Cloud, Why So Difficult?

The complexity of the cloud exists because the cloud vendors allows a user to do advanced things if the user understands how. Using AWS, GCP, and Azure as Infrastructure-as-a-Service (Iaas) means that there&#x27;s no easy mode.<p>If you want easy (or easier) mode, you&#x27;ll have to use a Platform-as-a-Service (PaaS).<p>The major cloud vendors might have problems with quirky designs and poor documentation, but beyond that is necessary complexity.<p>You want a high-availability website allows user-uploaded files and does asynchronous task processing? You&#x27;re probably going to have to get familiar with servers, load balancers, queues, and object storage, at a minimum.<p>You want it all to be secure? You&#x27;re going to have to configure network rules&#x2F;firewalls and set up lots of access policies.<p>There&#x27;s no free lunch.

This thought hits home for me:<p>&gt; When I started programming, I used Borland C++. It used to take about 100ms to compile and run a program on an IBM PC AT machine (TURBO ON). An average iteration cycle in the cloud takes minutes. Minutes! Sometimes dozens of minutes!<p>I&#x27;m a fast-feedback fan myself, and my weapons of choice in refuge from a dark decade of c++ are the Python notebook and Clojure REPL. With that as it is, the lurching tedium of cloud development (infrastructure especially) makes me want to pull my skin off.<p>What is so galling about it is that, for dev purposes, almost none of these SaaSes and cloud services are really so &#x27;big&#x27; that they couldn&#x27;t be run on a beefy local workstation for development. The galling reason that I have to wait N minutes for terraform or cdk or whatever to rebuild some junk and deploy it to a bunch of neigh un-remote-debuggerable-without-firewall-shenanigans lambdas and docker containers is commercial moat-keeping for the services.<p>At least Azure and GCP put some token effort into local emulators of their services. AWS work has to rely on the valiant but incomplete efforts of LocalStack if they want a fast and disposable way to test infra.

I don&#x27;t understand why there&#x27;s so much negativity here. From my cursory perusal of the docs this looks like a simplified, vendor agnostic re-imaging of something like CDK, with cool tooling including visualisations and out-of-the-box support for local dev. Where&#x27;s the beef?<p>You think cloud is too expensive or unnecessary? Fair enough, this tool is not for you.<p>You think cloud infra is necessarily complex because you need to support &lt;insert use case here&gt;. You&#x27;re right! This tool is not for you (yet?).<p>You don&#x27;t need this because you already know &lt;CDK &#x2F; Terraform &#x2F; whatever abstraction is already in your repertoire&gt;? I agree, the juice is probably not worth the squeeze to learn yet another tool.<p>Are you approaching cloud for the first time or have been managing existing simple infra (buckets, queues, lambdas) via ClickOps and want to explore a feature constrained (hence easy to grok) Infrastructure as Code solution? Maybe give this a look.<p>While it&#x27;s still early days, I suspect there will be many who will find this useful, and congratulate the authors for their efforts!

The annoying thing about using cloud infra is finding that all your skills and knowledge have to be relearned N times over for N different cloud vendors for a huge array of their services, mostly to do basic things that you already know how to do anyway in traditional environments.<p>The fact they all offer similar but subtly different versions of every type of product and that cross platform tools like Terraform etc have some ability to paper over these only makes it worse. (Your google cloud bucket is just like your S3 bucket right? Until it&#x27;s not). When I rant about platform independence people think I have a philosophical objection to lockin, but its really much more basic than that. I just don&#x27;t have time to learn thousands of vendor specific APIs, bugs, constraints etc on top of the perfectly good built up knowledge I have from 25 years of working with software systems already. I am busy using all that time and brainspace trying to keep up with the fundamental knowledge that is actually important.

&quot;Cloud is too difficult, you have to learn tons of stuff to use it!&quot;<p>&quot;BTW here&#x27;s the new product I&#x27;m selling which requires you to learn a new <i>cloud-oriented programming language</i> and has its own CLI and has diagrams like [this](<a href="https:&#x2F;&#x2F;docs.winglang.io&#x2F;assets&#x2F;images&#x2F;arch-f803472c761aa198a7857e8d7a0659b6.png" rel="nofollow">https:&#x2F;&#x2F;docs.winglang.io&#x2F;assets&#x2F;images&#x2F;arch-f803472c761aa198...</a>) on its introduction page!&quot;<p>The cognitive dissonance is overwhelming...

The cloud is renting someone else&#x27;s computer at a way higher price than it would cost you to use your own.<p>If it makes things difficult, you shouldn&#x27;t be using it.<p>It is overhyped and it sucks for most use case.

The difficulty with cloud is Joel&#x27;s rule: &quot;All non-trivial abstractions are leaky&quot; they just abstract complexity and eventually the abstraction breaks and you actually need to know some amount of linux, networking, security, or distributed system engineering to fix it.<p>The easiest way to not get bitten by this is to avoid the abstractions and keep it simple as long as possible. Most apps can probably do fine with a single beefy box and a local sqlite database - this can likely scale vertically indefinitely with moore&#x27;s law and still probably have less downtime than if you relied on all the fancy cloud technology.

All big tech platforms make their riches mostly this same way over the last ~40 year: solve 80-90% of the problem in a super simple, slick manner that is priced competitively. Then as customers build out the unique parts that match their needs (the last 10-20%), bleed them dry with features that are more expensive and establish lock-in.

I&#x27;m sorry, what&#x27;s the advantage to the cloud again?<p>This just reminds me why I just run (my personal) web apps on the server in my basement: it&#x27;s actually simpler.<p>I really think the worst part of programming is dealing with the development environment.

I currently run a micro-saas product on a $4 a month namecheap server using the LAMP stack. It runs fast for all 34 companies, or 400+ employees, using it.<p>I&#x27;ve looked into moving it to Google cloud or AWS and it just seems daunting. Honestly, I use ftp, cpanel, and phpmyadmin.<p>Is there a way to get this product into the &#x27;cloud&#x27; in case it grows, easily?

(Please take my opinion with a grain of salt, as I might be biased - I&#x27;m a founder at a startup that solves a very similar problem).<p>The cloud (and by &quot;cloud&quot; I mostly mean AWS) in general is indeed insanely complex. Not only is it complex and hard to use for dedicated and trained DevOps&#x2F;Cloud experts, it&#x27;s even more overwhelming for developers wanting to just deploy their simple apps.<p>This statement is in my opinion almost universaly accepted - during our market research, we&#x27;ve interviewed ~150 DevOps&#x2F;Cloud experts and ~250 developers that have been using AWS. Only ~2.5% of them have said that the complexity of AWS is not an issue for them.<p>That being said, I understand that AWS has to be complex by design. Not only it offers ~250 different services, but the flexible&#x2F;configurable way it&#x27;s designed simply requires a lot of expertise and configuration. For example, the granularity and capabilities of AWS IAM is unparalelled. But it comes at a cost - the configurational and architectural complexity is just beyond what an average AWS user is willing to accept.<p>An alternative to the cloud complexity are the PaaS platforms (such as Heroku or Render). But they also have their disadvantages - mostly significantly increased costs, lower flexibility and far less supported use-cases.<p>At <a href="https:&#x2F;&#x2F;stacktape.com" rel="nofollow">https:&#x2F;&#x2F;stacktape.com</a>, we&#x27;re developing an abstraction over AWS, that is simple enough so that any developer can use it, yet allows to configure&#x2F;extend anything you might need for complex applications. Stacktape is like a PaaS platform that deploys applications&#x2F;infrastructure to your own AWS account.<p>We believe that Stacktape offers the perfect mix of ease-of-use, productivity, cost-efficiency and flexibility. It can be used to deploy anything from side projects to complex enterprise applications.<p>I&#x27;ll be very happy to hear your thoughts or to hear any feedback.

Applications developers often tell me about (to quote another post here) &quot;the lurching tedium&quot; of cloud infrastructure development.<p>Growing up in a datacenter, opening tickets and checking them weekly, hoping for the vendor to finally ship the right backplane; datacenter engineering used to take weeks, months, years. Waiting 30 seconds for terraform plan to check 120 resources which corresponds to thousands of pounds of metal and enough wattage to blow up the city I live in... doesn&#x27;t seem too bad. That said, I understand where you javascript folks are coming from with your iteration loops, but still, you&#x27;ve gotten understand: <i>it&#x27;s so easy now</i>.<p>Leaky abstraction, sure. But it&#x27;s always great to see innovation in cloud infra.

&gt; It doesn&#x27;t make sense that every time I want to execute code inside an AWS Lambda function, I have to understand that it needs to be bundled with tree-shaken dependencies, uploaded as a zip file to S3 and deployed through Terraform. Or that in order to be able to publish a message to SNS, my IAM policy must have a statement that allows the sns:Publish action on the topic&#x27;s ARN. And does every developer need to understand what ARNs are at all?<p>The Terraform AWS provider is a very thin abstraction. If your needs are not too specific, there are probably a few higher level abstractions out there that you can use. This is one of the main reasons PaaS are so popular.

I am finding &quot;cloud&quot; to be a pleasant experience at the moment.<p>We are building a B2B service in Azure using Az Functions &amp; Az SQL Database as the primary components. That&#x27;s about it. We figured out you can &quot;abuse&quot; Az Functions to serve all manner of MVC-style web app (in addition to API-style apps) by using simple PHP-style templating code. Sprinkle in AAD authentication and B2B collaboration and you have a really powerful, secure&#x2F;MFA auth solution without much suffering. Things like role enforcement is as simple as taking a dep on ClaimsPrincipal in the various functions.<p>The compliance offerings are really nice too. Turns out if you use the compliant services without involving a bunch of complicated 3rd party bullshit, you wind up with something that is also approximately compliant. For those of us in finance, this is a really important factor. 10 person startups don&#x27;t have much bandwidth for auditing in-house stacks every year. If you do everything &quot;the Azure way&quot;, it is feasible for you to grant your partners (or their auditors) access to your tenant for inspection and expect that they could find their own way around. If you do it &quot;my way&quot; you better be prepared to get pulled into every goddamn meeting.<p>I am starting to wonder if not all clouds are made equal anymore. We also have some footprint in AWS (we used to be 100% AWS), but it&#x27;s really only for domain <i>registration</i> and S3 buckets these days. GCP doesn&#x27;t even fly on my radar. I&#x27;ve only ever see one of our partners using it.

If you want easy and simple, use Render, fly.io, etc. Those cover 90% of the cases K8s be damned.

Sorry but I’m struggling to read with the 20 characters per line formatting on mobile

Website is unreadable on mobile

&gt;To be honest, give me the developer experience of the 90s. I want to make a change, and I want to be able to test this change either interactively or through a unit test within milliseconds, and I want to do this while sitting in an airplane with no WiFi, okay? (we didn&#x27;t have WiFi in the 90s).<p>I&#x27;m going to make an impossible request and ask that any readers ignore everything else they know about &quot;crypto&quot;, but...this is one of the things that feels right in EVM development compared with normal cloud applications. Especially with frameworks like Foundry, unit tests for distributed applications run very quickly on local copies of the whole production environment. It&#x27;s a lot more fun than anything which touches AWS.<p>Obviously, there are some major downsides (such as Ethereum being comparable to a late 70s microcomputer in computing power). But the model of a single well specified execution + storage protocol might be worth porting over to non-financialized cloud application development.

Was in agreement until I drilled down to the following statement on the Wing GitHub page and in the docs (<a href="https:&#x2F;&#x2F;docs.winglang.io&#x2F;faq&#x2F;why-a-language#very-cool-but-what-here-cannot-be-done-by-a-library-or-compiler-extension" rel="nofollow">https:&#x2F;&#x2F;docs.winglang.io&#x2F;faq&#x2F;why-a-language#very-cool-but-wh...</a>):<p>“In existing languages, where there is no way to distinguish between multiple execution phases, it is impossible to naturally represent this idea that an object has methods that can only be executed from within a specific execution phase.”<p>This is not true. Several languages (Haskell, OCaml, F#, Scala, etc) allow you to define and use monads. Granted, monads are not something many developers know about … but it may make sense to learn about them before writing a new language.<p>Otherwise, this is a great read.

I hate to say this, but this is straight up rediscovering monads.<p>They have a notion of phases of execution which are different execution contexts with an ordering. And yes most languages don’t have a decent facility for expressing this or staged computation. Let alone a notion of computation phases that map to distributed systems state.

I would love something like networking-as-a-service. My ignorant ass do not understand the specifics related to it. I would love to option to specify that service A should be able to call service B irregardless of IP schemes, peering, firewalls, service discovery and 1000 other layers.

Utilizing an infinite amount of computing resources is probably always going to be an inherently difficult thing. It&#x27;s a task made more difficult by all he snake oil salesman promising perfect easy solutions. The only workable solution is to find out what works for everyone else and, even if it doesn&#x27;t fit your needs perfectly, figure out how to make it work for you. Never underestimate the power of strength in numbers. If the entire industry is utilizing a technology or paradigm you can either get on board or get left behind.

I agree so much with the article about cloud being to complicated and fast feedback being import. I wish them the best of luck.<p>PaaS solutions and not IaaS is also a solution for many.<p>No code &#x2F; low cose beeing a solution for someone else.<p>It&#x27;s not to many days since my solution was on HN. Windmill.dev is really something special.<p>And by mine i do not mean that i has any affiliation with windmill, just that it solves my problem. quick iterations including ui building.<p>But it&#x27;s not a low code plaform either. I would call it a <i>code</i> platform for developers

I don&#x27;t understand what that solution brings when you have Terraform? Also linking your code with you infra code, who thought this was a good idea?<p>Last question how actually the simluator works, is it one of those case where it try to emulate some high level concept but then your prod code break because the simulator was 40% accurate?

What complexity are we talking about? If your app needs queues, databases or shared storage, it is because of how you designed it. Now just imagine you’re doing this yourself: install servers, os, software, configure integrations, do patches, upgrades, repair hardware. Would it be any simpler?

the core of aws is actually pretty good. it’s just wrapped in several layers of nutshells which aren’t needed except by the equally thick enterprise.<p>aws is also inescapably imperative. it’s how the api and everything behind the scenes work.<p>aws is gonna have a lot of nonsense best practices, both 1st and 3rd party, that you have to aggressively ignore.<p>if you can come to peace with these three truths, aws is great. i use it like this:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;nathants&#x2F;libaws">https:&#x2F;&#x2F;github.com&#x2F;nathants&#x2F;libaws</a><p>for those trying to improve, the best aws docs are currently the go sdk and gopls.

The part I don&#x27;t get is why in 2023 AWS still pushes me to VPC and NAT my servers like it&#x27;s 1990.<p>It&#x27;s just so unnecessary. Greybeards moved to the cloud but never changed.

There is no way I&#x27;m trusting anything built with NPM or Javascript to run my cloud infra.

We decided to use DynamoDB as a cache for our expensive-to-compute statistics from the data warehouse so we can show them to users without putting a big read load on the data warehouse. DynamoDB scales really well right? And big statistics tables don&#x27;t belong in the main app database. I&#x27;ll build the statistics in our postgres data warehouse and use a little ruby script I wrote to push them from postgres to Dynamo with batch_write_item, shouldn&#x27;t take long.<p>After spending a couple of days in terraform (I&#x27;m no infra expert) creating roles to assume, cross account permissions, modifying my script to assume those roles, figuring out the ECS run-task api syntax and some other things I&#x27;d rather forget about I kicked off the jobs to copy the data and left for the weekend. Sunday cost alert email put that thought out of my head: I just spent 8k USD on writing 2 billion rows to two tables because I misunderstood how Dynamo charges for write units. I thought I was going to spend a few hundred (still a lot, but our bill is big anyway) because I&#x27;m doing batch write requests of 25 items per call. But the dynamodb pricing doesn&#x27;t care about API calls, it cares about rows written, or write capacity units, or something. OK, so how do we backfill all the historical data into Dynamo without it costing like a new car for two tables?<p>Apparently you can create new dynamodb tables via imports from S3 (can&#x27;t insert into existing tables though) for basically no money (the pricing is incomprehensible but numbers I can find look small). Now I just need to write my statistics to line delimited dynamodb-flavored json in S3 (statements dreamed up by the utterly deranged). You need to put the type you want the value to have as the key to the value you see. A little postgres view with some CTEs to create the dynamodb-json and use the aws_s3.query_export_to_s3 function in RDS Postgres and I had a few hundred GB of nice special-snowflake json in my S3 bucket. Neat!<p>But the bucket is in the analytics account, and I needed the dynamo tables in the prod and staging accounts. More cross account permissions, more IAM. Now prod and staging can access the analytics bucket, cool! But they aren&#x27;t allowed to read the actual data because they don&#x27;t have access to the KMS keys used to encrypt the data in the analytics bucket.<p>OK, I&#x27;ll create a user managed KMS key in analytics and more IAM policies to allow prod and staging accounts to use them to decrypt the data. But the data I&#x27;m writing from RDS is still using the AWS managed key, even after I setup my aws_s3_bucket_server_side_encryption_configuration in terraform to use my own managed key. Turns out writes from RDS to S3 always use the S3 managed key, no one cares about my aws_s3_bucket_server_side_encryption_configuration. &quot;Currently, you can&#x27;t export data (from RDS) to a bucket that&#x27;s encrypted with a customer managed key.&quot;. Great. So I need to manually (yes I could figure out the aws api call and script it I know) change the encryption settings of the files in S3 after they&#x27;ve been written by RDS to my own custom key. And now, 4 hours of un-abortable dynamodb import jobs later, I finally have my tables in prod and staging in DynamoDB.<p>Now I just need to figure out the DynamoDB query language to actually read the data in the app. And how to mock that query language and the responses from dynamo.<p>At least I&#x27;m learning a lot...

Cloud is not difficult, they just charge too much per API request.