[chrisco255]

Lambdas, at least the JS ones, are Node.js based and not hard at all to migrate to an alternative cloud service. You can even use a framework that handles all the cloud-specific functionality for you and works across AWS, Azure, GCloud, etc: https://www.serverless.com/

The lock-in really comes from AWS-specific services. Redis, Mongo, etc will have the same API no matter where you're hosting them, so it's pretty trivial to point your client-side code to a different cloud-hosted Redis instance if you find AWS lacking there.

[mwakerman]

I agree and just want to add IAM to the list of AWS Lock In services. We provisions environments almost entirely using Config-as-code tools (packer, ansible, terraform) and generally have a good blueprint for what an environment looks like and the parts I’ve had the hardest time thinking about migrating to another cloud provider is all the IAM rules that magically give hosts/services the ability to talk to other services.

[cosmie]

I'm not sure about GCP, but Azure does offer role-based access[1] which gives you similar resource authentication magic to what IAM provides. The definition formats[2] even look fairly close to their IAM equivalents.

It's used in combination with Azure Active Directory, so the modality isn't 1:1 with AWS. But Managed Identities[3] is a feature that's rolling out across Azure which simplifies the model a bit, since it negates the need to create service principles in AAD beforehand.

[1] https://docs.microsoft.com/en-us/azure/role-based-access-con...

[2] https://docs.microsoft.com/en-us/azure/role-based-access-con...

[3] https://docs.microsoft.com/en-us/azure/active-directory/mana...

[fakedang]

GCP too provides role based access.

[AmericanChopper]

IAM is simply one of AWS's killer features. It's just a service that's so good it differentiates itself from the competition. Lock-in based on quality is not the sort of lock-in that I'm most worried about, because it's very clear what I'm getting in return for it. The alternative to using IAM to begin with would be to commit to work comparable in scope to that required to migrate away from it in the future.

[fomine3]

Avoiding use of Lambda(example) is possible but for IAM?