EC2-Classic was magical. It felt like we were finally living in the future: a world where software was in charge of networking, and all of the legacy cruft that came from having to build networks out of cable could be forgotten.
Rather than care about legacy IP "subnets", the cloud cared about "security groups", which were missing only a couple features (such as "hierarchy") to entirely replace the role of a subnet in traditional networking.
Having spent a lot of time working with EC2-Classic, it made network engineering fun and easy. The new "VPC" mechanism is demoralizing in its complexity, and doesn't seem to allow anything you couldn't express using security groups.
I've written about this before--in more detail or with more rhetoric, depending on my mood--but the big feeling I get from the transition from EC2-Classic was the frustration that comes when other people make something worse.
If you create a new account, it will work like classic EC2. They will set up the VPC for you behind the scenes. Until you "break the glass" and try to configure a VPC, it will work just like old classic did.
Though it goes a bit further than just security groups on a flat network. Each HTTP endpoint automatically becomes an IAM resource and you can treat all our services as if they're native to AWS and use the same IAM policies. It's pretty dope!
VPC absolutely allows you to do something that classic did not - add a single entry to your on-prem route table to AWS without transiting the public internet. A shared flat network is problematic for this.
One of the first startups I worked for was all on EC2-Classic. I did enjoy its simplicity. I can understand the need for VPC when integrating with on-premise networks, VPNs, etc. However, you often run into cases where VPC is simply not necessary and over complicates things.
Rather than care about legacy IP "subnets", the cloud cared about "security groups", which were missing only a couple features (such as "hierarchy") to entirely replace the role of a subnet in traditional networking.
Having spent a lot of time working with EC2-Classic, it made network engineering fun and easy. The new "VPC" mechanism is demoralizing in its complexity, and doesn't seem to allow anything you couldn't express using security groups.
I've written about this before--in more detail or with more rhetoric, depending on my mood--but the big feeling I get from the transition from EC2-Classic was the frustration that comes when other people make something worse.
https://news.ycombinator.com/item?id=36829190
https://news.ycombinator.com/item?id=33569889
https://news.ycombinator.com/item?id=27990847
https://news.ycombinator.com/item?id=25988915