I work with AWS for my job, and they don't allow us to host websites on S3 due to potential risks. However, I'm considering creating a static website in my free time and hosting it on S3. I'm worried about the financial implications of a DDoS attack – is there a real risk of incurring huge unexpected fees? Mostly, it will just be for my own use, but if it takes off and I share it with friends, could costs spiral out of control? Should I look into using CloudFront or other solutions to mitigate this risk, or is it generally overblown? I'm not particularly worried about malicious attackers, but I want a realistic understanding of my situation.
5 Answers
If you want to protect yourself from costs, put CloudFront in front of your S3. It’s a great practice and mitigates a lot of risks.
Using CloudFront can really help reduce the number of GET requests hitting your S3 bucket, plus it has a free tier, making it cheaper overall. Setting billing alarms at $5 and $20 is a good safety net!
I'm setting up a Lambda to take action on my billing alerts! I just don’t want a surprise when I wake up to a huge AWS bill.
S3 has a pretty low charge for GET requests, but in rare situations, costs can skyrocket if someone decides to spam requests. Look into using a CDN like Cloudflare Pages too, it’s a great free option for hosting static content without the risks.
Just found a free option on Render for static sites. No need to stress about S3 costs or DDoS when there are simpler solutions out there!
Honestly, the risk of a DDoS on personal sites like these is minimal. It's more a concern of DDoS leading to 'Denial of Wallet' since S3 can handle a ton of requests. If you're only sharing with a few friends, just a basic setup with CloudFront and WAF should shield you from those costs.
Just remember any protection is better than none!
Exactly! Go for a CDN and keep those requests off your S3.