I have an Amazon S3 bucket hosting some images for a static website. To keep things simple, I made folders in the bucket publicly readable with "make public using ACL" in the web console (so I can just link to the images from elsewhere).
I want to set up a budget limit on this bucket so I don't wake up to a huge S3 charge if it gets Reddit-hugged etc. Can I make a Budget Action that disables public read access for an S3 bucket (folder)?
None of the built-in budget actions in the web console seem relevant. The bewildering AWS docs mention something about SCPs but I don't see those could apply here. Someone else asked a similar question here but got no answers.
So far I've
- Made my bucket and the files in it publicly readable (that's the point)
- Attached a user-defined tag (eg "budget_limit_foo") to the bucket
- Activated this tag as a cost allocation tag
- Created a budget in the Billing Console set to Fixed Budget, Blended Costs, and using tag "budget_limit_foo" as a filter dimension.
- Created a budget alert with threshold at 90% (that's the one that'll trip the action)
- Gotten to "attach actions" in the "Create Budgets" template and hit a wall.
And to clarify, I only want to disable public read — or file transfer out — on this one bucket when it hits its limit. I'd prefer it didn't delete the files!
