logoalt Hacker News

danielheathtoday at 2:47 AM2 repliesview on HN

The biggest one for me is the way AWS security groups & IAM work.

In AWS, it's straightforward to say e.g. "permit traffic on port X from instances holding IAM role Y".

You can easily e.g. get the firewall rules for all your ec2 instances in a structured format.

I really would not look forward to building something even 1/10th as functional as that.

Replies

tempaccount5050today at 2:55 AM

And you think just anyone can set that up? No sys admin/infra guy needed? Seems pretty risky.

show 1 reply
essephtoday at 4:40 AM

I would probably just build the infra in crossplane which standardizes a lot of features across the board and gives developers a set of APIs to use / dashboard against. Different deployments and orgs have different needs and desire different features though.