Reputation: 13501
How to limit AWS resource consumption?
Is any public file in s3 a open vault to someones wallet?
I have seen some scripts and external tools to monitor and react, i would like to know if currently there is any better way to limit AWS resource consumption.
Upvotes: 1
Views: 991
Answers (3)
Reputation: 1
Newvem is not availabe as it has been acquired by Datapipe now.
https://techcrunch.com/2013/09/10/datapipe-acquires-newvem-an-analytics-service-for-monitoring-aws/
Upvotes: -1
Reputation: 12901
You can use CloudWatch (AWS internal monitor tool) to set up a notification if some limit is reached. Once you get such a notification, you can limit the access to this bucket/file.
You can easily set up server access log (check docs), that will allow you to check if you are being attacked, and by who. For example:
$ ./s3curl.pl --id YOUR_AWS_ACCESS_KEY_ID --key YOUR_AWS_SECRET_ACCESS_KEY -- -s -v 'https://s3.amazonaws.com/mybucket?logging' > mybucket.logging
You have a set of restrictions that you can define. You can restrict based on IP range or even by referral (allow download the image, only if the referred site is your site). For example:
{
"Version":"2008-10-17",
"Id":"http referrer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com and mysite.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
" http://www.mysite.com/*",
" http://mysite.com/*"
]
}
}
}
]
}
Anyway, the price of a single hacker attack is rather low. S3 pricing are 0.12$ per GB and 0.01$ per 10,000 GET requests. It will take a huge effort and millions of requests to get you to a significant bill.
I recommend you to set up the notification above and track the access to your bucket before you go into effort to protect it.
Once you discover a problem you have the options above to protect it, as well as setting up a VPC (for no additional costs) and further control your content with your favourite security software.
Usually the problem is to get people to view your content, and S3 makes it easy to put up as much content as you want with rather low costs and effort.
Upvotes: 3
Reputation: 3609
AWS does have some built-in limits (for instance, around 20 concurrent instances except if you fill this form)
The best bet, though, is to place some alarms and consolidade with tools like newvem
Upvotes: 1
Related Questions
- How to limit the consuming rate from a topic?
- Amazon Web Services S3 Request Limit
- How can I rate limit AWS S3 bucket access
- How can I avoid AWS S3 throttling issues?
- How to optimise AWS s3 usage to handle "Please reduce your request rate" problem
- Can I limit the amount of data uploaded to an S3 bucket?
- AWS S3 : limit file size and billing
- Amazon EC2 -> S3 traffic limit
- Limiting amazon s3 downloads
- throttling amazon s3 to limit budget