{"id":37373,"date":"2019-03-07T11:45:08","date_gmt":"2019-03-07T09:45:08","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=37373"},"modified":"2019-03-07T11:45:17","modified_gmt":"2019-03-07T09:45:17","slug":"cloud-irregular-iam-is-the-real-cloud-lock-in","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2019\/03\/07\/cloud-irregular-iam-is-the-real-cloud-lock-in\/","title":{"rendered":"Cloud Irregular: IAM Is The Real Cloud Lock-In"},"content":{"rendered":"<!-- google_ad_section_start -->\n\n<p class=\"wp-block-paragraph\">Vendor lock-in is an old and well discussed issue.  Some people don&#8217;t care about it all, jump right in.  Others avoid it like a plague.  And then there are those who allow it, with some very careful considerations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I have always been on the side of avoiding vendor lock-in by all costs.  But lately, with all the SaaS offerings and cloud providers, I feel like the line becomes a lot more blurred.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Initially, when I started using Amazon AWS, I approached it exclusively as an IaaS, setting up my own servers in such a way that I would be able to move to another vendor in a heartbeat.  These days, I&#8217;ve grown to trust Amazon a lot more.  But I still feel uneasy about some of the lock-in.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&#8220;<a href=\"https:\/\/forrestbrazeal.com\/2019\/02\/18\/cloud-irregular-iam-is-the-real-cloud-lock-in\/\">Cloud Irregular: IAM Is The Real Cloud Lock-In<\/a>&#8221; is an interesting take on the cloud lock-in.  It found the comparison of the Amazon IAM (Identity and Access Management) to the Microsoft Active Directory particularly insightful. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>To illustrate this point, we have to look no farther than the nine-hundred-pound gorilla of the IAM jungle, which continues to be Microsoft\u2019s ActiveDirectory. I\u2019m not sure I even know what ActiveDirectory is anymore, to be honest. Is it a\u00a0<a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/active-directory\/\">cloud service<\/a>? A\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/hybrid\/plan-hybrid-identity-design-considerations-overview\">\u201chybrid identity\u201d provider<\/a>? A flippin\u2019\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-machines\/linux\/login-using-aad\">Linux domain controller<\/a>? The answer to all of those questions appears to be \u201cyes, if that is what you want\u201d, which is why AD implementations will surely keep an army of Microsoft \u201cIT Pros\u201d busy for a couple more decades.<br>Here\u2019s what ActiveDirectory is not: easy to migrate off of.\u00a0<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Vendor lock-in is an old and well discussed issue. Some people don&#8217;t care about it all, jump right in. Others avoid it like a plague. And then there are those who allow it, with some very careful considerations. I have always been on the side of avoiding vendor lock-in by all costs. But lately, with &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2019\/03\/07\/cloud-irregular-iam-is-the-real-cloud-lock-in\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Cloud Irregular: IAM Is The Real Cloud Lock-In<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Cloud Irregular: IAM Is The Real Cloud Lock-In #Amazon #AWS #hosting #cloud","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,133,62,1334],"tags":[3469,3270,3457,2366,2289],"keyring_services":[],"class_list":["post-37373","post","type-post","status-publish","format-standard","hentry","category-general","category-sysadmin","category-technology","category-web-work","tag-active-directory","tag-amazon-aws","tag-amazon-iam","tag-cloud-computing","tag-web-hosting"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":27602,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/22\/aws-iam-policies-in-a-nutshell\/","url_meta":{"origin":37373,"position":0},"title":"AWS IAM Policies in a Nutshell","author":"Leonid Mamchenkov","date":"May 22, 2017","format":false,"excerpt":"J Cole Morrison wrote an excellent guide into AWS IAM policies. It's super useful for anyone who have tried implementing IAM policies and failed (or even barely succeeded). What is an AWS IAM Policy? A set of rules that, under the correct conditions, define what actions the policy principal or\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/aws-aim-500x200.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":36094,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/25\/how-to-build-a-serverless-ci-cd-pipeline-on-aws\/","url_meta":{"origin":37373,"position":1},"title":"How To Build a Serverless CI\/CD Pipeline On AWS","author":"Leonid Mamchenkov","date":"February 25, 2019","format":false,"excerpt":"\"How To Build a Serverless CI\/CD Pipeline On AWS\" is a nice guide to some of the newer Amazon AWS services, targeted at developers and DevOps. It shows how to tie together the following: Amazon EC2 (server instances)Docker (containers)Amazon ECR (Elastic Container Registry)Amazon S3 (storage)Amazon IAM (Identity and Access Management)Amazon\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2019\/02\/aws.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":27799,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/26\/the-aws-spend-of-a-saas-side-business\/","url_meta":{"origin":37373,"position":2},"title":"The AWS spend of a SaaS side-business","author":"Leonid Mamchenkov","date":"July 26, 2017","format":false,"excerpt":"As someone who went through a whole pile of trying and error with Amazon AWS, I strongly recommend reading anything you can on the subject before you start moving your business to the cloud (not even necessarily Amazon, but any vendor), and while you have it running there. \u00a0\"The AWS\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/aws-costs-500x153.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":26696,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/09\/19\/top-13-amazon-virtual-private-cloud-vpc-best-practices\/","url_meta":{"origin":37373,"position":3},"title":"Top 13 Amazon Virtual Private Cloud (VPC) Best Practices","author":"Leonid Mamchenkov","date":"September 19, 2016","format":false,"excerpt":"Cloud Academy Blog goes over top 13 Amazon VPC best practices - particularly good for those just starting up with the platform. \u00a0The article discusses the following: Choosing the Proper VPC Configuration for Your Organization\u2019s Needs Choosing a CIDR Block for Your VPC Implementation Isolating Your VPC Environments Securing Your\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26999,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/11\/28\/s3-static-site-with-ssl\/","url_meta":{"origin":37373,"position":4},"title":"S3 static site with SSL","author":"Leonid Mamchenkov","date":"November 28, 2016","format":false,"excerpt":"\"S3 static site with SSL and automatic deploys using Travis\" is a goldmine of all those simple technologies tied into a single knot for an impressive result. \u00a0It has a bit of everything: Jekyll - simple, blog-aware, static sites engine, for managing content. GitHub - for version control of the\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"s3-static-site","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2016\/11\/s3-static-site-479x500.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":24022,"url":"https:\/\/mamchenkov.net\/wordpress\/2015\/04\/30\/amazon-efs-preview\/","url_meta":{"origin":37373,"position":5},"title":"Amazon EFS preview","author":"Leonid Mamchenkov","date":"April 30, 2015","format":false,"excerpt":"Amazon Elastic File System, or EFS for short, is the missing piece of the cloud puzzle. \u00a0With all those EC2 instances, elastic load balances and IAM roles, one would often need a shared file system. \u00a0Until now, you'd either be using either an S3-based solution, which scales well in terms\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"Amazon EFS","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2015\/04\/pdp_banner_efs-500x88.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/37373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=37373"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/37373\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=37373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=37373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=37373"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=37373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}