Describe how functions should handle dependent-service latency, third-party failure, and overloaded downstream systems. Explain what resilience looks like in short-lived compute.
Timeouts, circuit breakers, and fallbacks are the patterns that keep a short-lived serverless function from turning one slow dependency into a platform-wide latency problem. A function invocation has a bounded lifetime. If it waits too long on one database, partner API, or internal service, that waiting time consumes concurrency, raises cost, and often triggers more retries upstream.
That is why resilience in serverless is mostly about refusing to wait forever. The system needs clear timeout budgets, a way to stop calling dependencies that are obviously unhealthy, and a fallback behavior that matches business reality instead of returning meaningless success.
flowchart LR
A["Function"] --> B{"Dependency healthy?"}
B -->|Yes| C["Call dependency with timeout"]
C --> D{"Response in budget?"}
D -->|Yes| E["Continue"]
D -->|No| F["Fallback or fail fast"]
B -->|No| F
What to notice:
A function with a 30-second maximum duration should not give one dependency 29.5 seconds unless that dependency is the entire purpose of the function. Real systems often need:
This matters because a dependency that responds just under the function limit is still often a failure from the user’s perspective.
Traditional circuit breakers are often described in the context of long-lived application processes that maintain in-memory failure counts. In serverless, the exact mechanism may differ because runtimes are ephemeral. The architectural idea is still the same:
This state may live in a shared store, a gateway, or a resilience layer rather than in one runtime instance.
1export async function fetchCatalogItem(itemId: string) {
2 if (await circuitStore.isOpen("catalog-service")) {
3 return cachedCatalogFallback(itemId);
4 }
5
6 try {
7 return await withTimeout(
8 catalogClient.getItem(itemId),
9 800
10 );
11 } catch (error) {
12 await circuitStore.recordFailure("catalog-service");
13 return cachedCatalogFallback(itemId);
14 }
15}
What this demonstrates:
A fallback can mean:
The anti-pattern is a fake fallback that hides correctness loss. For example, returning “payment accepted” when the payment service never confirmed the charge is not graceful degradation. It is lying.
A function-backed checkout endpoint depends on inventory, pricing, and tax services. One dependency occasionally slows to several seconds, causing the entire request path to stall and then retry. What should be tightened first?
The stronger answer is the timeout and degradation strategy for each dependency. The path needs explicit budgets, not just a larger overall function timeout. Some calls may need fast failure, some may use cached fallback, and some may require asynchronous continuation. The current design is treating dependency latency as if waiting were free.