
The good parts of AWS: a visual summary - hac96
https://hassenchaieb.com/aws-good-parts/
======
ggregoire
> AVOID using S3 for static web hosting (No HTTPS).

I would absolutely recommend S3 for static web hosting. Just add CloudFront on
top if you need HTTPS, it takes like 2 clicks.

If anyone interested, I answered on StackOverflow how to deploy a front end
app (React, Vue, etc) to S3:
[https://stackoverflow.com/q/41250087/652669](https://stackoverflow.com/q/41250087/652669)

~~~
DVassallo
Book co-author here. (Not article author.)

The recommendation against using S3 for static hosting is that there are much
better alternatives outside of AWS. The dev experience you get with Netlify
and Zeit will almost certainly never be possible with AWS.

~~~
yingw787
Not to refute your claim, but this is my 3-line bash script in order to build
and upload a static bundle:

"""

#!/usr/bin/env bash

rm -rf public

hugo --verbose

aws s3 sync ./public s3://$BUCKET_NAME --profile s3_personal

"""

You can set custom TTL for CloudFront to 0 for instant refresh in production.
Dev server is `hugo server`, `hugo` is a single Go binary you can Dockerize
with --net=host and --volume=$(pwd):/app to use your own dev environment. If
you don't maintain too many large static assets, your cost is like 5 cents a
month, and I think that's a competitive price, not AWS being generous. $12 /
year for a custom domain via ICANN, and Route 53 manages A/AAAA/CNAME/MX
records for free.

Again, not to refute your claim. I'm a single author, who publishes as a
hobby, with a single dev and a single prod environment, so if things break
down (it hasn't for years), it's easy to fix. It's much different than content
marketing and enterprise use cases. Even so, I would rather start here and add
a static CMS like Forestry before considering a custom solution like Netlify
(which is probably built on top of AWS anyways).

~~~
chickenpotpie
Also Netlify doesn't scale in pricing as well. 3 developers is $45 a month,
but 4 developers is $1000 a month. There's also no SLA until the $1000 a month
tier. They charge almost double for extra bandwidth. It's great for small
teams, but they're not objectively better.

~~~
cactus2093
Never used Netlify, but that seems odd. Isn't it a hosting provider? Unless
you're really tiny team, usually you'd want a centralized process for running
the build & deploy (rather than having any developer that wants to release
something running the build on their slightly different local environment and
deploying it directly), possibly hooked into a CD pipeline. Why do you need to
pay per developer?

~~~
chickenpotpie
Here's their pricing page:
[https://www.netlify.com/pricing/](https://www.netlify.com/pricing/)

Looks like you can add extra developers on the lower tiers for $15/user/month,
but they're still charging way more per GB than AWS does.

------
jbergknoff
This appears pretty superficial and it gets many things wrong.

> Choose between [DynamoDB] on-demand option (no capacity management) or
> provisioned option (cheaper).

It's very, very easy for provisioned capacity to be more expensive than on-
demand. You need to overprovision because, if you exceed the provisioned
throughput, you will get throttled and your application will suffer. Scaling
up and down is a slow, opaque process, and you're only allowed to do it
something like 5 times per day. If your workload has any idle periods, you're
just burning money.

> Avoid using S3 for static web hosting (No HTTPS)

I won't argue that S3 is ideal for static web hosting, but "avoid" is pretty
strong and IMO not warranted.

> Do not use AWS Lambda as a general EC2 host

What does this mean? As general compute? This is too simplistic a judgment.
Lambda is a versatile service and can be useful in many situations.

> Kinesis: unlimited consumers

No, Kinesis is an extremely limited service. 5 reads per second per shard. In
my experience, if you put even two consumers on a stream, you will start to
see throttling. The official solution is to fan out to multiple streams. Hacky
and super expensive.

> Kinesis 30x cheaper than SQS

This is hilarious. Maybe it's true for some workloads. In my experience,
Kinesis is incredibly expensive and SQS is not.

~~~
phamilton
> The official solution is to fan out to multiple streams

Not anymore. Enhanced fanout allows up to 20 consumers, doesn't count against
read limits and has lower latency than polling.

> It's very, very easy for provisioned capacity to be more expensive than on-
> demand.

Reserved capacity will beat on-demand pretty handily, even with massive
overprovisioning. Assuming a 50% target and a 16 hour daily duty cycle,
reserved provisioned is 20% the cost of running on-demand.

~~~
jbergknoff
Thanks, I misspoke about fanning out to multiple streams. Dedicated stream
consumers are still a hack. They're also expensive and have limitations as
Lambda event sources. Kinesis is a service that needs to be used very
carefully. It's riddled with landmines for cost and performance.

Regarding Dynamo: I'll echo plexicle's experience that switching to on-demand
was an immense cost savings (these were tables that were not being used often,
many of them in dev environments).

------
corp_muppet
This opinion piece has too many inaccurate statements.

\- S3 for static assests

\- SQS V Kinesis

\- Lambda ('Small code that doesn't change....what).

\- ELB completely overlooked, if you need session persistence then you need an
ELB so for more traditional software you've completely omitted that solution
because it's "Legacy".

Missing

\- No discussion on when to pick Lambda, Containers or EC2

\- No Cloudfront addresses S3 and any API GW or ALB fronted Lambda.

\- Where is the use of SNS?

\- What if I want to Fan Out on a message/event? complete missed the why SQS V
SNS V Kinesis and when to use which.

\- No RDS....so if i've got relational data are you advising i should put it
in DynamoDB?

\- No container context in any way.

Really poor quality of content and advisories needs an urgent update.

~~~
SideburnsOfDoom
> Where is the use of SNS?

Right, the SQS part is very misleading: "SQS has 1 consumer" is technically
true (although it's actually one group of competing consumers), but in
practice, you get fan-out to zero or more consumers easily, by wiring SNS and
SQS together (one SNS topic, multiple attached SQS queues).

> No RDS...

Without also mentioning RDS with DynamoDB, you can't make meaningful choices
between them.

It also omits the one big benefit of DynamoDB: single-digit number of
milliseconds to read a record by primary key, regardless of scale, due to
sharding on that key.

------
deanCommie
The SQS vs Kinesis summary is particularly bad

Kinesis has strict ordering but SQS does not?

No.

Kinesis has strict ordering PER SHARD. Which dilutes your throughput, unlike
SQS. And it has limitations on throughput in terms of total event size, which
are different from SQS's 300 TPS for FIFO.

It's apples and oranges. More significant, this comparison really makes it
seem like you should pick Kinesis for a simple starting project rather than
SQS, which is the exact opposite of the truth. SQS is the simpler choice for
90% of the cases, and Kinesis is an advanced powerful tool for the other 10%

~~~
snorkel
Also Kinesis records are write-once read-many, where SQS messages are meant to
be consumed (receive a message, do the task, delete the message)

Kinesis is for streaming data, and SQS is for job queues.

------
sk5t
Eh. The ALB/ELB/NLB section is off the mark for failing to consider inter-AZ
costs, perplexingly indicates NLB has something to do with TLS, even more
perplexingly suggests NLB as the default choice. Dynamo isn't something I'd
suggest at all unless one has well studied the costs and benefits. Kinesis is
not much like SQS, and new users might be more interested in EventBridge...

~~~
dastbe
Conflating TLS and HTTPS makes that row weird, but NLB supports TLS
termination at the load balancer.

[https://aws.amazon.com/blogs/aws/new-tls-termination-for-
net...](https://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-
balancers/)

------
whalesalad
There is a tremendous amount of incorrect and misleading information on this
post.

The _first sentence_ re: Dynamo discusses the inability to do filtering or
sorting which is flat out wrong:

“DynamoDB requires data operations (aggregations, filtering, sorting ..) to be
done by your application. → All data needs to be sent over the network.”

~~~
redisman
Sorting - really? Isn't the first thing to learn about Dynamo the primary key
and the sort key? Filtering you can do on the database but you still pay for
the reads as if it wasn't filtered. To me Dynamos biggest con is that it's
propriety technology and aggregations it's just not really any good for.

------
Androider
Can't agree on the NLB part. Everyone should be using ALB by default, and only
reach for NLB in very specific cases (you'll know when), in my humble opinion
having worked with AWS for 8 years and being a certified architect.

Enable the dropping of invalid headers, enable HTTP/2, let the ALB terminate
the TLS, and you'll see benefits even if your full backend isn't HTTP/2
enabled and you'll have eliminated a whole range of other headaches you no
longer need to manage. It's one of the most reliable services AWS has.

~~~
DVassallo
Book co-author here. (Not article author.) The recommendation is based on the
multi-tenant behavior of NLBs (no need to warm up the LB to handle traffic
spikes). If you need any ALB features, use ALB. Otherwise, NLBs give you one
less thing to worry about (and slightly cheaper and faster too.)

------
chickenpotpie
Does anyone else get the feeling that the author has not used any of these
services before and is just writing this from reading AWS documentation and
pricing?

~~~
DVassallo
It’s a summary of a book.

~~~
jessaustin
So, was the book written that way?

------
zemo
> DynamoDB is a non-relational database that has two main features : it’s
> immediately consistent and ...

that's ... only true if you're exclusively using strongly consistent reads,
but if you're exclusively using strongly consistent reads, why are you using
DynamoDB to begin with?

------
markphip
Not sure where they came up with that SQS pricing? It is free for first
million requests per month. I have been using SQS as a message queue in my app
and based on AWS Cost Explorer I have never reached that in a month .. always
a $0 charge. Looking at Cloudwatch I never even got to 100K requests in a
month and the app is moderately active. It does not generate a ton of
messages, maybe hundreds a day and the workers receiving the messages use long
poll. Anyway, the costs in the doc seem way off.

------
bowmessage
Touching only the surface of some AWS services and calling them "the good
parts" is really misleading. This does not run the gamut of all AWS services
available, skips over a number of other popular databases and developer
productivity services, and makes broad generalizations as another commenter
points out...

------
bob1029
No mention of Route53? Either I am missing out on something big or the author
is.

Route53 is probably the biggest value-add on top of raw compute & storage that
exists in Amazon's entire cloud product portfolio.

Who else remembers requiring 3 different vendors to run 1 https website?

------
reese_john
Why does it say that SQS has duplicates, while Kinesis does not ? AWS
documentation explicitly says that Kinesis has at least once semantics due to
consumer/producer retries.

------
pojzon
There are so many plain wrong points here I simply dont know where to start.
It feels like the person who wrote it has no real commercial experience or
very little experience with described services.

------
fraserharris
A lesser known limitation of S3 is that it does not have Read-After-Write
consistency for overwriting PUTS & DELETE operations. Netflix has reported
observing consistency taking hours for outliers.
[https://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction...](https://docs.aws.amazon.com/AmazonS3/latest/dev/Introduction.html#ConsistencyModel)

~~~
pojzon
Because its a distributed system and it takes time to propagate ?? I think its
very well known, ppl just understand its normal and in 99.999% of cases does
not matter.

------
technics256
I liked the book, but it fell apart when it got to cloudformation. It hand
waved a ton of the actual IaaC part, so instead you end up copying from book,
which had some differences from the git repo they shared. Good to get the
basics of what to do and best practices for architecting, but incredibly
frustrating on actually following and building with cloudformation.

~~~
DVassallo
We had a couple of frustrating typos in the first version. Very sorry about
that. We fixed them now, and the latest book version is in sync with the
GitHub repo.

------
mmckelvy
I'd agree with a few of the other comments here. I read it and can't say that
I found it particularly helpful. I've deployed a lot of Node.js apps to Heroku
and Digital Ocean, and was looking for something to help me "level up" to AWS.
I was left thinking that maybe I should just stick to Heroku.

~~~
bowmessage
Beanstalk & CodeDeploy & X-Ray if you need to level up your deployment &
webapp management.

------
skywhopper
I really like the summary format and the visual design here. It feels slightly
weird to specifically call out Redis in a negative way in the Dynamo summary
when no other tools listed give a similar callout to a specific product.

------
rb808
Its nice to have some proper opinions and recommendations. Seems the tech
world is so full of articles and blogs that show you how to do something, with
very little saying don't use this because...

------
Raphomet
Anyone know what tool the author used to make those nice animated SVGs?

~~~
ANaimi
Had the same question. Apparently he created them manually!
[https://twitter.com/hassenchaieb/status/1240346726822752262?...](https://twitter.com/hassenchaieb/status/1240346726822752262?s=20)

------
Scarbutt
I have seen some projects use DynamoDB for relational data, with the "single
table design" approach, anyone who did this, how was your experience?

~~~
kbanman
I've seen this done for new projects, and it works really well. If your data
access patterns are truly relational (varied lookup paths) then it is probably
not the right tool, but many apps can be modeled in a way that DDB handles
well.

Highly recommended viewing:
[https://www.youtube.com/watch?v=HaEPXoXVf2k](https://www.youtube.com/watch?v=HaEPXoXVf2k)
this talk explains how relational data can be efficiently modeled for key-
value stores.

------
enahs-sf
I would strongly advocate that Aurora RDS be added here. Easy to manage, SQL
data storage. Not cheap, but cheaper than a DBA for sure.

------
reilly3000
This article is wildly inaccurate. My corrections: \- DynamoDb allows for a
lot of filtering, and Lambda + DDB Streams can do aggregations that are
written as state changes and provide incredible read speeds. Use it if its a
good fit, and its only a good fit if you're ready to learn its query language
and quirks. When it is a good fit, its a world-class database.

\- SQS pricing is $0.0000004 per request [1] with 1 Million monthly messages
free.

\- SQS + SNS is far more flexible and reliable than Kinesis, plus you're
paying for and managing shards by the hour. Its great for streaming analytics
data processing and distribution (within the Kinesis suite there is stream
processing ala Spark and streaming ingest to Elastic, S3, and Redshift). If
you're not doing data engineering on a streaming set of events that can't fit
in a spreadsheet, its just not the right fit.

\- Lambda is not expensive to use with DynamoDB at all, the pipes are so fast
that that 50-100ms is typical for a call and response. Lambda does get gnarly
with SQL databases that require connection management and pooling, but they
have improved that situation on multiple fronts in the past 6-9 months.

\- Also, Lambda ought to be considered the first choice for runtimes for
greenfield apps, not just for AWS plumbing. This is strictly opinion and
definitely depends on your team and existing codebase, but it makes sense from
a cost and scaling standpoint for all kinds of projects.

\- NLB should be the first choice only for specialized use cases like UDP
services or those that require extraordinary throughput. ALB gives you an
incredible feature set with things like HTTPS, Auth, access logging, routing
requests to different machines or Lambdas based on url path, canary
deployments, and more. Use as much or little as you like. The cost difference
between ALB and NLB is negligible for most use cases.

If you're new to AWS and cloud stuff: welcome, the water's fine. Sure its hard
at first to grok all the breadth and depth of the offerings, but you get to
build with the same tools the largest services on the web depend on. Start
small and pick a service, learn it from the console, then cli. Hit up the docs
a lot and ask questions, there are lots of people that can help. Do NOT get
lead astray by this article or opinion pieces on Medium.

Something like 75% of AWS services are geared at serving enterprises with on-
premise data centers that want to move some or all of their workloads to the
cloud. Stick with the basics like S3, Lambda, SNS, SQS, and whatever servers
you need. Pick a managed service vs servers when you can unless you have solid
sysadmin resources and a good reason. Avoid hourly billed services whenever
you can until you can get cost management figured out. VPC is daunting unless
you're good with networking, but you can avoid it entirely by using the
primitives mentioned above. IAM takes some real grokking, but there is almost
nothing you can't do with it to scope permissions both internally and
externally.

AWS YouTube Channel is full of quality material for all levels. Try to start
forming your opinions with those and your own experience instead of
unsubstantial articles or random HN comments :)

------
OJFord
I really like this 'tl;dr, consider this, start with this rather than that
until/unless you really need it' style, was left disappointed it didn't cover
more services!

~~~
WaxProlix
It's also unfortunately completely incorrect.

------
Scarbutt
What are EC2 "saving plans"?

~~~
WrtCdEvrydy
A way to save some cash, you set aside your reserve amount and some EC2 magic
makes it happen.

