Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Vantage – An alternative AWS console focused on developer experience (vantage.sh)
221 points by StratusBen 10 months ago | hide | past | favorite | 87 comments

Hi HN,

Vantage is an alternative to the AWS console focused on developer experience and cost transparency. My background is in public cloud where I was the product lead for DigitalOcean’s Droplet product and at AWS on the container services product management team. Our team is 100% bootstrapped with two technical co-founders and a designer.

Vantage is ReadOnly by default and is meant to work alongside your existing automation tools. We aim to help address two problems: (1) navigate and organize resources across multiple AWS services, regions and accounts in an intuitively designed experience and (2) show where your costs are coming from in a simple manner. Some of our users have described us as “Mint.com for AWS accounts.”

In the future we are looking at automated recommendations to save you money, help identify orphaned resources and get into deployment of applications. In addition, we look to add support to other public cloud providers. For example imagine seeing your bandwidth usage on S3 and being able to automate a Cloudflare integration. Or see your Heroku and AWS resources in one place and get comparisons across providers.

This post represents our first official “launch” and we are eager to collect feedback. Please have mercy :)

Feel free to contact me directly at ben@vantage.sh if I can be helpful to you in your infrastructure journey.

Congrats on the product launch, looks a neat UI.

AWS easily has the worst UX of the three major clouds I've used. From that perspective my favourite by far is GCP.

Do you forsee supporting other cloud vendors? I guess there is a lot less demand for others, in terms both of number of users, and also Google and Microsoft UIs are a bit less awful to start with...

Thank you! Great question. We are planning on supporting GCP, Azure, DigitalOcean and Heroku in the future and have users who have actively been requesting support for all of them.

Additionally - I think we can build a truly objective cloud console that shouldn't be relegated to just public cloud provider services.

For example: Why can't scale.ai sit alongside ML offerings from AWS and GCP? Why can't Cloudflare see S3 egress and have Vantage facilitate an integration? Why can't you auto-replicate an environment from Heroku or DigitalOcean to AWS/GCP/Azure? These are some ideas we have going forward.

Currently we have multi-account support for AWS and have been thoughtful with our architecture to quickly add other providers going forward so stay tuned :)

Great product - sorely needed for AWS - that said Heroku is an interesting choice... I’ve been using it for almost 10 years now and I’m not sure how much more room for improvement there is - maybe I’ve got blinkers on - what are the Heroku UI/UX pain points you’re seeking to solve?

Thank you! We aren't looking to add any UI/UX improvements to Heroku but are looking at facilitation of migrating (or replicating) Heroku accounts to one of the larger players like GCP/Azure/AWS.

So essentially we'd look at your current Heroku setup and look to replicate it on a public cloud provider of your choice.

How does it handle credentials?

What's the potential for Vantage being hacked and the hackers gaining admin access to your users' AWS accounts?

The provided CloudFormation stack creates a Cross Account IAM Role with a list of read only permissions. We don't accept access keys or secrets.

- A permissions overview is here (most aren't used for now). This list was made from the AWS-managed IAM policy of "ReadOnlyAccess" but whittled down to remove things like our ability to read from S3 Buckets or Databases: https://docs.vantage.sh/permissions/

- The latest CloudFormation stack is here: https://vantage-public.s3.amazonaws.com/x-account-role-creat...

As for security, we are leveraging best practices learned from our time at AWS and DigitalOcean. Every person on our team has spent time at a public cloud provider and applying what we've learned there to Vantage. We've also been in contact with certain AWS employees to ensure we have proper setups.

I'm so refreshed to see this designed this way. I assumed that they would be asking for an API key or equivalent, because I don't know anything about the product team or the company and this bad behavior is so bog-standard.

I beg you to blog heavily about this approach, especially if you find success with it / it doesn't provide a very negative user experience. See if you can get featured on enterpriseready.io or something.

Hey, thanks for that comment and I'm glad folks are noticing our approach. We are happy to blog about it. We've had a tremendous amount of success with it.

Security is a top concern of ours and this was really the only option for what we are doing.

I am confused by your comment. How do they access the role they create if not through keys?

You can allow IAM roles in your account (which simply just has the permissions defined, with no keys or other credentials associated) to be assumed by identities in another account. Vantage would then be responsible for securing credentials for the target identity in their account, but there would be no transfer of keys involved whatsoever from one party to another.

You can create a role with certain permissions in your account. You can then configure this role to only be assumed by another user in another specific AWS account.

This is how you can share resources between different AWS accounts.

for what its worth, there is a much better scoped ViewOnlyAccess managed policy that makes a much better distinction about what is reasonable read-only access (ecs:listClusters) and not reasonable read-only access (dynamodb:Query)

That's good feedback. Customers can also give us a Cross Account IAM role with whatever permissions they'd like and Vantage should work accordingly in a gracefully degraded fashion.

For example: If you only want to give us access to EC2, things should theoretically work.

To use a custom cross account IAM role all you need to do is email support@vantage.sh and we can help out with some other configuration details to get it going.

It appears the current CF stack is not valid JSON file:

$ http https://vantage-public.s3.amazonaws.com/x-account-role-creat... | jq '.' parse error: Expected another key-value pair at line 420, column 17

(Haven't tried to execute it with CF)

There's a trailing comma after the last kv pair in a dict. One of those things that some json parsers will accept and some won't.

Product looks really nice, going to pitch this later this week to our accounting and devops teams.

What made you decide to build this as a separate product instead of advocating for an improved ui while still at Amazon?

I guess to put it bluntly, are their people at Amazon who defend the current state of the console?

Great - feel free to email me if you need any help at ben@vantage.sh

In all honesty it wasn't part of my purview while at AWS and I was happily focused on container services at the time (ECS/Fargate/EKS/etc). I think in order to make necessary changes at AWS on this level you'd really need a full reorganization of how teams are setup. We have a lot of liberties by starting fresh.

Makes perfect sense.

Good luck!

Looks nice! Surprised something like this hasn't come out sooner. The AWS UI is a hot mess. Good luck.

In case it helps, I tried to recount my thoughts in the first few seconds after clicking the link.

"An alternative AWS console" - cool. I'd been wondering if there were any good ones.

What does it look like?

There's a video, but as usual I don't want to watch a product video; I don't want to disturb people by playing audio over the speakers, and it takes too long.

I scroll down… nope, no screenshots.

There's "Get Started for Free", but that's going to lead to some complicated setup process.

Oh well, I'm not interested enough to investigate further. Pass.

…Well, in reality I did investigate further, because I wanted to provide constructive feedback.

It looks like there are some screenshots on the Features page, but they should be on the front page. Also, I didn't initially realize there was a Features page, because with my browser window at 900 pixels wide (half of my MacBook Pro screen), the site dumps the navigation links at the top into a hamburger menu, which I didn't notice and wouldn't want to click. Plus, even after clicking on the screenshots to zoom them, they are too small to comfortably read the text, because they're fit to the window width minus some padding. I'd have preferred if it just showed the screenshot at full size and let me scroll.

I guess this sort of narrow (but not phone-level narrow) window size is uncommon, so it's probably not worth worrying about too much, but that is the experience I had.

Also... I tried clicking Get Started for Free. It wants me to make an account. That's friction. Oh, now it wants me to confirm my email. More friction. Where's the email? Oh, it went to spam, with a scary message in Gmail [1]. Yikes… you should figure out what's going on with that.

I confirmed my email and now it prompts me to link my AWS account. Well, finally. I would have been more likely to sign up (if I were just a potential user rather than someone trying to provide feedback) if clicking the button on the homepage took me directly to the AWS login.

Well, I went ahead and connected…

More issues with my browser width - the Plans page is kind of broken. [2]

The service itself… seems fine for a launch. I like the easy-to-understand breakdown of the monthly cost! On the other hand, the service seems to just provide an overview rather than actually replacing the AWS console. Maybe there would be more functionality if I got off of read-only mode, but I couldn't figure out how.

I proceeded to delete my account. It did not automatically delete the CloudFormation stack that the signup process had me create, which is unfortunate.

[1] https://drop.qoid.us/fah8Eit5.png

[2] https://drop.qoid.us/Ek9ieSoh.png

This is the epitome of a snarky ‘Shown HN’ reply

It’s almost like you’re relishing in finding pointless things to say

“I don’t want to watch a video...waaa waaa waaa”

It’s clearly their first release, chill out. You’re not being constructive, you’re just nitpicking

OP: ignore them, it sounds like a great starting point to making a hell of a lot of peoples lives easier, nice release!

IMO, it looks like fairly constructive feedback delivered in a reasonable way. If I were OP, I'd want more posts like this, not fewer.

Within 30 seconds of signing up for Vantage I discovered an old unused EC2 instance I was still paying $17/month for. This made me realize how weirdly hard it is to see a usable cost breakdown by resource on AWS...converted :)

This brought such a smile to my face. Thank you for sharing and happy we could help.

A lot Vantage users have the use-case of using Vantage purely for "insurance" of things going awry like this.

I use Vantage and it's definitely a good product and all but the real value is every hour you don't have to spend using AWS directly.

I would pay _so_ much money to never have to use Cloudwatch and AWS Cost Management again. Thankfully, I qualify for the vantage free tier for quite a while longer.

Although this is a nice little simplified view into your AWS account I think calling it an "alternative AWS console" is misleading because you can't actually do anything with it, use it to make changes, etc.

It's a fair call out and something we've struggled with in messaging at this stage of the company. It's hard to keep messaging simple but also be succinct with what we are providing. We will be iterating on this over time.

That being said - we are slowly adding management actions and I do believe we will be compatible with a number of AWS services in due time. For example, you can manage Route 53 record sets directly from Vantage. We wrote a post up on it here: https://medium.com/@bensign/raising-the-bar-for-the-route53-...

Looks good, congrats! Open source alternative https://github.com/cloudquery/cloudquery

This is awesome. Putting yet another tool you don't have control over in your toolchain seems to be causing headaches for a lot of developers with big applications these days. Relying on other peoples services is always a risk, great to see there are OSS alternatives.

Hey, don’t take the shine off StratusBen’s Show HN :)

This is good to know, but I’m really curious how you found out about the OSS project? You are a contributor? Found out on Twitter?

I've always wondered why AWS doesn't just open source their console. it's such a usability disaster and there's so many developers that would love to contribute improvements to it. Wouldn't that make financial sense to Amazon?

I think that's a good idea and I wish they would do something like this. FWIW I disagree that the console is a usability disaster. We're very prone to hyperbole in this industry. It's definitely got a ton of room to improve but it's not the worst and it's usable. Hundreds of thousands of people use it all the time.

I can give some background that might be helpful on why the UIs might not be open sourced.

Each service team builds their own console. Most of the original AWS consoles were written in Java with GWT. Some eventually moved to Angular. There's a big push internally to use a more consistent and familiar UX experience across services. There's an internal UI/UX platform called Polaris (I'm not leaking anything here, you can see this in the source of some consoles and in the console.log statements that leak to prod) that most of the new services use.

Most new services are built with React + Polaris. The console API for many new services is not the same API that is exposed to the SDKs/CLIs. These APIs aren't public or documented. If they open source every console, and people build on that, they're tied to supporting those APIs in perpetuity. That slows their pace of iteration on the console.

If consoles are open source it could be another potential vector for service updates to leak through.

Another concern is that releasing the UI kit for the AWS console is going to make it way easier for phishers to build out convincing lures. TBH I'm not super concerned about that.

If I were AWS I'd open source the UI toolkit and give various service teams the option of open sourcing their console. From there I'd release a theme/color scheme for people who want to build extensions.

AWS is very customer feedback driven. However, most of the customers providing feedback are not the ones using the console day-in-day out. The people actually using the console are not the ones talking to AWS. If you hit a UX issue then use that feedback button on the bottom left of the console and let them know.

People who think that the AWS UI is a disaster probably didn't have to deal with IBM SoftLayer in the past :)

LOL SAP has millions of users worldwide and their interfaces are as ugly as anything... and then Oracle Forms, people still using APEX type applications from the 1990s... End users don't get the choice, they get told...

Its not one console held in a single repository. AWS has teams built around individual features, and each individual team is responsible for creating its own UI, which is why its not a particularly coherent standard. Open-Sourcing it would involve releasing thousands of repositories built on many different types of internal architectures, and would be largely infeasible to change/build upon without a solution like Vantage that sets up it's own IAM role.

From Amazon's perspective being unable to easily see what resources you have in your account might be a feature, not a bug.

AWS Cost Explorer easily reveals all resources in an account:


AWS Resource Groups and Tag Editor lets you get visibility across your AWS Account for all resources, but not across multiple accounts...

I'm trying to build https://teemops.com/ Also see app working at https://app.teemops.com and is open source on github https://github.com/teemops/teemops-ui... The goal of the project is to simplify AWS completely at the UI, but also API for multiple account, region and deployment scenarios... The problem with the AWS console itself is that I imagine it would also be tied so heavily into their control plane and several of their services that have different UIS (Take Cognito, Workdocs for example) that it would be a mission to maintain...

Does the dashboard use non-public APIs?

At DigitalOcean (where I didn't overlap with Ben) we obviously thought a lot about how to improve the DX around interacting with cloud resources, both GUI-based and programmatically. Great to see someone taking that idea to its natural next step :)

I was a bit whelmed when I used it.

I expeced an alternative to the AWS console, but got a monitoring dashboard. Didn't seem like I could do much with it besides looking at my resources.

Out of curiosity - what else would you like to do? We're always open to feedback. The only write actions we have are around Route 53 detailed here but we're adding more soon: https://medium.com/@bensign/raising-the-bar-for-the-route53-...

I guess, I would like to do what I can do with the actual AWS console. Provision and update my resources. Otherwise it's, like I said, only another monitoring dashboard.

I mean, that isn't bad, it's probably doing a good job at that. But I guess, I simply expected more interactivity from an AWS console replacement, haha

Isn't it supposed to be read only for security - that's at least a big benefit in my book. Ideally without dynamodb query permission either. etc

Sure, totally understand that. It's just not what I think about when I read AWS console replacement.

This is pretty nice, but it's not really an "alternative" to the console, is it? It's a pretty nice complementary monitoring dashboard though. Pricing wise, I have to be honest, I don't see myself paying $50 a month for a monitoring dashboard, as a solo dev or a small company.

Out of curiosity, why do you hide YouTube player controls on home page?

I've thought about the idea of re-implementing the AWS console, especially for the ends of a 'focused'/gated experience in the data science field; my reasoning was every service has an API and there is a JavaScript SDK, why not just reimplement the console to my tastes/goals? I'm curious what your architecture/design looks like and whether you ran into any sharp edges: ie is Web UI for a cloud platform really as simple as writing JS to call rest APIs?

Also, I'm wondering if the community has any other open source alternatives I could toy around with and peek under the hood.

Congrats on launching a product. I think it’s a great idea for small - medium sized shops to use this.

I used to be an SRE at a large company with a gigantic AWS account. While the console can be a mess, it’s really information dense and once you are familiar with it, you can find a lot of stuff. It also meant that it was easier to use awscli because you knew what was available without reading the docs.

I honestly don’t need things to look well designed with lots of white space at the expense of lowering the information density.

Cost saving views displayed in plaintext above resources are cool, but not better than the billing console which can be fairly powerful.

We've been using Vantage for a few months now and it's a really great layer on top of the AWS console. I particularly like the correlation of the metrics right in the dashboard - makes light-weight DevOps real easy.

I think there needs to be better pricing. I know pricing is hard but there should at least be a call to action if you have much a much bigger spend than what is on the pricing page.

This was a miss for me personally. We added a few more Q&A around this but aren't pushing any changes to the site until after launch now.

The answer is essentially we have custom plans available and you just need to contact support@vantage.sh - we just want to understand your scale and use case. In some cases we aren't the right fit right now. For example, we spoke to a company with ~$20M in monthly AWS costs and told them we need to get back to them before we can realistically support them.

We'll hopefully have this updated tomorrow. Thanks for this call-out.

In a sea of CMP options, what sets Vantage apart? Sincerely asking, as I cannot tell from the site's docs. And does Vantage leverage AWS Cost Anomaly Detection in any way?

This is a godsend. We're running multiple accounts and different regions on AWS, and I believe Vantage will be phenomenal. Excited to use it.

I got a demo of Vantage recently and being able to build dashboards for each environment (eg dev, staging, prod) seems really useful

Crazy how you need a tool that reads another tool to figure out how much you're spending for the original tool.

I'm sure there was a purpose for how the AWS console was originally built, but if someone spent this much time for an alternative, there's a clear problem in its original conception.

Hiya, interesting offering and exploring it now :)

How does this compare to, for example, stax.io which does similar cost transparency but also offers compliance monitoring and other elements?

The company I work with as a $250K/month spend on AWS and uses stax to hassle people to delete unused things :)

Congratulations on the launch. The cost estimation feature is awesome - very useful for people like me who are not very good at cleaning up resources. Also like the cross-region view without having to switch console regions.

This looks promising - good luck!


Congratulations on the launch. This looks fantastic!

AWS's release cadence is absolutely crazy - I can barely keep up with all the new releases. Are you planning on supporting all AWS services? If so, how are you planning on keeping up?

Thanks so much!

We are letting our users dictate what services we support. We can typically add support for a new AWS service in a few hours at best or ~2 days at worst.

The nice thing about Vantage is that its essentially a personalized console just for you - so even if we add support for a bunch of AWS services you'll have a console just for what services you're using.

Also at one point we hope to hire some more engineers to assist with development progress.

That kind of timeline is incredible. Are you able to share anything about your development processes that enable this?

We invested heavily in the tooling around how we interact with AWS from the get-go as we knew this would be a problem. That's all we're really publicly sharing right now :)

How does this work? Do you have servers that connect to AWS using my credentials?

We wrote up a quick overview of how Vantage works here: https://docs.vantage.sh/connecting/

tl;dr: The Vantage application (hosted on AWS) interacts with your AWS account through something called a Cross Account IAM role that defaults to read only permissions.

Everything that AWS offers comes with lots of caveats. I'm happy that good competition from Azure is forcing AWS to simplify some of of their services and make things a bit more straightforward.

Am I understanding correctly that if I have over 500 a month in spend there is no free trial option?

Also FYI the email verification hit my spam box on Gmail.

Edit: Also is there any way to have multiple users on a Vantage account?

If you have over $500 per month of AWS spend, you are still free to use the product (no credit card required to get started) and everything will work but certain features will be restricted.

For example, cost transparency reports will require an upgrade to use for spend over $500 per month. The specifics are detailed on our pricing page here: https://vantage.sh/pricing

We are taking a look at what it would take to offer a free trial on our end in the future as well.

Makes a lot of sense. Theres an interesting item I noticed:

-You limit based on spend

-You don't support all AWS Services

-As a result you don't see all of our spend

-Which means you actually limit based on spend of supported services? (I think?)

That's correct.

It also aligns our incentives with insuring we do as good a job as possible with appropriately representing your costs :)

Any thoughts on a self hosted version? (I didn't look too closely at all the marketing stuff if this is already addressed)

Would be nice to put something like this up behind our own VPN auth etc

We have been asked about this a bunch, yup.

It isn't something we're going to get done in the near term but if you'd like to discuss, I'd be happy to chat about it. Feel free to email me at ben@vantage.sh

I admit that I love this UI for cloud management, and I'd love more to be able to use it with GCP too because accessing GCP console is another kind of pain compared to AWS.

GCP support is on the way. To learn more please email support@vantage.sh!

Congrats on the launch! Curious, how do you plan to handle CF template upgrades when you need additional permissions as you enhance the product?

We have some logic built into the app already for this. Vantage is aware of what permissions it has and what it needs to perform certain actions and will inform the user of what additional permissions are required.

We have dynamic instructions generated to the user to assign these permissions manually for now.

Thanks for taking the time to reply, all the best with Vantage!

very cool view on my checkered history of failed and abandoned personal projects lol. nice to have it confirmed they're not still costing me money though!

one question. I have a couple projects on Amplify that don't pop up on my Vantage dashboard. Is it just a subset of AWS services that are included?

I was just thinking the other day whomever does this will be very rich. AWS’ console is the worst.

Any plans to offer this as an AWS Marketplace offering ?

This looks great! Looking forward to trying this out.

That’s a mammoth task to take on.

Which AWS services do you cover?

They have a page for this on their docs: https://docs.vantage.sh/supported_services/

very annoying that the embedded video has no controls. I want to know how long it is before I start watching

(it's 2:19)

finally getting to see a demo of this, and all I have to say is freakin' boom

Congrats on the launch!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact