Pros & cons of using AWS for your product
And shall one use it for one's products?
One of the tasks, which every IT startup or business should solve, is about the infrastructure.
Many products choose AWS as the main service provider. While there are many reasons why one might select this company for one’s infrastructure — because of Amazon’s popularity, because of their startup program that grants startups free credits for a period 6-12 months, because of their strong compliance and security policies that are so good that many state agencies use it for their services, — this decision can affect the overall business in the future.
In this note, I would like to cover some advantages and disadvantages of AWS. While every case is unique and, hence, one should make a decision based on the details of one’s product, there are some common use cases and mistakes one might avoid.
Stability and flexibility
Being one of the most popular hosting and infrastructure provider, AWS has great stability and flexibility over the services provided. The downtimes are rare and are usually caused by exceptional circumstances. Furthermore, if one follows N+1 redundancy pattern, one might get even better SLAs that AWS offers.
Moreover, AWS provides special tools that products can use to automate the process of recovery in case of downtime. Also, one might integrate a built-in monitoring system, which covers different areas such as technical metrics (high CPU usage, high memory load, etc), financial (the monthly spending calculated to the current date, reaching the overall limit, etc), and availability, to the incident management tool used in one’s company. Hence, it covers many use cases.
Ecosystem where you can build everything
While one might find in some verticals a better and more flexible tool than AWS offers, there are not too many projects that provide so many services. For DevOps, it is more difficult to manage and maintain a number of platforms that are not connected to each other instead of just one. Moreover, it is hard to find an engineer who has great skills and knowledge of multiple platforms.
Thus, it is a great benefit of AWS that they offer almost all services that 99% of projects might need. It is a really rare situation when one requires something that cannot be done or hosted by AWS.
Security & Compliance friendly
There are some risky industries like FinTech, RegTech, Crypto, MedTech, Gaming, and ESports that have strict requirements in security and compliance forced either by regulators and standards, such as SEC, HIPAA, FCA, e.t.c., or the market. Some requirements are dedicated to the infrastructure and ways of storing, transmitting, and securing the data. While many products can fulfil these requirements by themselves, it is not usually their primary business. Thus, it won’t add value to the product itself, it just adds expenses. Therefore, it might be a good idea to outsource such tasks.
AWS has implemented one of the best security and compliance practices. This is valid not only for financial data, but also for medical. When one uses AWS and follows usual practices, one may fulfil compliance requirements much easier and cheaper than on other services, except maybe those that are focused on this topic. However, the argument above about the number of services provided still applies.
While there are so many advantages of choosing AWS as the infrastructure provider, there are some cons of this decision. Some of them might not be obvious for those who are not experienced with this platform.
The great advantage of using open protocols and open-source solutions is that you are not bound to the specific tool or specific company. Imagine you are using a cloud version of ElasticSearch, which is a tool that provides rich search capabilities. Even if the company that provides you this tool will be closed or your account will be blocked you can set up in 5-10 minutes your own instance of ElasticSearch on any VPS provider and continue operating. It is possible because ElasticSearch is the open source tool.
However, if you use an Amazon clone of ElasticSearch, which is called Amazon Open Search Service, you can’t switch immediately because there are some differences. So, you have to develop a migration workflow, which would take some time and resources. The same logic applies to other AWS services, i.e., SQS.
When you use many of their services, the cost and complexity of migration goes up. For an early-staged product, it is just a matter of choice. For an established one, it requires time, efforts, and AWS engineers.
Average costs & misconfiguration cost
While Amazon offers through free credits many benefits for startups (and you might not pay for 6-12 months at all), it does not mean that they are charitable. On the contrary, every credit you have got will be charged later. This happens because the average cost per AWS service is more than the same cost per custom configuration.
Of course, I have to admit that you can use some specific services (like spot instances), which are cheaper but this is limited by the number of cases. Actually, I agree that such cases exist but overall, the infrastructure cost grows rapidly.
You might run some optimisation and decrease it, but then you need to hire specific engineers — AWS engineers, which are not cheap and do not bring directly value to your product. Moreover, if you decide one day to switch to another platform, you might count this work as completely useless.
Another common problem is misconfiguration. If you are inexperienced in AWS (that is the case if you do not hire AWS engineers), you might configure some services incorrectly. This would effectively cause additional expenses. Moreover, if you forget to set limits or set them in a wrong way, you might be really surprised by the end of the month.
I have seen several projects, which had no high loading or Big Data, but AWS charged them ~$50,000—100,000 monthly. The real cost of the infrastructure and services used was ~$7,000-$10,000. That is the price one can pay for these free credits.
Increased requirements for security due to the popularity (hunting for AWS keys)
Due to its advantages, AWS is a very popular platform. Hence, you can expect (and this is actually the case) that there are many bad people who are looking for your credentials there to steal them and make money. Of course, AWS has excellent security, and you should expect that obvious ways, such as stealing banking card’s data, are almost impossible.
However, there are other ways. A number of years ago, one of the most popular workflows was to steal AWS keys, which are special secure passwords used in the code. Some developers who were not familiar with this platform stored them directly in the code.
While the best practice is to store every piece of the code in the cloud (i.e., github, bitbucket, e.t.c.), these keys were transferred there as well. Due to some other security breaches, hackers were able to steal them. Actually, a few years ago you might find some by simply searching them on github public search.
When you use your own infrastructure, you can follow the usual and best practices (which is the case for most devops). Your charge is limited, and you know how much you would pay by the end of the month. However, if you lost your AWS key, and you did not set the permission / security / limits / notifications / e.t.c. in AWS properly, it might bring much more expenses.
Due to the popularity of AWS, there are special groups of hackers targeting to this platform. While this is not a blocker issue, this is something you should take into account and invest more time and effort into security and proper configuration at every stage of the project, which, again, does not bring value (directly) to your product.
Overall, AWS is the great platform for many products, especially those who need an extra level of security and compliance. However, you should choose wisely what are the services you will use, what do you actually pay (except money, of course) for using them, and what is the cost of migration. Moreover, it is a good idea to keep in mind that you need specific AWS engineers, either yours or contracted, who can handle the installation and configuration process correctly.