[mwakerman]

I agree and just want to add IAM to the list of AWS Lock In services. We provisions environments almost entirely using Config-as-code tools (packer, ansible, terraform) and generally have a good blueprint for what an environment looks like and the parts I’ve had the hardest time thinking about migrating to another cloud provider is all the IAM rules that magically give hosts/services the ability to talk to other services.

[cosmie]

I'm not sure about GCP, but Azure does offer role-based access[1] which gives you similar resource authentication magic to what IAM provides. The definition formats[2] even look fairly close to their IAM equivalents.

It's used in combination with Azure Active Directory, so the modality isn't 1:1 with AWS. But Managed Identities[3] is a feature that's rolling out across Azure which simplifies the model a bit, since it negates the need to create service principles in AAD beforehand.

[1] https://docs.microsoft.com/en-us/azure/role-based-access-con...

[2] https://docs.microsoft.com/en-us/azure/role-based-access-con...

[3] https://docs.microsoft.com/en-us/azure/active-directory/mana...

[fakedang]

GCP too provides role based access.

[AmericanChopper]

IAM is simply one of AWS's killer features. It's just a service that's so good it differentiates itself from the competition. Lock-in based on quality is not the sort of lock-in that I'm most worried about, because it's very clear what I'm getting in return for it. The alternative to using IAM to begin with would be to commit to work comparable in scope to that required to migrate away from it in the future.

[fomine3]

Avoiding use of Lambda(example) is possible but for IAM?