Hacker News new | past | comments | ask | show | jobs | submit login

All of AWS' access control is too confusing. Unless you spend a lot of time managing AWS it's hard to remember how to configure IAM and ACLs. I have to read the docs almost every time I change something just to be sure I don't screw it up. At my last job our team actively avoided touching IAM as much as possible because we all hated it.



You can tell how old a service is by its name. Most of the old ones have cutesy in-joke names. Most of the new ones are named exactly for what they do. They realized having 400 cutesy joke names was exhausting.


I have the opposite sentiment from a more infrastructure rather than application services perspective. Earlier names like S3, EC2, SQS are more descriptive. Aurora, Redshift, Pinpoint, Fargate, Macie, etc. give me no idea what they actually... do. Given that the earlier services are much more foundational technologies than value-adds and higher-level ones doesn’t that make sense? Somewhere around Lambda or a little prior is when I think the names started being more influenced by “product people” than traditional engineers. I think the names probably have more to do with the intended audience than anything else at this point.


Is Lambda supposed to be a reference to lambda functions in python? Having functionality without really putting in the supporting structure.


Lambda references lambda calculus, which is a model of computation including anonymous functions definitions.

Some languages like Python refer to their anonymous functions as lambdas.

"Cloud functions" (ala GCP) would be more explicit, but the reference is a sensible one.

[1] https://en.wikipedia.org/wiki/Lambda_calculus

[2] https://en.wikipedia.org/wiki/Anonymous_function


IAM isn't a cutesy name. It literally stands for Identity and Access Management.


CAN-SPAM Act literally stands for "Controlling the Assault of Non-Solicited Pornography And Marketing" Act

Doesn't mean they didn't choose that very carefully and on purpose.


But do you realize that IAM is an industry wide standard acronym? It's not exactly unique: https://en.wikipedia.org/wiki/Identity_management

> Identity management, also known as identity and access management (IAM)


I hope Jeff Barr is reading this.

While it might be an 'industry wide acronym' and it might make sense for people with experience [1] it is not immediately apparent to certain people who would like to try AWS or who aren't doing these things for a living.

Things should be labeled easily for the lowest common denominator. If you want to use an acronym it should appear after the full name of the item.

Not this: IAM

But this: Identity and Access Management (IAM). And the full description should appear everywhere. Not just in one place (like in a legal contract or the beginning of Jeff Barrs blog post) but everywhere.

Why not? Why not do everything to make it easier. It's not like we are talking a printed piece where space matters. People reading on mobile? So what still spell it out. There are always new users who don't know the jargon.

And if you want to have an express page then take the verbose page and make an express page from it for people who don't want it spelled out.

[1] Just like people with experience know what a MAC address is vs. a Mac Computer


This is great feedback, and I appreciate your taking the time to write it up.

I definitely try to do this in my blog posts, but I do assume that my readers have been following along for some time, and that they have internalized some of names.

As you noticed, I like to use the full ("formal") name at the start of each post, and then switch to the informal name after that. In fact, I have a shortcode system that makes this fairly easy. The first reference spells out the entire name and is linked; the others use a short name and are not linked.


Many posts, especially when posted to HN or linked from some other blog, are read by people who're not regulars. Besides, people scan, not always read end to end.


> I hope Jeff Barr is reading this.

IAM.


I saw that.


Should EBS no longer be called Elastic Block Store because people new to Linux don't know the difference b/w block and object storage? Where does it stop? Should programming languages no longer use terms like lambda functions and generics that take some technical reading to understand? New users can read one of the countless AWS books on Safari or one of the countless guides online if they need a technical brushup beforehand.

AWS is a technical product, it's not Wordpress or Mailchimp. Just like Cadence makes EDA products and MATLAB makes maths software, AWS makes datacenter computing available on the cloud. It's not aimed at users who have a few minutes of experience with some Lubuntu desktops at home.


How is IAM a cutesy name?


It can be read as both an acronym for “Identity and Access Management” and as the phrase “I am”, which also happens to fit the topic of identity.


Never noticed this before, and now can never unsee it. Thank you.


err it's the same in google cloud


True, but that would apply to everyone else that uses the acronym, not something Amazon invented.


Hence Fargate


Everything about AWS is too confusing. Exporting data from dynamodb, if it's more than 100 records, requires a bunch of setting up data pipeline, etc. An equivalent dump given something like mongodb would be one command.


Related: The gotchas column in this repo is very nice to know for AWS services.

https://github.com/open-guides/og-aws


Or you can just follow the walkthrough that’s been around since 2014...

https://aws.amazon.com/blogs/aws/cross-region-import-and-exp...


Deprecated. There's no longer an export/import button. This changed in 2016 or 2017.


Heck, even when I worked there and routinely had to modify IAM policies, it was a routine source of stress and concern. Especially the unexpected limits that would suddenly strike you from no-where. It was as if they really wanted you to be overly permissive instead of tightly restrictive.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: