to help with this:

• AWS provides CloudWatch Logs and X-Ray for tracing.

• Google Cloud provides Cloud Logging and error reporting.

• Vercel and Netlify give you integrated function logs and analytics.

Other third-party observability tools exist, such as New Relic and Sentry, that can help you track cold starts and performance bottlenecks. During local development, tools like AWS SAM CLI or the Serverless Framework let you simulate function invocation so you can inspect logs and analyze the way your functions behave before deployment.

Serverless computing security best practices

Serverless computing and serverless functions can reduce certain parts of your attack surface: Your service provider handles infrastructure security and patching, and the functions themselves are short-lived and stateless, which reduces the ways they can potentially be exploited. Even with this advantage, they still come with their own security considerations:

• Broken authentication: You have to make sure to protect your endpoints (using API keys, OAuth, or JWTs) to provide a first line of defense. 

• Serverless functions are not inherently secure: Your code still runs in the cloud, and vulnerabilities can still arise from bugs or insecure logic, so it makes sense to regularly audit and maintain your code just as you would with any backend system.

• Injection attacks: Serverless functions are still open to SQL injection attacks, so you need to make sure you validate all incoming inputs and escape dynamic queries.

• Third-party dependencies: Your functions will often need to rely on packages, so make sure to keep them up to date, scan them for vulnerabilities, and ensure they are legitimate and regularly maintained. Dependency scanning tools like Snyk or Dependabot can assist with this.

Within serverless platforms, you should follow best practices by leveraging the security tools they provide; for example, using least-privilege IAM roles in AWS to make sure that each function can only access the service it needs. It's also a good idea to configure VPC access for functions that need to interact with private resources (such as a database), and make sure to monitor and track function activity for any suspicious activity.

The rise of built-in serverless extensibility

The rise in popularity of serverless functions has brought innovation in the form of extensibility. Before, if you wanted to extend a SaaS product or other tech platform you were using, you would have to provision your own servers or functions with AWS or Vercel, for instance, and manage your own infrastructure. Now, there is a broader industry shift for platforms to bake in their own serverless functions, offering native extensibility. This means developers can use the platform's infrastructure to write functions that not only extend its functionality but also integrate closely with the platform's features.

For example, Atlassian Forge is a serverless app development platform designed for building apps within the Atlassian ecosystem; it allows you to write and deploy functions that can respond to events from Atlassian products like Jira and Confluence.

Another example is Adobe's serverless platform, Adobe I/O Runtime, which allows you to deploy custom JavaScript functions that can respond to events from Adobe services, like Adobe Experience Manager (AEM), or they can also integrate with third-party services. These functions run in a Node.js environment and are triggered via HTTP requests or Adobe I/O Events. Again, this allows developers to extend Adobe products with custom functionality without having to manage their own infrastructure.

Now, as a natural progression and building on the extensibility introduced in our App Framework, the team at Contentful has introduced App Functions, bringing native backend extensibility to the platform.

Contentful App Functions: Extending without infrastructure

App Functions are the next step in helping developers customize and extend the functionality of Contentful; building on the foundation of the App Framework, they bring serverless, backend logic directly into the platform.

Traditionally, if you wanted to extend a content workflow, you would need to provision your own resources and external infrastructure to respond to events or perform backend tasks. App Functions eliminate this overhead by allowing developers to write serverless functions that run natively within Contentful, saving you money, and leaving scalability to Contentful’s infrastructure so you don't have to worry about it.

There are two types of App Functions:

• App Event Functions: These functions respond to content lifecycle events (like publishing or updating entries), this enables use cases like custom workflows, validation rules, or real-time notifications.

• App Action Functions: These functions provide general-purpose compute power for backend logic, such as calling third-party APIs, executing custom code, or processing secure tasks on behalf of the app.

The benefits of this are wide ranging and include faster iteration, a lower burden on your operation team, and an ability to closely integrate your solution with platform features.

Extending serverless functions with SaaS and APIs

You can use serverless functions as part of a composable architecture. Instead of building everything in-house, you can integrate third-party SaaS APIs to provide authentication, ecommerce, and content management and delivery with your own serverless code. This lets you connect them and provide your own logic only where you need it, which greatly reduces development time, simplifies infrastructure, and helps you bring your product to market faster.

Contentful provides REST and GraphQLs that serverless functions can access to retrieve content, including pictures, videos, text, and other structured data. Contentful App Functions allow you to set up custom workflows without having to set up external infrastructure, saving you time and money. This allows you to build scalable, event-driven, cost-effective apps on a serverless platform with built-in content creation and curation interfaces, and Contentful delivers everything from its high-speed global CDN. 

Take a tour

Chat with our team

We'll show you how our composable content platform can enhance 1:1 customer connections and drive growth for your business.

Subscribe for updates

Build better digital experiences with Contentful updates direct to your inbox.