How to limit number of reads from Amazon S3 bucket - amazon-web-services

I'm hosting a static website in Amazon S3 with CloudFront. Is there a way to set a limit for how many reads (for example per month) will be allowed for my Amazon S3 bucket in order to make sure I don't go above my allocated budget?

If you are concerned about going over a budget, I would recommend Creating a Billing Alarm to Monitor Your Estimated AWS Charges.
AWS is designed for large-scale organizations that care more about providing a reliable service to customers than staying within a particular budget. For example, if their allocated budget was fully consumed, they would not want to stop providing services to their customers. They might, however, want to tweak their infrastructure to reduce costs in future, such as changing the Price Class for a CloudFront Distribution or using AWS WAF to prevent bots from consuming too much traffic.
Your static website will be rather low-cost. The biggest factor will likely be Data Transfer rather than charges for Requests. Changing the Price Class should assist with this. However, the only true way to stop accumulating Data Transfer charges is to stop serving content.

You could activate CloudTrail data read events for the bucket, create a CloudWatch Event Rule to trigger an AWS Lambda Function that increments the number of reads per object in an Amazon DynamoDB table and restrict access to the objects once a certain number of reads has been reached.

What you're asking for is a very typical question in AWS. Unfortunately with near infinite scale, comes near infinite spend.
While you can put a WAF, that is actually meant for security rather than scale restrictions. From a cost-perspective, I'd be more worried about the bandwidth charges than I would be able S3 requests cost.
Plus once you put things like Cloudfront or Lambda, it gets hard to limit all this down.
The best way to limit, is to put Billing Alerts on your account -- and you can tier them, so you get a $10, $20, $100 alerts, up until the point you're uncomfortable with. And then either manually disable the website -- or setup a lambda function to disable it for you.

Related

aws notifications for data transfer costs

I am using an ec2 linux instance on aws, I am trying to stay inside the Free Usage Tier, but today I have noticed a charge for DataTransfer cost in Billing Management.
I don't know what the limits for DataTransfer are but I'm using aws for the host of a telegram bot
I would like to stay within the limits of the Free Usage Tier, is there a way to receive notifications just before exceeding the limit for data transfers or simply setting a limit not to be exceeded?
You can set up billing alerts, at any dollar amount you want, but keep in mind that if your service is getting slammed with requests, your account will still keep accumulating charges even after the alert is sent out - so depending on how long it takes you to respond to the alert (and turn off services for example), and how fast services are being consumed, you may still end up with an unexpected bill.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

Amazon S3 Requests Usage seems high

I have been using the AmazonS3 service to store some files.
I have uploaded 4 videos and they are public. I'm using a third party video player for those videos (JW Player). As a new user on the AWS Free Tier, my free PUT, POST and LIST requests are almost used up from 2000 allowed requests, and for four videos that seems ridiculous.
Am I missing something or shouldn't one upload be one PUT request, I don't understand how I've hit that limit already.
The AWS Free Tier for Amazon S3 includes:
5GB of standard storage (normally $0.023 per GB)
20,000 GET requests (normally $0.0004 per 1,000 requests)
2,000 PUT requests (normally $0.005 per 1,000 requests)
In total, it is worth up to 13.3 cents every month!
So, don't be too worried about your current level of usage, but do keep an eye on charges so you don't get too many surprises. You can always Create a Billing Alarm to Monitor Your Estimated AWS Charges.
The AWS Free Tier is provided to explore AWS services. It is not intended for production usage.
It would be very hard to find out the reason for this without debugging a bit. So I would suggest you try the following debugging :
See if you have cloudtrail enabled. If yes, then you can track the API calls to S3 to see if anything is wrong there.
If you have cloudtrail enabled then it itself put data into the S3 bucket that might also take up some of the requests.
See if you have logging enabled at the bucket level, that might give you more insight on what all requests are reaching your bucket.
Your vides are public and that is the biggest concern here as you don't know who all can access it.
Setup cloudwatch alarms to avoid any surprises and try to look at logs to find out the issue.

How to prevent spamming of AWS cloud front?

I am learning AWS , and came across hosting static websites using Amazon S3 and distributing to edge locations using Cloud Front and Route53.
I know that for Cloud front we pay for what we use. So my monthly bill will reflect the number of requests I get once the free tier is over.
My question is what if a hacker or someone sends a lots of requests like spamming, then will I be charged higher?
How to prevent this and does AWS has any security measures like limiting the number of requests to serve per minute or something for this ?
Pardon me if my question is very basic. I am just learning . Thanks
My question is what if a hacker or someone sends a lots of requests like spamming, then will I be charged higher?
Yes. You are charged a per-request price, as well as data transfer charges. The per-request charges are relatively low, but if they find a large file to download they can quickly run up the bandwidth charge.
does AWS has any security measures like limiting the number of requests to serve per minute or something for this ?
Yes, you want WAF, the Web Application Firewall. With it you can configure a rate-limited rule that will block an IP address after N requests within a five-minute period.
As I know you pay for Caches Invalidations on AWS but not for a number of requests done to your CloudFront distributions.

AWS S3 how to get prefix cost in period

I have a bucket that receives something around 20 new prefixes in a day.
The prefixes have files that are our products, and we need to know how much each product costs to keep on air.
I was researching how to get the total cost of each product (storage and data transfer) with 'Cost Explorer' and 'CloudWatch'.
The first does not seems to help me, while cloudwatch does have prefix or tags options, but I need to previously specify which prefix to watch over.
Is there a way to get this cost without previous configuration?
Cost is easy, since it is based on volume of data. Use Amazon S3 Inventory to obtain a daily listing of content.
Access costs is not available broken down by prefix. Instead, use Amazon S3 Server Access Logging to break down access by object and, therefore, by prefix. Then allocate the billed data transfer costs amongst prefixes. Use Bytes Sent to determine volume.

Using AWS budgets to stop a services

I am currently signed up to the free tier of AWS. I am enjoying experimenting with various services including those not affording by said free tier. Can AWS's enhanced budgets be used to stop services like EC2 instances if I accidentally spend too much? Or do they merely act as alerts?
This is available for EC2, I don't think it is available for all of the AWS resources.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/UsingAlarmActions.html
Hope it helps.
There are several posts which looks it from different perspectives, such as this and this.
Having a cost cap might be a crucial requirement based on the usage, especially when considering how complex it is to set the things up properly and keeping everything secure on the cloud for an average user. At least we can expect to have a feature to switch on/off a cost-cap service, so a user can decide their own scenario easily.
Closest solution that I found is here:
Serverless Automated Cost Controls
https://aws.amazon.com/blogs/compute/serverless-automated-cost-controls-part1
It explains how to trigger AWS Lambda function to change IAM permission from EC2FullAccess to EC2ReadOnly when the budget exceeds the limit.
There is no built-in way to terminate services based on budgets or billing alarms.
You can get notified automatically, but it is then up to you to determine how to handle it.
Would you really want AWS automatically terminating your production infrastructure because you went $1 over your estimated monthly spending?
Edit: There is now a way to monitor and alert on free tier usage, and when your predicted usage will exceed the free tier. See here for details. You could probably come up with a way to terminate infrastructure based on an alert using SNS & lambda.
Edit 2: In Oct. 2020, AWS released Budget Actions - the ability to trigger an action when a budget thresholds are reached. This should give you the ability to automate a response - you can shut down servers, change IAM permissions to prevent additional infrastructure from being created, etc.
Recently, Amazon has given "budget action" to carry out actions like stop services automatically if the budget has exceeded.
https://aws.amazon.com/about-aws/whats-new/2020/10/announcing-aws-budgets-actions/
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/budgets-controls.html#:~:text=select%20Configure%20thresholds.-,To%20configure%20a%20budget%20action,-Under%20Configure%20thresholds