Love it. We are coming to a lot of the same conclusions. We’ve gone with Terraform because CloudFormation has proved to be clunky at best, and the structure seems to be a bit more sensible. We’ve avoided serverless framework though for exactly the reasons specified around sharing of code. However, we’ve had to develop our own solutions for this too.
I like the idea of some form of “shortcut” from API Gateway direct to DynamoDB. It feels like a “Model” approach could be given where needed, however I could imagine this being abused and essentially meaning that people allow lazy and insecure access to data, so can understand why it isn’t done.
We have found that Lambda functions that don’t directly interact with DynamoDB Tables can be extremely fast with low latency, so if there was any way to auto-generate some of them, it could be an absolute winner.
One of the things that we’ve identified is that the idea of security changes with a serverless approach. It’s more identified with Lambda than with the microservice, and therefore IAM needs to be a slightly different type of deployment. There are some real changes needed to the thinking for some of this stuff.