> And sure, you can use S3/Dynamo/Aurora from an EC2 box, but what would be the point of that?
An easy API? Easy replication / failover / backups? I would absolutely use S3 even with EC2.
> IAM, on the other hand, can die in dumpster fire.
I’m no great fan of AWS’s approach to IAM, but much of the pain is just the nature of fine-grained / least-privilege permissioning. On EC2 it’s more common to just grant broader permissions; IAM makes you think about least privilege, but you absolutely can grant admin for everything. And as far as a permissioning API goes, IAM is much cleaner/saner than Linux permissions.
An easy API? Easy replication / failover / backups? I would absolutely use S3 even with EC2.
> IAM, on the other hand, can die in dumpster fire.
I’m no great fan of AWS’s approach to IAM, but much of the pain is just the nature of fine-grained / least-privilege permissioning. On EC2 it’s more common to just grant broader permissions; IAM makes you think about least privilege, but you absolutely can grant admin for everything. And as far as a permissioning API goes, IAM is much cleaner/saner than Linux permissions.