You'll never match the price, but if you use some small rds and ec2 instances you wont be paying much. Less if you use lambda and api gateway.

Moving lamp stacks is a piece of cake. If you don't want to do it you could find a freelancer pretty easily.

>Less if you use lambda and api gateway.

There's the slippery slope into vendor lock-in via combinatorial explosion of complexity

what op means is that for low traffic or no traffic services, lambda scales to zero where ec2 and rds do not.

scale to zero is very good when zero usage is regularly reached.

"Run your own container" offerings also scale to zero, all clouds have something to that effect and it doesn't require you to embedded your logic into their tar pit.

First time poster, long time lurker. I'm a fairly proficient kubernetes admin and developer. I'm using it in depth every day. It seems like that functionality would be really easy to add to the IRSA (iam roles for service accounts). Is it judt that nobody has bothered, or am I missing an important blocker?

The issue as I understand it is that there is no way to encode this information in the Kubernetes token.

The pod IAM roles stuff leverages Kubernetes stuff, and the token that’s mounted into the container is a YAML representation of a Kubernetes token object. There are no fields or other way to add this information into the object.

You would need to encode it into the JWT itself, which isn’t possible or something.

I’m half remembering this, and I can’t find the issue on Guthub because everything has been shuffled around since.