I have one and it still sucks. I ordered it after the one I bought on Amazon kind of sucked thinking the L1T would be better and it was worse than the Amazon one.
I've worked with quite a few ISPs and exchanges. I haven't set up port mirrors for the NSA but I have setup temporary mirrors for the FBI upon request.
IaaS is mostly like this already. There are some things where it’s not used like VMs which serverless tries to solve. Additionally people tend to waste tons of resources with IaaS because they don’t scale on usage.
My solution to this has been creating a public bastion server and use Wireguard. Wireguard listens on a random UDP port (port knocking is more difficult here.) This client is set up to have a dynamic endpoint so I don't need to worry about whitelisting. The key and port information are stored in a password manager like Vaultwarden with the appropriate documentation to connect. Firewall rules are set to reject on all other ports and it doesn't respond to ICMP packets either. A lot of that is security through obscurity but I found this to be a good balance of security and practicality.