Recently we discovered AWS Budgets and we added some budget controls for our account. We are using AWS mainly for file storage (s3) and we have quite a lot of files there.
Since AWS charges network fees for s3 file access, it occurred us that a person with malicious intent can do a ddos attack on our public files stored on s3 and cause a huge aws bill for us.
To avoid that, we created a budget with X USD upper limit and added the AWSDenyAll IAM Policy as the action for that budget. Our question is that, while it seems like it blocks the selected users to take al sort of actions on AWS services, does it also cut the public access for the s3 buckets we have, so that the costs stops at that point in case of an attack?
Thanks.
