Comment on ‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS
net00@lemmy.today 4 weeks ago
This is the actual realistic change a lot of people are missing. Multi cloud is hard and imperfect and brings its own new potential issues. But AWS does give you tools to adopt multi region. It’s just very expensive.
Unfortunately DNS transcends regions though so that can’t really be escaped.
Apparently even if you are fully redundant there’s a lot of core services in US east 1 that you rely on
No, there isn’t. If you of course design your infrastructure correctly…
Wrong. Stuff that wasn’t even in us east went down too. Dns is global
Not sure if you are have read the AWS incident but the DNS records for the DynamoDB endpoint got ONLY accidentally removed in us-east-1 and not on the entire world.
All other regions worked perfectly fine.
This has been my biggest pet peeve in the wake of the AWS outage. If you’d built for high-availability and continuity then this event would at most have been a minor blip in your services.
Yeah, but if you want real redundancy, you pay double. My team looked into it. Even our CEO, no tightwad, just laughed and shook his head when we told him.
shalafi@lemmy.world 4 weeks ago
us-east-1 went down. Problem is that IAM services all run through that DC. Any code relying on an IAM role would not be able to authenticate.
I didn’t hardly touch AWS at my last job, but listening to my teammates and seeing their code led me to believe IAM is used everywhere.
amzd@lemmy.world 4 weeks ago
How is that even legal, I thought there were data export laws in the eu
shalafi@lemmy.world 4 weeks ago
Nothing to do with moving data. But you can’t move data without authentication.
I want my service to do a $thing. It won’t do $thing without knowing who I am and what permissions I have. The data doesn’t have to cross borders, the service simply needs to function.
Does that make sense? As I said, didn’t do much in AWS, but the principles are sound.