Monday, May 7, 2018

AWS exposes route tables so I can recover from their bug

The cloud.  It is a wondrous thing.  When it works.
But I think that one thing that most all can agree on, it should 'just work'.  All aspects of your cloud experience should 'just work'.

In the past weeks I have shifted my attention to AWS. 
It has taken some time to get used to referring to a virtual network under the marketing term Virtual Private Cloud. Or a virtual machine as an 'EC2 instance' or any number of other marketing term focused things.
My preference here, call it what it is, not the marketing name for the feature.
Enough of that.

Back to the title.  One of the first things that I thought interesting with AWS is that within a VPC, the route table is exposed to me.
Why would I want to / need to muck around with a route table in the cloud?  I have port level firewalls rules (Security Groups), I have to stand up an Internet Gateway to enable outgoing traffic.  Why would I ever need to muck with something as low level as a route table?

Well, I can tell you from being burned on this multiple times now, it is so I can fix what the AWS portal screws up for me.

Back to my original statement - this is the cloud, it should 'just work'.  Networking is a pretty fundamental thing here.  It needs to be solid, resilient, and always functional.
But yet, at least three times now, in less than three months I have lost days due to multiple route table entries in a VPC that I created through the portal.

And usually the kicker is that one of the route table entries is correct and there is a second one that is empty.  A route table entry, but no defined route.

The really strange things happen when things work say manually or with one VM, and then you start automating and suddenly what you automate does not work.
As if one deployment uses the correct route table and the other doesn't.

It is one of those obscure things, that as a customer, I expect to work - all the time.  I should not have to think about this, I should not have to remember (in the recovery from frustration) that I had been burned by this in the past and go looking, only to discover that I have this strange named but empty route table entry.

My call to AWS, fix it.  Don't let it be mucked up in the first place.  Give me success here.  Don't frustrate me, don't waste my time.

But then, you did get paid for extra days of running compute while i tried to figure it all out.  So I guess that you might not have my interest at heart.