[hdjjhhvvhga]

I think people overestimate the expenses related to maintaining their own infrastructure. I work for a large org that does both. We have a lot of workloads running in the public cloud, and many more on premises (for various reasons, including compliance).

Having worked on these for years, building solutions, diagnosing problems and so on I'd risk saying we have reached the point where the cloud is slowly getting more complex than traditional setups. In theory, it should be simpler, right? A Transit Gateway is a virtual device so easier to configure than a Cisco router, right?

The problem is, as the cloud providers offering gets richer, with time it has to be more complex in response to various customers' requirements, so basically you need to learn both: traditional Linux operations and networking, and a whole new class of interactions between dozens of services with hundreds of API calls. It quickly becomes overwhelming. IaC obviously helps but anybody who has maintained a large repository of CloudFormation code will tell you its not a panacea.

And then a million small quirks that basically come from you not owning the infra. E.g. Amazon is pushing the Control Tower as a model for new setups especially for larger orgs. Guess what, this thing has almost no API. Last time I checked it allows you to maybe check a state of a control. This means you need to set it up manually! In 2023! After 5 years of development! And if you add an OU, you need to register it (you guessed it - also manually!). Say you want to create a dozen of VPC endpoints - they won't have names because there is no API, you need to name them manually. And so on and so forth. Why? because you are living in someone else's place, so you you are totally dependent on them.

[lifeisstillgood]

This. A dozen time this.

I am lost in trying to start off a sensible / official / approved AWS setup but I can use some years old bash and salt s riots to setup my raspberry pis sitting there in front of me.

It's not just me (maybe mostly me) but there is a new layer of complexity - I can learn and understand the FOSS but trying to learn AWS means piercing the layers of marketing that are creeping in - one of the huge advantages of a FOSS readme is it comes from the head of the person who designed the system i want to use. not a product manager who probably misses the technical point anyway

So yeah. I am wary.

[antonvs]

> anybody who has maintained a large repository of CloudFormation code will tell you its not a panacea.

CloudFormation is one of the worst IaCs out there, so it's not really a good example.

One really nice model is managed Kubernetes with IaC/GitOps via tools like ArgoCD or Flux CD. This eliminates the need for things like CloudFormation, Terraform, Ansible, Puppet, OS version and patch management, etc. - most of the stuff that those tools are used to manage is replaced by the cloud provider's management of the cluster nodes. This lets you focus on the application layer, which is where the business value is. IaC in this context is pretty seamless. It also makes you much less dependent on the cloud provider's specific APIs - Kubernetes becomes your interface to all that.

[hdjjhhvvhga]

I agree it's a reasonable solution as far as workloads are concerned, but at the same time you still need the infra around it. Most of the time you need to store data outside of Kubernetes, so you'll need to deal with things like S3, RDS, DynamoDB. You will probably want ECR etc. All these things need policies and configuration. And, depending on the size or your org, also security/governance/compliance services, and you end up with a complex setup even if your main focus is k8s.

[NorwegianDude]

People 100 % overestimate the complexity and cost of running infrastructure on their own.