I've been reading about instances where websites hosted on S3 faced DDoS attacks that resulted in massive billing surprises. This was never an issue with my old hosting provider (hosting.com). While I've set up billing alerts to notify me when my monthly costs hit a certain limit, I worry that a DDoS attack might hit while I'm asleep or on vacation, preventing me from taking action quickly. Should I consider moving my site back to hosting.com for better protection?
4 Answers
Make sure your S3 bucket isn’t publicly accessible and only reachable through CloudFront. This will shield it from direct attacks.
If you have specific requirements for permission management, consider switching to Cloudflare R2. It mimics the S3 API but without egress fees, plus you can keep it secured behind Cloudflare's proxy. I've recently made the change with my static site and it's been fantastic.
Using CloudFront is a smart move! Besides setting up billing alerts, you can configure it to shut down services if costs exceed a certain threshold. That way, you can gain an extra layer of control over your expenses.
Absolutely! CloudFront works with AWS Shield, which provides excellent DDoS protection. Adding a web application firewall (WAF) with rate limiting can also help reduce costs from attacks.
Don’t forget that CloudFront has flat rate billing options now, so you can limit how much you're spending more efficiently.
It's worth noting that CloudFront's flat rate pricing can really help cap that single entry point's spending. Still, remember to set those billing alerts just in case! Here's a link to learn more about it: [Flat Rate Pricing](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-flat-rate-pricing-plans-with-no-overages/)
Great point! And linking your notifications to a Lambda function can help bring your resources down quickly if costs get out of control.
Definitely! CloudFront is key here.