[dimgl]

Yeah I can’t agree with you at all. Without setting up your own NAT Gateway on EC2 on a t2.micro instance (or something cheap like that), it runs you about $30. This isn’t even accounting for database costs, usage costs, development costs, etc.

So right away that “I can’t believe they even charge my CC for $0.02” is real suspect. Do you have a completely empty AWS account?

We haven’t even spoken about dev experience yet.

[CharlieDigital]

> Without setting up your own NAT Gateway on EC2 on a t2.micro instance...

The problem is that you're using EC2 instead of AWS App Runner, Google Cloud Run, or Azure Container Apps.

> We haven’t even spoken about dev experience yet.

I'd strongly recommend that you give Google Cloud Run a try. You can go from empty codebase to running, on demand serverlesss runtime via GitHub with only a Dockerfile. I can build an app from scratch and have it running in Google Cloud in probably under 3 minutes with no special CLI knowledge or build.

Here's a sample Dockerfile I'd need to get a dotnet app into Google Cloud Run:

  # The build environment
  FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine as build
  WORKDIR /app
  COPY . .
  RUN dotnet restore
  RUN dotnet publish -o /app/published-app --configuration Release

  # The runtime
  FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine as runtime
  WORKDIR /app
  COPY --from=build /app/published-app /app

  # The value production is used in Program.cs to set the URL for Google Cloud Run
  ENV ASPNETCORE_ENVIRONMENT=production
  ENV IS_GOOGLE_CLOUD=true

  ENTRYPOINT [ "dotnet", "/app/my-app.dll" ]

Every other aspect of the code remains unchanged. GCR will pull the code from GitHub, build the container, and operationalize it.

https://github.com/CharlieDigital/dn6-mongo-react-valtio

[0xEFF]

Where do you store your secrets? Persistent data? How do you handle authentication and authorization when using cloud run only?

[CharlieDigital]

Authentication and authorization: I hand it off to Firebase identity management. But you can also just issue your own JWTs. You can run full applications in GCR like KeyCloak or IdentityServer. But the Firebase identity solution is really good.

Example here: https://github.com/CharlieDigital/dn6-firebase

Persistent data: Firestore (or Supabase, Planetscale, or CockroachDB if you want relational). On other platforms, I've used Azure CosmosDB which has a pay-as-you-go model which is practically free for hobby/POC use cases.

Secrets: depends on how secret it is; actual keys go into secrets manager in GCP which integrates with Cloud Run. Otherwise, you can configure it as an environment variable.