Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: AWS Enhancement Suite (chrome.google.com)
33 points by brandonbloom 12 days ago | hide | past | favorite | 31 comments

Pro-tip: Describe what this actually does. "adding functionality like price estimates for resources." is vague.

The Chrome extension asks for permission to "Read and change your data on all auth0.com sites, all aws.amazon.com sites, and all deref.io sites"

That's a LOT of power to give some random extension to my AWS account. I'm not going to do that unless I know EXACTLY what it does, how, and why.

The vaguer you are, the less I trust you.

And that doesn't get into why this extension also needs access to auth0 which is not described in the overview at all.

Thanks for the feedback. We'll improve the description.

As for the auth0.com access, that's a bug! It's fixed in the next release. Sorry about that.

EDIT: The extension is also open source, if that's helpful at all - https://github.com/deref/deref-browser-extensions

That's super helpful! Please include that in the overview! :)

If there's one website I would never in a million years let a closed-source, venture-backed browser extension inject content into, it's console.aws.amazon.com. What a terrifying thought...

i dont disagree with your point here but just want to raise awareness that anyone can "view source" browser extensions: https://chrome.google.com/webstore/detail/chrome-extension-s...

of course, code obfuscation is a thing.

and remember to stop the extension auto-updating (I assume Chrome lets you do so..?) and review any changes.

> closed-source

Why do you believe that? https://github.com/deref/deref-browser-extensions

Chrome extensions don't mirror GitHub source, they can upload whatever they want in the zip file.

It's pretty easy to install from source, if that's your preference. We'll get some build/install instructions in to the readme.

Hey, CEO of Deref here.

In our customer discovery calls, we've heard so much about how folks dislike the AWS Console. We figured we should do something about that!

This extension is super early days, but we'd love for it to grow. Feedback welcome!

email: hello@deref.io

twitter: @deref_inc

Your actual website shows a much more interesting console product: https://www.deref.io/

Can you share more about that?

We're in closed beta now and will have more to share publicly soon. Would be happy to chat though, so I'll reach out if you sign up for the beta invite list on our site or shoot a note to hello@deref.io

I think AWS console has a lot of room for improvement. However, I think of it as a feature, since I'm trying very hard to have people do everything in the infra as code, rather than clicking buttons, and the worse the console is, the better ;)

Even for read-only use cases?

I've talked to _lots_ of folks who have nearly 100% IaC coverage, including folks who only expose read-only console access to the majority of their devs. But I haven't met anyone who has successfully managed to avoid logging in to the console during production incidents to debug things.

One feature we're looking at potentially adding is "Go To Definition", that lets you go from the AWS Console and jump directly to the Terraform code that produced that resource. Would that be useful to you?

Good point, we do use it for read only use cases indeed.

And yes, jumping to terraform would indeed be a useful feature to have :)

> Even for read-only use cases?

That's a bingo.

Then how do you intend to do logs and debugging?

For a more secure approach, you might find Vantage interesting: https://www.vantage.sh/

Useful enough tool. Sadly I feel very nervous about any permissions on my AWS account so it must remain uninstalled. It's a pity, though.

I guess I could load it unpacked but the utility isn't high enough for me to go through the source myself.

Anything that we could do to assuage your concerns?

For what it's worth, we're trying to be extremely thoughtful about security. If it helps (or hurts?), we're a venture backed company, have a published privacy policy, etc. We don't include any anonymous identity tracking, nor do we do any resource crawling, or anything like that. For the CloudTrail feature, we do hit a read-only API endpoint using your browser session, but we don't send any of that data to our servers. We'd never hit any read/write endpoints without you properly granting us an IAM role.

Actually, when I checked your website and found that you're venture-backed that made me feel safer. Ultimately, though, the problem is that the tool has too much access. I might prefer to use a role provisioned into my account to use a dedicated better console experience way before I would use the extension (it acting as me is too much exposure for me). As it so happens I find the console not too bad as it stands so maybe that's part of it.

I know you guys are well-intentioned and I'm trying to help you here by finding out what the key thing is that would make me comfortable and I'm really coming up with nothing. I just think it's too much power to get not that much utility for me.

Sorry I couldn't come up with anything concrete.

Thanks for the perspective!

I'm most interested in this:

> too much power to get not that much utility

Is there something that pains you enough that if you had a fix for it, you'd overlook your security concerns?

In the AWS console, no.

However, I have used those extensions that merge Google Calendar events together and that was borderline for me. I think if I had a tool that would generate Terraform based on the summary page of an AWS construct I might consider using the extension. It would still be a reach though.

> if I had a tool that would generate Terraform based on the summary page of an AWS construct

This is definitely something we've considered. Our primary platform over at https://www.deref.io/ (still in closed beta) can export resources to Terraform or Pulumi. Video from a few months ago available here: https://youtu.be/DsZsYs_N4NU – If that's interesting to you, drop us a note at hello@deref.io and we can talk about your needs.

Thanks for sharing that. Full disclosure: this is also not a significant pain point for me.

One thing you can do is make the extension source-available.

AWS Enhancement Suite sounds like an AWS product. Consider calling it:

Enhancement Suite for AWS or

Deref Enhancement Suite for AWS

to avoid confusion?

I think it's taking it's naming from "Reddit Enhancement Suite". I've seen a couple other extensions also go with that naming convention such as "Google Meet Enhancement Suite".

Isn't there a trademark infringement risk to put the AWS brand as the lead item? I'm surprised AWS approves of that vs the more common for AWS model for third parties targeting AWS. But great to hear AWS have such a relaxed view. The legal side would probably throw a fuss over this type of thing.

AWS is one of the main examples of why I miss the days when things had dedicated, native applications. I can imagine the AWS console being so much easier to use if it was something like Intellij. I don't even like Intellij compared to Sublime, but at least Intellij has an undeniable amount of power and customization. Meanwhile the AWS console is a drag to use and gets worse if you use the new UIs

doesn't matter how cool this is, i would never use sth like this

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact