Article 6MFGK AWS S3 storage bucket with unlucky name nearly cost developer $1,300

AWS S3 storage bucket with unlucky name nearly cost developer $1,300

by
Kevin Purdy
from Ars Technica - All content on (#6MFGK)
GettyImages-139991195-800x532.jpg

Enlarge / Be careful with the buckets you put out there for anybody to fill. (credit: Getty Images)

If you're using Amazon Web Services and your S3 storage bucket can be reached from the open web, you'd do well not to pick a generic name for that space. Avoid "example," skip "change_me," don't even go with "foo" or "bar." Someone else with the same "change this later" thinking can cost you a MacBook's worth of cash.

Ask Maciej Pocwierz, who just happened to pick an S3 name that "one of the popular open-source tools" used for its default backup configuration. After setting up the bucket for a client project, he checked his billing page and found nearly 100 million unauthorized attempts to create new files on his bucket (PUT requests) within one day. The bill was over $1,300 and counting.

s3_requests.webp

Nothing, nothing, nothing, nothing, nothing ... nearly 100 million unauthorized requests. (credit: Maciej Pocwierz)

"All this actually happened just a few days after I ensured my client that the price for AWS services will be negligible, like $20 at most for the entire month," Pocwierz wrote over chat. "I explained the situation is very unusual but it definitely looked as if I didn't know what I'm doing."

Read 5 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments