| 14 Sep 2024 |
 Arian | But works :) | 08:15:55 |
 commiterate | * that was extremely wrong with the cryptography stuff and the undocumented IMDS endpoints for instance connect | 08:17:23 |
| Arian | Just didn't have time to test it. But if it works we can add it to nixpkgs | 08:17:40 |
| commiterate | that'll probably happen faster than them taking ownership of the Go reimplementation | 08:18:10 |
| commiterate | I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't since I was on the sister team) | 08:19:22 |
| commiterate | * I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't from what I know being on the sister team) | 08:20:10 |
| commiterate | * I don't know how understaffed the instance connect distributed API side is (I think they own the library. The Nitro side definitely doesn't from what I know having been on the sister team) | 08:20:48 |
| Arian | Must say I'm not super impressed with the quality of both eic or ssm.
But eic is definitely conceptually simpler.
The ssm codebase is really massive which kind of freaks me out sometimes.
| 08:21:31 |
| Arian | Also ssm doesn't integrate with PAM. Whilst ssh gets all these things right | 08:22:00 |
| commiterate | yeah the quality of all the agents is...questionable | 08:22:42 |
| Arian | So you get those things for free :) | 08:22:43 |
| commiterate | it doesn't help that basically the only part of Amazon that uses Go on the regular is Twitch | 08:23:28 |
| Arian | Yeh it seems to be a recurring theme. Cloud watch agent can't log journal logs and doesn't work out of the box on Amazon Linux 2023 etc. | 08:23:45 |
| commiterate | not that the codebases in the other languages are much better, but that's par for the course at most companies | 08:23:51 |
| Arian | But I just use big hammer until it works | 08:24:38 |
| commiterate | is the main thing we need EIC and Image Builder expanding ImportVmImage + distribution-only image pipelines?
I have those 2 as the highest priority requests right now. Instance Refresh from Cfn is slightly lower in priority for my use case specifically.
I can push all 3 though since they're all owned by different divisions. | 08:26:31 |
| Arian | I'm not very interested in the image builder stuff unless I can make a pipeline that just does CopySnapshot + RegisterImage | 08:28:02 |
| Arian | Because then I can use it for GC | 08:28:07 |
| commiterate | yeah that's what I'm trying to get them to do | 08:28:14 |
| commiterate | since Image Builder is the only sane AMI lifecycle management option | 08:28:20 |
| commiterate | * since Image Builder is the only sane AMI distribution + lifecycle management option | 08:28:32 |
| Arian | The other option is to just write some DescribeSnapshot glue | 08:28:42 |
| commiterate | eh, it feels like everything else has to add a lot of extra complexity to clean up orphaned resources | 08:29:17 |
| Arian | But idk if they're super interested in adding it. Bottle rocket is also just using their own scripts (very similar to ours) and they're an Amazon team | 08:29:50 |
| Arian | But they don't have any incentive for cleaning up images I think :') | 08:30:10 |
| commiterate | Image Builder is kind of lower priority for them because internally they don't use any of the native services to build AMIs | 08:30:18 |
| Arian | Bottlerocket actually uses EBS direct API which I experimented adding too | 08:31:10 |
| commiterate | they've also decided against dogfooding certain public services and start prioritizing internal ones again because some internal requirements aren't externalizable | 08:31:12 |
| Arian | But turns out to be slower because GitHub actions heavily throttles it for some reason | 08:31:28 |
| commiterate | that shift started happening I think 1.5-2 years ago | 08:31:33 |
