loudwhisper

I don't think its the humidity, it must have to do something with latitudes. I moved from Italy to Northern Europe and 27-28ish here is as unbearable as 33-35 back home.

But the estimation is with each NC instance with half a CPU and 1GB of memory. This is a super conservative estimation, that doesn't include anything besides a tiny Fargate deployment ~~and Aurora instances~~.

Edit: fargate ($40/month), the tiniest Aurora instances at 20% utilization and with merely 50GB storage ($120/month). Missing s3, which will easily cost $50 in storage and transfer (for only a few TB), ALBs and network traffic, especially outbound (easily $50-100 depending on volumes).

This basic solution's real cost is already between $150 and $300/month. I don't know NC enough to understand volumes on DBs and all usage, but I assume that it's going to be lots of data in and out (backups, media, etc.). ---edit---

For a heavily used NC instance (assuming a company offering it as a service), the cost is going to become massive pretty fast.

Also, as I side note, if a company is offering NC as a service, but doesn't manage a single piece of NC deployment... What is the company product? And most importantly, how are they going to make money when AWS is going to eat a linearly scalable chunk of their revenue forever?

Well yeah, wouldn't break the bank, but a conservative cost estimate (without considering network costs, for example, quite relevant for a data intensive app) would bring this setup to about $40/month. That is about 5 times more expensive than a VPC with 4x the resources.

OP said this is some sort of "enterprise self-hosting" solution, which I guess then kind of makes sense. For a company providing nextcloud as a service I would never vendor lock myself and let AWS take a huge chunk of my revenue forever, but I can imagine folks have different opinions.

What a sad, almost patethic, way to drop the towel and abandon the conversation.

I can't say I am entirely surprised, when someone calls a newspaper a rag, accuses it of false reporting on two topics and then backpedals on "no, not that specifically, the whole western media is not neutral" (great discovery, newspapers are not neutral).

Have a good one!

In that case, Pulumi permissions are too broad IMHO for what it has to do, an enterprise should adhere to least privilege. Likewise, as I wrote in another comment, the egress security groups are unclear to me (why any traffic at all is needed?) and the image consumed should be pinned to a digest. Or better yet, should be coming from a private enterprise registry, ideally with an attestation that can be verified at runtime.

I am not sure ECS Fargate makes sense vs an ec2 instance to run the workload. This setup alone will cost about $30/month assuming half a vCPU per replica with Fargate, plus about $12 for the memory (1GB/task). 2xt2.micro could be run for ~$20 without even considering reservation discounts etc. Obviously the gap will become even larger at scale, which I suppose might be very interesting for an enterprise.

Plus, at this point why not using directly managed Nextcloud (or alternatives)... If anyway you use a managed storage, runtime and database, in a vendor lock...

Oh yeah, I am aware. Mostly here I would question the idea to have multi-AZ redundancy and using a manage service for DB (which indeed is expensive). All of this when a 5$ VPS could host the same (maybe still using s3 for storage) and accept the few hours downtime in the rare event your VPS explodes and you need to restore it from a backup.

So from my PoV this is absolutely overkill but I concede that it depends a lot on the requirements. I can't ever imagine having requirements so tight that need such infra to run (in fact, I think not even most businesses have these requirements, I have written on the topic at https://loudwhisper.me/blog/hating-clouds/) for my personal stuff...

There is no such thing as "neutral" in a war, but facts are facts, and lies are lies. If the position people take means people say lies, you disprove the lies.

From all this word-soup I see that you have effectively not a good example of false reporting from the Kyiv Independent, and you cast a wide net to the whole "western media".

What is an example of neutral media in your opinion that you consider factual and trustworthy?

Everyone is free to pick their poison, but I have to ask...why? What is the target audience here? This is a massively overkill architecture IMHO. Not to talk about the fact you now need 3 managed services (fargate, s3 and aurora at least) for a single self hosted tool, and that is being generous (not counting cloudwatch, ALBs, etc.).

• Why do you need security groups to allow egress anywhere (or, at all)?
• I would pin the image to a digest, rather than using latest.
• what is the average monthly cost for this infra for you?

Did they report on those at all?

I searched their websites and I got 0 hits on the Ghost of Kyiv, and 1 hit on Snake Island (this).

Someone runs MongoDB unauthenticated, bound on 0.0.0.0 with production data, on a computer without a VPN, and the problem is the WiFi?

Like I get what you are saying, but this sounds like saying that we should ban speedbumps because imagine there is a guy with a loaded gun pointed at a kid with no safe, finger on the trigger, and high on coke, if the car hits the speedbump the toddler is gone. Yeah, but I would hardly say the speedump is the issue.

This is not really a common or easy attack, especially for any meaningful service (that is probably in preloaded HSTS lists).

It's not like this is the only shared network. In airports millions of people everyday connect to the same network.