I’m in the process this morning of learning a core truth about Cloud infrastructure, and the process is not a pleasant one. Pat Foley (who’s in Boston at the Business of Software Conference right now, the lucky dog) and I do a podcast each week, and for the last 18 months we’ve been hosting the .mp3 files at Amazon S3. 18 months – no problem. Today – big problem. While show #84 is up on AWS, neither of us can get in to set it’s permissions so you can listen to it. Just weird errors in various S3 clients, except for this:

WTF? I’m not a sysadmin, but isn’t this Amazon Web Services problem? Isn’t this exactly what is not supposed to happen with Cloud services?
So I go searching for AWS S3 tech support for the first time since Feb. 09. Guess what? Your choices are Free (visit our forum, where if your head doesn’t explode from reading everyone else’s issues, you will earn a degree in AWS S3, which is precisely what I don’t want to do), Silver -$100 a month, or Gold for $400. Since I want to know whether Amazon is fucking up or I’m totally wrong, but I don’t want to spend $400 for the privilege of actually speaking to a tech, I buy Silver for the low, low, prorated for the month price of $87. Response was quick, but this is what I get for my money:

Hi Bob,
You are getting this SSL certificate warning because you have multiple dots in your S3 bucket’s name, and the S3 wildcard certificate will not match the multiple levels of subdomain. You should not have this same problem with a bucket called startupsuccesspodcast, which would show up as startupsuccesspodcast.s3.amazonaws.com. You can also refer to this bucket as s3.amazonaws.com/media.startupsuccesspodcast.com, which will be able to successfully match the SSL certificate.
If you wish to preserve the same branding of your bucket, you might want to create a bucket with a name that meets our best practices guidelines (http://docs.amazonwebservices.com/AmazonS3/latest/dev/BucketRestrictions.html), then create a CNAME DNS record from media.startupsuccesspodcast.com to .s3.amazonaws.com.
Please do let me know if you have any further questions.
Best regards,
Jason A.
Amazon Web Services

This is what I repied:

Jason,
What??? we have been posting podcasts to this bucket for 2 years – nothing has changed: except as of 2 hours ago we can’t get in to change our permissions and we are getting the SSL warning.
Bob

Now an hour later, my email is ominously silent, the problem is unfixed, the show is unreleased and I Am Not A Happy Camper.
If someone out there can tell me how I could have somehow triggered this problem, I will abjectly apologize to all the wonderful people at AWS. But if I’m right, and this is bullshit, and that is the lesson: Cloud infrastructure is only as reliable, good, robust and trustable as the people who support it.

5 Comments

  1. Andrew Watson Reply

    Yeah, distribute the files via CloudFront so you can set up a CNAME to point to your files and call it whatever you want. I never hand out S3 URLs directly.

  2. Bob,
    I’ve had problems with S3 certificates where the folder name contains a period (.), it then means you are looking at a different subdomain to the one the certificate is for. I’m not sure if some clients handlie this better than others, but S3Fox certainly has issues with it.
    The only way around this I found was to use foldernames without a period.
    Hope this helps.

  3. Amber Shah Reply

    Not the first complaint I’ve heard about horrible AWS support (even paid). My humble recommendation? Switch to Rackspace Cloud (or even DropBox if all you need is storage) at your earliest convenience.

  4. Pingback: Walking back what I said about Amazon AWS.

Write A Comment