Hacker News new | ask | show | jobs
by whoknowswhat11 1024 days ago
Ec2 classic was dirt simple. You basically were on a big public lan it felt like. If I remember right there were some issues with folks running scans / abuse originating inside AWS that felt like got a touch slow of a response - then at some point it all cleared up? I remember hardening internal systems as if the they were public which was a good practice even as vpc arrived. They might have gotten a default public ip as well?

I used google app engine which was orphaned (at least version I tried) so that was a clear contrast w AWS.
3 comments
ydant 1024 days ago
[parent comment was edited, it originally mentioned SimpleDB]

Speaking of SimpleDB, we still use it. It's amusing how it's basically swept under a rug at AWS. It's never mentioned, barely documented, but continues to work. It's a pretty good product for what it is - a very simple key/value store where you don't need/want to manage provisioned throughput, costs, keys, etc.

The way they handle SimpleDB makes me respect AWS and feel more comfortable on some other services we also rely on that seem close to abandoned (like ElasticBeanstalk).

However, as a counter-point, they are killing OpsWorks with what feels like a fairly short notice, so I'm also a bit cautious about how long they'll maintain services.

link
whoknowswhat11 1022 days ago
Yeah, I didn’t want to distract but in my use case simpledb was even a fit after first dynamodb release for a reason I forget. Even more they took it totally off marketing after depreciating it but the hammer never dropped! Absolutely love this. The ec2 classic termination was actually a bit surprising in that context.
link
aitchnyu 1024 days ago
They added Python 3.11 last month. Why do you call it close to abandoned?
link
ydant 1024 days ago
Re: ElasticBeanstalk - it's just a feeling, and hopefully not correct - it just doesn't feel like it's one of their primary focuses, and seems suspiciously stable overall. There's nothing I particular want them to add, though, so maybe it's "perfect".

I love it, though - it's been a great boon for our small team - allowing for a painless hands-off deployment strategy that's worked great (largely unchanged) for almost a decade.

link
acdha 1024 days ago
The public IPs were the big part: if you had the default 0.0.0.0/0 rule allowing SSH, you’d see brute force attacks within a few seconds of launching a new instance.

VPCs gave a little more room to prevent that but the big thing was really better tooling - the average developer still doesn’t think about security enough to be trusted with the EC2 or GCP launch wizard.

link
whoknowswhat11 1022 days ago
I remember this. I don’t remember if it was cloud unit or something else like a pre hardened ami, but basically that - you got hammered in seconds after starting in default config so was good to take some steps right on launch.
link
acdha 1021 days ago
Yeah, the official AWS AMIs have had password auth disabled for a very long time but I’m pretty sure I remember some third parties learning the hard way that setting a default password and telling people to change it isn’t good enough.
link
whoknowswhat11 1024 days ago
Note my one complaint was that it would have been nice to wrap the resource finder script into the gui / web interface
link