|
For those working at AWS, how is life? I'm hitting my 1-year mark at the current job and am contemplating applying for an AWS SA or data gig but rumblings of recession and tech stock tanking has me a little concerned.
|
#
?
Nov 3, 2022 20:17
|
|
|
|
| # ? May 15, 2024 19:51 |
|
|
Hughmoris posted:For those working at AWS, how is life? I'm hitting my 1-year mark at the current job and am contemplating applying for an AWS SA or data gig but rumblings of recession and tech stock tanking has me a little concerned. The recruiters stopped bothering me, my closest friend at Amazon is all freaked out and trying to find ways to spend less money. I want to hear more from people firsthand though! https://twitter.com/Carnage4Life/status/1588230354795921408
|
|
#
?
Nov 3, 2022 20:23
|
|
|
I just hit 8 years, 6 as an SA/SA Manager. Life is great, I enjoy it, some people don't. Biggest thing for me was getting on a team with a good manager/director. Some people on the forums have worked here and hated it for very valid reasons. All the typical endemic industry problems with techbro culture exist here and there is zero top down direction to stamp it out. Definitely going through some "becoming a real business" growing pains where you might have to "justify business value" to throw money away on a big idea but if you want to join and help some customers solve some problems and have unlimited free AWS usage that is the SA gig. Compensation wise, starting right now is probably awesome if the stock price starts going back up. I started during a big lull in stock price and it worked out great getting granted a bunch of shares that went up in value. This year everyone is just mimicing this tiktok with varying levels of seriousness. It might be difficult finding a role right now. I'm not too concerned because it is the end of year and most teams filled their headcount but if you are a manager and you didn't you can't anymore. There is no way for you as an applicant to figure out whether the role you are seeing on amazon.jobs is or isn't being actively worked on by recruiting or just a leftover. Message me in January to see if I'm happy or jumping off a building because I have to figure out how to do things without increasing my headcount at all.
|
|
#
?
Nov 3, 2022 20:48
|
|
|
Arzakon posted:Biggest thing for me was getting on a team with a good manager/director. Just want to say that this makes a massive difference. Earlier this year I was in a lovely role with an even shittier manager that just stressed me to no end. Then finally I moved into my current role where I've got a competent and chill manager plus a great director which has honestly made a world of difference.
|
|
#
?
Nov 3, 2022 21:20
|
|
|
Arzakon posted:I just hit 8 years, 6 as an SA/SA Manager. Life is great, I enjoy it, some people don't. Biggest thing for me was getting on a team with a good manager/director. Some people on the forums have worked here and hated it for very valid reasons. All the typical endemic industry problems with techbro culture exist here and there is zero top down direction to stamp it out. Definitely going through some "becoming a real business" growing pains where you might have to "justify business value" to throw money away on a big idea but if you want to join and help some customers solve some problems and have unlimited free AWS usage that is the SA gig. Look at this scrub with only eight years. But yeah everything here is spot on, though. It was tough to take a $40,000 pay cut when the stock price dropped precipitously, but there are "talks" about throwing additional stock at the problem to boost people's salaries back up. Of course that'll take years to implement and will affect no one we know...
|
|
#
?
Nov 3, 2022 21:36
|
|
|
Agrikk posted:But yeah everything here is spot on, though. It was tough to take a $40,000 pay cut when the stock price dropped precipitously, but there are "talks" about throwing additional stock at the problem to boost people's salaries back up. Of course that'll take years to implement and will affect no one we know... Those "talks" are low level managers trying to desperately convince their reports that their comp issues will be fixed earlier than 2024. (they won't)
|
|
#
?
Nov 3, 2022 21:54
|
|
|
Pile Of Garbage posted:Just want to say that this makes a massive difference. Earlier this year I was in a lovely role with an even shittier manager that just stressed me to no end. Then finally I moved into my current role where I've got a competent and chill manager plus a great director which has honestly made a world of difference. This is universally true, not just Amazon. At my last job I was actively looking to get out because my manager was absentee most of the time and incompetent to actively harmful when he did bother trying to steer the team. He eventually left and was replaced by one of the best managers I've ever worked with. I ended up staying several more years, getting promoted twice (previous manager had never even indicated to me that there were job titles above my level lol), and moving into management myself. It's unreal the difference a good manager makes in your experience at a company. Yet there's so little effort put into making sure managers are adequately trained, or even want to be in that role at all vs just taking it cause it's the only path to higher pay.
|
|
#
?
Nov 3, 2022 22:10
|
|
|
Oh yeah I don't work for Amazon and was just speaking in general. Also agreedo.
|
|
#
?
Nov 3, 2022 22:14
|
|
|
Arzakon posted:I just hit 8 years, 6 as an SA/SA Manager. Life is great, I enjoy it, some people don't. would you say the experience has been sa-sa
|
|
#
?
Nov 3, 2022 22:32
|
|
|
kalel posted:would you say the experience has been sa-sa Boo this man
|
|
#
?
Nov 3, 2022 23:10
|
|
|
I’m very happy I left AWS in July and now work for a private company. So nice to not have to follow the stock market so closely. Found out recently my last manager also left, and he was largely keeping things afloat in my org.
|
|
#
?
Nov 3, 2022 23:19
|
|
|
A year and a half at AWS now, mostly really happy. Yeah, my RSU value has gone in the tank but the first two years cash bonus is high enough that I barely care. After the two year mark I'll have to reevaluate. But overall the work/life balance is great (YMMV)
|
|
#
?
Nov 4, 2022 15:00
|
|
|
How'd you guys get your start at AWS? I'm almost a year at my current org doing some light cloud and software support, but want to do more AWS. Have the Cloud Practitioner and want to get the SAA ones and probably SysOps.
|
|
#
?
Nov 4, 2022 17:43
|
|
|
Just did a little over a year at AWS and am leaving my current team for Amazon retail, because my org had some serious problems that were pretty anti-Amazon stuff (took forever to decide stuff, no clear goals, etc). But I didn't dislike AWS as a whole, for what it's worth. I worked a lot with high availability stuff, and working in an org where nobody argues about why uptime/availability is important was pretty great. OTOH: I'm starting to get a little tired of working at job after job where there's always like 200% workload and you're constantly dealing with manual toil bullshit you don't get time to automate away. I know that's not unique to big tech, but it feels like it might be endemic there. Blurb3947 posted:How'd you guys get your start at AWS? I'm almost a year at my current org doing some light cloud and software support, but want to do more AWS. Have the Cloud Practitioner and want to get the SAA ones and probably SysOps. I'm one of the lucky stories about self-taught devs. I work in a niche field, and at Amazon they want people with that discipline who are also developers, so I was able to argue my way in the door pretty easily because most of our candidates either had that niche experience OR were devs, but very few who could argue both. Harriet Carker posted:A year and a half at AWS now, mostly really happy. Yeah, my RSU value has gone in the tank but the first two years cash bonus is high enough that I barely care. After the two year mark I'll have to reevaluate. But overall the work/life balance is great (YMMV) One really nice thing about AWS for me was that a lot of teams had a follow the sun setup, so you mostly aren't having to get sleep interruption. That's a huge quality of life thing for folks that haven't worked 24x7 oncall at a big company with a large oncall burden before. For me it was the first time in over a decade I wasn't working graves or oncall. Still had some weekends, but that's an easy trade compared to overnight work for me at least. I pretty consistently worked 40 hour weeks outside of a few weird events, and I had TOIL days (time off in lieu) for working weekend shifts/etc, so I'd get a weekday off. The workload was way too high, but at least I wasn't being pressured to work 60+ hour weeks to deal with bad management decisions.
|
|
#
?
Nov 4, 2022 19:01
|
|
|
Aws has a hiring freeze as I understand it.
|
|
#
?
Nov 5, 2022 01:46
|
|
|
jaegerx posted:Aws has a hiring freeze as I understand it. From what I've read publicly, I don't believe the hiring freeze is a full one - backfills I think are still open for now.
|
|
#
?
Nov 5, 2022 02:39
|
|
|
Blurb3947 posted:How'd you guys get your start at AWS? I'm almost a year at my current org doing some light cloud and software support, but want to do more AWS. Have the Cloud Practitioner and want to get the SAA ones and probably SysOps. This has changed a little over the years but don't focus too hard on AWS specific knowledge, that isn't what SA or TAM teams are looking for in their interviews. Getting SAA is a nice step but it doesn't replace solid fundamentals or depth in a specialty area if you are relatively early in your career. jaegerx posted:Aws has a hiring freeze as I understand it. Excuse me this is a hiring PAUSE not a FREEZE this is very important messaging that is supposed to make people feel better.
|
|
#
?
Nov 5, 2022 02:40
|
|
|
Blurb3947 posted:How'd you guys get your start at AWS? I'm almost a year at my current org doing some light cloud and software support, but want to do more AWS. Have the Cloud Practitioner and want to get the SAA ones and probably SysOps. I showed up with literally zero cloud experience of any kind. But I did have a fifteen year history of building virtual patterns in data centers so I was able to parley my architecture knowledge into AWS services during the interviews. That said, it’s more about demonstrating the ability to think creatively on the fly and to demonstrate a comfortability and familiarity with complex deployments involving coordination with multiple teams.
|
|
#
?
Nov 6, 2022 07:37
|
|
|
Agrikk posted:I showed up with literally zero cloud experience of any kind. But I did have a fifteen year history of building virtual patterns in data centers so I was able to parley my architecture knowledge into AWS services during the interviews. Yeah, our interview methodology doesn't say you have to be familiar with AWS services necessarily, more that you need to be able to think at the scale AWS operates at. It doesn't matter so much if you're using the buzzwords.
|
|
#
?
Nov 6, 2022 07:57
|
|
|
I bailed from my AWS team after one year. Pursued an internal transfer (while also applying externally) and got it. So loving glad to be out of that nightmare.
|
|
#
?
Nov 6, 2022 18:15
|
|
|
It's been mentioned in this thread that, when applying for an AWS gig, one should have a layer of knowledge for lots of services and deep in one or two. I'm trying to figure out what to go deep in. I don't currently use AWS at my job so I'm self-developing, and I really enjoy the AWS data-focused services. An extremely broad question but knowing what you know now, if you had to become specialized in an AWS service would you go with Glue, EMR, or Redshift? Both in terms of interesting work and marketability.
|
|
#
?
Nov 7, 2022 04:59
|
|
|
No, I would specialize in Databricks or Snowflake.
|
|
#
?
Nov 7, 2022 06:10
|
|
|
EMR. Big data uses it a lot and its pretty fungible for a lot of things. Glue is a poo poo product and I have never actually got it to work because its way too drat picky about the schema. I've not actually touched redshift.
|
|
#
?
Nov 7, 2022 06:11
|
|
|
Glue is horrible. We used EMR for a bit but Databricks is so much better. Redshift is getting long in the tooth and the general trend is moving towards something like Delta Lake.
|
|
#
?
Nov 7, 2022 06:15
|
|
|
luminalflux posted:Glue is horrible. We used EMR for a bit but Databricks is so much better. Redshift is getting long in the tooth and the general trend is moving towards something like Delta Lake. My last job used databricks. Arent they pretty different? One allows you to run ad-hoc scripts inside of containers the other is a full data processing tool like cloudera.
|
|
#
?
Nov 7, 2022 06:32
|
|
|
For interviewing when we are looking for an area of depth it typically isn't a single service. Knowing how they work together is important, and you are looking to develop depth across big data or data & analytics. Even knowing common non-AWS alternatives is fine because at the end of the day all that poo poo is running on EC2/EBS/S3 making us money.
|
|
#
?
Nov 7, 2022 06:33
|
|
|
jiffypop45 posted:My last job used databricks. Arent they pretty different? One allows you to run ad-hoc scripts inside of containers the other is a full data processing tool like cloudera. Databricks has come a long way from “managed spark”. Their new lake house offering (combined data lake / data warehouse) has our data engineers salivating. Their experience with it is that it’s a lot easier to deal with than redshift
|
|
#
?
Nov 7, 2022 06:37
|
|
|
Thanks for the advice/ideas. I keep seeing Databricks pop up over and over these days as being good stuff. I might dive a little further into that since my employer is a partner and I have access to the Databricks Learning resources.
|
|
#
?
Nov 7, 2022 15:49
|
|
|
The offerings from AWS used to be much more competitive feature-wise compared to the market (they did have the home court advantage, gosh) but over the past so many years companies have managed to catch up in a lot of areas and organizations are willing to deal with another vendor to get the little bit more than the 90% of use cases that AWS tends to cover fine or for bonafide solutions they don't have to glue together with an army of integrators and phonebook full of PSO contracts. From AWS' perspective they still get a cut of their competitors' growth being stuck in their own walled garden and get so little of the heat that Apple gets constantly from public perception, smart move to win somehow no matter what and to limit competition mostly to other hyperscalers. Pretty much a win-win that won't get FTC scrutiny even though the model is surprisingly similar to how Apple works but because consumers are not directly affected and we don't know how to regulate companies as a pathology in the US now AWS will be fine and basically print money (though obviously not to Apple's extent which is way more obvious and even larger scale).
|
|
#
?
Nov 7, 2022 16:01
|
|
|
I want to adhere to the principle of least privilege with my IAM policies and keep things organized, but it's so tedious. Is there an easier way to do this? I'm using terraform to define all of my IAM policies as a superuser, so they're at least version controlled. It's such a pain though!
fletcher fucked around with this message at 10:38 on Nov 15, 2022 |
|
#
?
Nov 15, 2022 10:35
|
|
|
if you haven't already, check out the aws documentation page for IAM policy variables and tags. a big problem I often see people run into with terraform specifically is creating tons of policies with terraform interpolations in them that could actually just be one policy with an iam variable in it (typically aws:userid) other than that, I'm not aware of any tricks. I use cloudformation templates for my IAM stuff and serialize a business-specific principal definition to yaml.
|
|
#
?
Nov 15, 2022 19:00
|
|
|
IAM access analyzer helps generate IAM policies based upon cloudtrail data. https://aws.amazon.com/blogs/securi...ccess-activity/
|
|
#
?
Nov 15, 2022 21:10
|
|
|
12 rats tied together posted:if you haven't already, check out the aws documentation page for IAM policy variables and tags. a big problem I often see people run into with terraform specifically is creating tons of policies with terraform interpolations in them that could actually just be one policy with an iam variable in it (typically aws:userid) Ahh that is super helpful, I have been making that same interpolation mistake with my policies! necrobobsledder posted:IAM access analyzer helps generate IAM policies based upon cloudtrail data. https://aws.amazon.com/blogs/securi...ccess-activity/ This is glorious. I was hoping there was some sort of audit2allow type of thing. Thank you both for the advice!
|
|
#
?
Nov 16, 2022 00:15
|
|
|
is it possible to enable single sign-on for certain apps in an account and not the whole account? like, i want to know if it's possible to just have sso for quicksight and not, like, cloudformation or ec2 or anything like that. ultimately, what i'm trying to do is give some users in our network access to some dashbaords for testing. sso seems like it would be way easier rather than having to build and deploy accounts. at the same time, i don't want them to have sso access to the rest of the infrastructure. fwiw, i've researched it as much as my mind can possibly do. i'm not a network admin and i'm completely stupid about anything involving aws. i found this: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-applications.html which seems to imply it's possible if we move from iam to identity center? i don't know, aws is way too big and confusing for me to understand.
|
|
#
?
Nov 28, 2022 20:17
|
|
|
"AWS IAM Identity Center" is basically just an addon for regular IAM. It will create a bunch of IAM Roles and it contains mechanisms for verifying identity so that things can access assume the permissions of those roles without needing an IAM user -> the ability to perform the sts:AssumeRole API call. It won't disable the normal IAM service, or anything like that. That would be pretty disastrous though so you should absolutely file a support ticket to get an official 2nd opinion.
|
|
#
?
Nov 28, 2022 20:29
|
|
|
abelwingnut posted:is it possible to enable single sign-on for certain apps in an account and not the whole account? like, i want to know if it's possible to just have sso for quicksight and not, like, cloudformation or ec2 or anything like that. ultimately, what i'm trying to do is give some users in our network access to some dashbaords for testing. sso seems like it would be way easier rather than having to build and deploy accounts. at the same time, i don't want them to have sso access to the rest of the infrastructure. Not sure what you want exactly but it sounds like 2 different things. You can deny usage of specific services quite easily through IAM policies or https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html]Service Control Policies if you use AWS organizations. The latter however goes for all users in an account, so if you're building infra in the same account that's probably not ideal. Using SSO can be done through AWS IAM Identity Center. Or do you actually want all users that are logged in with SSO have access to specific services and users that login with an IAM account have access to more/different services? e;f;b
|
|
#
?
Nov 28, 2022 20:35
|
|
|
i think what my boss wants me to do is figure out sso. basically, we want everyone in the product team and data team to be able to log on to the account, with the data team having complete access to quicksight and redshift and the product team having limited access to quicksight. like, the product team should only be able to view the dashboards. they shouldn't be anywhere near redshift either. at least that's how i understand it at the moment. and if i'm understanding both of your posts correctly, we'd basically just enable sso, then restrict the services using policies via iam and its identity center?
|
|
#
?
Nov 28, 2022 20:41
|
|
|
Yes, sorry, I did misread the question at first. IAM Identity Center will just create a normal role called like AWSReservedSSO_SomeGarbage_SomeOtherGarbage (+ it lets people from your Identity Source become this role without needing an AWS user). The role will have permissions like every other IAM object, but you're supposed to manage them through IAM Identity Center's permission set construct. This is where your policy JSON, managed policy attachments, etc., will live. I believe the role is actually created per-permission-set which is kind of a garbage pattern because it forces you to maintain a many-many-many relationship between accounts and users and permissions. For your use case though (2 types of user, 1 account) it will probably be fine. e: to be more helpful here, to implement this you would create 2 "IAM Identity Center Permission Sets" (above link) for "product" and "data". The permission sets can have either an attached policy that you write, a shared customer managed policy that you write, or they can use the AWS managed policies which is preferable. You can search the managed policy list in the console for like "quicksight" and "redshift" to see what already exists - AWS is usually pretty good about having ReadOnly vs PowerUser for their various services. If you can't find anything in the managed policy list and you have to create a policy, google search "actions resources conditions" + the service name. For example: actions resources conditions quicksight. You can scroll through this documentation to examine the various types of actions, resources, and conditions (  ) that exist for a particular service so you can craft your desired "limited access to quicksight" policy. Probably create this as a Customer Managed Policy when you're done so you can re-use it later.After you have your 2 permission sets with attached policies, you need to assign the permission sets to an account. When you do this, you also pick a principal. The exact principal you use depends on your identity store, but if you're using the built-in identity store, it should be pretty intuitive: you'd have a group for product and a group for data. If you're mapping identities from another identity store, you're on your own, and I wish you luck. 12 rats tied together fucked around with this message at 21:05 on Nov 28, 2022 |
|
#
?
Nov 28, 2022 20:52
|
|
|
AWS identity centre is great, though it’s kinda garbage that they have permission sets instead of straight up IAM roles. Comes built in with tooling to support CLI access too which is stellar. It’s important to be aware that this is only for human access to AWS services, whether you access via the API, CLI, or via the console. Machine to machine auth will continue to use IAM roles like normal. Applications within AWS that implement SSO with Cognito or custom oauth/oidc/SAML configs will be unaffected assuming that they delegate trust to your non-AWS identity provider.
|
|
#
?
Nov 28, 2022 21:39
|
|
Cat Army
|
|
| # ? May 15, 2024 19:51 |
|
|
The Iron Rose posted:AWS identity centre is great, though it’s kinda garbage that they have permission sets instead of straight up IAM roles. Comes built in with tooling to support CLI access too which is stellar. You can use IAM policies now thankfully - https://aws.amazon.com/about-aws/wh...-policies-cmps/
|
|
#
?
Nov 28, 2022 21:49
|
|