How an empty S3 bucket can make your AWS bill explode

lengau@midwest.social · 2 years ago

How an empty S3 bucket can make your AWS bill explode

deegeese@sopuli.xyz · 2 years ago

“By design” AWS bills project owners for unauthorized calls to the public S3 API.

So what I’m reading from this is you can do a billing attack on anything hosted in AWS so long as you know one of their bucket names.

bamboo@lemmy.blahaj.zone · 2 years ago

Seriously, now that this is more widely known, it’ll for sure be taken advantage of a lot, to the point AWS will begrudgingly protect their customers once the damage is done.

wpuckering@lm.williampuckering.com · edit-2 2 years ago

You shouldn’t be charged for unauthorized requests to your buckets. Currently if you know any person’s bucket name, which is easily discoverable if you know what you’re doing, that means you can maliciously rack up their bill just to hurt them financially by spamming it with anonymous requests.

NegativeLookBehind@lemmy.world · 2 years ago

This is insane.

gravitas_deficiency@sh.itjust.works · 2 years ago

lol dude, I’ve known several people who have worked at AWS for years, and the amount of duct tape and bailing wire Mickey Mouse shit that I’ve heard goes on there just… does not inspire confidence.

AmbiguousProps@lemmy.today · 2 years ago

As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used… the same name that I used for my bucket.

LostXOR@fedia.io · 2 years ago

deleted by creator

Deebster@programming.dev · 2 years ago

A great post, interesting and to the point.

neo (he/him)@lemmy.comfysnug.space · 2 years ago

Please use scribe.rip instead of medium.com for articles

https://nomedium.dev/

atzanteol@sh.itjust.works · 2 years ago

It’s fine if you dislike a site. But the correct thing to do is not consume their content, not to work around it.

kevincox@lemmy.ml · edit-2 2 years ago

Or use a browser extension to implement your preferences rather than push them onto others in a way that makes it harder for them to implement theirs.

If an article links to medium.com my redirects kick in, my link flagging kicks in and everything else. If everyone uses some different service to “fix” medium I am stuck with what they like. There is valuable to keeping the canonical URL.

I would also love to see domain blocks as a user preference in Lemmy. Just hide these sites that I don’t like.

borari@lemmy.dbzer0.com · 2 years ago

Medium is the journalistic version of the gig economy apps, mixed with a bit of digital landlording. The correct thing to do here is to bypass any of Mediums paywalls you might run in to.

sensiblepuffin@lemmy.world · 2 years ago

AWS was kind enough to cancel my S3 bill. However, they emphasized that this was done as an exception.

Dicks.

Hupf@feddit.de · 2 years ago

Chronographs@lemmy.zip · 2 years ago

That’s a rare vintage

Cosmic Cleric@lemmy.world · 2 years ago

Wow, makes one fearful to even use AWS. Yikes!

Definately required reading for those who use AWS.

_CC _BY-NC-SA _4.0