400M RPS is mind boggling, even if one considers most of the data to be embarrassingly shard-ed. Kudos to engineers who built it.<p>Otoh, it bothers me that every single service call needs to go to IAM to check for permissions. Has anyone explored other architectures/designs to circumvent centralized auth?
Imho, the fact that this is an impressive achievement speaks to how much overhead the web costs.<p>"400m operations per second? Wow, that's almost 5% of the number of operations per second a typical consumer processor can do!"<p>I realize this is an apples to Buicks comparison, I just get bothered by how millions of <i>anything</i> might be impressive when we have PCs that are designed with billions of everything.
How often do identities or access settings change? Not often, I guess. So it seems (to me) that they are accessing almost static data at a very high speed, which is not really a surprise. Am I missing something?
While this is an impressive technical achievement, it's worth taking a step back to ask <i>why</i> IAM needs to serve 400M API calls every second when AWS has between one and two million active users. How would this number change if IAM were less complex?<p>Edit: I understand how every machine needs to invoke IAM APIs and how temporary credentials and other uses increase the number super-linearly with every active user. Still, 400M RPS (nearly 35B requests/day) could be reduced significantly by improving the underlying object model so it scales <i>down</i> better. Right now, even a simple Lambda function that needs to access other AWS resources requires 3 API calls: create a policy, create a role, and connect the two.