This would basically be the game-changer for building backends on lambda.
The absolute key and most valuable piece in most backends is the persistent datastore. I absolutely want to build functional stateless business logic on lambda, but I absolutely will not, no matter the gain from not having to manage servers, have my database be dynamodb or any other non-RDBMS, for any serious application in 2017.
Why not? Plenty of serious companies use DDB or MongoDb or plenty of other databases for their "serious applications"... this seems like a rule based on a bad experience. Would love to hear about it.
Why not? Well, a caveat: I will always use an RDBMS when the data is inherently relational. In a "serious application" (I realise the term serious is hyperbolic here and I shouldn't have used it) this is true most of the time.
If it weren't true, then of course I might consider using DynamoDB or similar. But I think these situations are few and far between.
I'm often wrong though and happy to learn about some counter examples if you have any / have my assumptions corrected.
> The "interesting" part is how to secure user credentials to login to the RDS instance, and manage connection pools etc, but it's not that difficult
You can run your RDS instances and your Lambda's in the same private VPC. It doesn't secure your credentials per se, but it does prevent anyone else from accessing your database with Lambda.
The "problem" with putting Lambdas into a private VPC is that then you need to do NAT, which means permanent infrastructure (NAT gateways, failover, scaling...). It can be done but there are more headaches than with a pure serverless solution. Unless things have changed since the last time I looked at this stuff.
You just need a private subnet, not a whole separate VPC. You still need NAT to get outbound access, but instead of running a random EC2 instance for the NAT, AWS now has a NAT you can deploy with a click or API call. You still pay for it, but it's at least much easier to set up and there's no maintenance. I assume they have redundancy and failover and such built in also.