Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
wiether 12 hours ago

Reading all the posts about people who got bitten by some policies on AWS, I think they should create two modes:

- raw

- click-ops

Because, when you build your infra from scratch on AWS, you absolutely don't want the service gateways to exist by default. You want to have full control on everything, and that's how it works now. You don't want AWS to insert routes in your route tables on your behalf. Or worse, having hidden routes that are used by default.

But I fully understand that some people don't want to be bothered but those technicalities and want something that work and is optimized following the Well-Architected Framework pillars.

IIRC they already provide some CloudFormation Stacks that can do some of this for you, but it's still too technical and obscure.

Currently they probably rely on their partner network to help onboard new customers, but for small customers it doesn't make sense.

viraptor 12 hours ago | parent [-]

> you absolutely don't want the service gateways to exist by default.

Why? My work life is in terraform and cloudformation and I can't think of a reason you wouldn't want to have those by default. I mean I can come up with some crazy excuses, but not any realistic scenario. Have you got any? (I'm assuming here that they'd make the performance impact ~0 for the vpc setup since everyone would depend on it)

wiether 11 hours ago | parent [-]

Because I want my TF to reflect exactly my infra.

If I declare two aws_route resources for my route table, I don't want a third route existing and being invisible.

I agree that there is no logical reason to not want a service gateway, but it doesn't mean that it should be here by default.

The same way you need to provision an Internet Gateway, you should create your services gateways by yourself. TF modules are here to make it easier.

Everything that comes by default won't appear in your TF, so it becomes invisible and the only way to know that it exists is to remember that it's here by default.

viraptor 4 hours ago | parent [-]

There's lots of stuff that exists in AWS without being in TF. Where do you create a router, a DHCP server, each ENI, etc. ? Why are the instances in a changing state in ASG rather than all in TF? Some things are not exactly as they exist in TF, because it makes more sense that way. We never had 1:1 correspondence in the first place.