[latch]

I'm one of those "you'll get my baremetal and systemd out of my dead cold hands", kind of guy.

But I have reasonable exposure to both AWS and GC and I can say that, by far, Google Cloud is easier to reason about. As a consequence, it's much harder to misconfigure. The 2 large AWS deploys I've seen have, at best, had billing issues no one really understood (incl AWS), and at worse, security issues.

Complaining that maps prices went up re Cloud Hosting is, to me, like complaining that Amazon raised the price of the Kindle, e.g., not particularly relevant.

[philliphaydon]

I used to think the problem with AWS was pricing and hidden costs etc. But in reality it’s because companies just let developers run wild without restriction on AWS and end up over provisioning or pulling in expensive services to solve dead simple problems.

The issue is definitely not AWS. It’s always the developers. You really need a gate keeper to AWS to question why you need a service and ask for a price estimate on cost and usage.

[zimbatm]

It's not that one-sided. On AWS, you have to go hunt to find the pricing for everything. On GCP, it's right next to the instance that you're starting. The GCP dashboard also provides recommendations to down-size VMs if they are too large. On AWS it's also super easy to spin up a VM and never see it because it's in a different region. These little things add up.

[Xunjin]

I do really hate this pattern done by AWS, and their docs seems more made to hide information than actually make easier.

I've learned much more with 5 minutes posts (which I truly dislike) in other sites than going to AWS docs.

Comparing to Digital Ocean docs and Q&A which is so much easier

Edit reason: Added DO as example of simplicity and really helpful price model.

[kevan]

I'd implement a good cost attribution strategy before trying a gatekeeping approach. Companies generally have at least semi-functional mechanisms for managing department budgets. Once there's a clear picture how much each service/webapp/product costs to run then they can feed that into the existing budget infra and let things shake out.

Until you know both halves of the ROI calculation it's difficult to focus effort on trimming the right things. e.g. It seems silly for a team to spend $2k/mo on naive/managed solutions for simple things but maybe it's worth it if it helps them avoid hiring another $10k+/mo engineer.

[unethical_ban]

Funny, since AWS has much more granular control over IAM roles and users than GCP does, so that the infrastructure/security group should be able to provision devs with the ability to roll their own IAM in a scoped way to prevent issues.

[bassdropvroom]

> so that the infrastructure/security group should be able to provision devs with the ability to roll their own IAM in a scoped way to prevent issues.

This requires money and time that often only large corporations have the luxury of.

[hckr1292]

In my experience trying to configure AAD policies, AWS IAM and (to a very limited extent GCP IAM), it does not generally require a large investment in time. It does require a development account in which the developer has full access to IAM/AAD.

At my employer, we have a gatekeeper team who is terribly overworked and hardpressed to push back too much when business outcomes are at stake. One of the more successful things theyve done is create a terraform repo anyone can contribute to. They will review PRs and manually apply changes for production accounts. Whats great is that these folks can take my PRs that are 80% right and they are able to help me achieve least privilege better than I could on my own. However, other devs really dont care about least privilege and they tend to go for large open policies.

AWS's IAM policy is far and away the most sophiscated and granular, and even has a nice UI now. Trying to achieve this in Azure is next to impossible because you must have extremely high permissions to even be able to make new roles/policies that are super granular.

[unethical_ban]

Also, permissions boundaries are specifically made for the use case of "IAM teams delegating some control to devs".

IAM team creates a "developer admin" role/user that can only create users/roles that have a permissions boundary on it. That way, no matter what policy the dev admin grants, the dev user can only do what the permission boundary allows.

[unethical_ban]

(A) Not necessarily, and (B) if so, okay so what? The whole point of the parent comment was about keeping devs in check, and I submitted an anecdote that AWS in fact has better tooling to keep people from doing things they aren't supposed to. Not related to billing oversight, but permissions.

[obeche]

Google beats AWS; as AWS does not let you build truly isolated components. Unlike Google, who has projects.

[271828182846]

Is that true? Google Projects correspond to AWS accounts. You can have as many AWS accounts as you like. If I'm not mistaken (very much possible), you can even inherit permissions to AWS accounts comparable to Google's org/folder hierarchy.

[itsyaboi]

Isolating components is done by using separate accounts, handled by AWS Organizations.

[JMTQp8lwXL]

What does a billing issue look like? Is it something trivial, like they charged you for $X+X, but you only used $X (e.g., they double billed you -- should be solvable with a phone call)? Or more complex, e.g, they charged for more egress than you actually used (kind of hard to prove or disprove after the fact)?

[junon]

Not GP, but in my experience, AWS bills run away from you if you're not careful. They don't have great tooling (or, at least, accessible or intuitive tooling) to determine what your bill is going to be, or to set limits.

Pair that with a misconfiguration because of their horrendous web interface, and you're in for a surprisingly large bill at the end of the month.

Google, on the other hand, has some of the best tooling in the industry when it comes to billing and cost management. I dislike Google as much as the next guy but I'd feel more comfortable with them over AWS if I ever needed to choose.

[asciimike]

The last startup I was at repeatedly ended up with $25k AWS bills due to runaway elastic search clusters or dynamodb. The only reason we resolved them was due to us having hired our former AWS account rep.

I got my fair share of those from customers while at GCP, but I agree that in the past several years GCP has gotten much better at billing infra given all the problems we heard of...

[rezonant]

Honestly there are tons of examples of runaway bills on both, and neither provides much better of a way to handle visibility of cloud billing than the other. We could discuss the limitations of AWS' billing estimation systems ("only visible when you look!") or GCloud's budgeting system (which has notoriously questionable "limitations" https://www.theregister.com/2020/12/10/google_cloud_over_run...), but neither of the two are particularly better than the other at avoiding surprise billing.

There is this bias effect that is not common only to this part of the thread but this entire thread, and perhaps any discussion of "which cloud is better" where people who are clearly invested in one platform or another show biases that help them to justify their (or their company's) lock-in decisions.

This is not to say that cloud itself is a bad call, but it's crazy how many people out there don't realize how their situation and fear of "making the 'wrong' decision in the past" affects how they discuss the options (or even how they reinvest in a particular option later!), and how they claim "actually that vendor is worse than mine"

I have larger development investments in both AWS and in Google Cloud. They each have pros and cons but runaway billing is a gotcha of minute-by-minute rental billing of compute, storage and network services (the "cloud") and how we use it, and not really something specific to one vendor or another. It's just something that you have to be constantly aware of, constantly monitor, and work to avoid.

[latch]

It's 100% our mistake(s). It's only AWS fault indirectly, in that AWS is complicated and requires a lot of non transferable knowledge.

As a small example, we currently pay $750 for Route53. We don't know why (it isn't traffic). It has something to do with Route53 resolvers that our "lead sre" setup before leaving. AWS support doesn't understand how it's setup, and since $750 is relatively small, we've just left it.

[nostrebored]

Support is the wrong avenue to track this down -- I'd recommend reaching out to your account team!

[slenk]

From my side - I have never seen an easy Google Cloud deploy but have no problems working with AWS.

[throwaway894345]

I just completed a migration from AWS to GCP. My experience was previously entirely AWS, but GCP has been really nice. GCP has fewer features (e.g., no scheduled filestore backups), but GKE is far and away better than EKS and the overall console UX is far better as well. There’s also generally less to understand and thus misconfigure, and far fewer half-baked features to wade through to find the happy path (I’ve spent way too much time using CloudFormation).

[slenk]

I feel you on Cloudformation :S

I haven't used Kubernetes on either platform - so there may be more to that.

One thing I really dislike about GCP is how expensive it is for personal or hobby use. I burned through $300 for a simple vm on GCP in a few weeks because their cheapest instances are so expensive.

[dilyevsky]

How? Their single core instance is like $25/mo, it took me months to burn through it

[gunshowmo]

GKE in particular has a very high overhead cost per cluster. That's the only reason I bothered learning kOps and Terraform.

[dilyevsky]

That is incorrect. It costs $75/mo and they give you that as credit. Also why use gke if you’re trying to learn kubernetes? Single instance kubeadm cluster is perfectly fine for that purpose (even better)

[ZephyrBlu]

> I burned through $300 for a simple vm on GCP in a few weeks because their cheapest instances are so expensive

How'd you manage that? My bill is always super lower every month.

[throwaway894345]

Yeah, navigating either platform is tough for hobbyists. I can get more lambda invocations than I’ll ever use for free but a single load balancer is like $30/month, never mind instances.

[slenk]

Yeah...yeah.

I will say - reserved instance pricing is great on AWS if you know you will be there for a while.