2

I would like to upload public images for a web app to a service like AWS S3 or Google Cloud Plateform. This is going to be public images like user profile picture, homepage images... so there is not point making a private bucket (I guess).

Is there a way on AWS or Google Cloud Plateform to prevent a user to do a kind of DDOS attack and kill my budget? A sort of rate limiting? Or something like "after $100 a day I want to block my bucket from access and stop being billed." ?

Irina
  • 75
  • 3
Damien Monni
  • 121
  • 2
  • 1
    You can setup a budget cloudwatch alarm which triggers a lambda script to mark the bucket as private. – jordanm Jun 04 '17 at 18:48
  • 1
    Nice idea @jordanm, as AWS doesn't have any kind of a way to cut off service at a $ amount. Perhaps you could expand your comment to a full answer? – Tim Jun 04 '17 at 19:43
  • 2
    *"so there is not point making a private bucket (I guess)"* No, that isn't true. Your web site can render the hyperlinks to these resources with expiring pre-signed URLs, or leverage expiring signed cookies (S3+CloudFront), or -- naïve and primitive though it is -- whitelist access by `Referer:`. One million `403 Forbidden` responses will cost you $5. – Michael - sqlbot Jun 04 '17 at 22:11
  • AWS has these alerts which can (at least as of Oct '21) trigger actions such as shutting down an EC2 instance. It seems like they can do some kind of limiting, but the thing is so confusing to me that I came here searching for an explanation of how to use it on S3 storage (or whether that works). – cesoid Oct 20 '21 at 16:32

1 Answers1

2

You can create a billing alert when spending exceeds a specific budget amount in your Cloud Platform Console [1]. If you need more detailed cost monitoring, you can export daily usage and cost estimates into JSON or CSV, and import to into 3rd party tools for further analysis [2].

Irina
  • 75
  • 3