> This setup is probably also easier to reason about and easier to make secure than the messy garbage pushed by Amazon and other cloud providers.
Ability to do anything doesn't mean do everything.
It's straightforward to be simple on AWS, but if you have trouble denying yourself, consider Lightsail to start: https://aws.amazon.com/lightsail/
This setup is probably also easier to reason about and easier to make secure than the messy garbage pushed by Amazon and other cloud providers.
People see Cloud providers with rose-colored glasses, but even something like RDS requires VPCs, subnets, route tables, security groups, Internet/NAT gateways, lots of IAM roles, and CloudWatch to be usable. And to make it properly secure (meaning: not just sharing the main DB password with the team) you need way more as well, and it's hard to orchestrate, it's not just an option in a CloudFormation script.
Sure securing a server is hard too, but people 1. actually share this info and 2. don't have illusions about it.