An empty S3 bucket can make your AWS bill explode

7 comments

• $awirth 28 minutes ago

  It's been a year. Has it been disclosed what tool had this misconfiguration?

• $Dylan16807 13 hours ago

  (2024)

  Previously: https://news.ycombinator.com/item?id=40203126

• $cactacea 13 hours ago

  I always recommend using random strings for bucket names. If you want/need it to be human readable then use a random suffix instead.

• $leptons 13 hours ago

  The article is from April 2024, and AWS announced it would stop stopped charging the account owner for bad/unauthorized requests to S3 as of May 2024.

  https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-s3...

• $jauntywundrkind 10 hours ago

  One of the items off the Serverless Horrors submission from today.

  https://serverlesshorrors.com/all/aws-13k/ https://news.ycombinator.com/item?id=45157110

  As noted in comments, AWS no longer charges for bad/unarhorized requests. https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-s3...

  The Serverless Horrors submission has some pretty amazing scenarios in it. Truly scary surprises!

• $spwa4 12 hours ago

  TLDR: any kind of usage based billing, where you don't control the usage, will have issues of cost explosions. It doesn't matter much what it is exactly.

  Get your own machines. Get colo instead of cloud.

• $cutler 13 hours ago

  It's simple - stop using AWS ... or Azure ... or ... Follow DHH and learn to manage your own boxes.