[HN Gopher] My EC2 Wishlist ___________________________________________________________________ My EC2 Wishlist Author : cperciva Score : 43 points Date : 2021-06-16 02:08 UTC (20 hours ago) (HTM) web link (www.daemonology.net) (TXT) w3m dump (www.daemonology.net) | zdw wrote: | I would appreciate serial console output that doesn't take 10x | the boot time of an instance to propagate. | | Seriously, 30s boot time, 300s (or more!) to see that serial | console output via the GUI or API. | | This is a PITA if you're using AWS for short-lived CI runners, | and the console to check what the SSH host key is of these newly | spun up nodes. | [deleted] | cperciva wrote: | We have that now: There's an API option to say "give me the | latest output instead of what you have cached". | | Why that isn't the default, I have no idea. | xyzzy123 wrote: | Re: wish #3 with multiple IAM roles attached to an instance. | | imds-filterd looks a bit like kube2iam, squinting a bit. There | may be some not-too-terrible alternatives, considering that as | prior art. | | The first is the possibility of the daemon performing an assume- | role. That is, the node has a role which allows it to assume | roles a, b & c, and the metadata interceptor looks at the | workload, assumes the appropriate role and returns credentials. | This is a bit fiddly in terms of handling multiple concurrent | requests, caching and races etc. | | The second plausible option is that there is related | functionality in AWS's replacement for kube2iam - IRSA (IAM roles | for service accounts). This approach seems to be AWS's preferred | approach for workload identity. It has a few more moving parts | (needs an "OIDC Provider" which can just be a bucket) though. | nhoughto wrote: | Yep thought the same thing, reminds me of kube2iam, IRSA is a | much better solution and obviously where AWS want to go. So | yeah this one isn't going to get changed. | jedberg wrote: | AWS has a very data driven culture, almost to a fault. They are | extremely customer-centric, but almost too much so. | | For any item on this list, _if_ someone at AWS with the necessary | authority thinks it 's a good idea, they can't just find an | engineer and have it implemented. | | First, a PM has to talk to a bunch of customers of varying sizes | to see if the feature would be useful to them and if so what | their use cases are. Then they need to scope the project, write | the press release, have it run through a committee of Principle | engineers, and come up with a spec. Then they need to take that | spec back to the customers for feedback. | | After all that, it will finally get onto a list _to be added to | the roadmap in the future_. Then it will get onto a roadmap | hopefully. And if it 's not "next quarter", there is a really | good chance it will fall back off that roadmap. | | Then it will finally get implemented and launched in private beta | for key customers who expressed interest. Then a wider beta. And | only after all that will it get released for everyone else. | | I understand the need for some of that process, since when it | launches it will be instantly available to millions of customers | and will need to scale. But there has to be a middle ground here. | Like: customer asks for feature, engineer builds it and makes it | available only to that customer with the caveat that it could | break or change at any time. Then iterate from there, maybe | slowly adding in new customers while at the same time talking to | customers and integrating their feedback. And maybe that does | happen, but I've been part of some pretty big customers, and I | can't think of a single time we got a feature right away that | went through major changes. The best we ever got was "special | important customer" just before a wider beta. But by then the API | was basically set. | blibble wrote: | - ed25519 key support - ability to add more than one MFA | token to a single account (I am TRYING to protect my root | account, but it won't let me!) | tonymet wrote: | root & IAM login page UX is horrendous. e.g. it doesn't | remember your browser (prompting MFA every time), no control | for login TTL, too easy to lock yourself out, MFA out of sync | flefto wrote: | It'll get sorted out now it's on hacker news. | vosper wrote: | My wish: let me design my own instances. There are _so many_ | instance types and subtypes now, and comparing them is not | straightforward (even with ec2instances.info). | | The hardware can obviously be provisioned into all sorts of | configs - that's got to be how these proliferated. Just give me | the configurator and show me the price, please don't make me pick | through all of these instances... | juliansimioni wrote: | Agreed. Google Cloud seems to do a better job of this, you can | simply pick how many CPUs your VM will have. | | For me personally, it's the jump from c5d.4xlarge (16 core) to | c5d.9xlarge (36 core) that's a bit hard to work around, but | there are surely others. | foxyv wrote: | I think that the way these instances are classified is based on | the bare metal they run on. So for instance an r4.xlarge is a | single VM in an r4.metal server acting as a host. | | So only r4 virtual instances (r4.xlarge, r4.2xlarge, etc...) | divide up nicely on these r4.metal hosts. (RAM, CPU, Instance | Stores, etc...) | | If they made fully customizable instances then they could be | using 100% of the host machine's RAM, CPU or whatever but only | a fraction of the other factors. This causes a metal instance | to be occupied entirely by a single VM which would make it cost | a TON! | | So in order to make customizable instances they would have to | make a ton of differently shaped metal instances to match all | the possible types of custom instances and make a best fit. In | the end they end up with what they have now anyways. | | What would be cool is if Amazon would let you order custom | hardware for bare metal to go in their racks. They acquire and | set up the server and load their host image. (Sort of an EC2 | Colocation service.) Then let you divide it up as you see fit | into virtual machines. Sort of a (Build your own instance | class) thing. | floatboth wrote: | Wait, the bidirectional UART console _has_ arrived? Hm, I might | 've seen that news but forgotten about it. | cperciva wrote: | Yep! https://aws.amazon.com/about-aws/whats- | new/2021/03/introduci... ___________________________________________________________________ (page generated 2021-06-16 23:00 UTC)