[ceejayoz]

Again, if you're large enough to be in multiple regions, all of this should be configured via the APIs using a configuration management system of some sort.

Ansible, for example, can easily manage stuff like security groups (http://docs.ansible.com/ansible/ec2_group_module.html) , load balancing (http://docs.ansible.com/ansible/ec2_elb_lb_module.html), IAM users and roles (http://docs.ansible.com/ansible/iam_module.html), etc., and it does them in repeatable, auditable, version-controllable, self-documenting fashion.

[grif-fin]

" if you're large enough to be in multiple regions, all of this should be configured via the APIs"

Is the suggestion to recreate what Amazon Console has done (using APIs) in every large organisation using AWS because Amazon Console is not good enough?

[tomcart]

No, treat your infrastructure as code. Define it programatically, version it, have a standard, automated process for recreating it.

If you're using AWS then Cloudformation (maybe with an abstraction like troposphere), will do what you need.

If you are pressing the big blue 'launch instance' button, you are doing it wrong.

[grif-fin]

"No, treat your infrastructure as code."

Agreed. Advantage is clear and understood.

My point here is: there exists something called 'Amazon Console'. I argue it is a good thing to have if done properly easing the service management as visualized management is more human friendly and APIs more computer friendly. If there exists a bad visualized service management (e.g. Amazon Console) it is the lack of skills of the humans developing it not because managing a vast complex clusters is easier through APIs/CLI and impossible/wrong via UI.