Vantage is an alternative to the AWS console focused on developer experience and cost transparency. My background is in public cloud where I was the product lead for DigitalOcean’s Droplet product and at AWS on the container services product management team. Our team is 100% bootstrapped with two technical co-founders and a designer.
Vantage is ReadOnly by default and is meant to work alongside your existing automation tools. We aim to help address two problems: (1) navigate and organize resources across multiple AWS services, regions and accounts in an intuitively designed experience and (2) show where your costs are coming from in a simple manner. Some of our users have described us as “Mint.com for AWS accounts.”
In the future we are looking at automated recommendations to save you money, help identify orphaned resources and get into deployment of applications. In addition, we look to add support to other public cloud providers. For example imagine seeing your bandwidth usage on S3 and being able to automate a Cloudflare integration. Or see your Heroku and AWS resources in one place and get comparisons across providers.
This post represents our first official “launch” and we are eager to collect feedback. Please have mercy :)
Feel free to contact me directly at email@example.com if I can be helpful to you in your infrastructure journey.
AWS easily has the worst UX of the three major clouds I've used. From that perspective my favourite by far is GCP.
Do you forsee supporting other cloud vendors? I guess there is a lot less demand for others, in terms both of number of users, and also Google and Microsoft UIs are a bit less awful to start with...
Additionally - I think we can build a truly objective cloud console that shouldn't be relegated to just public cloud provider services.
For example: Why can't scale.ai sit alongside ML offerings from AWS and GCP? Why can't Cloudflare see S3 egress and have Vantage facilitate an integration? Why can't you auto-replicate an environment from Heroku or DigitalOcean to AWS/GCP/Azure? These are some ideas we have going forward.
Currently we have multi-account support for AWS and have been thoughtful with our architecture to quickly add other providers going forward so stay tuned :)
So essentially we'd look at your current Heroku setup and look to replicate it on a public cloud provider of your choice.
What's the potential for Vantage being hacked and the hackers gaining admin access to your users' AWS accounts?
- A permissions overview is here (most aren't used for now). This list was made from the AWS-managed IAM policy of "ReadOnlyAccess" but whittled down to remove things like our ability to read from S3 Buckets or Databases: https://docs.vantage.sh/permissions/
- The latest CloudFormation stack is here: https://vantage-public.s3.amazonaws.com/x-account-role-creat...
As for security, we are leveraging best practices learned from our time at AWS and DigitalOcean. Every person on our team has spent time at a public cloud provider and applying what we've learned there to Vantage. We've also been in contact with certain AWS employees to ensure we have proper setups.
I beg you to blog heavily about this approach, especially if you find success with it / it doesn't provide a very negative user experience. See if you can get featured on enterpriseready.io or something.
Security is a top concern of ours and this was really the only option for what we are doing.
This is how you can share resources between different AWS accounts.
For example: If you only want to give us access to EC2, things should theoretically work.
To use a custom cross account IAM role all you need to do is email firstname.lastname@example.org and we can help out with some other configuration details to get it going.
$ http https://vantage-public.s3.amazonaws.com/x-account-role-creat... | jq '.'
parse error: Expected another key-value pair at line 420, column 17
(Haven't tried to execute it with CF)
What made you decide to build this as a separate product instead of advocating for an improved ui while still at Amazon?
I guess to put it bluntly, are their people at Amazon who defend the current state of the console?
In all honesty it wasn't part of my purview while at AWS and I was happily focused on container services at the time (ECS/Fargate/EKS/etc). I think in order to make necessary changes at AWS on this level you'd really need a full reorganization of how teams are setup. We have a lot of liberties by starting fresh.
"An alternative AWS console" - cool. I'd been wondering if there were any good ones.
What does it look like?
There's a video, but as usual I don't want to watch a product video; I don't want to disturb people by playing audio over the speakers, and it takes too long.
I scroll down… nope, no screenshots.
There's "Get Started for Free", but that's going to lead to some complicated setup process.
Oh well, I'm not interested enough to investigate further. Pass.
…Well, in reality I did investigate further, because I wanted to provide constructive feedback.
It looks like there are some screenshots on the Features page, but they should be on the front page. Also, I didn't initially realize there was a Features page, because with my browser window at 900 pixels wide (half of my MacBook Pro screen), the site dumps the navigation links at the top into a hamburger menu, which I didn't notice and wouldn't want to click. Plus, even after clicking on the screenshots to zoom them, they are too small to comfortably read the text, because they're fit to the window width minus some padding. I'd have preferred if it just showed the screenshot at full size and let me scroll.
I guess this sort of narrow (but not phone-level narrow) window size is uncommon, so it's probably not worth worrying about too much, but that is the experience I had.
Also... I tried clicking Get Started for Free. It wants me to make an account. That's friction. Oh, now it wants me to confirm my email. More friction. Where's the email? Oh, it went to spam, with a scary message in Gmail . Yikes… you should figure out what's going on with that.
I confirmed my email and now it prompts me to link my AWS account. Well, finally. I would have been more likely to sign up (if I were just a potential user rather than someone trying to provide feedback) if clicking the button on the homepage took me directly to the AWS login.
Well, I went ahead and connected…
More issues with my browser width - the Plans page is kind of broken. 
The service itself… seems fine for a launch. I like the easy-to-understand breakdown of the monthly cost! On the other hand, the service seems to just provide an overview rather than actually replacing the AWS console. Maybe there would be more functionality if I got off of read-only mode, but I couldn't figure out how.
I proceeded to delete my account. It did not automatically delete the CloudFormation stack that the signup process had me create, which is unfortunate.
It’s almost like you’re relishing in finding pointless things to say
“I don’t want to watch a video...waaa waaa waaa”
It’s clearly their first release, chill out. You’re not being constructive, you’re just nitpicking
OP: ignore them, it sounds like a great starting point to making a hell of a lot of peoples lives easier, nice release!
A lot Vantage users have the use-case of using Vantage purely for "insurance" of things going awry like this.
I would pay _so_ much money to never have to use Cloudwatch and AWS Cost Management again. Thankfully, I qualify for the vantage free tier for quite a while longer.
That being said - we are slowly adding management actions and I do believe we will be compatible with a number of AWS services in due time. For example, you can manage Route 53 record sets directly from Vantage. We wrote a post up on it here: https://medium.com/@bensign/raising-the-bar-for-the-route53-...
This is good to know, but I’m really curious how you found out about the OSS project? You are a contributor? Found out on Twitter?
I can give some background that might be helpful on why the UIs might not be open sourced.
Each service team builds their own console. Most of the original AWS consoles were written in Java with GWT. Some eventually moved to Angular. There's a big push internally to use a more consistent and familiar UX experience across services. There's an internal UI/UX platform called Polaris (I'm not leaking anything here, you can see this in the source of some consoles and in the console.log statements that leak to prod) that most of the new services use.
Most new services are built with React + Polaris. The console API for many new services is not the same API that is exposed to the SDKs/CLIs. These APIs aren't public or documented. If they open source every console, and people build on that, they're tied to supporting those APIs in perpetuity. That slows their pace of iteration on the console.
If consoles are open source it could be another potential vector for service updates to leak through.
Another concern is that releasing the UI kit for the AWS console is going to make it way easier for phishers to build out convincing lures. TBH I'm not super concerned about that.
If I were AWS I'd open source the UI toolkit and give various service teams the option of open sourcing their console. From there I'd release a theme/color scheme for people who want to build extensions.
AWS is very customer feedback driven. However, most of the customers providing feedback are not the ones using the console day-in-day out. The people actually using the console are not the ones talking to AWS. If you hit a UX issue then use that feedback button on the bottom left of the console and let them know.
I expeced an alternative to the AWS console, but got a monitoring dashboard. Didn't seem like I could do much with it besides looking at my resources.
I mean, that isn't bad, it's probably doing a good job at that. But I guess, I simply expected more interactivity from an AWS console replacement, haha
Out of curiosity, why do you hide YouTube player controls on home page?
Also, I'm wondering if the community has any other open source alternatives I could toy around with and peek under the hood.
I used to be an SRE at a large company with a gigantic AWS account. While the console can be a mess, it’s really information dense and once you are familiar with it, you can find a lot of stuff. It also meant that it was easier to use awscli because you knew what was available without reading the docs.
I honestly don’t need things to look well designed with lots of white space at the expense of lowering the information density.
Cost saving views displayed in plaintext above resources are cool, but not better than the billing console which can be fairly powerful.
The answer is essentially we have custom plans available and you just need to contact email@example.com - we just want to understand your scale and use case. In some cases we aren't the right fit right now. For example, we spoke to a company with ~$20M in monthly AWS costs and told them we need to get back to them before we can realistically support them.
We'll hopefully have this updated tomorrow. Thanks for this call-out.
How does this compare to, for example, stax.io which does similar cost transparency but also offers compliance monitoring and other elements?
The company I work with as a $250K/month spend on AWS and uses stax to hassle people to delete unused things :)
I'm sure there was a purpose for how the AWS console was originally built, but if someone spent this much time for an alternative, there's a clear problem in its original conception.
This looks promising - good luck!
AWS's release cadence is absolutely crazy - I can barely keep up with all the new releases. Are you planning on supporting all AWS services? If so, how are you planning on keeping up?
We are letting our users dictate what services we support. We can typically add support for a new AWS service in a few hours at best or ~2 days at worst.
The nice thing about Vantage is that its essentially a personalized console just for you - so even if we add support for a bunch of AWS services you'll have a console just for what services you're using.
Also at one point we hope to hire some more engineers to assist with development progress.
tl;dr: The Vantage application (hosted on AWS) interacts with your AWS account through something called a Cross Account IAM role that defaults to read only permissions.
We have dynamic instructions generated to the user to assign these permissions manually for now.
Also FYI the email verification hit my spam box on Gmail.
Edit: Also is there any way to have multiple users on a Vantage account?
For example, cost transparency reports will require an upgrade to use for spend over $500 per month. The specifics are detailed on our pricing page here: https://vantage.sh/pricing
We are taking a look at what it would take to offer a free trial on our end in the future as well.
-You limit based on spend
-You don't support all AWS Services
-As a result you don't see all of our spend
-Which means you actually limit based on spend of supported services? (I think?)
It also aligns our incentives with insuring we do as good a job as possible with appropriately representing your costs :)
Would be nice to put something like this up behind our own VPN auth etc
It isn't something we're going to get done in the near term but if you'd like to discuss, I'd be happy to chat about it. Feel free to email me at firstname.lastname@example.org
one question. I have a couple projects on Amplify that don't pop up on my Vantage dashboard. Is it just a subset of AWS services that are included?
Which AWS services do you cover?