> Lots of CLI commands involved, and it did not run in a CI/CD pipeline with additional tests before deploying it. Now the web application is deployed into a black box.
That's just the other side of coin. If you want a simple "push and it's up!" interface then Heroku is a shiny coin. If you want to sell multiple levels of CI pipelines then it looks rusty.
> Want to use Let’s Encrypt and your own domain name?
I've never seen a platform that is easier to add Let's Encrypt domain validated TLS than Heroku's. Yes it's manual steps, but it's manual because you have to set up your DNS to point to their load balancer. I fail to see how much simpler it could be than that.
> How about adding the deployment natively to GitLab to have a single application in your DevOps workflow?
> # A better Heroku: The 5 minute production app
> ... The documentation says to create a new AWS IAM role with credentials for automation.
Nothing that involves creating AWS accounts or IAM role creation would take five minutes for someone unfamiliar with AWS. And if does happen in less than five minutes than I guarantee you that new user either has no clue what they just created or (boolean, not exclusive) they've left some gaping wide hole in their IAM permissions.
I'm not saying that it can't be done. I'm saying there is no way that creating all of that from scratch can be done simply, securely, and quickly for a new user.
> The article isn’t clear about it but the 5 minute production app is an ambition, not a reality.
Not clear? The sub title to the article is "The 5 minute production app." and further down it includes timings like "8:43pm CET: Pipeline started with the build job. 2 min 33 sec." and "8:48pm CET: Deployed in 1 min 11 sec.".
> Setting up IAM is indeed hard.
Indeed. It's the iron triangle of devops: Speed, Simple, and Secure (You only get to pick two)
That's likely the best approach for initializing an AWS account though it boils down to, "Just trust us and run this". I doubt any new user would take the time to expand that CFN template, find the script that it loads (https://vantage-public.s3.amazonaws.com/x-account-role-creat...), analyze the resources, and see that it grants read only access to everything every created in your AWS account via a cross-account authorization.
Rather than target "Go live in 5-minutes", I think it'd be more worthwhile to target a longer time frame that'd lead to better understanding of the components involved. Yes it's not as sexy as "git push and you're live!", but the selling point is that you end up with a platform that can do anything including running your own resources, not just pushing 12-factor app code.
You're saying it's about the fact that you aspire to make something that's simlar to heroku but better in some unspecified ways [I mean, cheaper would be nice], while telling people "Do not use heroku" right now?
Seriously, what is the article about, if it's not about how you have something better than heroku (which nobody should ever use) that will let someone deploy an app in 5 minutes, which is what it says it's about?
That's just the other side of coin. If you want a simple "push and it's up!" interface then Heroku is a shiny coin. If you want to sell multiple levels of CI pipelines then it looks rusty.
> Want to use Let’s Encrypt and your own domain name?
I've never seen a platform that is easier to add Let's Encrypt domain validated TLS than Heroku's. Yes it's manual steps, but it's manual because you have to set up your DNS to point to their load balancer. I fail to see how much simpler it could be than that.
> How about adding the deployment natively to GitLab to have a single application in your DevOps workflow?
> # A better Heroku: The 5 minute production app
> ... The documentation says to create a new AWS IAM role with credentials for automation.
Nothing that involves creating AWS accounts or IAM role creation would take five minutes for someone unfamiliar with AWS. And if does happen in less than five minutes than I guarantee you that new user either has no clue what they just created or (boolean, not exclusive) they've left some gaping wide hole in their IAM permissions.
I'm not saying that it can't be done. I'm saying there is no way that creating all of that from scratch can be done simply, securely, and quickly for a new user.