So apparently if someone knows / guesses the name of your S3 bucket - even if it's private (!) - they can just bankrupt you by sending infinite PUT requests and there is nothing you can do about it. > requests get rejected > but AWS still counts it as a write operation against your account for which you have to pay at a rate of $0.005 per 1000 requests This seems insane. Especially because a lot of services rely on presigned URLs for uploads / downloads which exposes your bucket name to the client. In this case the author got their bill waved, but AWS support made it clear it's an exception not the rule. link to article: https://lnkd.in/gtmBhSYx
CST - Cyber Sapient’s Post
More Relevant Posts
-
I have a story for you today. ⚡ Imagine someone accidentally setting a bucket policy on S3 to S3:* deny without specifying conditions. You can't do much with that bucket through the AWS console. The same applies to CLI and SDK. And it's the worst-case scenario if you don't have any backups - because, someone treated it as a "nice-to-have." 😅 I hope none of you have experienced this mishap! 😨 I almost did it once one time during a PoC by hand in AWS console. But thankfully, I left myself VPC access. So, I simply spun up an EC2 instance and changed the policy using AWS CLI. But what if you completely lock yourself out? 🔒 Here's a tip: 💡 use your root account to delete bucket policy. Even if you have an account within an organization, a root account gets created in the background when setting up the organizational account. This is why providing an email address at the account creation stage is mandatory. Just reset the root account password to log in and gain access to the root account of your organization's sub-account. ⚠ Be careful and remember to use your root account only when necessary, and enable two-factor authentication for it. Image generated by Dalle
To view or add a comment, sign in
-
What do you do if all the API calls are failing and there is no error on the service ??? Has this ever happened with you ? Recently I faced this incident where all the containers were crashing but there was no error. The containers were exiting because of OOM. Unsure about what really happened dug further and saw an aws service was retrying like crazy 😅. And because of some initial failures, the retries bombarded the service and brought it almost completely down. Autoscaling was not quick enough to act, and the retries kept increasing. Scaling the service would generally be a good idea but even after 2x or 5x the number the service was not able to recover. Had to actually stop the aws service calls for a very small duration and let them fail for the service to recover properly and later processed those calls slowly😅 I found this one really interesting where there were no errors but just the sheer scale of retries brought the system down. Follow Arpit Adlakha for more !
To view or add a comment, sign in
-
This is why it is so important to truly understand the cost structure of your cloud infrastructure. A seemingly simple deployment can turn out to be a lot more costly than expected.
Today I learned you can get a surprise bill on AWS S3. If someone knows or guesses names of S3 buckets and sends a significant amount of PUT requests to your bucket name, $0.005 per 1000 requests . https://lnkd.in/d7tgB35x
To view or add a comment, sign in
-
𝗗𝗶𝗱 𝘆𝗼𝘂 𝗸𝗻𝗼𝘄 𝗦𝟯 𝗰𝗮𝗻 𝗰𝗵𝗮𝗿𝗴𝗲 𝘆𝗼𝘂 𝗳𝗼𝗿 𝘂𝗻𝗮𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗲𝗱 𝗶𝗻𝗰𝗼𝗺𝗶𝗻𝗴 𝗿𝗲𝗾𝘂𝗲𝘀𝘁𝘀? If I happen to know your 𝗯𝘂𝗰𝗸𝗲𝘁 𝗻𝗮𝗺𝗲, I can easily exploit it with a simple loop: 𝙖𝙬𝙨 𝙨3 𝙘𝙥 /𝙥𝙖𝙩𝙝/𝙩𝙤/𝙮𝙤𝙪𝙧/𝙛𝙞𝙡𝙚.𝙩𝙭𝙩 𝙨3://𝙮𝙤𝙪𝙧–𝙗𝙪𝙘𝙠𝙚𝙩–𝙣𝙖𝙢𝙚/𝙙𝙤𝙘𝙪𝙢𝙚𝙣𝙩𝙨/2024/𝙛𝙞𝙡𝙚.𝙩𝙭𝙩 And guess what? AWS will charge 𝗬𝗢𝗨, the bucket owner, for every request. A standard S3 PUT request costs about $𝟬.𝟬𝟬𝟱 per 𝟭,𝟬𝟬𝟬 requests. Doesn't sound like much, But imagine someone running this in a loop, sending thousands of requests, it adds up fast. Here are 3 steps you can take to avoid randomly waking up to a massive bill one morning :-) 1. Hide your S3 bucket name and avoid sharing it publicly. 2. Add a random suffix to your bucket name to make it harder to guess. 3. You can also configure AWS CloudWatch to monitor unusual activity and set up alerts, so you’re notified before the bill becomes a nightmare!
To view or add a comment, sign in
-
Beware! We've recently discovered that AWS is charging users for 4xx requests to S3 buckets. This is alarming and requires immediate attention. 😐 As indicated by numerous GitHub references, this issue impacts a significant number of users, particularly those using us-east-1 buckets. A simple PUT request can easily result in massive bills for other users. We strongly urge AWS to take action and cease charging for 4xx requests to S3 buckets. Doing so would not only benefit users financially, but also prevent potential billing catastrophes. This is so alarming: https://lnkd.in/dwWBnKtU #AWS #S3 #CloudComputing
To view or add a comment, sign in
-
Cloud Architect Specialist || 2* AWS Certified || Terraform || Hashicorp Vault || Packer ||Jenkins || Ansible || Linux
📣 AWS Billing Disaster 📣 Last month, I received a bill for $75 😢 in my playground account, which might not seem like much, but it was a significant spike for me compared to my usual 💰 $2-$3 bills. Recently, while working in my playground account on the Route 53 resolver, I believed I had deleted the inbound and outbound endpoints created during my usage. Still, unfortunately, I had missed deleting inbound resolver endpoints. This oversight resulted in substantial costs as the interfaces continued running for a month unnoticed until I received the bill. I always assumed that being experienced this wouldn't happen with me as I diligently delete resources in my playground after use, but this incident proved otherwise. Here are the lessons I've learned from this experience: 💡 Establish a Budget and Set Alarms. 💡 Pay close attention to the service pricing. 💡 Longer approach, consider Infrastructure as Code (IaC) for testing and managing resources (e.g., Terraform, CloudFormation). 💡 Although manual, regularly(in a day) check the billing console for the current cost. What are your suggestions? #Amazon #AWS #Cost #Unexpectedbills
To view or add a comment, sign in
-
Software Engineer at Capricon | Full Stack Developer (Java, Spring Boot, Angular, MERN, MEAN) | Open Source Contributor | Technical Blogger | Aspiring Lead Developer
Excited to share my latest Medium article on deploying a Spring Boot application on AWS! 🌐 In this step-by-step guide, I cover everything you need to know to get your Spring Boot project up and running on an AWS EC2 instance, from setting up the instance to configuring a reverse proxy with Nginx. Whether you're new to AWS or looking to streamline your deployment process, this article has you covered. Check it out and let me know what you think! 👇
Deploying a Spring Boot Project on an AWS Server
link.medium.com
To view or add a comment, sign in
-
Did you know that each instance of Phoenix Pricing operates within a dedicated and secured AWS cluster? We possess the capability to assign or withdraw these instances to our clients and potential customers within a period of thirty minutes. Access to each instance is facilitated through a distinct URL, structured as follows: https://<unique_identifier>.phoenixpricing.eu
To view or add a comment, sign in
-
Principal Security Solutions Architect at Amazon Web Services (AWS) - Author - Speaker - AWS Spokesman - I help organizations improve their security posture in the cloud
Ever wanted to run a command across all your AWS regions, or on all your accounts, or on all your accounts in a specific OU ? this simple command line utility will help you quickly execute actions in mass. Use it mainly for read-only actions, and if you want to run changes, always test before to make sure you're not breaking something.
GitHub - aws-samples/aws-with: aws-with provides a command line utility to help manage complex AWS environments. It can perform the same action against a large number of AWS accounts and is AWS Organizations aware.
github.com
To view or add a comment, sign in
-
Chaotic Good Digital Marketing & Brand Expert | Perfect fit for startups | Know where and how to start your marketing journey
They say if you're the smartest person in the room, you're in the wrong room. Well, with Dmytro Sirant around, I am always safe 😁 Amazon Web Services (AWS) please take a look at his article. It looks like something that might be valuable for your customers! #AWS #CloudWatchLogs #CostOptimisation #BugOrFeature #RDSProxy
15x AWS certified | Well-Architected Reviews | High Availability, Disaster Recovery, Security compliance | Kubernetes
I'm just wondering if it's something that Amazon Web Services (AWS) is going to fix or if it's not such a big deal as billing for S3 error messages. #AWS #CloudWatchLogs #CostOptimisation #BugOrFeature #RDSProxy
Mandatory CloudWatch logging: is it a bug or feature?
link.medium.com
To view or add a comment, sign in
30,953 followers