Most serverless tutorials stop at a hello-world Lambda behind API Gateway. I wanted the opposite: build one real product end to end, run every command on real AWS, and write
down the actual numbers — including the ones that didn't go as planned.

The result is a 21-article series that builds a URL shortener with realtime click analytics, fully serverless, and takes it to production: auth, multi-tenancy, an event
pipeline, realtime push, observability, CI/CD with canary deploys, a cost breakdown, and a load test. Code:
github.com/nghiadaulau/serverless-url-shortener-aws.

The product

       ┌──────── Cognito (JWT) ─────────┐

Browser ─HTTPS──▶ API Gateway (HTTP API) │ auth
│ │ │ │
POST /links ───┼─────▶ create ──▶ DynamoDB (single-table)
GET /{code} ───┼─────▶ resolve ─┬─▶ 301 redirect
│ │ └─▶ EventBridge ─▶ SQS(+DLQ) ─▶ aggregator
│ │ │ count + push
└─WebSocket───────────────────────────────────◀── realtime dashboard

Step Functions (link moderation) · X-Ray · CloudWatch alarms
SAM (IaC) · GitHub Actions CI · CodeDeploy canary + rollback

Nothing here is a server you keep running. Idle cost is effectively zero.

A few findings that surprised me (all measured, not quoted)

Memory is CPU. The same CPU-bound work at 128 MB vs 1769 MB:

128 MB: 2594 ms
1769 MB: 88 ms → ~29x faster, and ~2.25x cheaper (memory × billed time)

At 128 MB a Lambda is CPU-starved, not memory-starved (Max Memory Used stayed ~82 MB in both). The same lever cut a cold start from 1513 ms to 295 ms.

The concurrency ceiling is a quota, not your code. Load testing with k6 at ~554 req/s:

Total requests: 27741
301 (success): 304 (1.1%)
503 (overload): 25 (0.1%)
429 (throttled): ~98.8%
ConcurrentExecutions (max): 10

This account had a reduced Lambda concurrency limit of 10, and an API Gateway rate throttle I'd set deliberately. So under load the system sheds traffic in two layers (429
at the gateway, 503 at Lambda) and stays fast for what it serves — graceful degradation, not a crash. The fix isn't optimizing code; it's raising the quotas.

Idempotency without a framework. Click events are delivered at-least-once, so naive counting double-counts. One DynamoDB TransactWriteItems bumps the counters and
writes a CLICK#<eventId> marker with attribute_not_exists — a duplicate cancels the whole transaction, so it's counted exactly once.

The bill. Building and testing the entire thing — API, database, auth, event bus, queues, realtime, state machine, observability — cost essentially $0, all within
free tier.

What the series covers

• Foundations — SAM, the Lambda execution lifecycle, cold starts, arm64
• Core — HTTP API vs REST API, DynamoDB single-table design, GSIs and sparse indexes, conditional writes, atomic counters
• Auth — Cognito + JWT authorizer, multi-tenancy, blocking IDOR at the data layer
• Event-driven — EventBridge, SQS + DLQ, idempotency, partial batch failure, WebSocket realtime push, Step Functions + the saga pattern
• Production — Powertools + X-Ray, CloudWatch alarms and SLOs, cold-start optimization, IAM least-privilege, throttling
• Operations — CI/CD with canary deploys and rollback, a real cost breakdown, load testing with k6, a Well-Architected review

Every article is grounded in the official AWS docs and ends with cleanup so you never get a surprise bill.

Read it

Full series (English): https://kkloudtarus.net/en/blog/what-is-serverless-when-to-use
Code: https://github.com/nghiadaulau/serverless-url-shortener-aws

If you're learning serverless beyond hello-world, this is the path I wish I'd had. Questions and corrections welcome.