[lykr0n]

If you know what you are doing, it is leaps and bounds cheaper to run your own hardware (co-located, rented from soneone else). The only issue is latency on scaling out (hours), but if you are halfway decent with trend lines you can preempt this.

[xiaodown]

That's not the only issue; there's also a lot of compliance issues that having a hosting company can take care of. There's whole sections of PCI and HIPPA compliance that you can just write off as "not our problem, talk to AWS".

[scurvy]

PCI compliance had little to do with where you're hosted, but how you're hosted and what you do with data.

AWS is not a magical PCI compliance button.

[013a]

Theoretically, it isn't. In actuality, and in our experience, there are a lot of compliance standards where just saying "we're on AWS" gets you 90% of the way toward acceptance. Its mostly buzzword compliance.

[scurvy]

That's just not true. Most of PCI compliance is documenting practices and operations. Have you even completed all various levels of compliance? Or have you just done one level?

[amazingman]

And what if the delta between your upper and lower daily “trend lines” is measured in millions of requests per hour? Per second? We can leave off weekly/seasonal trends for now, and keep it nice and easy for you.

The utter lack of imagination that I see on HN when people are judging others’ technical decisions is kind of hilarious.