[HN Gopher] My EC2 Wishlist
___________________________________________________________________
My EC2 Wishlist
Author : cperciva
Score : 43 points
Date : 2021-06-16 02:08 UTC (20 hours ago)
(HTM) web link (www.daemonology.net)
(TXT) w3m dump (www.daemonology.net)
| zdw wrote:
| I would appreciate serial console output that doesn't take 10x
| the boot time of an instance to propagate.
|
| Seriously, 30s boot time, 300s (or more!) to see that serial
| console output via the GUI or API.
|
| This is a PITA if you're using AWS for short-lived CI runners,
| and the console to check what the SSH host key is of these newly
| spun up nodes.
| [deleted]
| cperciva wrote:
| We have that now: There's an API option to say "give me the
| latest output instead of what you have cached".
|
| Why that isn't the default, I have no idea.
| xyzzy123 wrote:
| Re: wish #3 with multiple IAM roles attached to an instance.
|
| imds-filterd looks a bit like kube2iam, squinting a bit. There
| may be some not-too-terrible alternatives, considering that as
| prior art.
|
| The first is the possibility of the daemon performing an assume-
| role. That is, the node has a role which allows it to assume
| roles a, b & c, and the metadata interceptor looks at the
| workload, assumes the appropriate role and returns credentials.
| This is a bit fiddly in terms of handling multiple concurrent
| requests, caching and races etc.
|
| The second plausible option is that there is related
| functionality in AWS's replacement for kube2iam - IRSA (IAM roles
| for service accounts). This approach seems to be AWS's preferred
| approach for workload identity. It has a few more moving parts
| (needs an "OIDC Provider" which can just be a bucket) though.
| nhoughto wrote:
| Yep thought the same thing, reminds me of kube2iam, IRSA is a
| much better solution and obviously where AWS want to go. So
| yeah this one isn't going to get changed.
| jedberg wrote:
| AWS has a very data driven culture, almost to a fault. They are
| extremely customer-centric, but almost too much so.
|
| For any item on this list, _if_ someone at AWS with the necessary
| authority thinks it 's a good idea, they can't just find an
| engineer and have it implemented.
|
| First, a PM has to talk to a bunch of customers of varying sizes
| to see if the feature would be useful to them and if so what
| their use cases are. Then they need to scope the project, write
| the press release, have it run through a committee of Principle
| engineers, and come up with a spec. Then they need to take that
| spec back to the customers for feedback.
|
| After all that, it will finally get onto a list _to be added to
| the roadmap in the future_. Then it will get onto a roadmap
| hopefully. And if it 's not "next quarter", there is a really
| good chance it will fall back off that roadmap.
|
| Then it will finally get implemented and launched in private beta
| for key customers who expressed interest. Then a wider beta. And
| only after all that will it get released for everyone else.
|
| I understand the need for some of that process, since when it
| launches it will be instantly available to millions of customers
| and will need to scale. But there has to be a middle ground here.
| Like: customer asks for feature, engineer builds it and makes it
| available only to that customer with the caveat that it could
| break or change at any time. Then iterate from there, maybe
| slowly adding in new customers while at the same time talking to
| customers and integrating their feedback. And maybe that does
| happen, but I've been part of some pretty big customers, and I
| can't think of a single time we got a feature right away that
| went through major changes. The best we ever got was "special
| important customer" just before a wider beta. But by then the API
| was basically set.
| blibble wrote:
| - ed25519 key support - ability to add more than one MFA
| token to a single account (I am TRYING to protect my root
| account, but it won't let me!)
| tonymet wrote:
| root & IAM login page UX is horrendous. e.g. it doesn't
| remember your browser (prompting MFA every time), no control
| for login TTL, too easy to lock yourself out, MFA out of sync
| flefto wrote:
| It'll get sorted out now it's on hacker news.
| vosper wrote:
| My wish: let me design my own instances. There are _so many_
| instance types and subtypes now, and comparing them is not
| straightforward (even with ec2instances.info).
|
| The hardware can obviously be provisioned into all sorts of
| configs - that's got to be how these proliferated. Just give me
| the configurator and show me the price, please don't make me pick
| through all of these instances...
| juliansimioni wrote:
| Agreed. Google Cloud seems to do a better job of this, you can
| simply pick how many CPUs your VM will have.
|
| For me personally, it's the jump from c5d.4xlarge (16 core) to
| c5d.9xlarge (36 core) that's a bit hard to work around, but
| there are surely others.
| foxyv wrote:
| I think that the way these instances are classified is based on
| the bare metal they run on. So for instance an r4.xlarge is a
| single VM in an r4.metal server acting as a host.
|
| So only r4 virtual instances (r4.xlarge, r4.2xlarge, etc...)
| divide up nicely on these r4.metal hosts. (RAM, CPU, Instance
| Stores, etc...)
|
| If they made fully customizable instances then they could be
| using 100% of the host machine's RAM, CPU or whatever but only
| a fraction of the other factors. This causes a metal instance
| to be occupied entirely by a single VM which would make it cost
| a TON!
|
| So in order to make customizable instances they would have to
| make a ton of differently shaped metal instances to match all
| the possible types of custom instances and make a best fit. In
| the end they end up with what they have now anyways.
|
| What would be cool is if Amazon would let you order custom
| hardware for bare metal to go in their racks. They acquire and
| set up the server and load their host image. (Sort of an EC2
| Colocation service.) Then let you divide it up as you see fit
| into virtual machines. Sort of a (Build your own instance
| class) thing.
| floatboth wrote:
| Wait, the bidirectional UART console _has_ arrived? Hm, I might
| 've seen that news but forgotten about it.
| cperciva wrote:
| Yep! https://aws.amazon.com/about-aws/whats-
| new/2021/03/introduci...
___________________________________________________________________
(page generated 2021-06-16 23:00 UTC)