It's time to ditch Medium for good! 🌈⚡️

Introducing Devblog by Hashnode. Blog on your domain for FREE. Highly customizable and optimized for developers.

Learn more

AWS launches DocumentDB and gives open source the middle finger - Do you Agree?


We have to agree that AWS has not the same track of record about open source contributions than Microsoft or even Google, but they still did some useful stuff: s2n , FreeRTOS, and more recently Firecracker.
And one of my favourite contributions from AWS to the Open Source community is the TLS support in Redis. Back then they build Elasticache to mimic Redis, they added TLS support, then (later) the shared this with the open source.

I do understand the point from the Atlas guys, because so far if you wanted to get a managed MongoDB which was compliant with SOC2 or HIPAA, your choices were very limited. DocumentDB, like the last few new services from AWS, comes with PCI/DSS, HIPAA, Soc2 compliance from the get-go. So from an economic standpoint, this is a new big competitor to Atlas business . Then we'll see if they do like what they did with Redis: share their improvements with the oss community... or not. Since MongoDB design as a very bad history of security decisions (the change of the defaults to less secure choices is what cause that huge Mongodbcalypse 2 years ago, and many MongoDB databases are still opened to the public because of the bad design decisions they made. My point here is that, as an entrepreneur, if I have to use a document store and want Mongo, I have a few options:

  • use the open source version and do everything myself
  • use Atlas offering from the MongoDB authors.... they start to get some mileage, but they're still pretty new
  • use AWS DocumentDB, with AWS security-by-default philosophy. If I decide to use a managed offering, I'm tempted to trust AWS more, they have a glorious history of security by default philosophy.... and compared to the history of MongoDB, that means a lot to me. We have to pick our battles, an even though I'd like to see AWS give as much to the OSS community as Microsoft does, at the end of the day I have to use the best tools I have to build a product, and if that choice gives me more resources to contribute to other projects, that's fine ;-)

Here's a post-scriptum, to follow up on the 'AWS doesn't give back to OSS' statement. Last week, Matt Klein, lead dev on Envoy (one of the most, if not the most, used service mesh proxy. The projected started from Lyft and is open-sourced for a little while now)

There are two things here:

  • AWS is indeed the last one of the major cloud to contribute to this project (but since this is used a lot in K8s, and there were the last ones to publicly adopt it, it also has some logic in it)
  • AWS contributed, and the OSS maintainer seems to be thankful

All that to say, some contributes a lot, some less, but things are never binary. (Like everything in life)

Reply to this…

(8 answers) Take me to the question