[aramalipoor]

Just published a tiny CLI utility to save some bucks on AWS development environment while I'm not really working.

https://github.com/aramalipoor/aws-cost-saver

The idea is to stop/shutdown any resources (such as EC2 instances, RDS databases, ECS tasks, etc.) when you're done for the day and restore them back up next time you continue.

Currently it's in a very early stage, a hobby side-project :)

Ideally I'm thinking to provide a CloudFormation template or terraform config for example, to provision a scheduled Lambda with predefined "start of work" and "end of work" times and have it automatically do that for you.

I'd like to know if something like this would be useful for you too and what do you think about it?

[vageli]

Are you aware of cloud custodian out of Capital One? [0] Does this and much, much more (like delete noncompliant security groups, etc).

[0]: https://cloudcustodian.io/

[1vuio0pswjnm7]

I'm aware that Capital One was found guilty of not properly securing customer information when they started moving it to "the cloud" (AWS). I'm also aware that the person who orchestrated the data breach, by exploiting the bank's AWS (mis)configuration, had been hired by Amazon as a developer. Maybe the bank's IT staff created "cloud custodian" after the incident.

https://www.marketwatch.com/story/capital-one-fined-80-milli...

[destory-everyth]

Custodian was already there , they have a strict pipeline but what I hear is that the environment where the hack took place was bypassing the normal organisational pipe governance and did not even have coverage of the custodian on the account. Basically shadow it. I still put a lot of blame on the way AWS Iam makes it incredibly hard to stop the use of the credentials outside the vpc in the event they are stolen , for example source ip restrictions do not work if the bucked it using kms encryption because kms will decrypt on users behalf appearing to come from a different ip than the user . The called via is a farce that only work with about 4 services out of hundreds and the meta data v2 with its ip level TTL is a marketing gimmick

[aramalipoor]

Thanks for sharing this. Looks like a sophisticated solution, although might be too complex and enterprise-y for what I needed as a sleepy developer, but is definitely worth having a look :)

[WrtCdEvrydy]

This is amazing....

Edit: I wonder if you could put this inside of a lambda with just a role.

[aramalipoor]

Thanks. Agree with you, having it in a Lambda with a scheduled trigger or even manual trigger will be really useful.

[banana_giraffe]

Or an API gateway. I have something similar (though very bespoke for me) that has a simple API Gateway web page as it's front-end. It also opens up a firewall entry for my IP so I can connect to the machine.

Depending on my mood I either use the web page or some simple curl aliases to start and stop an instance.

[redacted3212]

CloudCustodian has offered this for quite some time. We use it at our company in all our accounts.

[adamlklein]

This sounds like a good idea!

I had been looking at creating a lamba to check for the existence of pods, services, alternate namespaces etc., as I learn K8s on AWS, to shut down the cluster when I'm not working on it.

[aramalipoor]

Thanks. Shutting down K8S cluster when not using is a really good idea. Maybe one day I play around with AWS's k8s cluster and add the trick to aws-cost-saver.

Pull requests are also welcome if you have time :) the logic must be similar to EC2 or RDS tricks: https://github.com/aramalipoor/aws-cost-saver/blob/master/sr...

[z3t4]

Im very interested in learning about your work flows, like how does a typical day look like? I do all my work on a local pc and only use servers for production. So im interesting in how/why you use the cloud stack

[aramalipoor]

It really depends on the company and developers preferences. For our company's case we do have a "dev" AWS environment for a couple of reasons:

1) To avoid having a side-IaC for your dev env (e.g. using docker-compose/local k8s/localstack) which could take same time as your prod-IaC (terraform/CloudFormation) to prepare. Instead of hours preparing/debugging local dev we can work on great features or refactoring some tech-debt in the real code.

2) Since we have many other teams and upstream dependencies it's much easier to deploy on a AWS when testing complicated features. In an ideal world you shouldn't need it but unfortunately it's never ideal world.

3) Local dev solutions could easily end up with "but it worked on my laptop" due to various reasons from Docker host configs, to localstack deviations from real AWS resources, etc.

But at the end of the day you should see what makes more sense for you :) I guess for many people spending time on preparing a great local dev using docker-compose/k8s/swarm/localstack is cheaper than using AWS for dev anyway.

[marton78]

Not OP, but in my company we do develop locally, however, merged feature branches are deployed to a AWS environment for testing. The environment is identical to production, but with smaller instances. Betas are deployed to yet another identical environment for QA to approve the changes. All three environments are managed by the same Terraform configuration to ensure they are identical.

[jen20]

How do you test or develop against cloud resources like ECS using a local PC?

[ununoctium87]

https://github.com/localstack/localstack

Though I find a stronger argument in using containerisation to ensure an identical application run-time environment no matter the infra it’s running on.

If we are talking about infra engineering, then sure. That’s where I find localstack helps

[hyeomans]

What happens when you need 40 micro-services running to render your frontend?

[smabie]

You ditch all the microservices and develop the app like a normal human being.

[pests]

That's an answer to a question he didn't ask.

[z3t4]

I would like to know how and why you use resources like ECS. et.al. There reason why I do not like to use cloud/serverless is because I find debugging is much easier on a local computer or a server I have root/metal/hardware access to. And that serverless have a very slow iteration rate, it can take minutes just to run a simple test that would be instant locally.

The reason I'm asking is because on my free time I'm developing a cloud IDE but I'm having trouble understanding the market. I beleave cloud dev services will be a huge market. But I don't understand how people use it practically in their dev setup.

[malwrar]

I use it (and similar tech) because I don't want to think about individual boxes at scale, rather instances of an application. Containers + orchestration allow me to develop and test in the exact same environment my apps will be in in prod, which allows me to mostly remove the hardware and OS as a variable that could affect its runtime behavior. They also make it easier to spin up a local copy of my services' runtime environments for testing, as I need only describe it in a simple yaml file and spin it up w/ docker-compose in a single command.

I found at first testing was arduous, but you learn to adapt. In my case, I increased the amount of debug logs my application throws (can also be useful to enable in prod when trying to hunt down an issue) and invested time in creating unit/integration tests that run outside of the container/lambda to validate specific paths/features. Worst case there's always docker exec and language-specific debugging when I want to dig in manually.

I'm still pretty skeptical about serverless (I mostly use it for cloud-specific automation), but as much as people like to shit on Docker it's been pretty great to use from an ops perspective. I interpret most negativity about it as curmudgeonly reactions to the admittedly excessive hype in the technologies, with some fairly pedantic complaints about the (imo minimal) overhead such technologies incur thrown in as an uninteresting justification.

[aramalipoor]

Posted an answer to another similar question: https://news.ycombinator.com/item?id=24250329 hope it helps when developing with your IDE :)

[takeda]

Hmm... ECS is for running docker containers.

If they don't work the same on local computer than on ECS perhaps docker failed to deliver what promised?

BTW: I absolutely hate debugging in AWS, it's such a nightmare, docker was the first thing that made thing hard even on premises, but AWS pushed things to 11.

I think the key to sanity if you have to use public cloud is to put extra effort so you discover all bugs locally before you deploy to public cloud. Which probably is not a bad thing.

[krono]

Ok, I don't know how else to ask and I'm seriously not trying to be an arse but how do you? I'm genuinely interested as it's something I've been struggling with myself lately.

[lfuller]

docker-compose and kubernetes

[swyx]

interesting work! i feel like this can't be a new problem. what comparable tools exist for doing this today? its basically just spinning up a staging env while you work and spinning down when you knock off work right? almost like a heroku dyno spinning up for you.

[aliswe]

I would regard it as a fairly new problem actually, the same age as the "developer resources on a per-minute basis" phenomenon.