Lower My AWS Bill
newsletter icon
08.28.2019

An Internal PaaS to Manage AWS: Don’t Do It!

By Corey Quinn
Atlassian built an internal PaaS to manage AWS. This is usually a bad idea, and you're not Atlassian.
LinkedInReddit
Home Blog An Internal PaaS to Manage AWS: Don’t Do It!

Recently, I linked to Atlassian’s internal PaaS that they use to regulate access to AWS and described it as an anti-pattern, or an overly and unnecessarily complicated solution that usually makes things worse. 

I got a lot of feedback on that link—all of it phrased almost exactly the same way: Can you explain why that’s an anti-pattern? I’m not saying you’re wrong. Please don’t hit me

The concerning part is that apparently folks think that I’m enough of a jerk that I’d unleash the Legions of Mockery for asking a sincere question. But I’ll leave that for another day. The question is excellent and I haven’t seen it tackled publicly yet—so let’s do it!

For those too lazy to click the link above (mice are annoying; I feel you), Atlassian has an internal system called Micros. It’s a platform as a service that they use to wrap AWS services for their engineers. It obscures away underlying AWS services and contexts such as databases, Availability Zone mappings, and direct calls to specific services. 

The idea is seductive, the story compelling, and the direction generally wrong. Here’s why.

AWS is confusing, this sounds like it simplifies it, what’s the problem?

In the blog post itself, Atlassian mentions many of the problems that come with their PaaS in a series of disclaimers. 

“Teams can open a ticket if they need to bypass it!” Because everyone loves communicating via tickets! 

“There’s no mandate to actually use this thing!” 

“We sometimes bend the rules anyway!”

The list goes on.

To their credit, they explicitly call out a number of trade-offs: it’s harder to experiment with some native AWS services, it forces compromise in the decision of awesome native service feature vs. staying within the supported Golden Path, and it breaks a bunch of third-party tools. 

They have mitigation for most of these, but the overall pattern is what I object to.

The painful part about this approach is that it forces you to make a number of tradeoffs, you don’t get the benefits of global advancement in your cloud platform of choice, and it introduces abstractions at a part of the stack that’s prone to errors when launching new services. 

More insidiously, you’re learning to work with an internal platform rather than AWS itself—which means that the skills you learn working within Atlassian are much less likely to be directly transferable to another company when it comes time for the next stage of your career.

It’s also not a new pattern. Yelp tried this before with PaaSTA, an internal platform that tried to do much the same thing, albeit with containers and Mesos. Yelp, however, took it a step further and open sourced it. But despite its tasty name, PaaSTA largely remains a single-shop platform that’s failed to find meaningful adoption.

Hang on, doesn’t everything you’re saying here apply to Terraform?

It absolutely does—except! 

Except Terraform is an open source product that’s run in many shops. Except Terraform tracks AWS launches very closely and often beats CloudFormation, for whom a search party is currently being assembled. Except that as of the last Last Week in AWS reader survey, Terraform and CloudFormation are deployed in equal numbers. 

So did Atlassian screw up here?

Not at all. 

Their post is a thoughtful, nuanced piece that’s aware of the decisions they’re making and the cost of those decisions. I take no issue with the path they’re treading. 

My concern is that some five-person Twitter for Pets startup is going to read that post and start building their own version of it—which is the precise wrong direction.

Further, they call out that their choices tie them tightly to AWS but that, strategically, they don’t see this as a particular problem—which is absolutely the right call (pick one provider and go all in!). 

Atlassian did good work with this. But you’re not Atlassian. Choose another path.

Corey Quinn Headshot
by Corey Quinn

Corey is the Chief Cloud Economist at The Duckbill Group, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

More Posts from Corey

Back to the Blog

AWS’s (de)Generative AI Blunder

By Corey Quinn

AWS has been very publicly insecure about the perception that it’s lagging behind in the Generative AI space for the past year. Unfortunately, rather than setting those perceptions to rest, AWS’s GenAI extravaganza at re:Invent 2023 seemed to prove them true.  Of the 22 GenAI-related announcements, half of them are still in preview. Many were […]

Read More about AWS’s (de)Generative AI Blunder

Generative AI Builds a re:Invent Scavenger Hunt

By Corey Quinn

Let’s begin with the tl;dr: At this year’s re:Invent, I’m hosting a photo scavenger hunt with significant prizes for “most items found” and “most creative entry.” Sign up through my webapp at findme.lastweekinaws.com. The rest of this post details how I built this app.

Read More about Generative AI Builds a re:Invent Scavenger Hunt

How to Stop Feeding AWS’s AI With Your Data

By Corey Quinn

AWS may be using your data to train its AI models, and you may have unwittingly consented to it. Prepare to jump through a series of complex hoops to stop it.

Read More about How to Stop Feeding AWS’s AI With Your Data
footprint-orange
© 2024 The Duckbill Group. All Rights Reserved.
Privacy Policy Cookie Policy