AWS’ Minimum Level of Complexity

AWS Minimum Complexity

The past week I’ve been doing some training at PMG around our AWS setup and infrastructure.

In the past year we’ve become heavy users of Docker and Amazon’s Elastic Container Service as well as moving more towards infrastructure as code with terraform.

My team, understandably, feels a bit overwhelmed by the complexity of our AWS setup. So I’ve been thinking about how one might simplify it.

Does AWS have a Minimum Level of Complexity?

Once the AWS console UI is no longer a feasible option for managing infrastructure, anything else gets complex really fast.

Want to run an EC2 instance? That requires a VPC, security groups, an IAM role, and some knowledge of how EBS works for the block devices attached to the image.

How about a running an RDS instance in that VPC? That requires a subnet group, security groups, and maybe a parameter group. Some knowledge is also required to make the call between multi or single availability zone instances.

Running an EC2 instance is arguably the most fundamental thing one can do in AWS, but to do it outside the console (via Terraform or even the AWS command line tools) explodes the complexity and knowledge required to make it work. Especially if the application requires a move beyond the default VPC.

It’s necessarily bad that infrastructure is complex. But it is bad when the initial steps are thousands of times simpler and easier than the next ones. AWS hides all this complexity in the console where users take their first steps, and when one does need to move beyond that the AWS docs are dense and mostly oriented towards a set of pre-defined steps rather than how things fit together. I’ve honestly learned more about how AWS fits together by using terraform — with its excellent docs and examples — than from AWS’ documentation.

Maybe that’s why AWS has solutions architects.

Posted in AWS