• @modeler
    link
    196 months ago

    This was actually because a small developer picked the name of their new S3 bucket that happened to collide with a default name of an open source package. Over one weekend they racked up $1300 charges and thousands of users attempted to upload to their bucket. Every call failed (invalid api key) but the developer was still charged.

    Wild.

    Here’s the sauce

    • @[email protected]OPM
      link
      fedilink
      English
      2
      edit-2
      6 months ago

      Here’s the sauce

      I don’t buy it. Unauthorized access attempts are a constant on the internet in general, and in AWS endpoints in particular. When anyone exposes an endpoint, it’s a matter of minutes until it starts to get prodded by security scanners. I worked on a project where it’s endpoints were routinely targeted by random people running FLOSS security scanners resulting in thousands of requests that were blocked either by rate-limiting or bad/lack of credentials. I don’t believe that a single invoice of $1k would trigger such a sudden and massive change of heart, when accidental costs in AWS easily reach orders of magnitude above that price tag.