Buckets and Sovereignity

Created on 2026-01-31 07:12

Published on 2026-01-31 07:26

S3 buckets have a problem. A developer needs a bucket, a single bucket. Something that'll take AWS about 30 seconds to spin up. However they have to open a Jira ticket. Then they ping you on Slack. Then they show up at your desk because the ticket's been sitting there for three days and their sprint is ending.

Then, to your chagrin, open the huge Terraform repo, add their bucket, run terraform plan, watch myriads of resources scroll by, get it reviewed, wait for the pipeline, and boom. One S3 bucket. Only took a week and three senior engineers.

This is stupid. Very stupid. But we keep doing it because we've convinced ourselves that "infrastructure as code" means all infrastructure must live in the same repository, managed by the same team.

Is it true? An S3 bucket that only exists to serve one application isn't infrastructure. It's part of the application.

Infrastructure is: VPC, EKS cluster, networks, etc. A bucket that stores upload images for the marketing website? That's application state that happens to live in AWS instead of Kubernetes. That could have been another API call to a object storage service. Managing application resources as infrastructure with an infrastructure tool is not friendly at all.

Enter AWS Controllers for Kubernetes.

ACK does something wonderfully simple: it turns AWS resources into Kubernetes resources. Want a bucket? Write a manifest. The ACK controllers watch these manifests and call the AWS APIs. The developers get self-service. You get to stop being the S3 bucket vending machine. There is no giving up control, you're shifting what you control. Th control increases in fact as the cluster will try to keep resources under control continuously, not only when terraform plan/apply happen. Instead of gatekeeping every single resource creation, you define the rules.

Another team needs a Postgres database? They drop this in their repo:

They commit it. The pipeline runs. The database appears. Your policies ensure it's in the right VPC, encrypted, backed up, tagged correctly. Tags are applied for correct cost allocation so the financial minded persons have a nice cost breakdown.

This is what platform engineering actually means. You build the platform, the foundation, the policies, the standards. Developers build on top of it. Both teams do what they're good at.

And when they delete that feature branch? The database goes away. No orphaned resources quietly racking up charges for six months because everyone assumed someone else would delete it. Everything's in Git, versioned with the application code. Developers can see infrastructure status with kubectl get dbinstance. The blast radius of any change is limited to that team's namespace.

The plot twist: digital sovereignty.

In the last year cloud shifted from pure convenience to strategic threat. European regulators are increasingly uncomfortable with critical data for European companies subject to American surveillance laws. GDPR was just the opening act. The Digital Services Act, the Data Governance Act, these are forcing real architectural decisions.

And here's the uncomfortable truth about ACK: it makes you really, really good at AWS. Every pattern, every practice, every custom resource is AWS-specific. Which is fine for US but not so much for Europe.

Enter Crossplane who does something clever. Instead of direct AWS API bindings, it gives you an abstraction layer. You define what a "Database" means for your organization, and Crossplane figures out whether that's RDS, or Cloud SQL, or, interestingly, a database on OVHcloud, Scaleway, or Open Telekom Cloud. They're European cloud providers, subject to European law, outside the reach of the CLOUD Act. For organizations handling European citizen data, running European critical infrastructure. This actually matters.

The developer experience stays the same. They still request a "Database." Your platform team just swaps what that provisions underneath. Today it's AWS. Tomorrow it's a sovereign provider. The workflow doesn't change.

Maybe the organization doesn't care about digital sovereignty. Maybe one is fine being all-in on AWS forever. That's legitimate. But the organizations that do care: regulated industries, government contracts, ones thinking five years ahead, are realizing that flexibility isn't just nice to have.

Because the geopolitical landscape that made AWS the obvious choice in 2015 might not be the landscape of 2030. ACK solves the S3 bucket problem beautifully. But Crossplane solves it and gives you an exit strategy. In a world where "which country's laws apply to this data" is becoming as important as "how many nines of uptime do we get," that's worth thinking about.

Red Aurora

The snow outside was the same shade of pale grey as the concrete blocks that lined Oslo’s People’s Sector Seven. Inside the Productivity Hub, Comrade Morten stared at the dim glow of his workstation. 

A red icon pulsed in the corner: “AI Assistance Required by Order of the Central Efficiency Committee.” Morten sighed. He’d been a woodworker before the Great Automation Integration, before the Party had decreed that every citizen must harness state-approved AI to achieve optimal output. Now, every design he made was “enhanced” by Algorithm 14-K — smoothing lines, optimizing cuts, trimming away his individuality. 

“Comrade,” came a voice from behind. Morten turned to see Comrade Bjørn, draped in the standard-issue fur-trimmed coat, his breath steaming in the cold air of the underheated hall. “You’re falling behind quota,” Bjørn said, his voice both concerned and sharp. “The Party notices such things.” “I am meeting my numbers,” Morten protested. “Mostly.” Bjørn’s eyes narrowed. “Mostly is not enough. Have you forgotten Alexei Stakhanov? The coal miner who extracted fourteen times his quota in a single shift? The Party remembers him, even now. He is the model of the New Working Class Hero — not because he was forced, but because he believed.” Morten tapped the AI prompt reluctantly. Blueprints blossomed instantly on his screen — impossibly precise, impossibly fast. “The AI designs everything now,” he muttered. “What’s left for me to believe in?” 

Bjørn stepped closer, lowering his voice. “You believe in the result. Every chair you make, every beam you cut — they build the communal future. It doesn’t matter if your hands or the algorithm’s hands shape them. We are one machine, Comrade. You, me, and the AI — all tools of the Party.” Through the frosted window, the red aurora shimmered in the polar sky, cast by the orbital solar reflectors. It painted the snow crimson, as if the whole land bled for the collective. 

Morten looked at the glowing blueprints. Somewhere deep inside, a stubborn human pride whispered that he could do better without the machine. But another part of him — the part that wanted to survive the coming inspection — began to work faster. He pressed the Accept button. In the background, Bjørn’s voice echoed softly, almost like a hymn: “Production is devotion, Comrade. And devotion is forever.”