Item id: 41661147
9 months ago
My impression is that IAM is in and of itself a good system, but that it has grown a lot over the years and now has a ton of legacy scenarios that it has to support.
Add in that it seems to be up to the specific service to implement the newer stuff, and you arrive at having three or more different ways to permission resources, none of which are supported everywhere.
In other words - it's old enough to be crufty.
9 months ago
I've had a high degree of satisfaction with AWS but I have done very little with their other APIs. My impression is that Google Cloud is in a class by itself having a difficult API to work with but that's because the authentication process is like the intro to the old Get Smart TV show
https://www.youtube.com/watch?v=ankXUaWqQgM
it seems like LWA is like that for you and maybe that is a big pain point for everything else you are doing. auth is like that because it is so central: if it doesn't work you can't get anything done but boy you are in trouble if somebody can bypass it. I have been reworking an auth system in the last month and it is slow going because the risk is so high.
9 months ago
I have to disagree. We work with Google services and Amazon - we use Google for our cloud services. They are league above amazon in every single way.
The only thing amazon has managed to ever get right is Routing (Route 53), Gateways, and pure AWS only stuff (like containers).
Once you try to incorporate any of their other services (Ads, Seller Central, Vendors, etc.) you see how bad it is.
Nothing works - yet you are still required to use AWS credentials for one purpose (IAM).
LWA is a separate thing from IAM - Oauth should be easy - everyone has figured it out, but Amazon's is so terrible, its not even funny.
---
I challenge you to try setting up the SP-API one day. You will see the pain.
9 months ago