[jacques_chester]

I work at Pivotal, we have both Kubernetes (PKS) and Cloud Foundry (PAS) offerings. With Cloud Foundry we abstracted away the IaaS pretty much entirely, including IAM and SSO, for the reasons you outline (and were doing so before Kubernetes existed). We also went out of our way to make "give the developer an account" as easy as possible. I worked in Pivotal Labs before moving to R&D; the ease of just getting something running on CF vs the various homegrown platforms I encountered was just amazing and was part of why I switched divisions.

This kind of generalised, simplified capability is quickly emerging for Kubernetes too. Knative is such an effort (we contribute there too), there are many others. What has typically been missing, in my view, is an understanding that different roles need different things from a platform. Kubernetes kinda blurs the business of being an operator with being a developer.

That's fine at a small scale. It's also workable, including some automation, at large scale if you trust everyone. But there are lots of folks in the middle who are at large scale who can't just let anyone do anything they like. They need crisp boundaries between developers and operators which are safe and easy to traverse. You also need top-to-bottom multi-tenancy with no way to opt out, which is not yet a thing to vanilla Kubernetes.

In any case, I don't think AWS is going to be wiped out by Kubernetes. But taking a counterfactual view, it seems plausible that the introduction of Kubernetes has flattened their lockin trajectory and hence reduced their long term profits as an area under the curve.