CST - Cyber Sapient’s Post

View organization page for CST - Cyber Sapient, graphic

30,953 followers

So apparently if someone knows / guesses the name of your S3 bucket - even if it's private (!) - they can just bankrupt you by sending infinite PUT requests and there is nothing you can do about it. > requests get rejected > but AWS still counts it as a write operation against your account for which you have to pay at a rate of $0.005 per 1000 requests This seems insane. Especially because a lot of services rely on presigned URLs for uploads / downloads which exposes your bucket name to the client. In this case the author got their bill waved, but AWS support made it clear it's an exception not the rule. link to article: https://lnkd.in/gtmBhSYx

  • No alternative text description for this image

To view or add a comment, sign in

Explore topics