Jonty WareingApr 29, 2024

User: you charge me when people make unauthorised requests to an S3 bucket?

AWS: yes of course

User: but

AWS: working as intended

User: but

AWS: thank you for your money

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

How an empty S3 bucket can make your AWS bill explode

Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?

Medium
Show threaddbread

@jonty

*innocent configuration oversight*

"If all those misconfigured systems were attempting to back up their data into my S3 bucket, why not just let them do so? I opened my bucket for public writes and collected over 10GB of data within less than 30 seconds. Of course, I can’t disclose whose data it was. But it left me amazed at how an innocent configuration oversight could lead to a dangerous data leak!"

This is so infuriating. Not only that devs use some magic packets with default configuration and produce data loss, but also that the managers require the devs to produce results asap. That's how such mess happens. #devlive #agile #rapid #prototype

Apr 30, 2024 at 12:30pmWeb