What’s New on AWSMay 13, 2024

Amazon S3 will no longer charge for several HTTP error codes

https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-s3-no-charge-http-error-codes/

Amazon S3 will make a change so unauthorized requests that customers did not initiate are free of charge. With this change, bucket owners will never incur request or bandwidth charges for requests that return an HTTP 403 (Access Denied) error...

Amazon S3 will no longer charge for several HTTP error codes

Amazon Web Services, Inc.
Show threadRoyce Williams
@awswhatsnew inb4 someone sets up C2 infra that returns a 403 with a "random error code" that also happens to be C2 payload / instruction fragments
May 13, 2024 at 11:48pmWeb
Show threadDavid ManningMay 14, 2024
@tychotithonus @awswhatsnew ngl this was my first thought.
Show threadwaldiMay 14, 2024
@tychotithonus @awswhatsnew You can change the return message for unauthenticated users? I thought those are rejected way before it gets any actual data.
Show threadRoyce WilliamsMay 14, 2024

@waldi

Yep, you're exactly right for direct connections, but there are workarounds (rpoxy/gateway)

@awswhatsnew

Show threadwaldiMay 14, 2024
@tychotithonus @awswhatsnew But that is no longer S3, so not free?
Show threadRoyce WilliamsMay 14, 2024
@waldi
Yeah, it's a fair point!
@awswhatsnew