
Show HN: MadeiraCloud lets you draw AWS architecture and clone apps in minutes - danoprey
http://www.madeiracloud.com/
======
moe
Sorry, your registration procedure is a failure. Make a live-demo available
right on the front-page.

Nobody in their right mind gives you their AWS-credentials just to get a
glimpse at your product.

~~~
jefe78
Agreed. What type of app requires you to give up your credentials to something
as sensitive as your infrastructures credentials?! No fucking way. Fix this
asap.

Edit: Any admin that gives these up should probably not be in the role they
are. I'd fire someone over something like this. The OP commented further down
that "64%" gave up their credentials. I think their bosses need to know about
that or their clients should be warned.

I don't care who this guys is and how much assurance he can offer; there is no
reason for this.

~~~
danoprey
Thanks for the feedback. Can I ask what you would suggest as an alternative
for people wanting to try the product? Our app is useless without access to
the AWS APIs, and although IAM credentials could be created (as people below
have), for the app to be fully functional it would require near full access
permissions anyway.

We definitely need to give more before users have to enter their credentials,
like a tutorial and demo video which are in the works, but as far as actually
using the product, I don't see a way around it.

As noted below, this is actually very common. RightScale, Scalr, OpDemand,
NewVem, and all other AWS third party tools require this information.

Not trying to say you are wrong, you're not, it's rightfully a big concern for
people, but unless AWS change the way their APIs work, what are we supposed to
do?

~~~
ceejayoz
Can't you give access to the UI, let people build out an infrastructure, and
then if they want to actually launch it, ask for IAM credentials then?

~~~
danoprey
That's a good idea, although it would limit the features to just being a
diagramming tool, but at least they can take a look. Really good suggestion,
will give it some consideration, thanks.

~~~
danoprey
We are implementing this suggestion at the moment, thanks a lot for the
fantastic feedback.

------
chrisacky
If you are asking for AWS credentials, you should really provide a IAM
template that is preconfigured with all the "READ ONLY" access API endpoints
that you require.

~~~
danoprey
Because we launch instances and volumes, create AMIs, SnapShots, KeyPairs and
security groups, read only access would not suffice. We have considered
creating an IAM template, but it would need nearly the same permissions as
full access. But it would probably still be a good idea for users who aren't
comfortable, at least that way they can see exactly what is required. I'll
revisit this, thank you.

------
jasonkester
Looks awesome.

I'm curious to see how well you guys get on asking for users to supply their
AWS credentials. That used to be by far the most common feature request for
S3stat, namely a way to use the thing without having to hand across your
secret key.

I imagine you could allow your users to create IAM accounts with exactly the
permissions they'd need for you to do your thing, but it seems like you pretty
much need full control to be at all useful.

~~~
danoprey
Thanks a lot!

It certainly has been an issue, lots of requests and suggestions to make
entering AWS credentials optional, but as you say, without the right
permissions it would be useless.

Fortunately, it's the same for all third party tools which rely on APIs, no
way around it, so a lot of users are used to having to give them out.

I'll share some stats from our small sample size so far: 63% of users who
requested an invite then logged in, then of those users 64% entered their
credentials, albeit with quite a bit of coaxing and reassurance.

~~~
nolok
I wouldn't call users being used to give out their full AWS credentials
"fortunate". I know that's not exactly what you were trying to see, but still
the thought makes me shudder ...

~~~
bdonlan
You can restrict access to an extent with IAM - unfortunately EC2 doesn't have
fine-grained resources to apply policies to yet :/

------
normalocity
Not saying this does, or does not mean anything, but here's the whois info for
the domain:

Domain Name: madeiracloud.com Registered at <http://www.dynadot.com>

Registrant: INiT Inc. Peng Zhao HaiDianNanLu 12 Building 54, Room 110 Beijing,
Beijing 100082 China

Administrative Contact: INiT Inc. Peng Zhao HaiDianNanLu 12 Building 54, Room
110 Beijing, Beijing 100082 China

+86 13911041736

Technical Contact: INiT Inc. Peng Zhao HaiDianNanLu 12 Building 54, Room 110
Beijing, Beijing 100082 China

+86 13911041736

Record expires on 2012/06/16 UTC Record created on 2011/06/16 UTC

Domain servers in listed order: ns1.dynadot.com ns2.dynadot.com

~~~
normalocity
I guess they came from the ChinaBang conference?

~~~
danoprey
We did indeed! <http://goo.gl/PYNYB>

------
Zombieball
Does MadeiraCloud let you set up anything other than EBS volumes & EC2
instances w/ firewall rules? Not sure how useful it is atm if that is all one
can accomplish.

~~~
ceejayoz
There's more shown on the site's home page than is currently available in the
actual UI. Guessing a lot left to be implemented and we're seeing just the
"here's what'll eventually be possible" view on the "features" screens.

~~~
danoprey
You are correct. We wanted to get something out to get feedback on and wanted
to balance disappointing people with showing what we are working towards on
the promotional site. The features on the homepage will all be available for
use in the next few months, plus some additional ones not mentioned that we
are very excited about.

------
Ftdo
Impressive site and an innovative approach in what is only going to become a
more and more crowded space.

Would you be able to share an indication of the take up you've had so far?
Secondly, are you seeing users move from a free account to the premium, as
they understand the possibilities available with the higher capacity for apps?

~~~
danoprey
Thank you very much! It is indeed, but we haven't come across anyone who takes
our approach, so hopefully it will be enough to differentiate ourselves.

We launched our private beta in February and haven't done any paid marketing
since then, all our users have been from word of mouth, media exposure and of
course, the great HN. We 'launched' at an early stage and have been iterating
since. Currently we have less than 700 free beta users and we are not offering
the premium service yet until we have implemented our MVP feature-set and have
ironed out any bugs our beta users report. I will be more than happy to share
this information in the future.

------
alttab
The site design looks very similar to Heroku.

~~~
danoprey
Do you think it's too similar? I love the dark design of Heroku, and obviously
we also have purple branding, but I didn't think beyond that it was too
similar.

I'll take it as a compliment, Heroku has a brilliant site and I hope ours can
be as good but not appear to be anything close to a copy. It wasn't actually a
reference during the design.

Do you have any suggestions on anything to change to make it less similar in
your eyes?

~~~
alttab
Its the overall product and packaging.

Herkou is famous as being the first Rails PaaS to gain traction that was
really "easy" to get started and push live.

This experience felt very similar - an impressive feit indeed, a similar
feeling to what Herkou instilled the first time I saw their service.

The drag-and-drop web architecture super-easy-deployathon has that same slick
awesome vibe (which is a good thing!), but coupling that with a similar
layout, color scheme, and information architecture and its the first thing I
jumped to.

Not a bad connection per se, but the original thought was "the guy that did
the www site sweats herkou hard".

~~~
danoprey
Haha. Well I am the designer of the www, my and ide site, and whilst I like
Heroku's site, I don't "sweat it hard"!

But seriously, thanks for this, I thought beyond the dark colour scheme and
(very different shades of) purple there wasn't much more similarity. Next time
I'm doing some redesigning I'll try and move it a bit further away.

Thanks for the compliments too.

------
wagerlabs
What UI toolkit was used to build MadeiraCloud? Anybody knows?

~~~
KaoruAoiShiho
It looks like a version of one of the most popular drupal themes, Rubik.

~~~
danoprey
Good spot, the my site is Rubik > Ginkgo > Custom.

------
funthree
I cant change my password without giving you access to AWS?

~~~
danoprey
Unfortunately, our app relies on the AWS APIs, so without your credentials
there's not a lot you will be able to do. We combined the AWS and password
forms because we were getting a lot of support requests from people not
entering them, so we felt it was best to force it early on.

~~~
funthree
Yeah, no problem there, but when I first signed up and clicked the link in my
email it said I wouldnt be able to use that link to login again. I wasnt ready
to provide my AWS info at that time, because I didnt have time to do it but I
did have time to make an account. Now I dont have a password and I cant get
back into my account for good?

~~~
danoprey
Aha.. I see, great point, thank you. You are right, that definitely needs
changing. You should still be able to reset your password, but obviously
that's a pretty poor process. I'll look in to changing that right away, thanks
again.

------
phillmv
Why Madeira? Are you from the Madeira? What's 'wooden' about your app :P?

~~~
danoprey
We're not, no, but it is a beautiful word and also happens to be a South
American river which is the largest tributary to some other river in the
rainforest ;-)

