Our website recently came under a DDoS attack after we promoted it on a public platform. The attacker targeted our database first, which unfortunately didn't have adequate rate limits for GET requests. After managing to shut down the database, we thought we were in the clear. However, I just received our AWS bill for a staggering $15,000 due to 160TB of data egress, primarily because the attacker bombarded our S3 bucket with requests for over three days. I've already contacted AWS for assistance since we can't afford such a high charge. What are the chances that they will waive this fee? I reached out on Sunday night, and it's now been three days without a response.
5 Answers
Sorry to hear about your situation! It’s crucial to ensure your S3 bucket isn’t publicly accessible. Have you seen any updates on your case ID with AWS? If they see you're actively working to secure your account, there's a better chance they might consider waiving the charges.
It’s unfortunate how DDoS attacks can lead to such exorbitant charges. AWS may not waive the fee entirely, but if you can demonstrate that you’re taking steps to better secure your setup, they might offer some assistance or a discount.
Wow, that’s rough! In the future, consider setting up CloudFront in front of your S3 buckets. It can help with throttling requests and block unwanted traffic. I’d also recommend tightening your database security—make sure it’s not exposed to the internet.
Your experience is a good wake-up call about the importance of securing cloud resources. I suggest looking into implementing WAF and better rate limiting to avoid such issues down the line. You might also check if AWS can assist you regarding the bill, especially since this was a targeted attack.
Ouch! That's a significant bill! If you think about it, even with basic protections in place, S3 should never be exposed publicly to avoid such situations. Once you’re back on your feet, ensure you have adequate security measures to prevent this from happening again.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads