An empty S3 bucket can make your AWS bill explode
3 days ago
- #S3
- #Cloud Security
- #AWS
- An empty S3 bucket can lead to unexpected high AWS bills due to unauthorized PUT requests from misconfigured third-party tools.
- AWS charges for unauthorized requests (4xx), meaning even denied access attempts can incur costs.
- Requests without a specified region default to us-east-1, leading to additional charges for redirection.
- Publicly writable S3 buckets can collect unintended data, posing security and privacy risks.
- Key lessons include: anyone knowing your bucket name can increase your bill, random suffixes enhance security, and specifying regions reduces costs.
- AWS and tool maintainers were notified, but AWS considers this a third-party configuration issue and won't block problematic bucket names.