Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is S3 down?
2589 points by iamdeedubs on Feb 28, 2017 | hide | past | favorite | 1055 comments
I'm getting

{ "errorCode" : "InternalError" }

When I attempt to use the AWS Console to view s3




Disclosure: I work on Google Cloud.

Apologies if you find this to be in poor taste, but GCS directly supports the S3 XML API (including v4):

https://cloud.google.com/storage/docs/interoperability

and has easy to use multi-regional support at a fraction of the cost of what it would take on AWS. I directly point my NAS box at home to GCS instead of S3 (sadly having to modify the little PHP client code to point it to storage.googleapis.com), and it works like a charm. Resumable uploads work differently between us, but honestly since we let you do up to 5TB per object, I haven't needed to bother yet.

Again, Disclosure: I work on Google Cloud (and we've had our own outages!).


Apologies if this is too much off-topic, but I want to share an anecdote of some some serious problems we had with GCS and why I'd be careful to trust them with critical services:

Our production Cloud SQL started throwing errors that we could not write anything to the database. We have Gold support, so quickly created a ticket. While there was a quick reply, it took a total of 21+ hours of downtime to get the issue fixed. During the downtime, there is nothing you can do to speed this up - you're waiting helplessly. Because Cloud SQL is a hosted service, you can not connect to a shell or access any filesystem data directly - there is nothing you can do, other than wait for the Google engineers to resolve the problem.

When the Cloud SQL instance was up&running again, support confirmed that there is nothing you can do to prevent a filesystem crash, it "just happens". The workaround they offered is to have a failover set up, so it can take over in case of downtime. The worst part is that GCS refused to offer credit, as according to their SLA this is not considered downtime. The SLA [1] states: "with respect to Google Cloud SQL Second Generation: all connection requests to a Multi-zone Instance fail" - so as long as the SQL instance accepts incoming connections, there is no downtime. Your data can get lost, your database can be unusable, your whole system might be down: according to Google, this is no downtime.

TL;DR: make sure to check the SLA before moving critical stuff to GCS.

[1]: https://cloud.google.com/sql/sla


The GCS being referred to by the GP is Google Cloud Storage, not Cloud Sequel. You really do need failover set up though. That's true for basically any MySQL installation, managed or not.


That isn't just a Google issue though. You'd have had the exact same trouble with AWS/RDS if you're running with no replica. The lack of filesystem access is a security "feature" for both. If you have no HA setup then you have no recourse but to restore to a new server from backup, or wait for your cloud provider to fix it.


RDS has snapshot backups you can create an instance from iirc so you can self fix this kind of issues.

Sure you get downtime all the same but not the waiting for support to solve an instance crash part


Yes, and RDS offers point in time recovery at that.

We've had to use it and can confirm that it works as advertised.


Not using a failover is a bold choice (not stupid, just bold). A failover is like a good insurance policy: you pay for it, you hope that you'll never need it, but when shit happens you are very happy to have it!


21 hours sounds pretty long to me. What type of data was it and how long would you have waited until you continued with a backup of the data on a different machine?


We were definitely prepared to recover from a backup, but the support team told us: "the issue with the file system will likely persevere over a backup/restore". So this, in combination with the data loss you have when recovering from a backup, means we basically had no choice other than to wait till the issue was resolved.


I've used both Google Cloud and AWS, and as of a year or so ago, I'm a Google Cloud convert. (Before that, you guys didn't at all have your shit together when it came to customer support)

It's not in bad taste, despite other comments saying otherwise. We need to recognize that competition is good, and Amazon isn't the answer to everything.


We were on GCP for around a year, it was my decision I really wanted to love GCP and I initially did. But we recently switched to AWS.

I think there is little GCP does better than AWS. Pricing is better on paper, but performance per buck seems to be on par. Stability is a lot worse on GCP, and I don't just mean service outages like this one (which they had their fair share) but also individual issues like instances slowing down or network acting up randomly. Also lack of service offerings like no PostgreSQL, functions never leaving alpha, no hosted redis clusters etc... Support is also too expensive compared to AWS.

Management interfaces are better on GCP and sustained use discount is a big step up against AWS reservations. Otherwise, I think AWS works better.


I haven't used AWS, but my experience with AppEngine and by extension GCP is similar.

Just last week I got an email saying that they'd discovered an issue on Google Cloud Datastore where certain (strongly consistent!) queries could have been returning incorrect results for a week long period and that I should check my logs to see if anything important had been affected in my application.

That's not the sort of behaviour that inspires confidence in a service.


Functions are going beta this week


And discontinued next year?


The standard "lol google will kill it in 6 months anyway" troll doesn't really apply to Google Cloud services. They know better than to be fickle with infrastructure offerings.


Are you sure? Have you used appengine or any of their cloud libraries? Just found out that some of the services I wrote 3 years ago don't work anymore due various breaking changes. It also very much applies to cloud services themselves! What happened to the email service(appengine powered)?I'm telling you: it no longer exists! Compare that with AWS SES which gets better and better. I could go on and on all day long. Google cloud is nice on paper but fails in practice. If you consider the lock-in it is not worth it on paper either


That happened to me and my sites were down for four months. I lost 15 years of seo, and $30/mo revenue... They just shut down the Python app engine sites with no notice. I'll never use google cloud.


What? That sounds like nonsense. Some sources please.


I wish it were. It was an enormous amount of effort to get my pagerank that high. I suppose I could post my google analytics before and after, but that's not really data I share with the public.


I'm not doubting your site was "down for four months". I'm doubting the part where you said "They just shut down the Python app engine sites with no notice".

Most notably, I know many people who run these types of sites and outside of GAE being mediocre, I've never heard them complain about anything like that.


This was the very first version of app engine that rolled out in 2008 or so. It showed some type of "incompatible version" notice in the admin ui when I noticed it, and when I tried to redeploy the sites using the command line deploy tool. I switched everything to s3.


How much advance notice did they give when they were shutting down that email service? I bet it was like eight months or more. Things change, you have to deal with it sometimes. Seems kinda normal.


People don't like to rewrite infrastructure code just b/c the provider decided it's not worth it anymore. When you sign up you consider the whole ecosystem not individual services. The cloud platform is marketed as reliable and rock solid that you can trust. It may be the case with AWS but on Google you should expect experimental, cheap and a high risk to get broken or even deprecated all together. It behaves like a start-up with customers paying for experiments. It's OK for some use cases but you should be aware of that.


No trolling, just tired of setting up things that just stop working and forcing me to work on a fix. I dont work for a big company with a dev team of 20 people, its just me and customer support. Im close to a burn out as it is, I dont need help with it.


I've used Appengine since 2009. Early on they deprecated the original master-slave datastore, but apart from that I've had zero refactoring around their services.

Other services are a different story - from my perspective Google are better at supporting legacy interfaces than most.


They deprecated their alpha search api 2 years in iirc


They have a minimum of 1 year deprecation policy in their terms of service.


I hear you, discontinuing products that you're dependent on is painful, but discontinuing services that you built your infrastructure around is an outright killer.


Counterpoint from an email I received just last week (Feb 21st):

> We are writing to inform you that we are winding down sales and renewals of Google Site Search (GSS). Starting April 1st, 2017, new purchases and renewals of GSS will not be available.


GSS isn't under Cloud and doesn't have the same deprecation policy. Cloud explicitly states that it has a minimum 1-year turndown on any feature they disable.


> They know better than to be fickle with infrastructure offerings

Site Search seems like an infra offering to me.


Cloud is still competing with on premises solutions, right? One year is nothing, try ten or twenty.


> Cloud is still competing with on premises solutions, right? One year is nothing, try ten or twenty.

Not an expert by any means but I would put more weight to Google's ONE year promise over (to give an example) HPE's twenty years promise. I know it is a cheap shot because I am pretty sure HPE will be bought and sold at least once in the next twenty years.


FWIW I am now dealing with a system that is supported by HPE for over 10 years now. Even if they get bought out, someone will inherit those support obligations. I am also in the camp of not trusting Google with anything.


GSS shutdown gives us a year also. I just migrated to GSS a year ago. And they decommissioned they big appliance Google Enterprise Serarch I think it was called.

We were users of the Google Mini Search appliance, went to a 3rd party in-house installed search solution that we did not like and then a year ago went to GSS. We are looking again for something suitable. The best part of the Google Site Search was search fidelity.


Try open-source search solutions? :)


They did it to their Google Analytics API. We spent four months building a dashboard off of it then Google fucking deprecated it. Thanks Google.


Not entirely true. App engine depreciations happen all the time and they give about 1 years notice. Most recently the channel api, before that prospective search, backends, etc etc


"oh no I only have _an entire year_ to deal with an API deprecation what ever will I do?" :-P


Well, if it's something you've built your entire offering around it could be a simple fix, or it could be months of work, and that will vary by project. Bear in mind that this is completely non-value-adding work that you didn't plan on just to bring your project back to a functioning state.

I.e., some douchebag who has no interest or stake in what you do has just dumped a potentially substantial amount of technical debt into your product backlog and, quite possibly, prioritised it all the way to the top.

As somebody else noted above: I don't need people creating more work from me. I can do that quite well enough on my own, thanks very much, and for side-projects this kind of chopping and changing is a pain in the ass.

By definition, with side-projects time is limited, so you absolutely have to focus on the most valuable activities to the exclusion of all else. For this reason, I only consider AWS and Azure for my projects: Google are just too fickle. Lucky you, if you have the time to deal with their nonsense.

(Btw, I'm not dissing Google on a technical level - they obviously do great, interesting work, and they're certainly one of the pioneers of PaaS. I just don't need the hassle of having to fix stuff because they keep killing APIs, projects, services.)


Yes exactly. The app specifically affected by Channels API depreciation is a side project that serves a few thousand people. It marches along perfectly well, and I pay Google money for it each month - though the project itself makes no money. Now, I need to consider whether the shift from Channel API to Firebase (and the few days work it'll take to do) is worth the investment, or if I should just shut it down.


> doesn't really apply to Google Cloud services

It might not, but doing it so much for other services destroys trust across the entire brand.


I, for one, would love to see Redis and Postgres on GCP. That would be enough to get me to switch I think.


Wait for the NEXT event. Radis will be announced.


Me too. We switched to Google Cloud years ago at its inception and have never looked back -- always viewed it as a competitive advantage due to its solid, more advanced infrastructure -- faster network, reliable disks, cleaner UI that's easier to manage. Just a cleaner operation all the way around.


What indeed is bad taste is your choice of Google Cloud over AWS. No I really like GCP, use it at core of many apps, but if people really want a decentralized web we need to use more than one provider. Don't "convert". Use booth, redundancy ffs.


Pity I can't upvote more than once! :)

This whole idea of being angry at a vendor for deprecating something with 1yr notice is just ridiculous!

People need to realize they are choosing lock-in, and are choosing the risk of deprecation every time they decide to use a cloud service with no drop in competition/open source/etc.

Own your choices people, don't blame others...


Sounds great on paper, but this is infrastructure level stuff with real world constraints.

The expectation of stability beyond a year is certainly not unreasonable when you're asking people to build their businesses/infrastructure on your platform.

And, building redundancy across providers can be impractical, owed to learning curve, cost duplication, higher outbound bandwidth costs, effort duplication, solution complexity, etc.


What's the point of decentralizing by putting 50% on one, 50% on the other, and no overlap of the groups? You used the word redundancy, but who is willing to actually do that true redundancy?


I work in GCP support. I'm really curious: what do you feel changed that led to such improved support? I'd like to make sure we keep doing it.


Chiming in as I noticed the change too. For a long time it was almost impossible to speak with a human - every query was directed to the extensive but often useless support pages. If a human did respond it often seemed like they weren't savvy enough to handle a microwave let alone solve infra issues.

Then, about a year or two ago - humans actually started responding to and fixing problems. A welcome change!


Do you have one of the paid support packages, or is this your experience of our google groups/stack overflow etc?


My experience of support with Google Apps for Business makes me very wary of using anything Google for critical business infra. Google products are nice, but as soon as you hit a problem or edge case, you're on your own in my experience.


This.

I used to work on the Azure Portal Team. As much negative things as I can say about Microsoft, they take making things just work for developers seriously, despite high prices and misc. service issues.

The since nixed compute container project I initially worked on really exemplified this.

I tend to use Colo or AWS when possible but I have a client that insisted on Google GCE and Endpoints.

I've spent so much time time digging through source code and working around broken dev tooling, and dealing with incorrect or out of date documentation thanks to that requirement.

In my personal opinion Google has a way to go in mature tooling. Silent failures, or worse failures that don't result in build failures are not acceptable. Requiring paid support contracts to resolve an issue in google infra is not acceptable. Incredibly poor support for local dev environments is not acceptable.

After dealing with this stuff, I find it unlikely that I will ever rely on their systems in the future. AWS/Colo or, with reservations, Azure all the way.


Wish I could +1 this more. Any time I get some error, I spend hours sifting through old documentation and forum posts.


Why not just open a support ticket?


Exactly. Because they've usually only experienced support for Google's free services, people assume all Google support is minimal - but it isn't. We pay $150 a month for silver support, and in the extremely rare (several years apart) case we need help, we get it.


Google Apps for Business is not free.


True, it costs $5 a month - nearly free. It comes down to the eternal truth that there is no such thing as a free lunch, and expecting a $100/hour support person to be at your beck and call for $5 a month isn't realistic.


In my GApps support experience, it's slow and inexperienced.


Spot on.

And good luck getting accurate documentation.


Honestly, if you're a big service that millions of people use, you should not put all your eggs in a single basket and should probably use a mix, in case one of the clouds goes down like in this case.


One of the biggest reasons you go for a cloud is because you don't want to deal with reliability & scaling issues, and there's a premium price attached to that. I think most companies using S3 in this case believed they put their eggs in different baskets when they put their data in there.


I can't believe anyone would have thought a dependency on a single AWS region, or even single service provider, would count as having eggs in different baskets, at least, I really hope nobody could think that!

I suspect though that most people affected deemed the risks and costs of failure low enough to be acceptable, and for many people it still is - even with this outage. But that's a conscious decision, rather than plain ignorance.


That depends if you're willing to pay for the cost of hosting all your content twice and the development overhead of managing that. Twice the persistences means twice the chance of an issue occurring.


That's where tech like kubernetes help in making your app/service portable. Or having common APIs like between s3 and google cloud storage.

Twice the persistence means always having at least one backup and thus the occurance of downtime reduces not up


With containers, I think the devops overhead would be minimal.


That's if _everything_ is in containers. Also, don't undermine how much of a difference the host machine configuration can make... Docker uses its kernel.


>(Before that, you guys didn't at all have your shit together when it came to customer support)

Sounds like it basically coincides with Diane Greene coming on board to run the show -- which is great news for all of us with increased competition on not just the technical front but also support (which is often the deal maker/breaker)


Is Diane really that good?

I was at a talk last year, where she spoke, and as much as I love Google, it was one of the boat boring talks I've ever heard in my life. So monotone and uninteresting... and I'm probably one of the biggest Google fans out there.


I have no idea about the person in question, but stable and reliable infrastructure can be really boring. Unfortunately, it's also necessary.


I'm not familiar with her public speaking. But you want someone decidedly un-Google-like to run an enterprise software (non-engineering) operation.

Look at Safra Catz's public speaking (Oracle). Terrible public speaker, terrific operator [1].

[1] though we may easily disagree with their business practices.


I just wrote a piece reflecting on the s3 outage and the limitations of s3 metadata/replication:

https://medium.com/@jim_dowling/reflections-on-s3s-architect...



GCP has always felt like a forever beta product. On top of that you get a lot of lockin so I would never recommend GCP for a long term project.


The brilliance of open sourcing Borg (aka Kubernetes) is evident in times like these. We[0] are seeing more and more SaaS companies abstract away their dependencies on AWS or any particular cloud provider with Kubernetes.

Managing stateful services is still difficult but we are starting to see paths forward [1] and the community's velocity is remarkable.

K8s seems to be the wolf in sheep's clothing that will break AWS' virtual monopoly on IaaS.

[0] We (gravitational.com) help companies go "multi-region" or on-prem using Kubernetes as a portable run-time.

[1] Some interesting projects from this comment (https://news.ycombinator.com/item?id=13738916)

* Postgres automation for Kubernetes deployments https://github.com/sorintlab/stolon

* Automation for operating the Etcd cluster:https://github.com/coreos/etcd-operator

* Kubernetes-native deployment of Ceph: https://rook.io/


Note that Kubernetes "builds upon 15 years of experience of running production workloads [on Borg] at Google" [0], but is different code than Borg.

In addition to Rook, Minio [1] is also working to build an S3 alternative on top of Kubernetes, and the CNCF Landscape is a good way of tracking projects in the space [2].

[0] https://kubernetes.io/ [1] https://www.minio.io/ [2] https://github.com/cncf/landscape

Disclosure: I'm the executive director of CNCF, which hosts Kubernetes, and co-author of the landscape.


Yes, I was admittedly over generalizing with my statement regarding open sourcing Borg.


Well, you're in the ballpark. I might be wrong, but I've heard they're not averse to the idea of open sourcing Borg and Omega (it wasn't that long ago that the Borg paper would have been nigh unthinkable, interestingly), but the litany of Google specific stuff that is baked in makes refactoring for public release a nonstarter. It's a huge codebase with lots of little tendrils to other internal infrastructure.

Anyway, one needs an on-ramp to containers on Google Cloud. And one can't open source the one that one has, which despite being nearly mature enough to own a driver's license, wouldn't really fulfill the precise need that Kubernetes fills without some frontend work. So one writes Kubernetes. An almost entirely different fundamental architecture, by the way, so it's interesting for those who've seen both to compare.

In other words, you're not entirely off the mark even with the generalization.


K8s is a better borg! It leaps forward and build upon many years experience of operating the system.


Is there any way built in to Kubernetes to go multi-AZ, multi-region, or even multi-cloud? Is federation the answer to this?

I remember reading somewhere in the K8s documentation that it is designed such that nodes in a single cluster should be as close as possible, like in the same AZ.



I have a component in my business that writes about 9 million objects a month to Amazon S3. But, to leverage efficiencies in dropping storage costs for those objects I created an identical archiving architecture on Google Cloud.

It took me about 15 minutes to spin up the instances on Google Cloud that archive these objects and upload them to Google Storage. While we didn't have access to any of our existing uploaded objects on S3 during the outage, I was able to mitigate not having the ability to store any future ongoing objects. (our workload is much more geared towards being very very write heavy for these objects)

It it turns out this cost leveraging architecture works quite well as a disaster recovery architecture.


Opportunistic, sure. But I did not know about the API interoperability. Given the prices, makes sense to store stuff in both places in case one goes down.


I am surprised more people don't know about it. I get questions like https://github.com/kahing/goofys/issues/158 every now and then and to be fair I don't think they market it well: https://cloud.google.com/storage/docs/migrating

Disclosure: I don't work for google but have an upcoming interview there.


"Disclosure: I don't work for google but have an upcoming interview there."

Disclosure: I took a tour there one time and have used google.

EDIT: I realized that I was being mean, but why was that disclaimer relevant?


A few possible reasons, the most obvious being grandparent is disclosing a possible source of bias.

Also it could look suspicious if grandparent gets the job and at some point in the future someone looks back at this comment.

If in doubt, disclose. Especially in the tech industry, that's what Gamergate was actually about.


> I realized that I was being mean, but why was that disclaimer relevant?

Because:

- transparency is always good

- adding a small disclosure to the bottom of a post is very low impact

- someone who is interviewing for a job at a company is likely to have a set of biases that influence what they say even if they think that they're being honest and objective.


I think it's a fair disclosure of potential bias.


Frankly, if you don't know the difference between a disclosure and a disclaimer, you shouldn't be commenting.


Not poor taste at all. Love GCP. I actually host two corporate static sites using Google Cloud Storage and it is fantastic. I just wish there was a bucket wide setting to adjust the cache-control setting. Currently it defaults to 1 hour, and if you want to change it, you have to use the API/CLI and provide a custom cache control value each upload. I'd love to see a default cache-control setting in the web UI applying to the entire bucket.

I also want to personally thank Solomon (@boulos) for hooking me up with a Google Cloud NEXT conference pass. He is awesome!


Out of curiosity, are you also using the cloud CDN?

https://cloud.google.com/compute/docs/load-balancing/http/us...


I found Google Cloud CDN a little overly complicated to get setup since you need to use load balancers.

I use CloudFlare. They handle generating a SSL certificate, can have a CNAME at the APEX, full-site static caching, 301 http => https redirects, etc.


How did you get the pass?

Been trying to get one for IO (can't attend NEXT unfortunately)


Hopefully you're still there even though S3 is back up. I have an interesting question I really, really hope you can answer. (Potential customer(s) here!!)

There are a large number of people out there looking intently at ACD's "unlimited for $60/yr" and wondering what that really means.

I recently found https://redd.it/5s7q04 which links to https://i.imgur.com/kiI4kmp.png (small screenshot) showing a user hit 1PB (!!) on ACD (1 month ago). If I understand correctly, the (throwaway) data in question was slowly being uploaded as a capacity test. This has surprised a lot of people, and I've been seriously considering ACD as a result.

On the way to finding the above thread I also just discovered https://redd.it/5vdvnp, which details how Amazon doesn't publish transfer thresholds, their "please stop doing what you're doing" support emails are frighteningly vague, and how a user became unable to download their uploaded data because they didn't know what speed/time ratios to use. This sort of thing has happened heaps of times.

I also know a small group of Internet archivists that feed data to Archive.org. If I understand correctly, they snap up disk deals wherever they can find them, besides using LTO4 tapes, the disks attached to VPS instances, and a few ACD and GDrive accounts for interstitial storage and crawl processing, which everyone is afraid to push too hard so they don't break. One person mentioned that someone they knew hit a brick wall after exactly 100TB uploaded - ACD simply would not let this person upload any more. (I wonder if their upload speed made them hit this limit.) The archive group also let me know that ACD was better at storing lots of data, while GDrive was better at smaller amounts of data being shared a lot.

So, I'm curious. Bandwidth and storage are certainly finite resources, I'll readily acknowledge that. GDrive is obviously going to have data-vs-time transfer thresholds and upper storage limits. However, GSuite's $10/month "unlimited storage" is a very interesting alternative to ACD (even at twice the cost) if some awareness of the transfer thresholds was available. I'm very curious what insight you can provide here!

The ability to create share links for any file is also pretty cool.


Now that's what I call a shameless plug!


We would definitely seriously consider switching to GCS more if your cloud functions were as powerful as AWS Lambda (trigger from an S3 event) and supported Python 3.6 with serious control over the environment.


Is there something about the GCS trigger that doesn't work for you? I hear you on Python 3, but I'm also curious about "serious control over the environment". Can you be more specific?


Here are our main issues with Lambda, from highest-to-lowest priority:

- It supports Python 2.7 only. We need Python 3.4+ support.

- We can't increase CPU allocation without increasing RAM allocation, making them far more expensive than we need.

- Using psycopg2 on it is a PITA due to their handling of system dependencies.

- The system is entirely proprietary, making it impossible to run it locally for testing.

- Cloudwatch sucks for finding errors in the functions and is atrociously expensive.

- API gateway is an extremely crufty system, and used not to let you pass around binary data (this has changed)

- We can't disable/change the retry-on-error policy.

We have a pretty hard tie-in to S3 and Redshift, but when GCF can do better on a majority of these points, we'll begin moving to it. But yes, Python 3 at a minimum would be a requirement.


> The system is entirely proprietary, making it impossible to run it locally for testing.

I assume that you are referring to emulating the triggering of lambdas behind API gateway...? I've found a project that sets up a node environment to do this. Very handy for js/lambda development. A google search suggests similar options may exist for python.


On a curious note, how do you guys use lambda?


It's a little outdated now, but this post details our pipeline: https://hearthsim.info/blog/how-we-process-replays/


As someone who's literally just starting to look at Lambda, thanks for that quick read.

I had a lot of "chicken and egg"-type questions about using it, and seeing that critical step of bootstrapping the whole thing via the API Gateway was really informative.


I keep telling people that in my view, Google Cloud is far superior to AWS from a technical standpoint. Most people don't believe me... Yet. I guess it will change soon.


Google Cloud is the Betamax of cloud... while it might be technically superior it's not the only factor to consider. :)


Aww... that seems a little early to call ;).


you don't comment for 4 years and THAT'S the comment you choose to return with?


Yep, replace "compiling" with "S3 recovery" in the following XKCD - https://xkcd.com/303/


What other factors make it doomed for failure like betamax?


I wouldn't say that it's doomed to failure but I do think it has a lot of ground to cover to catch-up. Google has a lot of great technology like TensorFlow, Kubernetes, and Go that will keep them relevant.

In support of my flippant remark I see three indicators that hold parallels to Betamax with detail to follow. I qualify that it is largely informed by my own anecdotal experience. Specifically by objections and responses that I've received/observed while myself and peers have proposed or implemented cloud adoption at various companies.

Indicators

1. market share. 2. proprietary tech stack. 3. technical superiority syndrome.

Detail

1. Currently AWS has a major lead, then Azure, then Google. The implication is that market share translates to mindshare, which in turn yields blog articles, OSS libraries/tools, etc. This becomes a virtuous cycle.

For .NET shops that marketshare will tend to favour Azure on the premise that MS knows best.

2. Some of Google's technology stack has a learning curve that is unique to Google. Take GAE as an example and compare to AWS's nearest equivalent Beanstalk (or Heroku). Beanstalk requires few if any changes to an existing application whereas GAE requires that you do it the App Engine way. It might provide a number of benefits, but it's invasive. Containers are shifting the requirement, however not everyone is in a position or has the desire to start with containers on day 1.

Further Google Cloud's project oriented approach while not a bad organisation mechanism detracts from learning. If you assume the premise that exploration is part of learning it forces the user to hold two items in their head: their objective and Google Clouds imposed objective.

AWS on the other hand generally provides defaults that allow you to launch resources almost immediately after sign-up. Google's approach is better for long-term support, maintenance and organisation but the user needs to have the maturity to understand that benefit.

3. It may be technically superior but that statement in of itself is divisive and can shudder some away. It is not enough to simply be technically superior and from my observation the statements tend to originate from X/Googlers.

A number of people will latch onto feature set (for beta, number of films available was a factor). The absence of features will often discount a choice out of the gate (even if those features are irrelevant) as an example:

- regional coverage: AWS - 15 regions/~38 zones Azure - 36 regions/zones Google - 6 regions/18 zones

- partially/fully managed services: AWS is continually growing these, at a level that seems to outpace competitors.

- Outwardly Google appears to tackle the "hard problems" with technically superior solutions (e.g. TensorFlow, BigQuery) but often appears to neglect the "boring" problems a number of companies want as well (e.g. Cloud VDI's, SnowBall, etc).

- Some areas seem to be ossified due to tight coupling (e.g. servlet 3.0 and python support in GAE).

Summary

There is no silver bullet solution. Every provider will have an outage at some point and this could be a big reason that GCE won't be knocked out of the game. I also think Google is working really hard to build community and mindshare. I don't have a crystal ball so only time will tell what happens but technical superiority has rarely been the sole reason that drives adoption.


I appreciate you taking the time to explain. I'm in the process of making decisions on a new cloud storage provider so this is helpful.


One service outage determines superiority? I prefer a lot more data than a single point.


I'm in the process of moving to GCS mostly based on how byzantine the AWS setup is. All kinds of crazy unintuitive configurations and permissions. In short, AWS makes me feel stupid.


I should add that someone from the AWS team reached out to me in response to this comment asking for feedback on how they can improve their usability. So I give them credit for that.


As far as I understand the S3 API of Cloud Storage is meant as a temporary solution until a proper migration to Google's APIs.

The S3 keys it produces are tied to your developer account. This means that if someone gets the keys from your NAS, he will have access to all the Cloud Storage buckets you have access to (e.g your employer's).

I use Google Cloud but not Amazon. Once I wanted a S3 bucket to try with NextCloud (then OwnCloud). I was really frightened to produce a S3 key with my google developer account.


The HMAC credential that you'd use with the S3-compatible GCS API, also called the "XML API", does need to be associated with a Google account, but it doesn't need to be the main account of the developer. It can be any Google user account. I suggest creating a separate account and granting it only the permissions it needs. It'd be nice if service accounts (aka robot accounts) could be given HMAC credentials, that's not supported. Service accounts can, however, sign URLs with RSA keys.

As another option, you can continue using the XML API and switch out only the auth piece to Google's OAuth system while changing nothing else.

There's a lot more detail available at: https://cloud.google.com/storage/docs/migrating

Disclaimer: I work on Google Cloud Storage.


Thanks for the advice. I think it would be even nicer if the HMAC credentials could be assigned to a specific bucket via an ACL.

I like GCS (and the gsutil tool) but occasionally a S3 style bucket is needed. For example you need a S3 bucket or a webdav server in order to send alerts with images from Grafana to Slack. A minor issue but nice to have if possible without having to deal with Amazon's control panel.


Is there any equivalent to the Bucket Policies that AWS provides (http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucke...). Cloud Storage seems to be limited to relatively simple policies without conditionals. For a few AWS IAM keys I set up a policy that limits write/delete access to a range of IPs (among other things). Something like that doesn't seem possible with what Google offers. Or do I miss something?


I am not familiar with AWS bucket policies, but AFAIK there isn't a way to set IP based access to GCS buckets.

To be honest, I do find the GCS permissions a bit complex. You have IAM, you have ACLs and you have S3 keys. Everything is set in a different place and ACLs aren't fully represented on the developers console. S3 keys give full access to everything, IAM service accounts give access per project and ACLs are fine grained (per bucket/object). On the other hand, IIRC, IAM has a write only setting, while ACLs do not. So I can have an account that can write only to all the buckets of my project but not an ACL (not that useful).


> OwnCloud

Kicked the tires, not impressed at all. Notes went missing from the interface could only get them back after manually digging through folders via FTP.


"fraction of the cost" - how do you figure? Or are you just saying from a cost-to-store perspective?

Your Egress prices are quite a bit more compared to CloudFront for sub 10TB (.12/GB vs .085/GB).

The track record of s3 outages vs time your up and sending Egress seems like S3 wins in cost. If all your worried about is cross region data storage, your probably a big player and have AWS enterprise agreement in place which offsets the cost of storage.


Sorry, my comparison is our Multi Regional storage (2.6c/GB/month) versus S3 Standard plus Cross-Regional Replication. That's the right comparison (especially for outages like this one).

As to our network pricing, we have a drastically different backbone (we feel its superior, so we charge more). But as you mention CloudFront, the right comparison is probably Google Cloud CDN (https://cloud.google.com/cdn/) which has lower pricing than "raw egress".


So this is more compute related but do you know if there are any plans on supporting the equivalent of the webpagetest.org(WPT) private instance AMI on your platform?

Not only is webpagetest.org a google product but it's also much better suited for the minute by minute billing cycle of google cloud compute. For any team not needing to run hundreds of tests an hour the cost difference between running a WPT private instance on EC2 versus on google cloud compute could easily be in the thousands of dollars.


Would use Google but I just can't give up access to China. Sad because I also sympathize with Google's position on China.


boulous not in bad taste at all - happy google convert and gcs user works very well for us ymmv


boulous is app engine datastore the preferred way to store data or cloud sql or something else, do you mind throwing some light on this thanks


If you made a .NET library that allows easily connecting to both AWC and GCS by only changing the endpoint I would certainly use that library instead of Amazon's own.

Just saying, it gets you a foot in the door.


I had no idea this was an option. Great to know!


i have had problems integrating apache spark using google storage. especially because s3 is directly supported in spark.

if you are api compatible with s3, could you make it easy /possible to work with google storage inside spark?

remember i may or may not run my spark on Dataproc.


You can use the Google cloud storage connector (https://cloud.google.com/hadoop/google-cloud-storage-connect...) which works with hadoop (and therefore spark).


What is your NAS box doing with S3/GCS ?


Remote backup (Synology). I've asked them more than once to directly support GCS, or even just to accept my damn patch ;).


Are you using Hyper Backup? That seems to support S3-compatible destinations, including GCS, at least in DSM 6.1 -

https://www.synology.com/en-us/knowledgebase/DSM/help/HyperB...


S3 applications can use any object store if they use S3Proxy:

https://github.com/andrewgaul/s3proxy


How about giving a timeline of when Australia will be launching? I see you're hiring staff, and have a "sometime 2017" goal on the site, but how about a date estimate? :)


Does GCS support events yet?


As Relay's chief competitor in this region, we of Windsong have benefited modestly from the overflow; however, until now we thought it inappropriate to propose a coordinated response to the problem.


What software are you using for your NAS box?


Classy parley. I'll allow it.


Competition is great for consumers!


S3 is currently (22:00 UTC) back up.

The timeline, as observed by Tarsnap:

    First InternalError response from S3: 17:37:29
    Last successful request: 17:37:32
    S3 switches from 100% InternalError responses to 503 responses: 17:37:56
    S3 switches from 503 responses back to InternalError responses: 20:34:36
    First successful request: 20:35:50
    Most GET requests succeeding: ~21:03
    Most PUT requests succeeding: ~21:52


Thanks for taking the time to post a timeline from the perspective of an S3 customer. It will be interesting to see how this lines up against other customer timelines, or the AWS RFO.


Playing the role of the front-ender who pretends to be full-stack if the money is right, can someone explain the switch from internal error to 503 and back? Is that just them pulling s3 down while they investigate?


My guess based on the behaviour I've seen is that internal nodes were failing, and the 503 responses started because front-end nodes didn't have any back-end nodes which were marked as "not failing and ready for more requests". When Amazon fixed nodes, they would have marked the nodes as "not failed", at which point the front ends would have reverted to "we have nodes we can send traffic to" behaviour.


Could be anything. Most likely scenario is the internal error is a load shedding error and the 503s were when the system became completely unresponsive. If it was a configuration issue then it is more likely that it would have directly recovered rather than going 'internal error -> 503 -> internal error'.


503 is typically what we see when our proxy can't connect to the backend server. We usually get 500 with internal server error when we've messed up the backend server.

So it's likely that the first 500s were the backend for s3 failing, then they took the failing backends offline causing the load balancers to throw 503 because they couldn't connect to the backend.


S3 is not a monolithic architecture, Amazon is a strong proponent of Service Oriented Architecture for producing scalable platforms.

There are a number of services behind the front end fleet in S3's architecture that handle different aspects of returning a response. Each of those will have their own code paths in the front end, very likely developed by different engineers over the years. As ever, appropriate status codes for various circumstances are something that always seems to spur debate amongst developers.

The change in status code would likely be a reflection of the various components entering unhealthy & healthy states, triggering different code paths for the front end... which suggests whatever happened might have had quite a broad impact, at least on their synchronous path components.


[flagged]


Soundcloud recovering from this failure and S3 being operational are two separate issues. We use S3 and it will take us nominally an hour to recover after S3 went up, for example.

S3 has started working as of about 20 minutes ago, and things are running smoothly.


Thanks!


There are other Amazon services that were affected. For example, we're still not seeing auto scaling groups working correctly.


"[RESOLVED] Increased Error Rates

Update at 2:08 PM PST: As of 1:49 PM PST, we are fully recovered for operations for adding new objects in S3, which was our last operation showing a high error rate. The Amazon S3 service is operating normally."

https://status.aws.amazon.com/


oh the famous downvote for the smear campaign. just admit it.


You're getting downvotes because you don't understand that B being down is not an effective indicator of the status of A, even if B depends on A.


Think you're mistaken, I don't have downvote privileges!


Claiming a statement is false when it's demonstrably true is something that will likely get downvoted every time. It's misleading to others and fills the board with noise.


A piece of hard-earned advice: us-east-1 is the worst place to set up AWS services. You're signing up for the oldest hardware and the most frequent outages.

For legacy customers, it's hard to move regions, but in general, if you have the chance to choose a region other than us-east-1, do that. I had the chance to transition to us-west-2 about 18 months ago and in that time, there have been at least three us-east-1 outages that haven't affected me, counting today's S3 outage.

EDIT: ha, joke's on me. I'm starting to see S3 failures as they affect our CDN. Lovely :/


Reminds me of an old joke: Why do we host on AWS? Because if it goes down then our customers are so busy worried about themselves being down that they don't even notice that we're down!


Reminds me of an even older joke (from 80's or 90's):

Q: Why computers don't crash at the same time?

A: Because network connections are not fast enough.

(I think we are starting to get there)


These are both pretty good. Added to color fortune clone https://github.com/globalcitizen/taoup


I'm getting the same outage in us-west-2 right now.


The dashboard doesn't load, nor does content using the generic S3 url [1], but we're in us-west-2 and it works fine if you use the region specific URL [2]. In practice this means our site on S3/Cloudfront is unaffected.

[1]: https://s3.amazonaws.com/restocks.io/robots.txt

[2]: https://s3-us-west-2.amazonaws.com/restocks.io/robots.txt


Good catch. My bet is that because s3.amazonaws.com originally referred to the only region (us-east-1) the service that resolves the bucket region automatically is really hosted in us-east-1. I think AWS recommends using the region in the URL for that reason, however that is easier said than done I think. I would bet that a few of Amazon's services use the short version internally and are having issues because of it.


Seeing it in eu-west-1 as well. Even the dashboard won't load. Shame on AWS for still reporting this as up; what use is a Personal Health Dashboard if it's to AWS's advantage not to report issues?


Now it's in the PHD, backdated to 11:37:00 UTC-6. How could it take an hour to even admit that an issue exists? We have alerts set on this but they're useless when this late.


Same here, and it's 100% consistent, not 'increased error rates' but actually just fully down. I'd just stop working but I have a demo this afternoon... the downsides of serverless/cloud architectures, I guess.


Heh that "increased error rates" got a chuckle out of me, I guess 100% is technically an increase.


Well what if you'd hosted it on your hard drive and it crashed? It seems like the probability of either is similar nowadays.


The difference there is you can potentially do something about it, vs having to wait on an upstream provider to fix an issue for everybody.


"you can potentially do something about it" vs. "you have to do something about it"

Perspective is everything.


Grab different machine, git clone your repo, good to go.

What's the odds of the server with your repo and your own hard drive crashing at the same time?


Strangely, your comment made me read this entire post about working out probabilities.. http://www.statisticshowto.com/how-to-find-the-probability-o...

Quite interesting really!


If we assume that the events are largely uncorrelated+ then we are multiplying the probabilities and our chance of wipe out are far lower.

+I would suggest that for situations where the probability of my machine and github's/bitbucket's servers being down due to the same event would be events of such magnitude that I would not be worried about my project anymore being more focused on basic survival...


Our services in us-west-2 have been up the whole time.

I think the problem is globally accessible APIs are impacted. As others have noted, if you can use region/AZ-specific hostnames to connect, you can get though to S3.

CloudFront is faithfully serving up our existing files even from buckets in US-East.


S3 bucket creation was down in us-west-2, because it relied on us-east-1 (I expect that dependency will get fixed after this), but all S3 operations should have continued to function in us-west-2, other than cross-region replication from us-east-1.


IIRC the console for S3 is global and not region specific even though buckets are.


Also, cross-region replication is a new-ish thing: https://aws.amazon.com/blogs/aws/new-cross-region-replicatio...


Same outage in ca-central-1


I can confirm this as well.


Huh, I'm not seeing it on my us-west-2 services. Interesting.


My advice is: don't keep your eggs in one basket. AZs a localised redundancy, but as Cloud is cheap and plentiful, you should be using two or more regions, at least, to house your solution (if it's important to you.)

EDIT: less arrogant. I need a coffee.


But now you're talking about added effort. Multi-AZ on AWS is easy and fairly automatic, multi-region (and multi-provider) not so much. It's easy to say things like this, but people who can do ops are not cheap and plentiful.


The only difficult aspect of multi-region use is data replication, which I can confirm is a (somewhat) difficult problem. This issue was with S3 which has an option to automatically replicate data from the bucket's region to another one. It's a check box. A simple bit of logic in the application and you can move between regions with ease.

Even data replication has options for this, too.

And I work in Ops.


Well, you've explained how to do multi-region in S3. Now let's cover EC2, ELB, EBS, VPC, RDS, Lambda, ElastiCache, API Gateway, and all the other bits of AWS that make up my services. And then we can move on to failover application logic.


I picked out S3 as this issue is directly related to it, yet the solution is simple: turn on replication and have your application work with it (which is on the developers, not ops.)

EC2: why are you replicating EC2 instances or AMIs across regions? Why aren't you using build tools to automatically create AMIs for you out of your CI processes?

ELB: Eh? Why do I need ELBs to be multi-regional? I'm a little confused by this on, sorry.

EBS: My systems tend to be stateless, storing as much log, audit, or data in external systems such as RDS, DynamoDB, S3, etc. Storing things on the local system's storage is a bit risky, but if you have to there are disk replication solutions available. EFS comes to mind for making that easier. Backups also come to mind in the event of data loss.

VPC: Why does a VPC need to be cross regional? This one is also lost on me.

RDS: Replication is easy -- it's done for you. Convincing developers their application needs to potentially work with a backup endpoint to the data is harder than data replication problems at times. More often than not, it's simply a case of switching to a read-only mode whilst you recover the write copy of your RDS instance, but this is the role of the developers, not ops.

Lambda, ElastiCache, API Gateway... all these things aren't arguments against my original point: architect correctly. Yes it involves more work (from the developer's perspective, mostly), but more often than not in the event of a failure you're left head and shoulders above your nearest competition and left soaking up the profits as a result.

Based on your responses, however, I think we can safely agree to disagree and move on.

Have a great day! I hope you weren't too badly effected by the S3 outage!

EDIT: typo.


>EC2: why are you replicating EC2 instances or AMIs across regions?

Exactly to avoid single region outages?


I think point was that you shouldn't replicate but just deploy to both.


Gamache's point is that making your production environment cross-regional means setting up all those things in another region and managing them as well. It's not a tickbox.

Our webservers were hit by this outage. In order to make these cross-regional, I'd need to set up VPCs properly, security groups, instances, datastores (several databases), so on and so forth. I don't store anything on the local disk, but I'm not going to run a server in Europe hitting my db servers in us-east-1. AWS doesn't offer all the databases we use. Cloudformation isn't trivial to use once you get past the tutorial examples either.

Basically, your comment is a version of "you're holding it wrong!"


The US is made up of several regions. You don't have to leave the country to go multi-region, you only need to go west or east from your current location in the US.

Some solutions present more difficulties than others, that's for sure. From the limited information you've given me, your solution is far from being a unique situation that poses many difficulties.

CloudFormation in YAML format is pretty easy. I recommend Terraform, however, which is much nicer again for this kind of stuff. It makes it rather "trivial" to get a multi-region solution in place.

As for the database replication: I highly doubt the solutions you're using don't offer replication, and if they don't, and they're not some very esoteric, highly specialised engines, then I would replace them with something that does.

It reads to me as though your primarily contention point is your databases. Not an easy problem to solve, I'll admit, but not impossible, neither.


Two different vendors if you can afford it. It's a bit of a hassle though.


I like to stick to one, but I have seen some success stories with an AWS/GCE mix :-)

HashiCorp's Terraform makes it a lot easier to go multi Cloud, and abstracting away configuration of the OS and applications/state with Ansible makes the whole process a lot easier too.



It shouldnt be technically possible to lose S3 on every region, how did amazon screw this up so bad?


I believe the reports here are misleading: if you try to access your other regions through the default s3.amazonaws.com it apparently routes through us-east first (and fails), but you're "supposed to" always point directly at your chosen region.

Disclosure: I work on Google Cloud (and didn't test this, but some other comment makes that clear).


Amen. We setup our company cloud 2 years ago in US-West-2 and have never looked back. No outage to date.


If you have a piece of unvarnished wood handy...


Is us-east-2 (Ohio) any better (minus this aws-wide S3 issue)?


us-east-2 is brand new and us-east-1 is the oldest region. Any time there is an issue, it is almost always us-east-1. If possible, I would migrate out of us-east-1.


Probably valid, though in this case while us-west-1 is still serving my static websites, I can't push at all.


The s3 outage covered all regions.


Really? Even Australia? Can you provide evidence of this so I know for any clients that call me today? :)

EDIT: Found my answer. "Just to stress: this is one S3 region that has become inaccessible, yet web apps are tripping up and vanishing as their backend evaporates away." -- https://www.theregister.co.uk/2017/02/28/aws_is_awol_as_s3_g...


That's a really good point!


Yup, same here. It has been a few minutes already. Wanna bet the green checkmark[1] will stay green until the incident is resolved?

[1] https://status.aws.amazon.com/


The red check mark is hosted on S3...



"Care to share the code as an anti pattern?" brilliant.


Comment of the year.


Fact of the year.


In December 2015 I received an e-mail with the following subject line from AWS, around 4 am in the morning:

"Amazon EC2 Instance scheduled for retirement"

When I checked the logs it was clear the hardware failed 30 mins before they scheduled it for retirement. EC2 and root device data was gone. The e-mail also said "you may have already lost data".

So I know that Amazon schedules servers for retirement after they already failed, green check doesn't surprise me.


So just as a FYI the reason that probably happened to you is that the underlying host was failing. I am assuming they wanted to give you a window to deal with it but the host croaked before then. I've been dealing w/ AWS for a long long time and I've never seen a maintenance event go early unless the physical hardware actually died...


That what happens when cloud provider doesn't support live migration for VMs.


That's completely ridiculous, get some fucking RAID Amazon.

I order drives off newegg directly to my DC and I'm yet to lose data with the cheapest drives available in RAID10.


Yes, solving problems at your scale and AWS' are quite comparable.


but I never lost data off an usb stick how hard could it be!


Really?!?! Several times USB sticks (and USB HDs) failed on me and other people I work with.


Not saying my scale is the the same at all - but the fact they can't do something so simple that I can do it as a single individual is embarrassing at best.

Simple solutions to this do scale - Linode and DigitalOcean don't have such issues for example - and while they're not Amazon scale, they are quite large and I'd say they prove the concept.


EBS data is backed up in multiple redundant ways (using erasure encoding I think).

Local storage is not intended for permanent storage, and is more use at your own risk. That's also why most of the new EC2 instances don't even support local storage.

Availability =/= durability of course


EBS is incredibly expensive and slow, not really a good solution. It'd be nice if they offered a better local storage option.


Incredibly expensive and slow compared to what? A 500 GB SSD (gp2) costs $50/m, and has 1500 - 3000 IOPS. It's okay for most loads.

For higher performance, you can use

1. EBS Provisioned IOPS (kind of expensive)

2. Aurora (for DB use)

3. The new I3 instances (super fast local storage at a reasonable price.)


That's the cost of a new 500GB SSD per month! For the cost of three months' EBS storage and a couple of hours you could setup your own RAID array with a spare for backups and possibly get better uptimes than Amazon :P


Not to mention you'll get 3-5x better IOPS off a dedicated SSD.

I guess this just boils down again to Amazon not being cost effective enough for my use case in yet another way.


Actually, you can get way more than 3-5x better IOPS on your own SSD! Different types of storage have different types of trade-offs. EBS is great for some things, slow and overpriced for others...


Huh? What kind of 500 GB SSD costs $50? And again--500 GB on EBS is not stored on 500 GB of flash...they use erasure coding and distribute it over ~3x as much, roughly.

Oh, and good luck creating snapshots of your home RAID!


> Huh? What kind of 500 GB SSD costs $50?

Definitely not $50 to my knowledge but for ~$170 you can get a Samsung 850 EVO which is rated for 98k IOPS. They're fairly reliable drives and much, much faster than anything you'll get on EBS. You could be running that full 3x replication in less than a year of paying for EBS.

> Oh, and good luck creating snapshots of your home RAID!

LVM, ZFS and Btrfs all do snapshotting quite nicely. FreeNAS - commonly used for consumer grade NASes will automatically manage ZFS snapshots for you too. Amazon will sell you extra space to store snapshots, sure, but increasing the size of your devices usually solves that problem. And quite cost effectively as you can probably tell by now...


...and Dropbox can be replaced with SFTP and rsync. Can you roll your own? Sure. Will it work as reliably and effectively as EBS? Can I scale it easily? How many people are comfortable using snapshots on their own?


It's tried and true tech that any competent ops person can use quite easily. Been around much longer than EBS quite frankly.

Dropbox targets end users who don't have the knowledge required to use the alternative, if you're smart enough to use EBS you're probably smart enough to use ZFS snapshotting just as easily. Or could within a day or two. It's really not that hard.

Like I said, there are systems that pretty much manage the whole thing for you and just warn you when something is about to blow up like FreeNAS.


It could be replaced with Nextcloud

Shadow volume replication is entirely possible with several filesystems or Hot Copy kernel mod. Also LVM does snapshotting fairly easily

I may have got my prices a bit mixed up (I saw 120GB at Fry's for $60 last month) but my point stands.

Also why is discomfort such a big problem for folks? Learn stuff.


Not really that hard.

zfs snap tank/data@$(date '+Y%m%d')

zfs send tank/data@$(date '+Y%m%d') | zfs recv backup/data

advanced magic for off-system backup

zfs send tank/data@$(date '+Y%m%d') | ssh cheapdiskserver zfs recv tank/data


> 1500 - 3000 IOPS

So about as many as this SD card, and nothing compared to a real SSD.


In practice, it's actually fine for most purposes. It's equivalent to multiple striped 15K RPM magnetic disks, which used to be high-end enterprise storage a few years ago.

SD cards have much worse write IOPS.


> In practice, it's actually fine for most purposes.

It is, yes, but I wouldn't refer to it as comparable to an SSD.

> SD cards have much worse write IOPS.

Surprisingly not! Testing in ATTO I got read and write speeds that were almost identical, and a peak of 2000 IOps.


>It is, yes, but I wouldn't refer to it as comparable to an SSD.

EBS (gp2) is flash based, has far better performance than high end magnetic disks, with excellent latency and consistent performance. So, it's more comparable to SSD than anything else.

>Surprisingly not! Testing in ATTO I got read and write speeds that were almost identical, and a peak of 2000 IOps.

Really? Were you looking at 4K write? Typically that would be under 1 MB/s for an SD card.


https://www.amazon.com/gp/product/B013CP3MMM

http://i.imgur.com/PRoxVPM.png

It's a relatively high-quality SD card, unfortunately hampered by my reader's inability to use bus speed over 25MB/s.


Nice card! So about 1500 write IOPS at 4K. Performance might be worse (or better) at other queue depths though.


I think most people rely on EBS and are happy with it. Sure it depends on the use case, but I think it works for most use cases.


It's not just a RAID that can fail. And everyone who uses AWS should expect failures. You should build your infrastructure to handle such failures well.


They offer no RAID on local storage and only the expensive, IO restricted EBS as an alternative.


Yes, the only way a server can die is from non-raided disks.


Otherwise they should at least be providing customers their data back.


I think you misunderstood the local storage. It is not intended to permanently store data. It's a volatile storage like RAM.


It's crazy how much better the communication (including updates and status pages) is of the companies that rely on AWS than AWS' communication itself.

https://status.heroku.com/incidents/1059


Blake Gentry gave a full accounting of Heroku's response process here - http://www.heavybit.com/library/video/every-minute-counts-co...

Amazon should take notes.


I feel for them. Imagine, 40 or 50 different engineering teams all responsible for updating their statuses. At this moment on the AWS status page I see random usage of the red, yellow, and green icons, even though all the status updates are "Increased error rates." What that tells me is that there's no unified communication protocol across the teams, or they're not following it. And just imagine what it's like being on the S3 team right now.

I notice even Cloudflare is starting to have problems serving up pages now.


Font Awesome went out for me for a bit, but they did a great job getting back up and keeping their users in the loop.

https://status.fortawesome.com/



These service health boards are more like advertisement page then actual status of the service.


I guess their bizarre thinking is something along the lines of: "unless we have proof that noone can access the service, we won't change the indicator from green to yellow.

Seriously: I don't understand why you guys stay with AWS.


Because you perceive public clouds only as virtual machine providers, that you can replace with other provider in two days. A detailed cloud migration consists of replacing some parts of your software to use managed services provided by a specific cloud provider, and AWS is still has the best service offerings IMHO. When you use these services carefully also you will see that AWS is very cheap and reliable enough. Outages like today's are happening in every platform and it is possible to mitigate them.

You can use Adwords as a self-service user. Without knowing so much of details you can run your ads but also you can bery easily ruin your budget. But many enterprise customers use it very differently than those users and they are extremely optimizing the cost. Cloud is the same. If you don't know how big customers use AWS, it is normal that you are surprised because AWS is still leading the market.

You say GCP is better than AWS. Which part is better? GCP does not have many services of AWS we benefit from. How can you compare totally different providers? You can only say AWS EC2 is worse than GCP. But you cannot compare whole platforms in one sentence.


(Sorry, I'm late to reply, but since you addended your comment you might still be listening...)

After spending a year evaluating both AWS and GCP (with an emphasis on their managed database services; both SQL and no-SQL) my general feeling is this:

"Microsoft Windows is to Unix as AWS is to GCP".

(Or perhaps closer to the truth: "VMS is to Unix as AWS is to GCP".)

Baically AWS services seem like they are badly designed by buerocratic mediocre engineers following some bureocratic template for "a service".

GCP feels a lot saner (both API- and UI/console-wise). I often got the feeling it's designed by people who:

a) are smart and well-rounded in terms of experiences. It does take cleverness and experience to design something elegant that is also useful.

b) take pride in their work (it does show)

(And then, as a bonus: It's cheaper!)


You talk about SQL and No-SQL as managed services and it shows that your experience is limited to a classical application consisting of virtual machines and some data storage. However these are not the only services offered by both platforms and currently AWS has a richer feature set. For example Lambda and its deep integration with whole AWS platform is the biggest game changer from my point of view. If we are talking about virtual machines and databases, I can accept this comparison. However we are talking about 30+ services, some of them are even not available somewhere else and solving serious business problems in production and at scale. It is very wrong to put everything into basket and compare. Maybe GCP has better pub/sub service and AWS has better object storage. These should be compared seperately. Answering to your question, why do we still stay at AWS, because it is solving our problems in the most cost effective way and with reduced complexity, we are happy with it.


You're probably assuming too much again :)

I specifically spent a lot of time on Lambda and found it quite annoying compared to GCP AppEngine. So much bureaucracy. Just this thing that you have to specifically register every single Lambda API call and its parameters using an interface built by non-thinking people.. Sheesh.

For on-demand processing I just want a single HTTP-ish entry point, like AppEngine provides. (That way I can I move my service between different providers, if I wanted to move away from e.g. AWS.)


Anyway, I just updated my HN profile with more details about my experience. Please visit it to judge if I might know what I'm talking about.


Sorry for endless number of typos and mistakes. Obviously I was sleepy while I was writing this.


> Seriously: I don't understand why you guys stay with AWS.

Personally I've been using it for ages and I know most services inside and out. They do suffer downtime in some regions occasionally, but it'd be too expensive at this point to move.

And who doesn't suffer downtime? You can't avoid it; you just need a plan to deal with it. For example, having a backup replica bucket in another region and the ability to quickly switch your CDN over would probably be a good idea here; that's what I did.

If you want to go further you can replicate your data to another cloud provider entirely and use low TTLs to switch to a backup CDN if your system is that mission-critical (in the event of a worldwide AWS failure doomsday scenario).

All systems will fail you and it's our responsibility as IT professionals to have a plan to mitigate this.


Low TTL on DNS entries might do more harm than good: if your DNS provider gets seriously DDoS, being able to rely on caches can save the day.

Anyway, I agree with your conclusion.


Sunk cost fallacy.

I do agree that we should all plan for failures.

However, I also think it's a sign of failure in planning and architecture foresight if it's too expensive to move away from a particular cloud provider.


The sunk cost fallacy is when you (irrationally) decide to stick with what you're doing purely because you've already spent a lot of resources on it. It doesn't apply when you've done an economic analysis and found out it doesn't make sense to swap.

There are plenty of cases where it just wouldn't make sense to switch after looking at the costs, opportunity costs, etc. For example, if his site makes him $10 a month, outages cost him $1 a month that could be mitigated by moving, and it would cost $1000 of labor to swap providers. (Depends on interest rates.)

Perhaps it was originally a failure to not have a plan to easily move from a provider, but it doesn't seem unreasonable to me that right now it may cost too many hours of work to justify the move.


It's not as though it would be impossible; our integration with AWS isn't that deep, it's not as though we use DynamoDB for our core data store or anything like that. But even migrating from one traditional datacenter to another isn't easy from an operational point of view.

There needs to be a clear financial win. Even taking into account the failures we've seen so far, I don't see a compelling reason to leave AWS.


(You're right, I used that term incorrectly.)

Still stand behind the other two points I made in that post though.


> I don't understand why you guys stay with AWS.

Who do you recommend instead (assuming in-house or Hetzner-equiv is out of reach)? Google Cloud? Azure? Rackspace?


Google Cloud if you're looking for something similar. It's just so much better and cheaper. I think a lot of the resistance here towards that kind of move is just because people are inherently lazy and they aren't paying the bill themselves.

(I'm guessing a relatively large part is also selfish attachment to the market leader because of employment reasons. I hate wasting money, both for myself and for my employer, so I don't really understand this kind of thinking - but I do understand how it could flourish in a venture capital-rich time/locale.)

I also recommend reading:

https://thehftguy.com/2016/06/15/gce-vs-aws-in-2016-why-you-...


Google Cloud doesn't exactly have the greatest reliability/uptime either.


https://status.cloud.google.com/summary tells a different story or do you have other information?

I have used GCP for some time without being affected from any incident.


I'm not sure what you mean. If anything that link underscores my point. GCE has absolutely had it's own catastrophic errors. Remember last April when ALL instances in ALL regions went down?

https://status.cloud.google.com/incident/compute/16007?post-...


At least Google has a post-mortem, at AWS everything would still show up green with some random note about 'increased error rates'.


While I agree that was a horrific outage for us, there's a big difference between no external connectivity for a few minutes (note: internal IPs still worked fine, as did access to APIs through that mechanism) and "ALL instances in ALL regions went down".

Disclosure: I work on Google Cloud (and wouldn't want to be an incident responder at AWS today...)


The GCP services are usually within their SLA target so I don't see the problem with the incidents. So you know what you buy and can take actions if you need a higher SLA for your application.


> so I don't see the problem with the incidents

All instances going down in all regions is an order of magnitude worse than a single service going down in a single region. You're deluding yourself if you think GCE is any more reliable than any other reputable cloud hosting platform.


That is a pretty awesome page.. way better than a page full of green icons, during an obvious outage... I like that they have writeups a few days after the incidents....


Google also doesn't have the best record for developer tools.


[flagged]


too soon


;)


GC's CDN doesn't cache files bigger than 4Mb. No Windows VMs. Bound to AWS for these 2 reasons.



As already mentioned, they do have Windows VM's but there are some caveats that indicate it's not fully baked yet. 1.) They require that each VM MUST have a public IP address so that Windows can talk to an activation server every 30 days. 2.) You cannot yet bring your own license.


Someone else already mentioned Windows VMs.

Looks like CDN has a 10MB limit:

https://cloud.google.com/cdn/docs/caching

(work at Google Cloud)


What about something like B2 from https://www.backblaze.com/ ?


S3 in a single region is based out of multiple data centres / availability zone, with data distributed so that the loss of a single availability zone won't impact either data availability or durability, even to the point of being comfortable with complete physical destruction of an AZ. The same applies for Azure, GCP etc.

B2 is based out of a single DC (or at least, was at launch and I don't see anything that suggests that has changed?) You've got to decide what's most important to you. Data persistence or $$$.


OVH


Bad idea there, support is horrible.


OVH doesn't even want to take my money to keep my server running. Their auto-billing process is busted and when it goes wrong they just delete your server.


That's not what I've seen. I misconfigured my auto-billing and got paged in the middle of the night by nodes mysteriously disappearing, but they released those machines minutes after my CC went through. Not that I'm a big fan of OVH but if you design your system to allow for failure you can't match their value for money.


What is your last datapoint on that?

The last year or two has seen a remarkable improvement according to those customers of mine that host there.


I think it's more, "if the service can't do what people need it to do, that's a problem; if the service cluster gets wedged hard enough to stop responding to the requests of our monitoring system, that's a failure."

Which would make sense (and is sorta-kinda a best-practice) if Amazon wrote services such that they "crashed early"—but instead they're seemingly written so the backend lock up and be rendered completely useless at "doing its job" but will continue to run just fine.

Either of those two design decisions is potentially a good thing on its own, but they need to be considered in light of one-another if you want your status page to make any sense. If you want to report cluster failures, code your clusters to actually fail. If you want to keep your clusters up, write your monitoring checks as whole-stack acceptance tests.


> Seriously: I don't understand why you guys stay with AWS.

You don't seem to have enough experience to comment on the issue.


Please visit this comment sub-tree:

https://news.ycombinator.com/item?id=13765786


That is a regurgitation of your opinion without any facts.

Comparing technology and saying "it seems" or "i feel" isn't really a good argument to convince me one way or the other.


> Seriously: I don't understand why you guys stay with AWS.

I tried them all and Amazon is still the best.


Postgres on RDS


Come to NEXT in a week! :).


Any chance UDF iterators for Cloud Bigtable are in the works?

Being able to run distributed D4M/GraphBLAS queries in Cloud Bigtable would be killer.

"From NoSQL Accumulo to NewSQL Graphulo: Design and Utility of Graph Algorithms inside a BigTable Database" https://arxiv.org/pdf/1606.07085.pdf


I'm seeing green checkmarks across the board, but they just added a notice to the top of the page:

> Increased Error Rates

> We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region.


I guess sub-1% to 100% failure rate is technically an "increase".


I guess file uploads and downloads are technically "API calls".


the worst thing is when your system cant handle these "increased error rates" as your control plane cascades failure due to something like this....

The worst "increased error rate" problem I had was when the API was failing and my autoscale system couldnt deal and launched thousands of instances because it couldnt tell when instances were launched (lack of API access) and the instances pummelled the fuck out of all other parts of the system and we basically had to reboot the entire platform....

Luckily, amazon is REALLY forgiving with respect to costs in these (and actually most) circumstance....


recalls numerous times

Yes. Yes they are. Thankfully.


I always joke that if one of those statuses ever went to red, it means the zombie apocalypse has begun.


The number of non-green marks is the number of ICBMs currently in flight towards an AWS data center.


The good news is, if Amazon's services are marked as offline, you're allowed to use Amazon Lumberyard to control nuclear power plants.


In case anyone wants to see what mysterious the red icon looks like: https://status.aws.amazon.com/images/status3.gif

At best when there are problems (not like now I guess) I will see the "note" green icon https://status.aws.amazon.com/images/status1.gif


I've heard (on the Fnord new show on the most recent CCC congress, so take it with a grain of salt and a bucket of humor) that Amazon's TOS are more or less void when a Zombie Apocalypse breaks out.

They had some convoluted but fairly specific wording in their TOS, whoever wrote must have had a lot of fun.


From https://aws.amazon.com/service-terms/

> 57.10 Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the AWS Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.


First the fall of human civilization has to be a real threat per the TOS so not sure they'll care.

Second, I know the lawyer and yes he had fun.


Then I guess it has begun, the page is now showing red. I'd put a picture on imgur but it's not loading.


http://downdetector.com/status/aws-amazon-web-services looks like a reasonable alternative place to check/report downtime.


I just check Twitter, since Amazon's status is always a lie. My personal dashboard is still showing no problems. It's bad enough that the main public status is always green even when there's clearly a problem, but you'd think they could at least make the private status accurate.


Which is coincidently down.


Maybe they are hosted on S3 facepalm or maybe they just got a surge in traffic


downdetectordown.com ?


yep, page won't load.


Gah. It was up 3 minutes ago. Anyone have any suspicion this is another ddos episode? I saw that SO was down last night too: https://twitter.com/StackStatus/status/836450836322516992


Pretty confident that isn't it. S3 was returning InternalErrors for 22 seconds before it started timing out and/or returning 503s to all my requests.

I'd bet that something broke (causing InternalError responses) and then nodes started marking themselves as failed (causing the timeouts and 503s soon after).


I want to see the botnet capable DDoSing S3. That would be something.


Apparently, that's down too. Sigh.


So, global S3 outage for more than an hour now. Still green, still talking about "US East issue". I'm amazed.


It doesn't appear to be global; my app in eu-west-1 appears unaffected.

It's possible that the console won't work however as I believe that's served from us-east-1.


My site hosted on S3 is also running.


Looks like they have fixed the issue with their health dashboard now.

From https://status.aws.amazon.com/ : Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard. The service updates are below. We continue to experience high error rates with S3 in US-EAST-1, which is impacting various AWS services. We are working hard at repairing S3, believe we understand root cause, and are working on implementing what we believe will remediate the issue.


There was an alert on the personal health dashboard[1] a second ago, it said S3 Operational issue in us-east-1 but when I tried to view the details it showed an error.

Then I refreshed and the event disappeared altogether.

[1] https://phd.aws.amazon.com/phd/home?region=us-east-1#/dashbo...


Same here. But it is in the general status dashboard: http://status.aws.amazon.com/


Still green now, 8 minutes in.


I've had a few non-Amazon providers tell me AWS things are not working in the last 5 minutes, no note from Amazon though.

Nice.


Just sent out a notice to our customers via our status page. I really wanted to be able to add a link back to AWS detailing the issue but that's a pipe dream I suppose.


... still green



Looks like his personal site isn't loading... :)


Yup, it is indeed hosted with Amazon.



We have a slack emoji for it called greenish. It's the classic AWS green checkmark with an info icon in the bottom. Apparently it's NOT an outage if you don't acknowledge it. It's called alt-uptime.


I really liked it. But when trying to add it to my HipChat group it failed to upload. Why? S3 outage, what an irony.


AWS internal lingo calls this the "green-i"


Just went yellow

Edit: nevermind


Did it? Still fields of green for me.


While keeping the status green for s3, they have at least put up a notice at the top:

Increased Error Rates

We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region.


Yeah I just now saw that. Probably regional cache clearing or something.


Still green for me


Just went yellow

Increased Error Rates

We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region.

https://status.aws.amazon.com/


Check individual services ...

Amazon Simple Storage Service (US Standard) Service is operating normally


Well, at least our decision to split services has paid off. All of our web app infrastructure is on AWS, which is currently down, but our status page [0] is on Digital Ocean, so at least our customers can go see that we are down!

A pyrrhic victory... ;)

[0] - http://status.hrpartner.io

EDIT UPDATE: Well, I spoke too soon - even our status page is down now, but not sure if that is linked to the AWS issues, or simply the HN "hug of death" from this post! :)

EDIT UPDATE 2: Aaaaand, back up again. I think it just got a little hammered from HN traffic.


When even the status page is down, panic.


Could be worse, your entire infrastructure could be hosted on Heroku.

You don't use S3 but because they do, your entire infrastructure crumbles.


I didn't realize Heroku used s3 until today, when my heroku app failed. Makes me wonder why I'm using heroku instead of just aws.


If you're looking for the simplicity of Heroku but want to run on raw AWS check out Convox. It's open source and free to try.

https://convox.com

Disclosure: I'm one of the cofounders


Heroku is a rewrap of AWS for simplicity.


You're paying Heroku to not have to think about deployment or scale, which is also why their marketplace is successful - who wants to think about managing a database, when two clicks and a few environment variables later you can have one. Heroku is great for devs who don't want to think about ops and can afford to throw money at the problem (it gets really expensive really fast).


Skyliner is an option if you're doing real production stuff.


I don't see why this is being downvoted. It's a pretty legitimate concern.


esp since my side project on heroku which uses nothing is down because of this.


The biggest change heroku needs to make is support different regions.


HTTP 500 :(


Plot twist: Digital Ocean is secretly hosted on AWS


shhhhhhhhhhh!!!


LOL...I just got notice that our status server is down now too! Maybe DO is just a rebranded offshoot of AWS after all... :D


FYI to S3 customers, per the SLA, most of us are eligible for a 10% credit for this billing period. But the burden is on the customer to provide incident logs and file a support ticket requesting said credit (it must be really challenging to programmatically identify outage coverage across customers /s)

https://aws.amazon.com/s3/sla/


The 10% savings of ~$10 does not compare to time/potential business lost, but thanks for the tip :)


> potential business lost

My startup's op team had a great discussion today because of this that basically boils down to "if we hit our sales goals, an incident like this a year from now would end our company".

Looks like our plans to start prepping for multi-cloud support will be a higher priority.


> an incident like this a year from now would end our company

I'm genuinely curious, what kind of business are you in that a four hour outage would end the company? High frequency trading or something?


You're in the right ball park- services for traders and brokers in the finance industry. A two hour outage during trading hours would be an extinction level event.


not op, but when i worked in the ticketing business if this happened during a big on sale we would get hosed.


A low-cost first step is enabling cross-region replication [1].

[1] http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html


I'd be willing to bet that the effort you put into a multi-cloud solution will be more expensive than you think, and far more brittle in the event of an emergency. It always is.


You're not wrong, but if your customers can't afford an outage, you can't afford not having a fallback plan. Probably worth a few trial runs during low volume hours to be sure.


thats for below 99.9% - they are at 99.997% .. you are never getting that 10% credit..


0.1% of 28 days is 40 minutes, so it seems likely to happen.


I was calculating it for a year - maybe the availability applies to per billing cycle - you may be correct..


You got your orders of magnitude wrong ;)

    99.9964583 = 100 - 153/(30*24*60)
    99.6458333 = 100 * (1 - 153/(30*24*60))


I was calculating it for a year - maybe the availability applies to per billing cycle.. I am still not able to understand your math - mind explaining


Your numbers are still off for a year.

    99.9997089 = 100 - 153/(365*24*60)
    99.9708904 = 100 - 100*153/(365*24*60)
The formula is 100% minus 100% times downtime/time in month/year.

153 is the number of minutes they were down going off the reported updates at https://status.aws.amazon.com/ - 11:35AM PST was when they fixed the status page, 2:08PM PST was when S3 was fully back online. (And 153 is underestimating it, because there were errors going on for long before they fixed the status page, but I don't have timestamps on that.)


From Amazon: https://twitter.com/awscloud/status/836656664635846656

    The dashboard not changing color is related to S3 issue.
    See the banner at the top of the dashboard for updates.
So it's not just a joke... S3 being down actually breaks its own status page!


For this kind of page it might be best for them to use a data URI image to remove as many external resources as possible.


Unicode characters would work fine, and be even smaller.

Warning sign, octagonal sign, no Entry (all filtered by HN).

There are plenty of possibilities.


I was thinking they should host the little green check mark icons on s3.


Thank god I checked HN. I was driving myself crazy last half hour debugging a change to S3 uploads that I JUST pushed to production. Reminds me of the time my dad had an electrician come to work on something minor in his house. Suddenly power went out to the whole house, electrician couldn't figure out why for hours. Finally they realized this was the big east coast blackout!


Disadvantage of being in the detail I guess. My thinking was Imgur seems broken today >>> Something major on the intertubes must be fk'd.


Precisely how I discovered it. Imgur down. Imgur is almost like a piece of critical Internet infrastructure. That + some other site misbehaving tipped me off that something very wrong is happening...


irc.freenode.net / ##aws (must be registered with nickserv to join)

outage first reported around 11:35CST.


Corporate language is entertaining while we all pull out our hair.

"We are investigating increased error rates for Amazon S3" translates to "We are trying to figure out why our mission critical system for half the internet is completely down for most (including some of our biggest) customers."


Coincidence?

https://twitter.com/homakov/status/836649802842591232

I've been fuzzing S3 parameters last couple hours...

And now it's down.


All: I hate to ask this, but HN's poor little single-core server process is getting hammered and steam is coming out its ears. If you don't plan to post anything, would you mind logging out? Then we can serve you from cache. Cached pages are updated frequently so you won't miss anything. And please do log back in later.

(Yes it sucks and yes we're working on fixing it. We hate slow software too!)


"I felt a great disturbance in the Force, as if millions of voices suddenly cried out in terror, and were suddenly silenced. I fear something terrible has happened."


Down for us as well. We have cloudfront in front of some of our s3 buckets and it is responding with

    CloudFront is currently experiencing problems with requesting objects from Amazon S3.

Can I also say I am constantly disappointed by AWS's status page: https://status.aws.amazon.com/ it seems whenever there is an issue this takes a while to update. Sometimes all you see is a green checkmark with a tiny icon saying a note about some issue. Why not make it orange or something. Surely they must have some kind of external monitor on these things that could be integrated here?

edit: Since posting my comment they added a banner of

"Increased Error Rates

We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region."

However S3 still shows green and "Service is operating normally"


To mitigate the effect of S3 going down I use cross-region replication to replicate objects to another S3 region. If S3 went down in my primary region I could update the app config to write back to the backup region and update the CDN configuration to use the backup region as an origin.

I did that out of paranoia but it turns out this could happen to us. Does that sound like a sensible approach?

Fortunately all my company's stuff is in eu-west-1 which still seems to be fine.


I'm certainly not an expert here, but just to make you feel good (if nothing else), this is exactly what we did this morning (Melbourne time). Woke up to a bunch of flailing Lambda funcs on us-east-1. Luckily we're using Apex so cross deploying them to Singapore took all of 30 seconds. We were concerned about API Gateway since it was also sitting in us-east-1 but ended up not being an issue. Realized that redeploying S3 and Lambda across regions can be done in practically no time, but we would have been in trouble had we needed to replicated our APIs in another region. Going to start exploring spec'ing up our existing gateways in swagger to help with this.


Sysadmin: I can forgive outages, but falsely reporting 'up' when you're obviously down is a heinous transgression.

Somewhere a sysadmin is having to explain to a mildly technical manager that AWS services are down and affecting business critical services. That manager will be chewing out the tech because the status site shows everything is green. Dishonest metrics are worse than bad metrics for this exact reason.

Any sysadmin who wasn't born yesterday knows that service metrics are gamed relentlessly by providers. Bluntly there aren't many of us, and we talk. Message to all providers: sysadmins losing confidence in your outage reporting has a larger impact than you think. Because we will be the ones called to the carpet to explain why <services> are down when <provider> is lying about being up.


People were joking about this but it turns out to be true: they host the status icons on their service: https://twitter.com/awscloud/status/836656664635846656


Due to HN's flaky Cloudflare 503 Bad Gateway error, I noticed that Cloudflare is also being affected by S3 being down in a similar but subtle way. See their status page's broken logo on the upper left hand corner.[1] It was actually directly linking to a S3 URL: https://s3.amazonaws.com/statuspage-production/pages-transac...

[1]: https://www.cloudflarestatus.com/


https://www.cloudflarestatus.com/ http://www.trellostatus.com/

Looks like they are both using the same solution for their status pages. The icon for trellostatus did also fail to display.


Was HN affected by Cloudbleed?

I would rather access HN without Cloudflare as man-in-the-middle, especially over HTTPS.


All websites that use Cloudflare were potentially affected by Cloudbleed which is what makes it such a terrible thing.

You will never know the exact damage, the only thing you can do to play it 100% safe is to rotate all credentials on sites using Cloudflare.

And you can't access HN without going through Cloudflare (unfortunately, but HN is having a hard enough time to keep up with traffic as it is, without Cloudflare it would perform a lot worse than it does).


Hahaha too bad.

Google Analytics, Cloudflare, AWS, those are things you can never escape from.


Disagree on Google Analytics.


EDIT: Misread parent.


Because your status page shouldn't depend on your own infrastructure. Literally the problem Amazon is having right now.


I guess they don't want to host their status page on their own CDN in case it went down too.


But only the logo image hosted on S3 is broken though. It seems to be preventable if they host the logo image together with their status page.


Saw that too, sounds like a convenient excuse for being caught in a lie.

AWS Employee #1: Hey, people are catching on that our status page isn't accurate

AWS Employee #2: Tell them it's cause of S3


I'd suspect the humiliation of hosting your own status page on the infrastructure it's monitoring would far outweigh the "lie".


People are much more forgiving of mistakes than they are of deception.


The icons aren't hosted there (or if they are, they are cached). https://status.aws.amazon.com/images/status3.gif

The status information is hosted there.



The "red check mark is stored on S3" may have been sarcasm, but apparently there was a kernel of truth to it?!

Poor show when a service disruption means the status page can't be updated....


While status icon being hosted on S3 is funny, I think it's more likely that it's not the icon itself that caused the status page to not getting updated, but rather the fault of service information (say, a JSON file) that used to generate the status page that was stored on S3. The banner could probably be configured locally, so they choose to update that for the time being (e.g. while moving the status bucket somewhere else).


> Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard.


I like how HN (and others) handle this - there should be a static link to a 3rd party source, like a twitter feed, at the top of any status page.


if that simple, why the text desc for Details also didn't reflect the incident?


Is there any service that distributes your files to multiple cloud services at the same time? With this recent S3 outage, I'm now feeling uneasy to store files on S3 for mission critical apps.


The outage was on us-east-1. If you are hosting mission-critical files in a single region, S3 is not the problem.


To be fair, most people don't use the region replication thing for S3. Of course this is why I push folks to use GCS's default Multi-Regional buckets, because when a regional outage does occur, it's awfully nice to at least have the option to spin up elsewhere. If your critical data is in Virginia today, all you can do is wait.

Disclosure: I work on Google Cloud, and we've had our fair share of outages.


I believe that IPFS together with Filecoin is intended to be something like this in a broader, free market sense. Unfortunately IPFS is probably far from ready for mission critical apps and Filecoin hasn't launched at all.


ins3ption


It's unbelievable that the status page is still showing green checkmarks, almost what, 2 hours into the outage?

edit: oh, it is actually because of the outage! So if they can't get a fresh read on the service status from s3, they just optimistically assume it's green... even though the service failing to provide said read... is one of the services they're optimistically showing as green XD


Hey can't change it due to the S3 issue. See their twitter post: https://twitter.com/awscloud/status/836656664635846656


Wow so they can't update the S3 status page currently due to S3 issues, including the status page processing to update it, which runs upon S3.

That raises many more questions about how well accounted outages have been in the past and equally reported. Then the design aspect that in itself highlights if you run things in the cloud, what fallback do you have if that goes wrong. So certainly the impact from this outage is going to echo for a while, with many questions being asked.


Smells BS. As pointed out in https://news.ycombinator.com/item?id=13757284, text should have reflected the real situation. So the icons are either not the only problem or just an excuse.


It seems status pages should be on entirely independent infrastructure, give the criticality of the information they provide. Perhaps even a separate domain.


Same related flaw as Three Mile Island. Fail closed and measure the output, not the intent.


> Because we [sysadmins] will be the ones called to the carpet to explain why <services> are down when <provider> is lying about being up.

But isn't that the whole point of lying: to the less technical manager (often the only person whose view matters at major customers), the status board saying "up" means the problem is the sysadmins, not the vendor.


That works in the vendor's favor in the short term, but can screw them in the long term because you get staff who go the extra mile to avoid the vendor in the future, including structuring requirements to avoid them.

For example, by experience and gossip I know Wind stream has awful reliability, but they handwave that away. By including a requirement I knew they couldn't meet (dynamic E911), they were knocked out of a 200 site VoIP RFP early.


Hurry, look now, so you can tell your grandchildren!!!

Greenish ELB, RDS.

Yellow EC2, Lambda.

Red S3, Auto Scaling.

EDIT: A few dozen services in us-east-1 are down/degraded.


> but falsely reporting 'up' when you're obviously down is a heinous transgression.

When SLA's are in play and so are job performance scores and bonuses there is probably a strong incentive to fudge numbers. It can be done officially ("Ah but sub-chapter 3 of chapter X in the fine print explains this wasn't technically an outage") or unofficially.


When I worked in Antarctica any outage affecting users that lasted over 50 minutes was considered an official "outage" and had to be reported to mission command. So of course ALL maintenance was rolled back/backed out if it came anywhere even close to 50 minutes, just so we wouldn't have to fill out the stupid outage paperwork.


Thank you for the insight. Could you and/or any sysadmin on here elaborate on what a "nail in the coffin" situation might look like? For example, is this current outage with inaccurate status updates enough to seriously consider migrating to another CDN provider? If so, which one would you migrate to?


Disclaimer, not a job-toting sysadmin quite yet, but here's my 2¢:

- Architectural SPOFs (single points of failure) need to be carefully weighed up in any design, and "ALL our files are on $single_provider" is one such huge red flag. Unfortunately these considerations are all too frequently drowned out by the ease of going with the least path of resistance.

For example GitHub occasionally goes down, which breaks a remarkable amount of infrastructure: a huge number of people don't know how to use Git, do full clones from scratch each time, and have no idea how to work without a server (even though Git is built to work locally); CI systems tend to want to do green-field rebuilds, so start out with empty directory trees and need to do full clones each build (I'm not sure if any CI systems come with out-of-the-box Git caching); GH-powered authentication systems fall apart; etc. Kinda crazy, scary and really annoying, but yeah.

In terms of "nail in the coffin", that depends on a lot of factors, including a subjective analysis of how much local catastrophe was caused by the incident; subjective opinions about the provider's reaction to the issue, what they'll do to mitigate it, perhaps how transparent they are about it; etc.

Ultimately, the Internet likes to pretend that AWS and cloud computing is basically rock-solid. Unfortunately it's not, and stuff goes down. There were some truly redundant architecture experiments in the 80s (for example, the Tandem Nonstop Computer, one of which was recently noted to have been running continuously for 24 years: https://news.ycombinator.com/item?id=13514909) but x86 never really went there, and superscalar computing is built on a sped-up version of the same ideas that connect desktop computers together, so while there are lots of architectural optical illusions, well, stuff falls apart.

- Everyone in this thread is talking about Google Compute Engine, but it really depends on your usage patterns and requirements. GCE is pretty much the single major competitor to AWS, although the infrastructure is _completely_ different - different tools, different APIs, different pricing infrastructure. The problem is that it's not like like MySQL vs PostgreSQL or Ubuntu vs Debian; it's like SQL vs Redis, or Linux vs BSD. Both work great, but you basically have to do twice the integration work, and map things manually. With this said, if you don't have particularly high resource usage, VPS or dedicated hosting may actually work out more cost-effectively.

TL;DR: you go back to the SPOF problem, where _you_ have to foot the technical debt for the reliability level you want. Yay.


This is why I always set up my own monitoring for services in addition to the provider's status page. Simple SmokePing graphs have saved me a ton of time when it comes to troubleshooting provider outages. It especially helps when I can show them exactly when there are problems.


Why is always the manager that is the bad guy in these scenarios? Haven't we grown up yet?


The manager is not the bad guy. They are doing everything they should do in the scenario I presented. Checking into an outage affecting a critical system. Criticizing the sysadmin's findings based on the evidence that Amazon's status page disagrees. I don't expect a non-technical party to believe me over Amazon.

The bad guys are the providers who report false positives to preserve metrics.


Just commenting here because hopefully people can see: AWS status page updated: 1:44 CST


Any is always the manager that is the bad guy in these scenarios? Haven't we grown up yet?


It's not a lie, it's an "alternative fact" about how totally like awesome AWS is!


They don't show it on the status dashboard at https://status.aws.amazon.com/ (at least at the time I originally posted this comment).

But if you go to your personal health dashboard (https://phd.aws.amazon.com/phd/home#/dashboard/open-issues) they report an S3 operational issue event there.

Edit: Mine is reporting region us-east-1

Edit 2: And now the event disappeared from my personal health dashboard too. But we are still experiencing issues. WTH.


Also seeing the intermittent event on the personal dashboard. Wonderful.


Apparently they need a special/separate status page for everyone's personal health dashboard too. SMH.


It's interesting to note the cascading effects. For example, I was immediately hit by three problems:

* Slack file sharing no longer works, hangs forever (no way to hide the permanently rolling progress bar except quitting)

* Github.com file uploads (e.g. dropping files into a Github issue) don't work.

* Imgur.com is completely down.

* Docker Hub seems to be unavailable. Can't pull/push images.


A doctor's office that's unable to process patients due to the outage:

https://mobile.twitter.com/drjincali/status/8366578638879989...


I mean, that's not really AWS's problem, is it? Outages happen. If you have a mission-critical service like health care, you really shouldn't write systems with single points of failure like this, especially not systems that depend on something consumer-grade like S3.

This appears to be a normal doctor's office where there are routine appointments. Emergencies would be referred to the ER anyway. And while I obviously don't know the details of how his office is run, you'd think that you could get by on a pen-and-paper fallback to manage the office. Maybe that's an advantage to keeping experienced office staff on board.


I work in the healthcare industry and there's a big push from AWS into offering HIPAA compliant services for things like patient records. It's becoming much more common to tie in third party services into electronic healthcare software. Obviously no mission critical system should have a single point of failure and doctor's offices should have fallback plans for handling service outages, but most care providers don't have staff onsite with the technical expertise to understand the extent of the coupling. I'm just closely watching this space and found that tweet interesting in relation to the parent comment's remark about realizing the scope of this S3 outage. There's no blame unique to AWS here, but it is becoming an increasingly important piece of plumbing in the industry.


Fine. But that's just buying into one of the very common misconceptions about AWS (or any hosting provider), no? This idea that Amazon sells a fault tolerant product. They don't. Amazon sells you tools that can make a fault tolerant product, but making your own product resilient is entirely upon you.


Whatever software that doctor is using should have been built with offline capability (local storage, syncs to servers when network connectivity is restored).


On the upside.. no one is stealing more data from the CloudPets thing we were talking about earlier today.


We're still up and running (Sync.com) if you need to share some files.


AWS - too big to fail.


My own service was running just fine, until I tried to push out a (fairly critical) bugfix. Sadly, my deploy procedure relies on my build server pushing docker images to quay.io, and prod servers pulling them back down from quay.io, and quay.io hosts their Docker registry in S3. Time to make some apologies and excuses to my users...


* Hipchat file sharing no longer works, hangs forever * CircleCI cannot access artifacts


I was also trying to open gotomeeting web client, no luck.


Zoom was down too.


Heroku has issues too.


i was unable to purchase cat food at my local pet store with a credit card because their POS software was down


what's truly incredible is that S3 has been offline for h̶a̶l̶f̶ ̶a̶n̶ ̶h̶o̶u̶r̶ two hours now and Amazon still has the audacity to put five shiny green checkmarks next to S3 on their service page.

they just now put up a box at the top saying "We are investigating increased error rates for Amazon S3 requests in the US-EAST-1 Region."

increased error rates? really?

Amazon, everything is on fire. you are not fooling anyone

edit: in the future, please subscribe to @MyFootballNow for timely AWS service status updates https://pbs.twimg.com/media/C5xdm9_WMAAY7y_.jpg:large


@mikecb on Twitter explained it well. "The red icon is stored in S3 US East."


Apparently this is not a joke:

“The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates.”

https://twitter.com/awscloud/status/836656664635846656


I think that might be my favourite tweet this year so far.


There are some real gems @Pinboard too: "Green checkmark = no lava in data center. Green checkmark with information icon = data center filling with lava https://status.aws.amazon.com"


FYI, in seriousness you can see the fabled red status icon here:

https://status.aws.amazon.com/images/status3.gif

It does exist, apparently.


It showed up during the big DynamoDB outage last year.


Is the manager of that group still working there post-outage?


I thought this was a joke, but apparently not too far off:

"The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates."

https://twitter.com/awscloud/status/836656664635846656


While that may be true, that's not the reason you're seeing green. You should have been seeing a broken image or a status page not finishing loading if that was an issue.




The best jokes always have a grain of truth.


If this is how they're going to handle an outage of their premier AWS service, it's other cloud providers that will be seeing green.


Funny, cloudflare is also having trouble, page only showed on the third request.

Perfect storm.

As for other cloud providers seeing green: Or maybe people will come to their senses and will see that monocultures are bad, whether in biology or hosting.


> Funny cloudflare is also having trouble, page only showed on the third request.

I bet they're related. The moment I got an alert of the S3 outage I started refreshing a bunch of status pages at a feverish pitch. Multiply that by a thousands of others doing the same and boom you've got the equivalent of a DDOS.


dang [0] just commented to say that their server is getting hammered because of this thread.

[0] https://news.ycombinator.com/item?id=13756819


I've been getting intermittent Bad Gateways on HN for the last few days.

Ray ID: 33863460edf54231


That was (obviously) sarcasm :)


Humour is wasted on the internet.


or was it? dun dun


(Disclaimer: I work for AWS.)

The dashboard is not changing color due to the S3 issue. We're updating the banner in place of that.

Edit: Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard. The service updates are below. We continue to experience high error rates with S3 in US-EAST-1, which is impacting various AWS services. We are working hard at repairing S3, believe we understand root cause, and are working on implementing what we believe will remediate the issue.

http://status.aws.amazon.com/


For some reason, reading about "believe we understand root cause" made me think of: "A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable."


Maybe you could encourage your colleagues to host the status page outside of AWS?


We'll have to wait for the postmortem, but I bet it was an unintentional dependency on S3 that no one realized had come into place until S3 went down -- especially considering how fast they were able to remove the dependency and fix it.


This reminds me of a GitHub outage from them having a build dependency on GitHub. IIRC, they tried to roll back to building a prior version but since the site was offline, the build failed.


S3 gets used to store a lot of static content. Can't speak for that team, but I'm sure they'll take that feedback. Happy the banner functionality remained unimpeded.


Possibly AWS status page wisely relied on a third party, which relied on a fourth party, which relied on S3.


It took them ~30 minutes.


It took them 2 hours actually.


Maybe with GCP? :)


I'm happy to offer up some spare space on my godaddy hosted Linux plan if that helps...


Could you go more in depth? What does S3 have anything to do with it?


I think the most reasonable guess is that they have some backend system that continously pushes some status json/xml file to an S3 bucket.

Then there's the frontend, that apparently periodically reads this file from S3 and caches the results.

I guess the comment they added on the top after two hours of being in the dark was likely manually added to the web frontend.

Obviously all of this would be hilariously badly designed if it was made this way. Still...


It's where they store the error icon.


So the "working" icon works, but the "not working" doesn't? I'm not sure that's right.


Tragic comedy gold


What we need are status pages that are driven by votes from verified customers, which could also serve to inform the provider about issues.

This would address issues that are only visible from the outside.


And system monitoring which isn't dependent on itself. Kind of a "duh" kind of thing...


http://outage.report/ does this pretty much, except for the "verified customers" part.


> Amazon, everything is on fire. you are not fooling anyone

Fun story, when I was an intern at Amazon there was actually a warehouse fire. The result was a lot of manual database entry updating as products were determined to be destroyed or still fit for sale.


I'm curious about what happened to products that were no longer fit for sale, but still fit for use. Do you recall?


In the military, a warehouse fire or equivalent suddenly generates a ton of "backdated transfer requests" showing that various stock had been sent to the warehouse just previously!


This sounds like rank corruption. Surely such a thing is rare in the military?


To be fair, there's a plausible explanation for what robaato describes that doesn't involve corruption. Suppose it's standard or common to move things first and then file such "backdated transfer requests". After a fire that destroys everything in a warehouse, there would be a flurry of activity to quickly account for everything that was destroyed, so paperwork that would otherwise have trickled in over a month or two might suddenly be hurriedly filed in a few days.


It could just be lackadaisical administration that only gets urgently addressed when there is something perceived as a particular problem.

The military is not exactly known for being great at keeping track of things that aren't nuclear weapons, and sometimes falls short even on those.


There is "Amazon Warehouse Deals", Amazon itself acting as a used products seller on Amazon. This is usually used for returns etc., but I wouldn't be surprised if they also handle something like this.


There are businesses that specialize in remaindering fire-damaged goods -- mostly stuff that smells like smoke.

They showed up in my town in the early 1980s after one of our local malls had a smokey fire. They sold a bunch of stuff that came from other places, too, including a ton of 15mm miniature soldiers.



I like how this post says "if you look at the AWS Status Page, this what you see". but you can't see the image. because S3 is down.


I thought this was funny so I took a screenshot of the blog post and uploaded it to the company Slack. The upload failed because Slack uses S3.

This is getting crazy.


If this isn't good evidence that amazon downright lies on their status page and that no green checkmark should ever be considered trustworthy, I don't know what is.


Why is the status board hosted on AWS? Most providers host such pages on a 3rd party, specifically for this reason; correlated failure.


> edit: in the future, please subscribe to @MyFootballNow for timely AWS service status updates https://pbs.twimg.com/media/C5xdm9_WMAAY7y_.jpg:large

So this is what centralization looks like.


I hear that their process for updating the status page involves S3.


it would appear that you are correct

"The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates." https://twitter.com/awscloud/status/836656664635846656


I very seriously thought that it was a joke to say that S3 was needed to show the red icon, but apparently they can't update the dashboard about the status of S3 because of S3.


So... https://twitter.com/awscloud/status/836656664635846656

"The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates."


the non-green icon is probably hosted on s3 (i'm not trying to be funny)


"Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard."

Yep.


I love it, like that fixes the problem! ..now fix the REAL problem


I don't think they intentionally kept the checkmarks there. They probably just didn't update it as quickly as developers made a post on Hacker News (not surprising, they were probably investigating).


After having seen multiple AWS outages/service disruptions, with nothing other than a green checkmark ever showing, I am now very confident that the checkmarks are hardcoded and there is no logic behind them.


It's already been confirmed by amazon employees on HN that the color can only be changed manually by an employee and it needs a high level of approval.

Also, there are incentives based on colors, so the managers really don't want to admit any failure.


While this is a personal feeling and I don't have any data (metrics) to back it up: I think a large percentage (and probably a majority) of metrics don't end up helping a company once they are created - especially if any salary or bonuses are based on them. They are always so gamed that they become worthless.

This is a great case in point if true.


Your point hits on a true thing. One problem is that companies measure proxies for performance, not performance itself. A great book on the topic (and related topics) is Weapons of Math Destruction. Anyway, a green checkbox is pretty far into proxie-land. It's not very closely related to client retention or profitability, and now we see it's not even related to operational time of the equipment. Yikes. So a proxy like this is not even worth using as a metric; it can only cause false confidence that some information is known, and that leads to bad decisions. Not the least of which is bonusing incompetent managers.


Amazon has metrics so they can tell a story, not so they can measure things.

As a cute example, one of their senior people (in a stats heavy role) couldn't explain how they'd detect if people wanted to be able to automatically order socks and tshirts on a buying cycle outside of what I call the "scheduling horizon", eg every 3-6mos. (Things I need regularly, but sparsely enough it doesn't stand out to do proactively -- eg, I buy socks when they all have holes, not on a reasonable replacement cycle.)


Yup probably some incentives due to SLA's for their larger customers.


> Also, there are incentives based on colors, so the managers really don't want to admit any failure.

A textbook case of "wrong incentives". #1 incentive should be satisfied customers.


You can have a high level of customer satisfaction if you lie to them and arrange so that they don't even notice, and by having a good damage control strategy for when some customers do notice they aren't getting that they were promised.

Such approach has better ROI than actually doing high quality products or services, which is why so much of what we buy is utter shit. That's especially true on the mass market, when satisfaction of individual customers doesn't impact your company at all, as long as they're not complaining too loud.


Are any incentives affected by customer complaints? Because if so, all we need to do is complain and they might actually start using the status system meaningfully. (I'm sure this is wilful thinking, though; I doubt people don't complain in this situation!)


when you start investigating an outage, that is exactly when you should change your checkmark to yellow if not red. if you're as big as AWS there should not be any more than a minute or two between when your service goes down and when you actually update your status page to show that.


It should actually just be automated.


It's not just us-east-1! They're being extremely dishonest with the green checkmarks. We can't even load the s3 console for other regions. I would post a screenshot, but Imgur is hosed by this too.


IIRC the Console is mostly hosted out of US-EAST-1. Direct API calls to other S3 regions are likely to work, but it's not surprising the Console's having trouble.


Its unreal watching key web services fall like dominoes. Its too bad the concept of "too big to fail" applies only to large banks and countries.


"To big [to allow] to fail" is what that term means.

This would extend to a service like amazon actually, where survival of the service would be an extraordinary effort in case this problem lasted for a long time.

The way you imagined it, as 100% uptime, is incorrect.


I didn't get that at all from the OP. His comment I'm fairly certain is of the "why the heck are we centralizing the web to 2 or 3 infrastructure companies" for what amounts to a minor amount of convenience.

We've seen this story play out in other industries and it never works out well for average people. It's been astounding for me to watch the pace of this centralizing and who is helping it along.

The tldr; point is that a single service provider should not have the amount of control Amazon does over the Internet. At least that's my take.

I know my opinion on this wildly differs from the HN crowd and SV "decision makers" these days - what is so curious to me is that this is a complete 180 from that same demographic even 10 years ago.


Yes: "why the heck are we centralizing the web to 2 or 3 infrastructure companies". Its a systemic asset, unregulated, in a world where every systemic asset is regulated (eg. utilities, transportation infrastructure, etc.).


Regulations means you force your standards on other people who might not need or want them.

If you want other infrastructure companies or decentralized internet, you are free to do that yourself via voluntary means.


It's because centralization is really, really convenient when it works correctly. And most of the time, it does. It's just when it breaks it's really, really bad.


The fact that we even have "key" services is absurd.


Thanks for sharing. I overheard someone on my team say that a production user is having problems with our service. The team checked AWS status, but only took notice of the green checkmarks.

Through some dumb luck (and desire to procrastinate a bit), I opened HN and, subsequently, the AWS status page and actually read the US-EAST-1 notification.

HN saves the day.


On thing I learned here. When something seems horribly wrong, check HN first, it may be "global" problem.


Same here, was eating lunch and browsing HN when hipchat started lighting up with customer complaints.


Wow, S3 is a much bigger single point of failure than I have imagined. Travis CI, Trello, Docker Hub, ... I can't even install packages because the binary cache of NixOS is down. Love living in the cloud.


Twilio call recordings appear to be missing as well.


Trello API is up, so you can use any Trello client except the web client.


Notice how Amazon.com itself is unaffected. They're a lot smarter than us.


Browsing works but some functionality is broken; for example you can't view your order history.


I do recall reading somewhere that Amazon.com isn't actually hosted or fully leveraging on the AWS platform, mostly due to the political struggle between the AWS and the merchant department.


Sales Department: "We require 100% uptime! Can you do that?"

AWS Department: "Wellll, if we don't change the status to red, it's as if we were up all the time!"


There are public talks on Youtube from Amazon.com titled "Drinking our own Champagne" where they say the opposite.


Yeah, that was the original pitch for AWS. Engineering presentations since the initial launch have included "yeah... not quite" admissions though.


The ability is there for any company to take advantage of multiple regions. Takes time and money, but it's doable.


And they've just broken four-9's uptime (53 minutes). They must be pretty busy, since they still haven't bothered to acknowledge a problem publicly...


Best thing about incidents like these: post-mortems for systems of this scale are absolutely fascinating. Hopefully they publish one.


Have they even acknowledged the mortem..?


Everything is green. There are no tanks in Baghdad center.


Yes.

"We've identified the issue as high error rates with S3 in US-EAST-1, which is also impacting applications and services dependent on S3. We are actively working on remediating the issue."


> We are actively working on remediating the issue.

I do love corporate-speak.

It's a rapidly oxidising waste receptacle (rather than a dumpster fire).


Agreed. AWS' postmortems are fascinating.


This seems like an appropriate time as any... Anyone want to list some competitors to S3? Bonus if it also provides a way to host a static website.


Backblaze's B2 is an S3 near-clone: https://www.backblaze.com/b2/cloud-storage.html

I don't know about reliability, but it's a fraction of the price of S3.


As I've said previously: I love the Backblaze folks, but B2 is apparently hosted in a single building. So that's not a question of if, but when.

Disclosure: I work on Google Cloud.


In theory you are totally right but looking at the AWS it seams that the likelihood of issues due to ops complexity could be higher than the risk of a simple but single site service going down.


Google Cloud Storage comes to mind. From what I recall they can host static websites as well.


Yes, we can. You can host static content in GCS in the same way that you would using S3, or you can Google Cloud Load Balancer to do more complex setups, such as mixing static GCS content and compute URLs on the same domain.

If you're interested: https://cloud.google.com/solutions/web-serving-overview#host... https://cloud.google.com/compute/docs/load-balancing/http/us...

Disclaimer: I work on Google Cloud Storage.


Load Balancing looks very interesting. Hopefully that'll be out of Beta sometime soon?


Google Cloud Storage or its Firebase hosting version.


An open source project minio.io implements Amazon S3 APIs, and allows you to create your own in-house S3 like infra.


If its static site, put it anywhere and just cache it with Cloudflare. (turn on the always on feature)


You also get your ssl sessions backed up on global webcaches as an added feature.


What does it mean?


He's referring to CloudFlare's newest feature, CloudBleed: https://en.wikipedia.org/wiki/Cloudbleed


Time to move your stuff away from Crimeflare folks


To do this you'd create a 'Page Rule' that specifically tells Cloudflare to 'cache everything' for a URL pattern like https://examplesite.tld/* .

You can set a cache invalidation time too.

Always online is a slightly different feature I believe.


IBM Bluemix offers file storage[NFS], block storage[iSCSI], and cloud storage [S3 API, Swift API].

we also offer a large number of boilerplates such as Flask, ASP,net, node.js

we have been making lots of changes lately check us out!

static page deploy guide: https://www.ibm.com/blogs/bluemix/2014/08/deploying-static-w...

https://console.ng.bluemix.net


And Swift.


GitLab Pages [0] is pretty good for static websites IMO, you can use GitLab CI to build more complex sites as well [1].

Disclosure: I work for GitLab

[0]: pages.gitlab.io [1]: https://about.gitlab.com/2016/12/07/building-a-new-gitlab-do...


Slightly related, FYI all of the package downloads for Gitlab are timing out with a 504 error from Cloudfront ("Cloudfront is having difficulty accessing S3". The registry is also showing an error.

I'm trying to downgrade to an older version because our install is not working but can't get the DEB unfortunately.


Looks like it's back up now, sorry about that :(


GitLab really needs to provide a way to force HTTPS for domains that have it set up. I have to manually link with `https://` everywhere.


Yeah, we've wanted that ourselves. There's an issue for it, but it's not scheduled yet. If you know Go, feel free to take a crack at it :)


I would say use CloudFlare, but...


Use cloudron.io and install Ghost/Wordpress/Write your own. Just run the server wherever you want.


Interesting that they still host the cloudron.io site on Amazon platform

ping cloudron.io -> 54.192.7.94 -> server-54-192-7-94.dfw3.r.cloudfront.net (Amazon Technologies) [1]

[1] http://whatismyipaddress.com/ip/54.192.7.94


Correct me if I am wrong but you are pointing out that their website is on a CDN. Are you saying they need to host their website on Wordpress/Ghost? AFAIK, Ghost & Wordpress do not easily scale compared to a CDN if your site has heavy traffic (which landing pages must be engineered for as opposed to small blogs).



Netlify is great for hosting static sites. Free for non-commercial sites.


Netlify's status page and pre-rendering service are down due to the S3 outage.

https://twitter.com/netlifystatus/status/836643259053023232


Disclaimer: I work for netlify and posted that tweet.

Yup, they took those portions of our service down, but we now have redundant status page hosting setups and prerendering that is not tied to S3 (the latter is the only part of our service that was affected, and it was fixed within an hour of the outage)


Any other region of AWS would also have worked around this one.


Rackspace's Cloudfiles. Does support static websites.


I use both RS Cloud Files and Google's Cloud Storage. Google's is superior in nearly every way.

The only con is that it is a Google product that could be deprecated at any point in time. But, with all the acquisition stuff happening over at RS, I'd be lying if I said I wasn't worried about them killing of their cloud offering.


Two things:

1) Google Cloud Storage can host static websites:

https://cloud.google.com/storage/docs/hosting-static-website

2) Google Cloud Platform has a 1 year deprecation policy, which would never happen with a product that so many companies and customer rely on (Google Reader had a small but passionate base)

Disclaimer: I work on Google Cloud Platform


To clarify on #2, are you saying that Google Cloud Platform in its entirety has a 1 year deprecation policy? Or that individual products within the platform have a 1 year deprecation policy? I'm not worried about Google deprecating the Storage service but that they could kill off the entire platform.

Also just wanted to say that I've been extremely happy with GCP thus far and all the services I've tried thus far have more features than RS. I really hope GCP is here for the long haul.


Sorry, for any product on GCP, there is a 1 year deprecation policy. GCP isn't going anywhere. See the comment about Snap and Diane Greene's involvement (she is an Alphabet board member).

Disclaimer: I work on Google Cloud Platform


For what it's worth, a fairly large 5 year contract between Google Cloud and Snap Inc was recently made public.


I worry about everything Google hosts because they have such a track record of just randomly axing products with no or little warning.


https://twitter.com/aws_shd/status/836635812020158464

"Increased API Error Rates - 9:52 AM PST We are investigating increased error rates in the US-EAST-1" "S3 operational issue - us-east-1"


Yeah and still a green check mark :D


Would love to know the threshold for "Increased" -_-


"more than one"


Started a list of "things to do when S3 is down."

https://justinjackson.ca/s3/

What else should I add?


Have a philosophical debate with yourself (just within your mind) as to whether all this interweb/webternet stuff is a worthwhile pursuit...knowing that it would not survive should a comet hit the earth again...or, maybe it will? ;-)


Yes. Go for a walk and interact with people in the community. You might meet someone interesting and learn something as well!


My suggestion would be to rediscover the clarity and focus of thinking about systems and code on paper.


Migrate all your stuff to Cloudfront.

S3 is not a CDN!


Or instead of Cloudfront, you could migrate to a service provider that provides meaningful status pages.


I'm going to go do my laundry.


It's winter - hit the slopes!


I'm loving #16 right now...


What kills me is that their status page still shows nothing is wrong.

https://status.aws.amazon.com/


Their status page probably can't refresh because S3 is down.


correct.


Apple's iCloud is having issues too, probably stemming from AWS. Ironically Apple's status page has been updated to reflect the issue while Amazon's page still shows all green. https://www.apple.com/support/systemstatus/


I can't stream music from my iCloud library.


Wow this is a fun one. I almost pooped my pants when I saw all of our elastic beanstalk architecture disappear. It's so relieving to see it's not our fault and the internet feels our pain. We're in this together boys!

I'm curious how much $ this will lose today for the economy. :)


Was just pentesting it, and have some minor result. If you are using S3 browser uploads, make sure parameters you supply to Presign do not contain \n or it can lead to format injection https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthenti...

Many aws SDK libs don't remove \n for you.

(I hope it wasn't me who broke it lol)


"Was just pentesting it" ... hopefully with their permission. Be careful.


It wasnt heavy pentesting, just some params jungling. No way it could cause anything :) still funny coincidence


Incredible how much stuff this affected for me. Opbeat is not loading and I can't even deploy because CircleCI seems to depend on S3 for something and my build is "Queued". This seems so dangerous...


Hi, Beni from Opbeat here. Our community site is indeed down unfortunately, but the rest should be unaffected. Where do/did you experience issues?


Hi Beni! My dashboard wasn't loading (the JS assets from cloudfront.net seemed to be throwing an access-control-origin error) but it is now working again. Very slow, but it works. Fortunately nothing critical is happening right now so no worries. Love your service :)


Ah right, static assets are an issue, didn't notice it right away due to local browser caching. Sorry about the trouble!


circleci.com won't even load for me.


It is, of course the checkmark will stay green throughout this as Amazon doesn't care about actually letting its customers know they have a problem.


Now might be a good time to ponder a lasting solution. Clearly, we cannot trust AWS, or any other single provider, to stay up. What is the shortest, quickest to implement, path to actual high availability?

You would have to host your own software which can also fail, but then at least you could do something about it. For example, you could avoid changing things during critical times of your own business (e.g. a tradeshow), which is something no standard provider could do. You could also dial down consistency for the sake of availability, e.g. keep a lot of copies around even if some of them are often stale - more often than not this would work well enough for images.


High availability is improved by hosting in multiple AWS regions.

S3 offers alternative region replication functionality and you can use Cloudfront of another CDN to load balance between buckets


Yup, all of our fail overs worked flawlessly. You wouldn't even be able to tell if you didn't know.


But do you always serve files from S3? Wasn't the entire S3 down today? Or was it just some regions? I couldn't even connect to s3.amazonaws.com ...


Only one region, us-east.


How can you use Cloudfront to point to multiple buckets? I'm pretty sure each origin needs a path and Cloudfront serves the first path that matches.


I use a master and four mirror slaves. Then use round robin for reads. I used to have three slaves, but when two of them was down at the same time I got nervous and set up one more.


How does that work with S3? Your master and slaves are presumably just SQL databases, right? Or?


vps via different providers. think RAID but with VPS.


Quickest path? Use AWS (or similar). Outages happen. The more robust you want to be against outage, the more prep work you have to do. In order to have 'no outage', you have to do an incredible amount of work. There is no quick path.


That sound you hear is every legacy hosting company firing up its marketing machine


I've always wondered why people dismiss dedicated hosting without a second thought. It's actually cheaper than AWS if you factor in all of the performance you get.


Post about S3 not being a CDN hosted on an S3-powered blog:

https://jdorfman.posthaven.com/medium-bitcoin-660x493-dot-jp...

The irony


So S3's been down for at least 3 hours. Does AWS break this year's S3 durability & reliability promise of eleven 9s by now? [1][2]

[1]: https://aws.amazon.com/s3/details/

[2]: https://en.wikipedia.org/wiki/High_availability#Percentage_c...


That's durability (data loss) not availability.

Here's [1] their official SLA. This outage so far brings them to less than 3 nines of uptime this month (43.8 minutes) but still more than 2 nines (7.2 hours) so it sounds like everyone gets 10% off their S3 bill.

Very curious if Amazon will apply this automatically or only if you complain.

Edit: from further down the same page, it looks like only if you write in to support do you get these broken SLA credits. Kind of lame since everything else about their billing is so precise and automatic.

[1] https://aws.amazon.com/s3/sla/


I have gotten several credits from AWS for under a dollar due to incorrect billing calculations on their end that they caught, notified me about and sent a credit for. So I will assume yes, they do this automatically (if they don't I'd be quite surprised).


11 9's is durability not availability.


I don't think this has anything to do with durability & reliability (they probably haven't lost data). It's about availability.


But wait. Isn't S3 "the cloud". Everyone promised the cloud would never go down, ever. It has infinite uptime and reliability.

Well good thing I have my backups on [some service that happens to also use S3 as a backend].


I know your comment is in jest, but Amazon do say their API SLA for S3 is 99.99% available [1]

[1] https://aws.amazon.com/s3/sla/


After more than an hour we are now at ~99.8%, so everybody affected should be able to claim a 10% discount, right?


Which is less than 5 minutes per month, I guess they've already used that :).


> Everyone promised the cloud would never go down, ever.

No, they didn't. Large portions of AWS's documentation details how you, the developer, are responsible for using their tools to engineer a fault-tolerant, highly available system. Everything goes down. AWS promises varying amounts of nines everywhere, not 100%.


> Isn't S3 "the cloud". Everyone promised the cloud would never go down, ever.

S3 is not the cloud, it's one system running in the cloud. The cloud is not down, S3 and services dependent on (and possibly related to) it are.

One of the selling points of the cloud is that dynamically provisioned services from multiple providers enable engineering fault tolerant systems that are relatively secure against the failure of any single backend. But, yeah, if you are dependent on one infrastructure vendor's service -- particularly running in one particular region/zone -- you are probably better off than running on a single server for reliability against failures, but you aren't anywhere close to immune to failures. I don't think even cloud vendors have been particularly reluctant to make that point.


We used to have a word for "the cloud" back in my day. It was called "outsourcing."


Who told you that? I'm not sure anyone ever told you that.


Not sure if its related or not (I'll just assume it is), but dockerhub is down as well. Haven't been able to push or pull for the last 15 minutes, some other folks complaining of the same thing.


Yea my self hosted concourse is down. Feels quite bizarre to have our internal CI so crippled by S3... though i'm still investigating, perhaps the workers are just hung after all of the failed docker pulls.


Yeah, bad morning. I started by trying to pull a Docker image. When I couldn't, I tried to push some stuff to S3. Now of course I'm checking HN. :p


Can't pull images from either Dockerhub or Quay right now


confirmed: dockerhub is down too


Hi all. I came across this forum on Google. I have the same error - and it's all a bit beyond me. I'm not a techie or coder but set up Amazon S3 several months ago to backup my websites and it generally works fine - and has saved my bacon on a couple of occasions. (Also back up in Google Drive.)

As someone who's really only a yellow belt (assuming you're all black belts!), just so I understand ('cos I'm cacking myself!) ...

I'm seeing the same issue. Does this mean there's a problem with Amazon? I can't access either of my S3 accounts even if I change the region, and I'm concerned it may be something I've done wrong, and deleted the whole lot. It was working yesterday!!!

Would be massively grateful for a heads up. Thanks in advance.


Yes this is an issue with Amazon and there is little you can do besides wait until it has been resolved


> Update at 11:35 AM PST: We have now repaired the ability to update the service health dashboard. The service updates are below. We continue to experience high error rates with S3 in US-EAST-1, which is impacting various AWS services. We are working hard at repairing S3, believe we understand root cause, and are working on implementing what we believe will remediate the issue.

"Believe" is not inspiring.


From https://status.aws.amazon.com/: "Update at 12:52 AM PST: We are seeing recovery for S3 object retrievals, listing and deletions. We continue to work on recovery for adding new objects to S3 and expect to start seeing improved error rates within the hour."

(I think the AM means PM)


And now:

> Update at 1:12 PM PST: S3 object retrieval, listing and deletion are fully recovered now. We are still working to recover normal operations for adding new objects to S3.


It looks like the S3 outage is spreading to other systems or the root cause of the S3 problem is affecting different services. There are at least 20 services listed now. [1]

[1]: http://status.aws.amazon.com/


Yup it looks so. My console says I have zero buckets, my Lambdas are timing out and https://aws.amazon.com/ returns a big:

"500 The server encountered an error processing your request." message


Our lambda functions are also unavailable. Lucky for us we didn't move any of our critical functionality to lambda yet although we are planning to once we have an EC2 backup in place...


Don't know if share911 is still your product (its about page is down), but you could run your critical services on top of something like PagerDuty to give you the reliability you need.


Sometimes refreshing the console gives this error instead of showing ZERO buckets https://pbs.twimg.com/media/C5xZVGKUYAAXYGj.jpg:large


Apologizes for the "me too" post:

It appears to be impacting gotomeeting, I get this error when trying to start a 12pm meeting here:

CloudFront is currently experiencing problems with requesting objects from Amazon S3.

Edit: ironically, my missed 12pm meeting was an Azure training session.


Years ago when we launched our product i decided to use the US-WEST-2 region as our primary region and to build fail over to US-EAST-1 (Anyone here remember the outage of 2011? Yeah, that was why).

There is something to be said about not being located in the region where everything gets launched first, and where most the customers are not [imo all the benefits of the product, processes and people, but less risk].

Good luck to everyone impacted by this...crappy day.



Pretty good list of other affected sites/services in this article: http://venturebeat.com/2017/02/28/aws-is-investigating-s3-is...

Some big names and services popular with HN mentioned there. Quora, AirBnb, SendGrid, Downdetector(heh).


<% if(service.isUp || true) { renderGreenButton() } %>


Amazon outage just reported on NBC News.[1]

AMZN stock down $3.45 (0.41%).

[1] http://www.nbcchicago.com/news/national-international/Amazon...


https://twitter.com/Schmidt_RB/status/836641520321179648

"I know I'm piling on here, but Amazon's stock price is a better uptime indicator than their status page. #AWS #S3 #awscloud"



Fox News now has the story.[1]

[1] http://www.fox5ny.com/news/238689310-story



Reuters, Associated Press, and The Hill now reporting the outage.

"http://www.isitdownrightnow.com/" and DownDetector are down.


> AMZN stock down

YES! Buy on rumor, sell on fact as the saying goes.


It's been down that level from before this started happening. Surprised this outage hasn't moved it yet.


Target's stock price absolutely tanked today. I bet that, while the s3 outage will have a negative effect on AMZN, Target reporting way under estimates is probably creating a positive effect that evens it out.


That makes sense. Hadn't heard about the Target news.


This is why it's important to write code that doesn't depend on only a single service provider. S3 is great. But it's better to set up a Riak cluster on AWS than to actually use S3, if you can.

The only services my team uses directly are EC2 and RDS, and I'm thinking of moving RDS over to EC2 instances.

We are entirely portable. We can move my entire team's infrastructure to a different cloud host really quickly. Our only dependency is a Debian box.

I flipped the switch today and cloned our prod environment, including VPN and security rules, over to a commodity hosting provider.

Change the DNS entry for the services, and we were good to go. We didn't need to do anything because everyone was freaking out about everything else being down. But our internal services were close to unaffected.

At least for my team.

Obviously, we aren't Trello or some of the other big people affected. And we don't have the same needs they do. But setting up the DevOps stuff for my team in the way that I think was correct to begin with (no dependencies other than a Debian box) really shined today. Having a clear and correct deployment strategy on any available hardware platform really worked for us.

Or at least it would have if people weren't so upset about all our other external services being down that they paid no attention to internal services.

Lock-in is bad, mmkay?

If your company is the right size, and it makes sense, do the extra work. It's not that hard to write agnostic scripts that deploy your software, create your database, and build your data from a backup. This can be a big deal when some providers are flipping out.

All-your-junk-in-one-place is really overrated, in my opinion. Be able to rebuild your code and your data at any given point in time. If you don't have that, I don't really know what you have.


Not knowing your situation exactly, but there could be a cost of running your own infrastructure and not taking advantage of their services? For example, are the chances of losing data higher in riak (take into account disaster and operational bugs that could result in data loss or availability issues) than in one of amazon's supported data stores.

I don't necessarily disagree with what you are saying but there is cost of doing everything yourself.

You would have been equally protected if you had been in more than one region.


Yes. There's a cost to every decision you make. Sometimes it's the cost of s3 being down. Sometimes it's the cost of some developer time to make services agnostic. The value of that isn't immediately obvious, perhaps.

But the developer cost here (my time) was worth it. Our shit wasn't down, while everyone else's was.

I also want to point out that I spent minimal time setting this up. We can deploy to GCE or commodity VPCs at a moment's notice, and that a project I did over a couple of weekends piggybacking on the ansible playbooks I wrote for AWS.

It's not that hard. You have to get your developers on board with being provider agnostic, and you have to be agnostic yourself. But it is not insurmountable.

It also help when you're the lead dev or your team and also have a good relationship with the devops guy. :)


You still didn't address the reliability aspect. S3's durability is likely much higher than other solutions you might chose.


We're in US-West-2 and our ELBs are dropping 5XXs like there's no tomorrow. This is definitely cascading.


We're in US-West-2 and not seeing any issues. Are the instances behind your ELB trying to access S3 in their application logic?


Nope. No S3 logic behind the scenes. A few of the ELBs are fine, and a few are not. Seems random.

The EC2 instances themselves are fine, but the affected ELBs are spitting out 500s.