> as soon as people start using any vendor-specific functionality

It's also true in circumstances where things have the same name but act differently.

You'd be forgiven for believing that AWS IAM and GCP IAM are the same thing for example, but in GCP an IAM Role is simply a list of permissions that you can attach to an identity. In AWS an IAM Role is the identity itself.

Other examples; if you're coming from GCP, you'd be forgiven for thinking that Networks are regional in AWS, which will be annoying to fix later when you realise you need to create peering connections.

Oh and while default firewall rules are stateful on both, if you dive into more advanced network security, the way rules are applied and processed can have subtle differences. The inherent global nature of the GCP VPC means firewall rules, by default, apply across all regions within that VPC, which requires a different mindset than AWS where rules are scoped more tightly to the region/subnet.

There's like, hundreds of these little details.

Sounds like we’ve walked a similar path on this. Especially with IAM and network policies.

> There’s like hundreds of these little issues

Exactly. If it is a handful of things that is fine. It’s often as you describe.

I think there's some irony in Docker being impacted specifically, as they're one of the main tools to help achieve true multi-tenancy.

Depends on if you’re using Docker or Podman Desktop versus straight Docker/Podman and where you’re pulling your images from.

And even if you think it’s important enough to justify the expense and complexity, it’s times like this when you discover some minor utility service 1) is a critical dependency, and 2) is not multi-cloud.

Complex systems are hard.

Multi cloud is just a way to have the outages of both.