Popular posts

We have to agree that AWS has not the same track of record about open source contributions than Microsoft or even Google, but they still did some useful stuff: s2n , FreeRTOS, and more recently Firecracker.
And one of my favourite contributions from AWS to the Open Source community is the TLS support in Redis. Back then they build Elasticache to mimic Redis, they added TLS support, then (later) the shared this with the open source.

I do understand the point from the Atlas guys, because so far if you wanted to get a managed MongoDB which was compliant with SOC2 or HIPAA, your choices were very limited. DocumentDB, like the last few new services from AWS, comes with PCI/DSS, HIPAA, Soc2 compliance from the get-go. So from an economic standpoint, this is a new big competitor to Atlas business . Then we'll see if they do like what they did with Redis: share their improvements with the oss community... or not. Since MongoDB design as a very bad history of security decisions (the change of the defaults to less secure choices is what cause that huge Mongodbcalypse 2 years ago, and many MongoDB databases are still opened to the public because of the bad design decisions they made. My point here is that, as an entrepreneur, if I have to use a document store and want Mongo, I have a few options:

• use the open source version and do everything myself
• use Atlas offering from the MongoDB authors.... they start to get some mileage, but they're still pretty new
• use AWS DocumentDB, with AWS security-by-default philosophy. If I decide to use a managed offering, I'm tempted to trust AWS more, they have a glorious history of security by default philosophy.... and compared to the history of MongoDB, that means a lot to me. We have to pick our battles, an even though I'd like to see AWS give as much to the OSS community as Microsoft does, at the end of the day I have to use the best tools I have to build a product, and if that choice gives me more resources to contribute to other projects, that's fine ;-)