
Still locked out of my AWS account - colinmeinke
https://docs.google.com/document/d/1Qmlae337GXZdXnlHcQV2oMd0Yoj0ytQQiK02TghPUHc/edit?usp=sharing
======
stickydink
I've been locked out of my AWS account for almost 3 years now. I have 2FA
enabled, tied to a phone number I no longer have access to.

I receive two emails per month. One invoice, for $0.80 (I cannot remember what
is running on there, but I guess it must be something). One threatening, "Your
AWS Account is about to be suspended". I've been "about to be suspended" for
the entire 3 years.

I want to pay the bill, I can't log in.

I emailed, I phoned. Eventually I spoke to somebody, who told me the only way
I could access my account was to fill in "some paperwork"[1]. They emailed
that to me. It has to be notarized. I called again, they absolutely will not
accept this if it is not notarized.

I've explained to them that all I want to do is pay the ~$30 in bills I've
accrued for 3 years. I don't mind if I never get access to the account - let
me pay the bill and shut the account down, they won't have it. I don't have
any free notary access, and I'm not willing to pay more than the AWS bill
amount just to be able to pay the bill. I've explained that to them, and they
don't seem to care about that either, they'd rather not have the bill payed
and continue piling it up.

[1]
[https://s3.amazonaws.com/AWSCS_CustomerForms/IdentityVerific...](https://s3.amazonaws.com/AWSCS_CustomerForms/IdentityVerificationFormAffidavit.doc)

~~~
michaf
I was locked out of my AWS account for about 2 years due to loosing my 2FA
authenticator on my phone. But had no open bills and didn't really care about
it, so I did not try to gain back access.

Until last week, when I decided that I need to use the account again. I simply
clicked the recovery link on their 2FA login form. Had to enter my account
details and my phone number. Within 15 minutes (as stated on the website) a
member of their service team called me. I explained the situation (lost 2FA
app). Not a problem, the service agent told me. He then sent me an e-mail (to
my AWS-associated mail address) with some random characters, which I had to
read back to him. After that he simply removed 2FA, and I was able to log in
with my username/password. For me the experience was quite pleasant, but had
someone else have access to my e-mail account and knew my AWS
username/password, he might have been able to take over my account, bypassing
2FA. I don't quite know how to feel about that.

EDIT: Ok, this probably only works if your phone number is also already
associated with your account. So an attacker additionally would need access to
my phone number, making things quite a bit more secure in my view.

~~~
kavok
Could the number be spoofed?

~~~
pjc50
Unfortunately, yes - by going through the customer services of most mobile
phone companies.

------
colinmeinke
8 days ago I tried to log in to my Amazon retail account, and received a
password invalid error. As it turned out my account had been closed, as it
appeared to Amazon that it had received a suspicious log in. This is the same
account that I use for AWS - hosting websites critical to my business.

Today it appears I am no closer to gaining access back to my AWS account than
I was on day 1, even though I have been billed as normal for my services
during this time.

This should serve as a warning to anybody else who has an Amazon account that
is shared between retail and AWS.

Linked is a list of every event and interaction I have had during the last 8
days with Amazon, via Twitter, email, phone and chat.

~~~
joelrunyon
This happened to me with instagram.

I reset a password, then they detected "suspicious activity." I clicked "send
pin via email" and the email never shows up. I've done it 3 or 4 times over
the course of a week + it never works. It's a documented error + FB/Instagram
refuse to addres it.

[https://medium.com/@joelrunyon/instagrams-security-
features-...](https://medium.com/@joelrunyon/instagrams-security-features-are-
broken-and-they-won-t-do-anything-about-it-16233f0935b0)

~~~
legohead
And a similar thing has happened to me with Microsoft. I needed to get to my
OneDrive. I go to log in, and it says invalid password. I go to reset the
password, and it never sends me an email. I go through the alternate-email
update process, answer the security questions, and it doesn't believe I am who
I am.

When I try to get access to real support (a person), it makes me login. Back
to problem #1.

Also, I should note that the email on record is real and works. The only thing
I can think of is I named it microsoft@mydomain, and they don't like the word
microsoft in it?

~~~
sly010
Same here (email never arrived) with my Apple Developer Account.

~~~
wlesieutre
I got into a similar situation when Apple prompted me to turn on 2-factor
auth, and then after I accepted it wouldn't send 2-factor codes.

Thankfully the "we turned on 2-factor" email gives you a link to turn it back
off within 30 days or I would have been in some trouble.

------
mirekrusin
Also having problem with AWS - can't access it and they keep billing me for
something there I want to shut it down (EC2?) but I can't.

I recently moved from Brazil to UK (new address) and changed phone + sim card
(Authenticator after restore from backup lost all 2 factor auth entries).

This is the moment when you realise that you're outside of predefined use
cases of The Machine and you're fucked. Nobody is here to help you. I've
tried, nobody gives a shit at Amazon. They have procedures, you know.

I blame 2FA and I think it's great if you don't have problems but it's shit if
you have, ie. you move places, change phones etc. in your life. Something
there in the process is missing like "next of kin" recovery that should be
mandatory when enabling 2FAs.

~~~
BenjiWiebe
This is why, when creating a new 2FA login, you MUST write down the one time
use backup codes, and store them in a safe and secure place.

~~~
__david__
I learned this the hard way when google authenticator failed to restore my
keys after a phone upgrade. Now I make sure I copy the data from those QR
codes and store them in a GPG encrypted file (I store the data and the QR code
itself as utf-8 art in the file).

~~~
sowbug
The way that first sentence is phrased makes it sound like it was the app's
fault.

~~~
__david__
I blame the app entirely. Not marking the private keys as something to backup
is a really really sucky thing to do.

------
colinmeinke
UPDATE: The hold has been removed from my account, and I have access again.
Even though I had previously been told my account had been closed, it seems
like this wasn't final. This resolution was down to an escalation of my case
at Amazon, after a team member contacted me through Twitter and promised to
personally look into it.

~~~
johnhenry
Did they mention this article when they contacted you?

------
coleca
Some great advice in here about creating multiple accounts with a + sign in
the email address. One thing I didn't see mentioned that is a standard best
practice for AWS is to create a separate IAM account for your day to day usage
and NEVER log into your root account (unless you need to open a billing
support ticket) after creating the IAM account.

You will get a new login page and username to log in with and not need an
email address specific account.

[http://docs.aws.amazon.com/IAM/latest/UserGuide/best-
practic...](http://docs.aws.amazon.com/IAM/latest/UserGuide/best-
practices.html)

------
mabbo
The moral of the story is that your AWS account and your personal amazon
buying account should be separate.

As well, if you use Kindle Direct Publishing, are an Amazon Seller, work for
Amazon Flex, or use the Amazon Affiliates program, each of these should also
be on an independent Amazon account.

This way, problems on one won't affect problems on the other.

~~~
falcolas
I am not convinced such a separation would be effective. Accounts identified
as being associated with a "problem" account (shared CC, addresses, etc) could
also justifiably be closed. The idea being to keep "abusive" individuals from
just opening a new account and resuming their abusive behavior.

The only long term solution is to get a person with enough power to make their
own decisions to look at your claims, but that takes quite some time and is
not guaranteed to be successful.

------
steven777400
Stories like this are frustrating and a symptom of the impact very large
companies can have on multiple facets of our lives.

One possible approach is to keep accounts separate for personal and each
business that you are involved with. For example, you probably have at least a
separate personal checking account and business checking account. Likewise, it
would make sense to have all accounts used for a given business to only be
used for that business.

In addition to providing some safety against automated action, division of
accounts provides a nice legal line, wherein if a court order requires you to
disclose information, you can simply dump everything on the account without
touching any of the other businesses or personal documents.

Stymieing this, of course, is companies (Facebook?) that have a policy of
prohibiting a single real person from having distinct accounts.

------
luckystarr
Send an email to jeff@amazon.com

Jeff Bezos himself said if you are having problems you should mail him
directly. Behind this address there is a full team investigating the issue and
if it's something they want to handle will actually lead to improvements for
all customers.

~~~
mistermann
I think if Jeff actually cared he would have put some personnel in place to
back up "Your feedback is helping us build Earth's Most Customer-Centric
Company".

It's odd though, in my experience customer support on Amazon is amazingly
good.

~~~
Danihan
Mine hasn't been. I've had all sorts of petty issues with their customer
support. Basically any time something falls outside of the norm or if anything
is genuinely wrong with site functionality, their remedial processes are poor.

------
ordinaryperson
I spent a month and a half locked out of my AWS account due to 2FA issues and
being caught in a Mobius strip with AWS support.

IMHO 2 problems with how AWS handles customer support (vs. other co's):

1\. Different support rep every time = following the same script with every
phone call. I'm sure assigning first available rep speeds up response times
but for you, if the problem can't be resolved in 1 phone call it's like
talking to someone with Alzheimer's, you're constantly re-answering the same
15 questions to a new person every time.

2\. Customers are not allowed to directly interface with level 2+ support,
only the nontechnical level 1 support can do that. Good luck getting them to
communicate your technical issue correctly.

For example, every single support rep asked me if I had 2FA disabled for my
Amazon retail account (I did). After re-answering this question with every
single rep, they'd file tickets with the next level of support...only to be
rejected later because level 2+ said it was most likely because I had 2FA on
on my Amazon retail account (I did not). It was nearly impossible to bridge
this disconnect.

Customer support is not easy to do well so I hesitate to widely impugn
Amazon's efforts, but if you're an AWS customer and you have an issue that's
an edge case outside of the scripts these support reps are using prepare to
waste weeks or months of your life trying to resolve it.

------
raesene6
Whilst this is more about AWS accounts, the ability of Amazon (and other cloud
providers) to lock you out of an account with very limited recourse does
present some other problems.

I've got quite a few ebooks I've bought via Amazon Kindle. If amazon one day
decided to delete/lock my account, I would lose access to all that content
which I had "bought".

The more data people store in various cloud providers systems, the more the
need for some kind of recovery mechanism / dispute resolution process becomes
apparent.

Whilst its relatively easy, in many cases, for more technical users to ensure
they have backups of data that they control, less technical users could have a
lot of their information tied up in these systems, and loss of it could be
quite bad for them.

~~~
djsumdog
You don't really buy eBooks. You can't resell them after all. You're just
renting them.

I'd look up some of the free tools out there and backup/un-DRM your
Amazon/Nook/Google e-books. There are some guides out there for extracting
your books notes as well.

~~~
raesene9
Thus my quotes around "bought" . Again whilst technical people likely know the
consequences of buying DRM protected content, I think that a non-technical
person who suddenly found their paid for content removed from them due to an
automated process locking/deleting their account would be quite upset.

People are, for better or worse, entrusting more and more of their content to
cloud services, things like photographs, documents they've created, music etc
etc.

------
elliottcarlson
I have yet to receive a human response from Coinbase after contacting them 59
days ago... time to nag them again.

~~~
gist
Write to Fred Wilson fred@usv.com (investor in coinbase)

Guaranteed that you will see the escalation that you need. You may want to
provide links to others complaints about the same that you can find but make
it short and simple.

------
dredmorbius
"Who are you?" is the most expensive question in technology. No matter how you
get it wrong, you're fucked.

Letting the wrong person in to an account? You're fucked.

Locking the right person out of an account? You're fucked.

Given that data can't be reversed as charges can, arresting an account may be
slightly preferable, but it remains highly disrupting.

I've been through the experience a few times myself, largely with Google. Out
of a fit of pique, the temporary account I created for myself (and through
which I negotiated for recovery) was "The Real Slim Shady". Several of my G+
contacts noted that they could be pretty certain that this was in fact me,
though I'm a little frightened _whichever_ way that works out.

(I _did_ have other profiles through which I could announce my plight.)

I still think that the matter of idientification, or rather, the _more
primary_ matters of authentication, authorisation, integrity, validation,
payment authorisation, ownership, receipts rights, and similar associations,
need to be worked out.

I'm also strongly in favour of a system in which a physical token -- and I
think a signet ring with a very-near-field chip and accompanying sensors on
mobile, laptop, and desktop devices would be just about perfect -- should be
part of that systme.

 _Not_ an insertable device (as with Yubikey), or something requiring keying
in a value (as with RSA fobs). But something which is worn (so: on you at all
times), _replaceable_ , _destroyable_ , _discardable_ , but also exceedingly
difficult to duplicate or appropriate, or to read without intention on the
part of the owner.

[https://www.reddit.com/r/dredmorbius/comments/2w618r/how_to_...](https://www.reddit.com/r/dredmorbius/comments/2w618r/how_to_kill_your_google_account_access_it_via_tor/)

------
maxehmookau
We had exactly the same issue. We solved it by creating a new AWS account and
using that to call support.

Once through, being persistent eventually (it took a week or so) saw us regain
access to the account.

~~~
Aissen
He did just that though.

------
iddqd
Might sound obvious in hindsight, but _always_ create separate AWS accounts
for your different projects.

~~~
sillysaurus3
Doesn't this require separate gmail addresses? If so, then that's an
_extremely_ bad idea. I already had one gmail account completely banned with
no notice. I wasn't doing anything abusive -- I used it for some npm projects
and a github account.

Actually, is there a reasonable free gmail alternative for situations like
this? I'd like to migrate. FastMail is worth paying for, but it's too
expensive for one-off side projects. And while I don't trust gmail, I think I
trust most services even less.

EDIT: My point was, if you use a single account, it's far less likely to get
banned. I think my account was caught in some sort of automated purge, since I
certainly wasn't abusing anything. Some proof:
[http://i.imgur.com/H5RRkyP.png](http://i.imgur.com/H5RRkyP.png) I'm not sure
which policy violation they're referring to, but all appeals failed. I lost
all emails in that account, which thankfully wasn't very serious because the
account was still young.

eropple and drbawb pointed out that you can use plus addresses with AWS, e.g.
foo+aws1@gmail.com.

~~~
wvenable
Sometimes I feel like I'm last person on the planet who has their own domain
and hosts their own email.

~~~
jimktrains2
I don't host my own email (I've had terrible experiences trying to send), I do
have my own domain and let someone else host my email (In this case Google :(
but since it's my domain I can change it and it doesn't matter to anyone).

Aside: It always frustrates me when I see a business with their own domain and
then an @gmail.com or @aol.com address. What registrars don't offer basic
email forwarding (often for free?) or cheap (~$10 email) service you can buy
from them if you can't figure out Google for your Domain)?

I feel like there is a small, but profitable space here, I just can't figure
out what to do to harness it.

~~~
godot
Zoho is pretty much free for personal uses. They charge per user per month,
but under 25 users is free, and if you're not a business you don't have that
many users.

I have numerous personal projects that are web sites/web apps and I use Zoho
to get emails at all those domains.

I don't know if this is frowned upon by Zoho, but if you don't want to use
their UI, you can set up your regular personal Gmail account to act as a POP3
client and just retrieves emails from Zoho that way. (now that I wrote it out,
it makes me think it can't be frowned upon, simply because POP3 is even
offered as a feature there)

------
ikeboy
I've had the same issue with buying and selling accounts - my buying account
got locked out, which prevented me from logging in to my selling account, with
50 pending orders at the time. Luckily I emailed jeff@amazon.com and got my
main account unlocked within 2 days and my buying eventually got back a week
or two later.

Seems like they still haven't fixed the underlying issue of bots locking
accounts across services.

------
bryanthompson
I'm one account flag change or one password reset from being in this exact
situation, and it's terrifying. I have been an Audible customer since before
Amazon bought them. Somewhere in their account aggregation process, I've ended
up with at least four distinct logins for amazon that all use the same email
address.

One email address... And i use one password for audble, one for amazon, one
for aws, and one for amazon affiliate. If I password reset on _any one_ of
those services, my accounts are all bricks. I've made that mistake once and
had to frantically call audible support & climb through the support chains
until someone could basically undo my password change.

During the process, they offered to try and deduplicate my accounts, but I
think we're going to need a team of senior-level DBAs to sort this shit out.

------
chrisacky
My recommendation would be to email jbarr[at]amazon.com directly.

He will probably naturally see this thread over the course of the day though
if it get's popular anyway....

------
serpix
Exact same issue. Have tried to resolve it for six months now. I've cancelled
the credit card and they can f* themselves.

------
tjbiddle
I love AWS - but why, oh why, is a retail account linked to it? These need to
be entirely separate.

~~~
sipos
This. This is the worst design flaw I am aware of in AWS. It makes no sense
that Amazon's two totally different businesses, use the same account.

------
jasonrhaas
Email jeff@amazon.com. This same thing happened to me a few months ago. I
tried everything and was banging my head against the wall. After emailing
jeff@amazon.com the issue was resolved in less than 24 hours.

------
Naushad
Expected from the earths most customer centric company. Here in India, my
first order at Amazon was a fraud done by Amazon with its JV firm CloudTail.
tl dr: Amazon Fulfilled product sold at fake discount and MRP mentioned on
site was higher than printed MRP.

[https://medium.com/@snaushads/my-first-order-at-amazon-
in-5c...](https://medium.com/@snaushads/my-first-order-at-amazon-
in-5cba59ac932)

------
Paul-ish
They tell him to create a new account because they think the old one was
compromised? I would be furious. I have bought a number of books on Kindle. If
this happened to me, I would essentially lose all of the books I purchased.
I'm not sure I would ever use Amazon again.

------
akhatri_aus
I'm actually glad its this way. Its difficult to take over an account.

If you can't keep your passwords in check and use 2FA you ought to lose the
account & make a new one. Some kind of consistency, e.g 2FA or password is
needed to keep it secure.

------
danjoc
>This should serve as a warning to anybody else who has an Amazon account that
is shared between retail and AWS.

Wouldn't Amazon have locked your AWS account for unauthorized login as well? I
don't see how the retail activity matters here.

------
wiradikusuma
Since we're on this topic: Is a Google Apps account considered "seperate"? Eg
I have jim_gordon@gmail.com and jim@gordon.com.

So I'm thinking of centralizing all non-business to gmail.com and the rest to
gordon.com.

------
likelynew
Before bitcoin caught up with general public, I became interested in what it
is to mine. To try it, I set up mining software in heroku. I knew even then
that it is not a very nice thing to do, but it was free for me. I wasn't
looking for money or something. In a day, my account was banned permanently,
without prompting me of anything. While it deserved to be banned, but maxing
out the CPU might even be caused by simple mistake in a legitimate way. I have
a big suspicion that they can read the application code if there is a problem
like this.

------
jasonrhaas
This happened to me as well. Email jeff@amazon.com. No joke, within 24 hours I
was good to go. It worked for me a few months ago.

------
kbullaughey
Any references to how one should go about separating an Amazon retail account
and an AWS account, if they are presently the same?

~~~
stephengillie
The best option I know is rebuilding your services in a new AWS account. That
will let you can keep using the same Amazon retail account as before, and
transfer your assets in AWS to an account tied to your production
organization.

CloudFormer[0] might be able to automate some of the process - it analyzes
your existing VPC and generates a CloudFormation[1] template. You could then
take this template and deploy the stack in your new account, and you'd only
have to rebuild the remaining few items.

Then you could redeploy all your applications, test, and migrate production
services to your freshly-tested instance. Finally, you must be aggressive in
shutting down the old services. It would be agonizing to have your entire site
down because one server remains in the old account, and the account had some
issue. Feel free to contact me for more specific advice.

[0] [https://www.linkedin.com/pulse/how-why-use-aws-
cloudformer-a...](https://www.linkedin.com/pulse/how-why-use-aws-cloudformer-
ashish-kucheria-1)

[1]
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGui...](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html)

------
slosh
I was locked out and charged from October till May being charged. Finally got
a full refund. It's a nice savings plan lol

------
kyledrake
This is such an unfathomable problem to me. When I need someone at my DC, I
just call them and they pick up the phone.

~~~
foobarbazetc
You can pay Amazon for that level of support.

~~~
kyledrake
The level of support where they won't ignore my emails after locking me out of
my account and compromising my production servers for a week without my
consent.

------
Thaxll
Always use MFA.

------
Crontab
This story reminds me of a friend of mine who has a second Amazon account just
for his Kindle. He does that because he read a story where someone lost access
to their Kindle books after Amazon closed their account.

Guess this idea applies to AWS as well.

------
crb002
Time to contact your solicitor chap.

------
markaius
[Deleted]

~~~
ianhawes
Please delete your comment.

I am incredibly happy that Digital Ocean made you go to those lengths to get
your account back. The last thing we need is web services companies requiring
less security. Social engineering attacks are typically the method of entry to
hosting providers such as Digital Ocean.

Frankly I would be totally fine if they required another form of ID (such as a
passport) or another form of address/name verification (such as a utility
bill). Or perhaps even a picture of the card on file.

What is NOT okay is a lack of response, which this article is describing.

------
FRex
I had two experiences getting locked out of accounts.

First was an old pre-Atlassian BitBucket one that just broke due to
shenanigans with Atliassian accounts integration or SOMETHING. But big props
to them. I complain and I get it fixed super quick. Just how it should be.
Solid 4 out of 5 (5 is for guys who managed to not lock my account due to
weird mergers, I'm even OK with the weird "don't use FRex, form now on login
with your email: smtsmt@gmail.com" I get on attempting 'FRex' \+ password).

Second is Twitter. FUCK THEM so hard. Excuse my French but I have no other
words for how idiotic this situation is, it'd make a saint mad.

I make an Twitter account using my secondary/side gmail account that has been
phone verified and 2FA using Google Auth for Andoird, verified my Twitter
account by clicking link in the email they sent there, connect it to my
YouTube account that has been phone verified, send out the welcoming tweet
they propose (something like "Hello Twitter!", I think it was just a button
press or a combo box to pick from but I might be wrong now) and I get banned
for (exact wording may vary) 'suspicious/possibly automated activity' (mhmm...
these huge botnets of phone verified 2FA gmail and YT accounts operating out
of EU ips... good job catching me Twitter).

I could of course act like a good peon and provide them a phone number and be
graciously allowed by the Twitter Heavenly Emperors to use my 10 minutes old
account. I write to their support via some super idiotically hidden panel of
theirs on twitter while still in my 'locked' account and.. I get an automated
(!) email to my gmail (!!) telling me in steps how to just fuck off and enter
my phone number (!!!) and to ask for help if I don't have it unlocked after
providing a phone number and waiting a few minutes ('fucktastic' was the word
of the day that day, seriously, that made my day). I wrote another one,
telling them to shove it (in kinder words and with zero profanity but firmly
making it clear I'd not provide my number on account I did literally nothing
on and want to use for YouTube connectivity to a verified channel and created
on a 2FA and phone verified gmail account I verified by clicking the link in
the email) and got another bot email and no reply since then (about a month
ago). Total human replies: 0. Bot replies: 3+ (see below). And I'm the one
running an automated operation in here.

And the cherry on top: I still get trending political BS tweets (because
that's what trending where I live every week) sent to my social tab in gmail
and can't disable it since my account is locked and throws me to 'provide a
number' screen that only has 'help' (blabbering about how I must be the one in
the wrong here but if I provide a phone number..) and 'log out' available.
Good fucking riddance. I truly dodged a bullet by using my alternate gmail!

And all this on a service that has users that are outright bots, Nazis,
terrorists (ISIS itself), hacktivists (you can argue some of it is a positive
force for change or securing up but it's still highly illegal and often done
just for lulz) and the like.

Of course I'm not going to give in to this BS. I can sort of understand
Google/YouTube with their stuff and it actually helped me once by requiring
SMS verification when my kinda weak old password got cracked/guessed but what
Twitter did is downright dumb extortion ("gib phon number! gib, gib, don't
write support requests! 1st gib!") or them being idiots (what did I do that's
suspicious exactly.. make a Twitter account in 2017?) and grossly neglecting
their users (0 human reply, ever). Twitter fortunately would just be a nice-
to-have for my side hobby of YTing and I have the privilege of saying "fuck
no" to them for this and shitting on them on every occasion but if this was my
mail gmail it'd do me in for weeks before I recovered all of my stuff.

There are horror stories on YT too, see Millbee (let's plays) or I Hate
Everything a.k.a. IHE(critique/shitposting), banned overnight (Millbee for a
nip snip in an anime game despite all the nudity, GONE SEXUAL and borderline
CP on YT going unpunished and IHE for 'community guidelines' for a video of
smashing a film DVD that was later hand judged as not in violation), both
returned after a social shitstorm but with no apology, explanation, nothing. I
bet if I was a high up in some company and had a company account tweet what BS
I went through it'd all suddenly be fixed in a jiffy with no need for my phone
number. But what are internet and real life rank and file tech nobodies
supposed to do..?

------
lightedman
Protip for everyone on this site.

Look at a companys stock price. If it's in the triple digits, avoid it,
because they can and will screw you over.

~~~
grogenaut
Lol so Microsoft, Comcast and Sony are safe?

------
gorkonsine
This should be a good warning about what you can expect when relying on other
companies for service.

~~~
distantsounds
This is such a meaningless statement. What exactly are you trying to convey?

~~~
tartuffe78
Don't ever use services provided by a third party. That's why I cut my own
hair, make my own toothpaste, and create my own electricity from coal I mine
myself!

~~~
gorkonsine
Your comparison, and the toaster one by the responder, are nonsensical.
There's a difference between a product and a service. Toothpaste is a product,
not a service. AWS is a service, not a product. You can buy toothpaste
anywhere; if you want to compare with AWS, AWS is like hiring a dental
hygienist to come to your house twice a day and brush your teeth for you
instead of doing it yourself. The hair-cutting bit is valid, but lots of
people cut their own hair, especially men. The electricity bit is only
partially valid; coal is a commodity that you can buy, just like toothpaste.
You can also buy solar panels and make yourself totally independent of the
electric utility. But it falls down because electric utilities are utilities
and are regulated as such, whereas AWS is not regulated. The toaster thing is
just dumb; toasters are cheap commodities. Again, the AWS comparison is hiring
a butler to make your toast for you.

------
the_common_man
If it's critical to your business, why not do your hosting elsewhere? Is it
because you are locked in already? I am building a product that will help
people migrate across cloud providers, so that's the context...

~~~
ovao
Presumably he built it with AWS in mind, using their proprietary services and
APIs. I'm certain if it was easy to have transitioned away from AWS, he
would've already done so.

