Cloud Irregular: IAM Is The Real Cloud Lock-In

Vendor lock-in is an old and well discussed issue. Some people don’t care about it all, jump right in. Others avoid it like a plague. And then there are those who allow it, with some very careful considerations.

I have always been on the side of avoiding vendor lock-in by all costs. But lately, with all the SaaS offerings and cloud providers, I feel like the line becomes a lot more blurred.

Initially, when I started using Amazon AWS, I approached it exclusively as an IaaS, setting up my own servers in such a way that I would be able to move to another vendor in a heartbeat. These days, I’ve grown to trust Amazon a lot more. But I still feel uneasy about some of the lock-in.

Cloud Irregular: IAM Is The Real Cloud Lock-In” is an interesting take on the cloud lock-in. It found the comparison of the Amazon IAM (Identity and Access Management) to the Microsoft Active Directory particularly insightful.

To illustrate this point, we have to look no farther than the nine-hundred-pound gorilla of the IAM jungle, which continues to be Microsoft’s ActiveDirectory. I’m not sure I even know what ActiveDirectory is anymore, to be honest. Is it a cloud service? A “hybrid identity” provider? A flippin’ Linux domain controller? The answer to all of those questions appears to be “yes, if that is what you want”, which is why AD implementations will surely keep an army of Microsoft “IT Pros” busy for a couple more decades.
Here’s what ActiveDirectory is not: easy to migrate off of. 

7 Awesome CloudFormation Hacks

Amazon CloudFormation templates are a bit tricky to write, regardless of whether you are working on your first one or you have been doing it for years. Sure, there are plenty of examples online, tools that make it easier (thanks Ansible!), and copy-pasting sections from your own library. But any tips on how to make the life easier are always welcome.

Hence, here’s a very handy collection of “7 Awesome CloudFormation Hacks“. These include:

  1. Combine two sequent intrinsic functions
  2. Use exported values from other stacks in !Sub
  3. Changes in cfn-init don’t trigger redeployment in AutoScaling Group
  4. Get Stack name of sibling stack in nested stacks
  5. AccountIds with leading zero
  6. Use Dictionaries as Stack Parameter
  7. DependsOn with condition

How To Build a Serverless CI/CD Pipeline On AWS

How To Build a Serverless CI/CD Pipeline On AWS” is a nice guide to some of the newer Amazon AWS services, targeted at developers and DevOps. It shows how to tie together the following:

  • Amazon EC2 (server instances)
  • Docker (containers)
  • Amazon ECR (Elastic Container Registry)
  • Amazon S3 (storage)
  • Amazon IAM (Identity and Access Management)
  • Amazon CodeBuild (Continuous Integration)
  • Amazon CodePipeline (Continuous Delivery)
  • Amazon CloudWatch (monitoring)
  • Amazon CloudTail (logs)

The examples in the article are for setting up the CI/CD pipeline for .NET, but they are easily adoptable for other development stacks.

Kubernetes, Kubeadm, and the AWS Cloud Provider

Scott Lowe shares an updated setup of Kubernets on the Amazon AWS. This blog post covers some of the bits in Kubeadm, which have been updated and improved, since his previous post on the subject some time last year.

If you are working with Amazon AWS, Kubernetes, Docker, VMWare, or other related technologies, I can’t recommend his blog high enough.

Periodic Table of Amazon Web Services


A lot has been said about the wide range of Amazon Web Services (AWS). They are plenty and cover a whole lot of technologies – from low level infrastructure to artificial intelligence. It is difficult to grasp just how big and complex the AWS feature set. But I think the above periodic table of Amazon Web Services helps a lot.