Re: If you need ACI in AWS or Azure, you're just doing it wrong
Agreed, I've been working with or around ACI from it's launch, and it's been a perpetual disaster in almost every case. Their micro-segmentation strategy fell apart quickly when adding almost any sort of filtering between segments quickly exhausted the tcam on their switches, and blew up at least one large Biotech company I had to clean up after. I recommended the same, "upgrade" to normal nx-os, and use them that way, as it was a giant L2 network mostly anyways. They ended up turning it off and putting it in a corner instead, simply leaving their cat6k's and old nx5k's to bleed for a few more years until maybe something better comes along.
More recently I've been pinged about helping with an ACI to Arista migration from one of the big three credit card companies that was becoming painful with outages even trying to migrate away from it. Same thing, no one wanted to deal with the complexity once it was in, and quickly lost any value.
In every case I've seen it put in, network engineers retch at the fact they have to click through 90 places to try and setup a basic vlan and layer 2 connectivity. Why not do it programatically? Because old network engineers don't program, and never will. They're just hoping to retire before someone makes them have to learn.
Good news is with disasters like ACI, there will always be a need for traditional network engineers.