Jonty WareingUser: you charge me when people make unauthorised requests to an S3 bucket?
AWS: yes of course
User: but
AWS: working as intended
User: but
AWS: thank you for your money
Peter Amstutz@jonty
I am trying to wrap my head around this. If a bad actor wanted to harass a person or organization that is running a service using S3, and can figure out bucket names, they could trivially make the target run up a bill of tens of thousands of dollars and there's absolutely nothing that can be done about it except begging AWS for mercy?
I am trying to wrap my head around this. If a bad actor wanted to harass a person or organization that is running a service using S3, and can figure out bucket names, they could trivially make the target run up a bill of tens of thousands of dollars and there's absolutely nothing that can be done about it except begging AWS for mercy?
Erik Ableson@tetron @jonty @clementd Follow-up tip. In regular usage any of these suppliers will be 5-10x less expensive than doing S3 from Amazon anyway. Unless your entire infrastructure is based on AWS there’s no good reason to ever use Amazon’s S3 service (and even then it’s debatable)
Additional option: roll your own with something like Minio, Scality, …