←back to thread

461 points thunderbong | 1 comments | | HN request time: 2.4s | source
Show context
forgotoldacc ◴[] No.42133949[source]
I've been putting off digging into AWS for years now, and it's because of stories like these. There really should be a standardized training course that requires no credit card info and lets people experiment for free.

Instead they have some pencil pushers calculating that they can milk thousands here and there from "user mistakes" that can't be easily disputed, if at all. I'm sure I'm not the only person who's been deterred from their environment due to the rational fear of waking up to massive charges.

replies(4): >>42133979 #>>42133993 #>>42134100 #>>42134549 #
etothepii ◴[] No.42133979[source]
It is very unusual for AWS not to issue refunds in situations like this, so I don't think it's a function of them finding an edge to milk thousands from user mistakes. More likely they've found that issuing refunds is less onerous than it would be to provide accurate and cheap tutorials.

Perhaps that does not excuse the behaviour but AWS reversed a $600 charge I incurred using AWS Textract where the charges were completely legitimate and I was working for a billion dollar enterprise.

replies(4): >>42134038 #>>42134132 #>>42135040 #>>42135185 #
bdcravens ◴[] No.42134038[source]
I accidentally pushed an AWS key to a public repo, and by the next day, had like $50k in charges from crypto miners. AWS reversed the charges, with the only condition that we enable some basic security guardrails that I should have had in place to begin with.
replies(1): >>42134170 #
normie3000 ◴[] No.42134170[source]
What were the guardrails?
replies(1): >>42134567 #
1. duckmysick ◴[] No.42134567[source]
Automated secrets scanning is one of them. You can do it as a pre-commit hook. GitHub and Gitlab can scan it too.

https://docs.github.com/en/code-security/secret-scanning/int...

https://docs.gitlab.com/ee/user/application_security/secret_...