I am well aware that identity and access authorisation is complex, and AWS, GCP and Azure desperately needed to add the capability to their portfolio as this is mandatory for enterprise sales which is where the big bucks are.
But boy as soon as they started adding IAM they took all the fun out of deploying my personal shit to any cloud.
I put one startup on fly.io just because it was too difficult to communicate AWS intricacies to the founders. I'm ok having a fixed secret to authorize client A to talk to API B where needed, and the actual inner network is all inside wireguard tunnels, automatically provided by Fly.
But boy as soon as they started adding IAM they took all the fun out of deploying my personal shit to any cloud.