Although it may seem obvious to some, it is not obvious to others about what public cloud (IaaS) providers actually provide. This was evident through conversation with some of my peers.
I can only think that this stems from the fact that they see the ‘cloud’ as an extension to the on-premise virtual [machine] infrastructure that they know and love, it is not! Though Amazon Web Services (less so MS Azure) attempted to prevent this confusion by calling its service Elastic Compute Cloud, but since EC2 is a nice abbreviation the nuance is lost.
Virtual Machines would be a PaaS service since they have an operating system installed. EC2 and its peer equivalents from Azure and GCP however, are not, they are just a bunch of compute resources from various ‘blocks’ of infrastructure in a datacentre that only come together as a server at time of request.
Cloud providers in their benevolence have attempted to make life easy for consumers, by allowing them to choose an operating system to put on top (to make the compute useful), the cost of which is included in the pricing. Though this may appear like what they are providing is a VM [with an operating system], they are not. The operating system is the choice of the requester and remains the responsibility of the requester during operation. Patching and compliance therefore is the responsibility of the consumer. Although is removes hardware ownership, it still means non value-add activities are being performed by staff.
As a norm, IaaS services should be avoided and higher level PaaS and FaaS (serverless) options should be the preference of developers, where they can be absolved of maintenance effort. Even then applications should be developed only by exception, they should be consumed as SaaS wherever possible.
Find out more about what management of XaaS means to the enterprise