Hacker News new | ask | show | jobs
by sandGorgon 2449 days ago
>Each cluster lives in a completely new and isolated AWS account.

Google Cloud does this so well. I still dont understand why AWS cant create project level isolation. Conceptually it is IAM with some namespaces ... or even autogenerated IAM.

But the usability is incredible.
1 comments
hjacobs 2449 days ago
True, but at least they now have an API for account creation (AWS Organizations) --- it was really painful in 2015/16 to script (in the browser!) all necessary steps for account creation (add credit card, remove it again [to switch to invoice], etc)
link
sandGorgon 2449 days ago
No it doesn't work very well. Because AWS organisation absorb billing as well. We use reseller billing in both AWS and GCP.

In GCP, the projects don't affect the billing. However in AWS, I can't have accounts in one organisation and consolidated billing in another (the reseller Organization).

Its a mess.

link