this post was submitted on 14 May 2024
29 points (100.0% liked)
Cloud
513 readers
1 users here now
This community was created to share news, hold discussions, insights, and knowledge sharing about cloud computing and different cloud services like AWS, Google Cloud, Azure, and many others.
Read our rules here
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This was actually because a small developer picked the name of their new S3 bucket that happened to collide with a default name of an open source package. Over one weekend they racked up $1300 charges and thousands of users attempted to upload to their bucket. Every call failed (invalid api key) but the developer was still charged.
Wild.
Here's the sauce
I don't buy it. Unauthorized access attempts are a constant on the internet in general, and in AWS endpoints in particular. When anyone exposes an endpoint, it's a matter of minutes until it starts to get prodded by security scanners. I worked on a project where it's endpoints were routinely targeted by random people running FLOSS security scanners resulting in thousands of requests that were blocked either by rate-limiting or bad/lack of credentials. I don't believe that a single invoice of $1k would trigger such a sudden and massive change of heart, when accidental costs in AWS easily reach orders of magnitude above that price tag.