I'm currently using AWS for work, and my company prohibits us from hosting websites on S3 due to potential risks. However, I'm considering creating a static website for personal use and hosting it on S3. What exactly are the risks involved? Should I be worried about incurring high fees in the future? My main audience would just be myself, but I might want to share it with a few friends if it turns out well. Is it worth exploring solutions like CloudFront and other protective measures, or can I relax about the risk? I don't have any known enemies, so I want to realistically assess my risk of being targeted for a DDoS attack or similar issues that could lead to unexpected costs.
5 Answers
Definitely put CloudFront in front of S3 and enable WAF rate limiting. It’s a tried and true approach. And hey, if your workplace is against using S3 for hosting, I wonder if they’ve gotten that rule wrong because of the very real risk of making S3 public-facing. Just to be safe, use CloudFront and lock things down appropriately!
Using CloudFront with your S3 setup is a great idea! It caches responses and tends to lower your GET requests on S3, which ultimately saves you money. Plus, CloudFront has a free tier that can help minimize costs even further. I recommend setting up billing alerts too—like one at $5 and another at $20—just to keep an eye on things!
Absolutely! And keep in mind, with CloudFront plus WAF (Web Application Firewall), you get decent cost protection since blocked traffic is free. There’s a small monthly fee for setting up WAF, but it can be really worth it for peace of mind.
I've also got billing alerts set up, but I'm considering adding a Lambda trigger to shut things down once I get notified. I really don’t want to wake up to a huge bill because of some unexpected traffic!
For low-cost hosting, you might also want to check out Cloudflare Pages or GitLab Pages. They can be easier to manage compared to S3 + CloudFront and offer SSL for free, which is a nice bonus. Just a thought if you want something simple without worrying about spikes!
In the end, the risk of a DDoS attack isn't the biggest concern; it’s really the financial aspect. If traffic suddenly spikes unexpectedly, costs can climb quickly. If you're serious, look into services like Shield Advanced for better protection, but keep in mind it can get pricey. And remember, AWS offers some reimbursement for incurred costs if it's in response to an attack!
Honestly, DDoS isn't much of a concern for static sites on S3. The real thing to look out for is your wallet getting drained if a large number of requests come in! Still, if you go the CloudFront route, you can help manage costs even better. Just remember, this isn't about someone actively attacking you—it’s more about protecting yourself from accidentally high charges due to a spike in traffic.
Exactly, I guess we're all just trying to safeguard against excessive requests that could lead to costs piling up. Have you considered WAF for additional security?
I agree! That rule seems a bit off. It would be much smarter of them to just enforce using CloudFront with restricted access to S3. It’s all about reducing potential exposure.