456 comments

[ 6.3 ms ] story [ 399 ms ] thread
Scary, I'd have similar fears about using Firebase/Firestore in a production app.
I had an AWS account that charged me like $6 per month for a year after I thought I had turned everything off. I finally went on a hunt for what was causing it, and had to escalate to support to find it. This was 11/12 my fault I admit, I should have been on it after the first month.

More recently, I was looking for a cloud GPU provider, and tried a different provider that I won't name. I tried out a ~$3 per hour instance, and shut it down after maybe 20 min. A few hours later I (thankfully) started getting billing alerts that my bill would be $1500 ish at the end of the months if my usage kept up. I couldn't find anything still running, could not get anything from support (they had some kind of chat support that told me to open a ticket), first opened a ticket then after and then after ab hour shut down my account as a last ditch effort. At which point they promptly emailed me an invoice for the $16 I had incurred during the time before I cancelled. The help desk relied to my ticket like a week later, asking for more information.

Needless to say, I won't ever use that company again, but it could have been a lot worse, even more so if I was a student or someone who blew their whole experimentation budget on whatever mistake I made.

> [Vague description of provider now removed]

Hinting at the name like this seems unfair to any other companies that might reasonably be interpreted as "[Vague description of provider now removed]"... especially since I can't decide if you're sarcastic about [piece of description] part.

At the very least [two names] are big names that you could plausibly be referring too... and I could see only one name coming into many peoples minds and then them assuming you're referring to that provider.

I edited my comment if you want to edit yours.
Edited :)
is there an IAC template somewhere that resets an aws account to 0 and deletes everything? I know this articles point is this shouldn't be possible, but as long as it is, there should be a simple measure, that could be linked in tutorials for stopping ongoing charges.
I've gotten thousands of euro of 'free' Amazon cloud credits over the years, and would love to have used tried it out for cloud computing/GPU stuff, but the opaqueness of pricing means I won't touch it (except for S3 backups) - I just don't trust myself enough to not mess up.
Yup. Got charged over $800 for "experimenting" with a DynamoDB database and forgetting to delete it afterwards.

Sure, I called customer support and they reversed the charges. But something the nice lady on the other end said as she chuckled: "This happens all the time".

DigitalOcean is the worst with the dormant accounts. Just got dinged around $2.40 on my credit card. Going into DO I could not find what was causing that charge. There was nothing there. Wuuuttttt.

>DigitalOcean is the worst with the dormant accounts. Just got dinged around $2.40 on my credit card. Going into DO I could not find what was causing that charge. There was nothing there. Wuuuttttt.

Wuuuttt? Fraud is what.

I would not go that far to say it's fraud. Calm down.

Maybe it's something I missed. Maybe its some hidden feature that I did not turn off. But I deleted all my droplets, all my IP's all my firewalls, etc, etc and could not find anything else.

Could it be a convenience charge?
Perhaps a billing fee?
Perhaps you have a snapshot?

You should be able to look under your bill for a breakdown on what service the charge is for.

I'd double check that you don't have multiple orgs. You used to share a cess to your account with people, then they made some org change a while back that essentially moved that shared access setup to an org and gave you a new personal account iirc. Easy to not realize you have both.
The invoices on the billing page break down where the charges came from. If you download the pdf version, it has even more details.
You have in good faith attempted diligently to have a zero purchase. You cannot even find any purchases. In that case they have reached into your pocket and taken money without your consent. That is just a fact. By mistake? It's being short changed in a shop at the absolute best.

This is not a mistake any company should be able to afford to make. Ever. Under any circumstances. If it really is "just an error" they need to making amends in a very public and obvious way that is clearly expensive to them to show good faith.

But we don't get that. We have to fight from a position of being in the wrong when we have money taken from us by these fraudulent practices to overturn them.

It is necessary to go HARD at the morality of "accidental theft" because it is so prevalent and because all these companies clearly don't consider it a detriment to their reputation.

You've been diligent. When does it become their responsibility to not reach into your pocket when you clearly don't want that. Or anyone's pocket. I'd bet quite a sum that where there is one there is many.

This is where I'd say that every single paid service needs to have a way to contact a human being, and any cancellations expressed to that person by an authenticated user must be respected. If services are allowed to construct Gordian knots of byzantine interacting services, then there must be a way to cut through that mess.
Honestly I get lost inside of AWS. Only recently was I able to figure out why I was getting charged $.82/month which, in the long run, is really nothing. But it's amazing how hard it was to figure out why I was getting charged for something that I originally thought was just going to be free.
> DigitalOcean is the worst with the dormant accounts. Just got dinged around $2.40 on my credit card. Going into DO I could not find what was causing that charge. There was nothing there.

Did you look at the PDF invoice in the Billing section? I have never seen an invoice where the line items didn't add up to the amount charged to my credit card. If there's just $2.40 on there with no explanation, I'd open a support ticket to complain.

(While looking into this, I was surprised at how minimal DO invoices are, however. For GCP, I'm used to seeing on the order of a million line items per month. Seeing only 3 on my DO invoice was surprising, and could definitely lead to a case where something isn't accounted for correctly. But, I bet support will fix it up for you.)

Apparently I owe AWS 1 cent for DNS. The problem is I can't login to pay it, so every month I get a email that says "your aws account is going to be suspended" and 30 days later I'm disappointed that they didn't follow through with the threat.
I wonder if there is a human whose job is to final review suspensions and they just keep shaking their head at the measly pending $0.01 charge.
I keep a penny on my desk at work. Every time a coworker comes across somebody's account that is off by a penny, I offer it. They think I'm being funny, but the point I'm trying to make is that it wastes more than pennies worth of our time to spend it worrying about a few cents.

I've seen people mail in checks worth less than the stamp it took to send them. It's a wild world out there.

The interesting thing is, accounts being off by a penny or two (excluding actions such as customers doing a mis-type in the bank transfer) can actually point to deeper issues such as improper rounding somewhere in the path.
Usually they wrote us a check for the wrong amount at some point and end up with a small balance remaining in their account. We don't want to just forgive and forget every time somebody owes us $0.16, but if it's been there months and it's going to take extra effort to get it from them, it's probably not worth it.

We do try to determine where the discrepancy started and watch for indicators of a bigger issue.

Hahah yeah I say the same thing every month "yeah okay go ahead and do it then"

I have to imagine that these things are manual and a human has to do it, so they'll sort it by the size of the account and do what matters

They do this to me too every month, as the card on my AWS has expired, and they complain and complain and complain before finally charging the card on my Audible account. Definitely need to get around to separating those.
AWS charges me $1 or $2 every month, and I log into my account and click through every page and can't find a single active service or any clue on what it's for. It's marked "EC2 - Other", whatever the f that means
Possibly a disassociated elastic IP address?
Yeah, that's an elastic IP, check under EC2.

People forget to clean them up after shutting down the instance (probably kept in case you want to keep your IP)

It's crazy that it's so common, but that they wouldn't make that obvious.

Considering the whole IPv4 extinction that's coming down and all.

So an elastic IP is just an AWS provided IP that they hand over to you... it's free while your instance is running but if you stop your instance, you get a small bill (it's like $0.84 a month)
I will gladly welcome the eventual IPv4 extinction, but unfortunately I'm pretty confident it won't happen for another 30 years.
I don't have any elastic IPs. The only thing under EC2 is a security group that it won't let me delete, but seems like no resources. My bill this month is $2.88 /shrug
Check volumes, non-root volumes are kept on deletion but should be EBS charged instead.
What does the bill details screen show? I manage an AWS bill and I find it overly detailed. Others mentioned leftover EIPs, but the bill shows these as their own line item.

Not saying it can't happen, but I've never seen an 'Other' listed on the bill details screen. As I said above, it's detailed to a fault.

Actually it looks like this is for an EBS snapshot. Now it seems like EBS is a Lightsail feature, and the Lightsail console says that I don't have any storage or snapshots? Hm
EBS is also the general external storage attached to an instance. Go the ec2 console and look at snapshots and you should see it there. They are region specific, so make sure to select the region referred to on the bill.

I haven't used Lightsail, so I'm not sure if those snapshots end up in the general ec2 console. But, if you already checked the LS console and didn't see anything, then they must be in the ec2 console.

Yeah but it shows they are reasonable and flexible if a customer makes a mistake. The reason Google Cloud is third, people remember how they were treated when they used Google for Work or whatever its called now.

> But something the nice lady on the other end said as she chuckled: "This happens all the time".

Is better then if they said: "We reminded you about the consequences of not deleting, we have done nothing wrong."

> DigitalOcean is the worst with the dormant accounts. Just got dinged around $2.40 on my credit card. Going into DO I could not find what was causing that charge. There was nothing there. Wuuuttttt.

Oh I used to get this, for me it was snapshots of a VPS I destroyed. Completely my fault, but yeah it was annoying to figure out at the time. Probably worth checking you don't have any reserved IPs, disk backups or snapshots left over

The billing statements I see in DO under Billing (sidebar) > Billing history seem pretty verbose to me. If it's not there I would recommend reaching out to their support.
Ugh. I'm so glad my first owie was "only" $200. Hurt a lot at the time, though. I could still use that back...
I have a DO server thats been running for more rhan 5 years. It was the basic $5 bucks instance they offered at the time I felt a bit robbed a couple of days ago when I was spinning another instance and I saw that the newer $5 instance has more memory and more cpu power. I feel like they should have decreases the cost of the older less performant instance.

I have been spoiled by my Internet provider who year after year they will automatically increase my speed as they made it cheaper, as I paid the same amount for the service.

When they changed the pricing they emailed me and told me that I could effectively reprovision my machine to get the price difference, I think it was part of a rollout of some other infra as well.
I think I'm going to save this whole thread as "why zero friction micropayments are never going to happen".
Isn’t DO some random saved image from years ago? I’m still paying them for a few of those I think.
I used the AWS free plan many many years ago as a student. I was so paranoid about losing money that I immediately shut what I was using down after I thought I didn't need it any more (even though leaving it on was part of the free plan). I turned off the instance, but I forgot the public IP. A month later I got charted a few pennies because an associated public IP is part of the free plan, but an un-associated one isn't.

I didn't go bankrupt, but it proved to me how scummy AWS can be given that actually trying to use less is what got me charged.

AWS offers throw away accounts during immersion days, jam sessions, etc (especially at re:invent). It would be great if these were extended to the general public, even if at a small fee.
There’s a service like this called Qwicklabs that I have been using for GCP training. You load a time limited lab and get a new set of credentials only for that session. After the timer is up, poof everything is deleted.
Arguably discovering surprise bills absolutely should be part of the free tier, how else can you mentally prepare for running something in production on AWS?
If someone told me about a cool new programming language and to teach myself how to use it could either be free or maybe $5000 because infinite loops are expensive, am I going to learn it? Hell no.
Yeah, I'd dabble with this if not for me being forced to sign up with a credit card and them not offering any guarantees on how much they'd bill.
As a personal user, I wish they gave two options to fix this.

Option 1:

When credit balance reaches a certain level (or monthly spend reaches a certain level), initiate a resource stop on every resource that can be stopped without data loss. This would still incur charges for some things like EBS volumes, S3 data, etc, but at least it would slow the bleeding.

Option 2:

I don't care about data loss, just terminate everything when I hit the threshold. This should require a double-opt in and maybe a warning banner in the console UI.

I think it should be option 2 by default, but allow you to customise later if you want resource stops on only certain resources.

So option 2 by default with option 1 customisable from then on.

Oh come on. We all know that the 'accidental revenue' from the way Free Tier is set up probably makes up a cool 2 million or more annually. Plenty to justify its continued abuse of naive students. Why would they walk away from that cash? The only people they're pissing off is people who aren't using AWS anyway.
I’ve heard of plenty of people accidentally blasting past the free tier, or past dev credits, or other ways where they got burned by a surprise bill. 100% of those people have gotten a refund from AWS support by filing a ticket.

AWS pretty clearly isn’t raking in money on this. Even at your imaginary 2 million a year, that’s a drop in the bucket for AWS, let alone Amazon.

AWS bets on everyone who doesn't notice small recurring charges, not those who blow up their budget past the point of sanity.
That seems even more implausible. Do charges small enough to not be noticed stand a chance of being noteworthy for AWS?
It's got to be Hanlon's Razor here, I doubt AWS is twirling their mustache and cackling maniacally. It's probably a difficult problem to solve and not easily attachable to a profit center or something, so nobody feels empowered to actually fix it.

I'm sure some crusader within AWS could get it done if they tried hard enough and collected the data to show the negative side effects and how they effect AWS.

An article like this one is hopefully going to get someone within AWS to do just that.

I think this is actually the failure mode for companies like AWS: they may earnestly be so large/complex that no well-intentioned crusader can push through an improvement like this.

My gut is that this is actually the cause of most of the “evil” things that “large” companies do, where eventually they get so big and/or complicated that organizing an organic positive change isn’t plausible.

One person isn’t going to come remotely close to fixing this. I work for AWS/Azure/GCP and can tell you first hand that billing is an insanely hard problem to solve. It’s all done in batch by the service itself and pushed to a centralized service once all the hard work has been done. Each service has a small, underfunded team that handles billing and their last thought is some random guy spending a few grand on his personal account. Every ounce of their energy is going to reducing their own COGs and reacting to the asks of the biggest customers.
I did that, I didn't get a refund. Lost about $180.

I have a friend who I know didnt get a refund.

There is someone elsewhere in this post who didnt get a refund.

I don't know what the refund rate is, but it isn't 100%.

This ain't it.

Obfuscated billing helps Amazon with $350/hour engineers, where an engineer figuring out where $10k is going each year isn't a top priority. Been there, done that.

Obfuscated billing is definitely not there to hit free tier or poor folks. AWS has an awesome reputation for just about everything, and it isn't worth the reputation hit. Free tier is there so that:

* the student in college will pick AWS in their first job

* the random engineer will prototype something on the weekend, and Amazon gets millions of business

* the random pre-funding startup starts building on AWS, and if it goes big, so does the account

And it works. Amazon has made millions based on things I've built on free tier. AWS' problem is that my ONE YEAR free tier ran out probably around a decade ago, and I've long since moved on from what I was doing then. If AWS were to continue to provide me a free tier, the same thing would have happened a few times since.

AWS annual revenue is $50+ billion. (https://www.zdnet.com/article/aws-run-rate-hits-54-billion-a...)

Anything that they can get from "naive students" and developers who don't notice small recurring charges is so utterly insignificant that it can't justify any decision whatsoever. If the public relations aspects of it cause even a 0.01% change in AWS growth, that's already $5 million of lost revenue; if you can assure developers worldwide that it's not so risky to try and adopt AWS a bit more and get a 1% extra growth, that would be worth $500 million and justify walking away from all kinds of irrelevantly small cash flows.

If bad PR affected their business, they might have something to consider. But this will never affect their growth. They're not going to lose a single solitary sale that isn't already accounted for by their standard profit model. The only bad PR that would affect their business is if their actual reputation as a service provider were tarnished. Charging people money for a service they used does not tarnish AWS's reputation. It's their whole business model.

When you stay in a hotel room longer than you're supposed to and they charge you for another half day, or you eat food from the mini fridge, or buy a pay-per-view movie, etc, you could claim ignorance, and create stories about how terrible it is that people get charged for these things unknowingly. But Holiday Inn's bookings are still not going to take a noticeable hit.

Moreover, they don't even need to offer a Free Tier to get people to use AWS. They're AWS. They're the gold standard. It's like saying IBM would need a Free Tier (back when IBM wasn't trash). It wasn't a question of whether you should use IBM, it was whether you could afford it.

I really recommend using something like Linode for cheap throwaway, might be a bit more expensive (i.e: 5 per month), but the surprise factor disappears..
You'd have to be doing something extremely small to make a $5 Linode more expensive. AWS might be cheaper for a static site, but as soon as you involve a database you're probably paying more.

AWS is not cheap. A lot of people seem get bitten by this.

unfortunately for most cloud providers, you have to read through pricing very carefully and be even more careful with what you deploy. an infinite loop could lead to $$$$ in charges and billing alerts just alert you, they don't actually shut anything off
Is there seriously no way in AWS/Azure/GCP to specify "Here's my budget, shut everything down if I exceed $X"? I don't use those platforms much but was always surprised I couldn't find anything like that right off the bat. I'll build cloud stuff if it makes sense at work, but if I'm footing the bill I'll stick to something that can provide an actual upper limit.
You can set price alerts to email you on the day when you cross a monthly spending limit, but it is not the simplest thing to figure out.

I run a small server and have a few odds and ends and get emails at $5, $15, $50, $75, and $100. Haven't broken $75 limit yet...

The problem is that a billing alert at $10 won't prevent you from accidentally starting up something that will bring you a $1000 bill before you can react to that email - there needs to be a process that cuts off service at some hard limit instead of just sending an email and continuing to spend money.
completely agree. even though it creates a new class of problem, there should be a "cut me off immediately at $XXXX per month" option.
Of course there's a way. But it's opt-in, not opt-out.
(comment deleted)
(comment deleted)
IIRC the excuse is that billing is a separate department and they count all the usage dollars way after you done using it, not in realtime. You would still be able to go over your limit and then who should foot the bill?

Realtime counting would be too difficult to figure out, our brightest minds are busy figuring out engagement metrics.

This is my personal opinion, though I do work at AWS:

It's not that real time counting is difficult, it is that the amount of compute resources and electricity that would be needed to power real time billing at AWS scale would be astronomical. There is a reason why banks and financial institutions generally do batch processing in the off peak hours when electricity is cheaper and there is less demand for the compute resources. Now imagine AWS billing, which is arguably far more difficult in scale and complexity.

I also work at AWS (nowhere near billing), so the usual disclaimers apply, but:

I actually have no idea if billing is real-time or not? I think it's mostly batch, but the records aren't necessarily, though they may be aggregated a bit.

The general point in this thread certainly holds: our systems provide service first, bill second, and that by throwing a record over the wall to some other internal system. It's not unthinkable they could tally up your costs as you go, but the expense has fundamentally already happened, and that's the disconnect.

It would be hard to react ahead of time. Small, cheap things like "a single DynamoDB query" or "a byte of bandwidth" are often also high-volume, and you don't want to introduce billing checks to critical paths for reliability / latency / cost reasons. Expensive big-bang on/off things, probably simpler, though I can think of a few sticking points.

It would be hard to react after the fact, too. Where does a bill come from? My own team is deeply internal, several layers removed from anything you're recognize on an invoice, but we're the one generating and measuring costs. Precise attribution would be a problem in and of itself- cutting off service means traversing those layers in reverse, then figuring out what "cut off" means in our specific context. That's new systems and new code all around, repeat for all of AWS- there's a huge organizational problem here on top of the technical one.

I could see some individual teams doing something like this for just their services, but AWS-wide would be a big undertaking.

I wish we had it- I'd sleep a little better at night, myself- but from my limited perspective, it sure looks like we're fundamentally not designed for this.

“Small, cheap things like "a single DynamoDB query" or "a byte of bandwidth" are often also high-volume, and you don't want to introduce billing checks to critical paths for reliability / latency / cost reasons”

That’s hardly necessary. Let’s suppose you have some service that costs 1 cent every 1,000 queries. If you’re billing it then you need to be keeping track of it and incrementing some counter somewhere. If old number mod x < new number mod x them do some check, that’s very cheap on average and doesn’t add latency if done after the fact.

PS: Phone companies can pull this stuff off successfully for millions of cellphones. If you’re arguing keeping up with AT&T is to hard, you have serious organizational problems.

That counter may well not exist outside of billing for longer than it takes to batch some records together. It will need to be shared and synchronized with the rest of the fleet, the other fleets in the availability zone, the other zones in the region, the other regions, and every other service in AWS. There are strict rules about crossing these boundaries for sake of failure isolation.

As an amusing extra sticking point, your service has no idea how much it actually costs, because that's calculated by billing- the rates may vary from request to request or from customer to customer.

Without spending way too long thinking about it, the complexity in figuring out exactly when to stop is significant enough that it probably cannot practically be done in the critical path of these kinds of high-volume systems, hence the reactive approach being more plausible to me.

I don't know what kinds of problems AT&T has, but at the risk of saying dumb things about an industry I know next to nothing about, your phone is only attached to one tower at a time, and that probably helps a bit. And I'm not sure when it wouldn't be simpler and just as good for them to also react after the fact, anyway.

>your phone is only attached to one tower at a time

Not when you're being simswapped

First arguing based on existing infrastructure ignores the fact your changing the system therefore any new system is a viable option. All the existing system changes is how much things cost. Anyway, for independent distributed systems you can use probability rather than fixed numbers.

That said, your losing the forest for the trees, the accuracy isn’t that important. You can still bill for actual usage. A 15 minute granularity is vastly better than a 30 day one. As long as you can kill processes you don’t need to check in the middle of every action. Things being asynchronous is just the cost of business at scale.

I'm hardly saying it's impossible; I'm saying that it's not easy, and may even be hard. Doing it well would likely require a wide-reaching effort the likes of which would eventually reach my ears, and the fact that I haven't heard of such a thing implies to me that it's probably not an AWS priority.

Why that would be, I leave to you.

> PS: Phone companies can pull this stuff off successfully for millions of cellphones. If you’re arguing keeping up with AT&T is to hard, you have serious organizational problems.

To be fair, AT&T in particular does prepaid shutoffs on a pretty coarse granularity, I think it's like 15-minute intervals.

I know this because for a while I had to use a prepaid LTE modem as my primary internet connection. You can use as much bandwidth as you want for the remainder of the 15-minute interval in which you exceed what you've paid for -- then they shut you off.

I once managed (by accident) to get 3GB out of a 2GB plan purchase because of this.

Of course that free 1GB was only free because I consumed all of it in the 14.9 minute time period preceding NO CARRIER.

There’s a lot of middle ground between credit limit checks within every database transaction and the current state.
> There’s a lot of middle ground between credit limit checks within every database transaction and the current state.

But there isn’t a lot of middle ground between distributed, strongly-consistent credit limit checks every API call and billing increment (which is, IIRC, instance-seconds or smaller for some time-based services) and a hard billing cap that is actually usable on a system structured like AWS. Partial solutions reduce the risk but don’t eliminate the problem, and at AWS scale reducing the risk means you still have significant numbers of people reliant on the “call customer service” mitigation, and how much spending and system compromise to narrow this billing issue is worthwhile if you are still in that position?

(comment deleted)
> the amount of compute resources and electricity that would be needed to power real time billing at AWS scale would be astronomical

You don't have to bill in real time.

You just have to provision funding for every resource except network bandwidth.

Customer sets a monthly spend limit. Every time they start up an instance, create a volume, allocate an IP, or do anything else that costs money, you subtract the monthly cost of that new thing from their spend limit. If the spend limit would go negative, you refuse to create the new resource.

If the spend limit is still positive, the remaining amount is divided by the number of seconds remaining in the month times the bandwidth cost. The result becomes that customer's network throughput limit. Update that setting in your routers (qdisc in Linux) as part of the API call that allocated a resource. If you claim your routers don't have a limit like this I call shenanighans.

This should work perfectly for one region.

There's probably a way to generalize it to multiple regions, but I'm sure most small/medium customers would be happy enough to have a budget for each region. They'd probably set most regions' budget to zero and just worry about one or two.

The web UI probably would need to be updated to show the customer "here is what your bandwidth limit for the rest of the month will be if you proceed; are you sure?". JSON APIs can return this value when invoked in dry-run mode.

> Update that setting in your routers (qdisc in Linux) as part of the API call that allocated a resource. If you claim your routers don't have a limit like this I call shenanighans.

Eh. AWS's edge network is highly distributed. Unless you want an even split of your rate limit across every possible way out of the network, you'd be much better off settling for an even split across your EC2 instances, and there's no room for bursting in this model. Enforcing per-instance limits (on any dimension) sounds pretty feasible, though.

This wouldn't generalize straightforwardly to services that don't have obvious choke points that can impose this sort of throttling, such as, I think, DynamoDB.

> Customer sets a monthly spend limit. Every time they start up an instance, create a volume, allocate an IP, or do anything else that costs money, you subtract the monthly cost of that new thing from their spend limit. If the spend limit would go negative, you refuse to create the new resource.

AWS systems are highly distributed; this kind of sharp billing cap would necessarily introduce a new strong consistency requirement across multiple services, many of which aren’t even strongly consistent considered one at a time (and that’s often true even if you limit to a single region.)

> Every time they start up an instance, create a volume, allocate an IP, or do anything else that costs money, you subtract the monthly cost of that new thing from their spend limit

For the motivating use case (avoiding a bill on the scale of even $200—possibly even $1—from a free-tier-eligible account), using monthly chunks doesn’t work; you suddenly couldn’t spin up a second simultaneous EC2 instance of ant kind after an initial t3.micro instance, which would cutoff many normal free tier usage patterns.

I mean, that’s a good way of capping if you are using AWS as a super overpriced steady-state VPS, but that’s not really the usage pattern that causes the risks that the cap idea is intended to protect against.

This is a particularly poor solution to completely the wrong problem.

> AWS systems are highly distributed

Hogwash, I tried to spin up 100 of your F1 instances in us-east-1 a week or two after they first became available, and found out about this thing called "limits".

Wherever you're enforcing the limit on max number of instances per region is already a synchronization point of exactly the sort needed here.

I'm sorry, this just doesn't pass the bullshit test. Resource allocation API calls are not even remotely close to lightning-quick. There is no fundamental immutable constraint here.

> For the motivating use case (avoiding a bill on the scale of even $200—possibly even $1—from a free-tier-eligible account),

Avoiding a $1 bill is definitely not the motivating use case.

A lot of people would be happy to have a mechanism that could prevent them from being billed 5x their expected expenditure (i.e. they set their budget limit to 5x what they intend to spend). It doesn't matter that that isn't perfect. It is massively better than what you're offering right now.

> Hogwash, I tried to spin up 100 of your F1 instances

I don’t have any F1 instances. Have you mistaken me for an AWS employee rather than a user?

> in us-east-1 a week or two after they first became available, and found out about this thing called "limits".

Yes, individual services, especially in individual regions, and especially a single type of resource within a service within a region like, say, instances in EC2, are often at least enough like centralized to impose hard limits reasonably well.

Billing accounts (and individual real projects which—and this is one disadvantage AWS has vs, say, GCP—AWS has only the weakest concept of) tend to span multiple resource types in each of multiple services, and sometimes multiple regions.

> Resource allocation API calls are not even remotely close to lightning-quick.

Resource allocation API calls that have high latency aren’t the only API calls that cost money and would need coordination. Heck, API calls aren’t the only thing that costs money.

> You would still be able to go over your limit and then who should foot the bill?

The provider. What they do wouldn't be accepted in any other industry. Imagine hiring an appliance repair shop who sends a repair person that can fix your stuff immediately, but can't tell you what it's going to cost until 3 days after the work is done.

Then you get a huge bill because you wanted "appliance repair" (one of them), but ended up with "appliance maintenance" (all of them).

It's not real time billing, so there is no real way to disable service until costs have been determined.

I agree that it seems like a solvable problem, but it doesn't make them money so why should they care?

A spending kill switch can be setup on AWS using AWS Budgets alerts and Lambda but it’s a DIY project, not a built-in feature.
The whole point of a "spending kill switch" is as a backstop when you make a mistake; but if you do it as a "DIY project", what prevents you from making a mistake on it? It has to be a built-in feature.
So what services do you kill? Everything? Including databases and S3?
Ideally tunable, but sure. At least provide that option.
If it can be done DIY, it can be done first party.
If its done first party, someone (realistically, af AWS’ scale, a substantial number of someones) will mess up using it and nuke their account.

Customer service can correct “we screwed up and have a giant bill” easier than “we screwed up and lost all our data”.

So its not going to happen first party.

(It’s also not really possible DIY as a hard certain cutoff at or before a limit, only at an indefinite interval in time and money beyond a limit. So you still have potentially unbounded expense.)

That’s extremely hard to design, at least with the current state of what AWS bills and does not bill.

Example: let’s assume you’ve set the cut-off budget too strict, spun off another shard for your stateful service (DB for example), it received and stored some data during the short window before some other service brought whole account over budget (i.e. paid egress crossed the threshold).

To bring VM and EBS charges to 0 (to implement your idea of ‘shut down everything’) AWS will have to delete production data.

While it may be OK when you’re experimenting, it’s really hard to tell in automated way.

So, to fully comply w/o risking losing customer data, AWS will have to stop charging for not running instances and inactive EBS volumes which most definitely bring on many kinds of abuse.

There may be some other way to do this, maybe mark some services expendable or not, so they are stopped in the event of overspend.

They can simply add a nuclear option. Ordinary business probably won't enable that option but individuals can and should set it up.
It’s a lot easier for them to refund the individuals who make mistakes than deal with the fallout and bad press from the small businesses they’ve destroyed when they incorrectly enable that option.
I think there's a good argument that they could do better. But there's also probably an argument that harder circuit breakers would result in posts like "AWS destroyed my business right when I was featured in the New York Times"--including things like deleting production data. I'm sort of sympathetic to the idea that AWS should have an experimental "rip it all down" option and kill all stateless services option but that adds another layer of complexity and introduces more edge cases.
Merely being on free tier is a signal that you do not want a $27,000 bill. There is no excuse for what AWS does here, and it is clear they use this clusterfuck as a revenue stream.
A complicated solution is not what people are really asking for though.

What I and I expect most people want is a cap which then spins down services when they reach that cap. Nobody is going to care if the cap is set to $1000 and the final bill is $1,020. The problem being solved for is not wanting to have to ever worry about missing an alert and waking up to a bill that is a factor or two beyond expectations. I can afford my bill being 10% or even 40% above my expectation. I can't afford my bill being 500% off.

I do understand that, but there are services that are still billed for when ‘spun down’. To stop getting the bills they have to be terminated.

The solution seems to be to implement ‘emergency stop’ when whole account is put to pause but no state is purged. And then you’ll probably have a week or two to react and decide if you want larger bill, salvage the data or just terminate it all.

Yes, a useful last resort safeguard would need to be more granular than just "turn everything off", at least if we're talking about protecting production systems rather than just people learning and wanting to avoid inadvertently leaving the free tier or something like that.

Still, it's not hard to imagine some simple refinements that might be practical. For example, an option to preserve data in DB or other storage services but stop all other activity might be a useful safety net for a lot of AWS customers. It wouldn't cut costs to 0, but that's not necessarily the optimal outcome for customers running in production anyway. It would probably mitigate the greatest risks of runaway costs, though.

> So, to fully comply w/o risking losing customer data, AWS will have to stop charging for not running instances and inactive EBS volumes which most definitely bring on many kinds of abuse.

Another option would be to "reserve" them in the budget. That is, when for instance you create a 10 GB EBS volume, count it in the budget as if it will be kept for the whole month (and all months after that). Yes, that would mean an EBS volume costing $X per day would count in the budget as 31*$X, but it would prevent both going over the limit and having to lose data.

This creates a surprising situation.

We have a batch process that uses S3 as a way to temporarily store some big datasets while another streams and processes then and, once complete, removes them. This takes like an hour.

So our S3 bill could be, let’s say, $10/mo. If you went and looked at your S3 bill and saw that and thought setting a $20 cap would give you reasonable headroom you’d be sorely surprised when S3 stopped accepting writes or other services started getting shut down or failing next time the batch job triggered.

Under this system, the budget and actual bill need to be off by a factor of more than 10 ($240). And this also doesn’t stop your bill being off by a factor of 10 from what you “wanted” to set your limit to. More than the $200 under discussion.

Azure will alert you when you exceed a budget, but it won't disable anything.

Azure MongoDB billing was insanity. I was up to $800 to host a couple of GB that wasn't doing anything.

I'm still not sure what happened, even their support kept saying "it's priced by request units" and I kept saying "How does a handful of queries a day translate to $40 in request units?"

A year later, I think that I had a lot of collections and they seem to charge per-collection, but I'm still not even sure. Thank goodness we moved off of it after only a month or two.

I work for MongoDB. The writer is referring to CosmosDB, the Microsoft clone of MongoDB. You can runa real MongoDB cluster on Azure with MongoDB Atlas. The pricing model for Atlas is per Node size + disk + memory + data transfer. It's generally easier to predict your costs using this model. Users tend to over-provision with this model so we recommend using auto-scaling. This will allow your cluster to scale up or down based on load (price will adjust as well).
We switched to MongoDB Atlas which was awesome but I didn't want to sound like a stealth corporate shill. Atlas rocks!
I think the big problem is that usage collection is a few days out of date, at least for GCP. Autoscaling can react in seconds to increased load, but it takes about 3 days before that shows up on your cost reports. You can burn through a lot of cloud resources in 3 days.

GCP at least has some provision to get very detailed information about usage (but not cost) that updates in less than an hour. That, to me, is the tool for building something like "shut down our account if usage is too high". It is annoying that you have to code this yourself, but ultimately, it kind of makes sense to me. Cloud providers exist to rent you some hardware (often with "value-add" software); it's the developer and operator's responsibility to account for every machine they request, every byte they send to the network, every query they make to the database, etc. and to have a good reason for that. To some extent, if you don't know where you're sending bytes, or what queries you're making, how do you know if your product is working? How do you know that you're not hacked? Reliability and cost go hand in hand here -- if you're monitoring what you need to assure reliability, costs probably aren't confusingly accumulating out of control.

Are you being sarcastic?

> I think the big problem is that usage collection is a few days out of date, at least for GCP. Autoscaling can react in seconds to increased load, but it takes about 3 days before that shows up on your cost reports.

That does not sound like a good reason, but more like a crappy implementation of usage collection.

I don’t see why a bunch of Google engineers can’t implement real-time billing properly, and see no reason to defend their inability to do their job.

You can get alerts. And there are some limits for young accounts. But they really need a "beginner" mode. Or a budget mode, put $x on the account can't spend more. But I guess they are making a lot of money with "mistakes" so there may not be kuch incentives
On top of the other reasons for complexity and delay, this just creates another potential mistake where people delete their entire accounts or stop production services.

It's far easier to negotiate dollar amounts than lost data or service uptime.

> Is there seriously no way in AWS/Azure/GCP to specify "Here's my budget, shut everything down if I exceed $X"?

All of them have billing APIs which should, in principal, allow you to build “Shutdown everything at some indefinite time interval (and additional spend) after I exceed $X”, though you’ll need to do nontrivial custom coding to tie together the various pieces to do it, and actually stopping all spend is likely going to mean nuking storage, not just halting “active” services.

None of them provide anyway to more than probabilistically do “Shut everything down before I exceed, and in a way which prevents exceeding, $X.”

>though you’ll need to do nontrivial custom coding to tie together the various pieces to do it,

Let me guess...hosted on the cloud we're trying to shut down?

> Let me guess...hosted on the cloud we're trying to shut down?

It needs to consume APIs from that cloud, but there is no reason it would need to be hosted there.

A lot of people have thoughfully responded with reasons why this doesn't or can't exist: real-time billing is far too expensive to implement, better to get a huge bill than to lose data or shut down critical systems, etc. I guess it makes sense—ideally you are monitoring your stuff, whether you're using your own tools or built-in ones—and you know ahead of time when your usage is creeping up. Also, I suppose only the customer can really know which systems can be shut down/deallocated to save money and which ones would kill the company if shut down. It sounds like if you're a small startup strapped for resources, you can avoid these bills either by self-hosting or by being careful about how you build your cloud infrastructure. I.e. maybe you could host your app on your own box OR on an equivalent VM in Azure that's just going to fail if it runs out of disk/CPU/outgoing bandwidth instead of autoscaling to outrageous levels.
It's absolutely unacceptable that AWS hasn't fixed this, but in the meantime, would using a privacy.com temporary credit card with a ~$20 limit when signing up help? I'm unsure if those kinds of cards can be detected/blocked by AWS, or if they do.
Not paying the bill doesn't make the bill go away, you'd still owe Amazon the money unless support waived it.
AWS employs cost obfuscation by design otherwise the default view when you open the console would show you all of your current active services. Not only is that not the case, a single screen to show you all of your current active services doesn't exist. You need to take a deep dive into cost explorer (assuming you have access in corporate land) and try to decipher in what that all means.
Azure does this a little better, but best would be to see a breakdown on the invoice with links directly back to the resource.

Maybe there are discounts or other processing that makes this hard.

Or, less charitably, this would lead to people optimising their costs a lot better and canceling unused services much sooner.

Enterprise Agreement accounts aren’t billed on demand, so there’s little use for that in accounts spending a lot of money.
Azure groups most things into resource groups which greatly simplifies things.
Yes. Also split out into sub categories. How much of an ec2 spend was on bandwidth and how much on compute for example.
They definitely need a senior executive to stand up and say, "The Customer wants us to be transparent in billing, fix that now."

Then they need to start a team dedicated to finding a good way to let customers halt spending at a given limit with minimal impact on their operations.

They already win on UX (okay, okay, it's an opinion ffs), but unlimited liability makes a lot of people very uncomfortable. Those two actions would go a long ways towards demonstrating good faith in that area.

If it would cost too much, maybe they could present it as an easy way to cut expenses at the same time that they introduce a small price increase. This is a common and long-standing complaint/feature request.

I’m not trying to be snarky here, would like an honest opinion: how do they win on UX? Are there specific things you like there?

I’ve used all three major clouds in production now and I dread using the AWS console. Or really any part of it, over Azure or GCP.

I’ve always thought of them as purely winning the “nobody got fired for…” mindshare thing despite having a thoroughly mediocre product.

It either works great or barely depending on the service you're using - some AWS teams have dedicated dashboard teams, eg 'ec2 dashboard team' which solely focus on the dashboard experience, while others touch it as an afterthought.

I'm pretty sure something along the lines of this^ was posted on HN by a former AWS employee but I can't find it now.

The AWS default view feels more crisp for me, compared to the GCP one which feels very "floaty".

Their UI toolkit for that at least is on point.

Their web console UIs vary widely by service. IMO, the UX for most of their simpler services, specifically SQS, S3, Lambda, DynamoDB, are really easy to use and work nicely. If you want to start with a Docker image, send it to AWS, and have it get spun up and attached to a DNS, well that's a huge complex mess to get set up.
Unless you use something like Terraform or Pulumi, in which case it’s almost a one liner.
"They already win on UX"

As someone that has tried and failed to get some small personal sites running on AWS a couple times, I'm going to have to tag this snippet with [citation needed].

It’s not you. It’s pretty rough for new users.
agreed especially when compared to say Heroku or Digital ocean. I see many new comers struggling to deploy a small website. It's overwhelming. I understand that Heroku exists for such users and they are using AWS under the hood, but is there any service which takes AWS cloud APIs and simplifies it with a leaner UX?
AWS have a multitude of services that do this already. I’d recommend to go through their services one by one and learn what they offer.
> agreed especially when compared to say Heroku or Digital ocean.

Funnily enough, I've never ever been able to understand what Heroku is, or how to deploy anything useful on it :) But I'm old, and I've always found it easier to tinker with nginx configs.

Heroku is very simple - you just create an app and "push" code to a repository tied to the app. You need to write code of course, but they auto-detect the language and prepare the environment or platform for you (so platform as a service). They tried to appease the geeks by making everything powered by CLI - but otherwise its just point and click for deploying apps.

Tinkering with nginx is good, but what if you want to add a database, a cache, a logging service? What if you want to automatically build code when you push to github? What if you want to easy clone multiple environments (for staging, prod etc) without never doing an SSH into server? What if you want to have versioned releases that you can easily rollback to a specified version or push a branch into one environment and another branch into another environment? And you get a workable subdomain for every environment you build with SSL enabled. All of that can be scaled down and up with literally few clicks.

> but what if you want to add a database, a cache, a logging service?

I... just add it. How do I add it in heroku where everything is "just create an app and push it" and everything is separate "dynos" (whatever that is), each with different pricing, storage, bandwidth etc.

that is true. everything is a separate dyno - means separate machine/vm to which you need to connect to. You get free tier for almost all databases and you only need to know how to connect to it, not tinkering with the storage, tune the parameters, scheduled backups, automatic scalability etc - that's done for you. it will become expensive once you go past free tier or the cheap tiers though.
> not tinkering with the storage, tune the parameters, scheduled backups, automatic scalability etc - that's done for you.

Thing is: if we're looking for free, that may make sense. you still need tinkering though: you need to figure out what the whole dyno thing is about and how to connect from one dyno to another, and so on.

However, if we expand this a tiny bit to cheap and/or free, then simply running the lowest-tier server at Digital Ocean will be a better proposition. And installing a database these days is basically the same thing: run a command to install, all you need is to connect to it. No tinkering. And it will still probably scale significantly better than a free tier at Heroku :)

Once again, I'm biased and old, and can afford to spend money on side projects. I know that sometimes even $15 a month is out of reach (oh, I've been there). But yeah, this sorta prevents me from ever understanding Heroku :)

I think there's some verticals - players that simplify/aggregate SES, or S3, or whatever - but none that handle being a layer on top of most/all of AWS.
I think that's basically what Lightsail is supposed to be. I haven't used it myself, but from glancing at it they're pretty clearly targeting DO/Linode/Vultr etc.
Oh man, I have long been joking about the AWS UI. Like how it will gladly walk you through all the steps for launching a server and only at the very last step says “oh you don’t have permission to do that lol, get permission and start over”.

I compared[1] it to a bartender who walks you through an entire sale and only at the last second rejects your purchase for being underage (instead of denying you the at the initial request for something alcoholic).

Of course, that’s one of the minor things in the grand scheme.

[1] http://blog.tyrannyofthemouse.com/2016/02/some-of-my-geeky-t...

From my admittedly limited experience with GCP and Azure (and this is obviously subjective), the UX in the most successful competition is, at best, no better than AWS. It isn't that AWS has good UX, just that all the cloud providers have bad UX.
Have to agree with the others. For example, while setting up ELB it's possible to select at least one option (un-checking the Public IP box) that causes the setup to just fail with a nonsensical error message. Turns out ELB requires a public IP to communicate with the nodes. That's just the most glaring one off the top of my head.

I also remember trying to set up SFTP whenever it was first released. It was literally impossible to do what they were advertising (S3-backed SFTP with jailed homes for each user) without writing a manual json config (I never got it to work). I had built my own solution for this exact thing on EC2, using a bash script more or less, and thought the hosted option would be less of a maintenance burden. Needless to say I quickly gave up.

cdk is promising for things like this, way safer and easier than rolling your own scripts with bash or python.
Even CDK sucks though because if you’re still kinda new to it all, you want to login and make sure that it’s all hooked together correctly. And you’re back using their shitty UI.

Why you can’t look at the load balancer, look at the listener and then show what’s in the target groups is beyond me.

I have a different take on it. I started out doing everything through the console, then learned the cli and boto3, and very recently CDK.

CDK is another tool that build on the cli and boto3 concepts, and also manages the orchestration and dependencies.

Having to go back to the console isn't a fault of CDK. Learning the right tool to use for a situation is part of the learning curve. I go back to the console all the time to look something up quick or to understand what config options are available. Or I repeat the same steps in the console enough times that I get bored with it and automate

Edit: also I tried and have given up on CloudFormation more than once. CDK is like a wrapper layer around it, and has been pleasant to use.

How are people not building in Terraform for an easy ‘destroy’ at the end?

I know it’s rhetorical and a lesson learned myself, but yeah… I would expect folks to learn to use this tool to help manage costs this way.

Typically Terraform takes longer to get something working than mindlessly clicking through the console. In my experience those mindless clickthrough things end up sticking around for years even when they weren't intended to.
This is why you have separate development and production accounts: a development account where you mindlessly click through so that you can learn through the UI what's available and how it works; cleaned up on a regular basis by something like aws-nuke, and a production account where you have the discipline to only create resources through Terraform / CloudFormation etc.
I am pretty senior and can thus sometimes afford to do a new thing and try doing it the right way, at the same time. Not even always. Many people just take one learning curve at a time...
terraform 'destroy' isn't infallible. There are certain resources that trigger the creation of other resources (for example, lambda functions will create cloudwatch log groups, and dynamodb tables create cloudwatch alarms) and when terraform destroys the resource, it doesn't necessarily clean up all the associated resources.
Terraform has it's shortcomings for sure, but I don't think it's reasonable to expect Terraform to go out and clean up second-order effects of it's resources.

I'm not doubting that the situations you describe are true, but abandoning resources like that is an AWS-lifecycle problem, not really a Terraform one.

Sure. My point is just that `terraform destroy` doesn't necessarily solve the problem at hand. And you could still end up continue paying for those second-order effects after running a terraform destroy.
Unless you understand IAM, the scoping of individual users from the sftp service can be a bit confusing. What you need is a scope down policy:

https://docs.aws.amazon.com/transfer/latest/userguide/scope-...

The more annoying part is that the service only supports public/private key logins. If you want user/pass you have to write a lambda. The lambda is pretty simple though, it checks the credentials (so it can hit any backend you like), and if they pass it returns a 200 with a json doc of role (which is just sftp assume role), policy (the scope down from above), and home dir.

https://aws.amazon.com/blogs/storage/enable-password-authent...

This touches on a larger issue with AWS though. It's that they are trending to leave out functionality and point to lambda as the solution. On one hand, I get it. The lambda solution is infinitely more flexible, but what if I just wanted an sftp for a couple users that uses user/pass?

To your final point, it is so much less maintenance. There is no server to manage, and since I want all the data in s3 anyway, it's already there. This solution replaced a server with chroots, EBS, scripts to move data to s3, etc...

"They definitely need a senior executive to stand up and say, "The Customer wants us to be transparent in billing, fix that now.""

Health care shows there is big money to be made with billing non-transparency. I bet AWS senior executives don't want transparency because it would lose them money.

This gives the other vendors a wedge in.
Not disagreeing with you (a view with all the active services would be great) but one of the many benefits of using Terraform is that it allows you to know what you running.
Yep and is a huge SaaS market place now so mid to large size companies can figure out what they are spending money on.

I don’t use them for any projects mostly because I already don’t enjoy having to manage AWS at work all the time. I also don’t want to live/work in a world where AWS is my only option so I try and use smaller hosting providers and services like tarsnap.

Why the f do I have to use a service like billgist to get a breakdown of my services?

AWS billing IS complicated but could be made so much simpler...

I agree, having set up serverless and lambda for an api/app that was to be used a few times per day, the billing made no sense at all, it would increase even though the services were used less and was difficult to find what the costs were or whether they could be reduced, eventually I had to shut it down and create a non-lambda solution somewhere else because I had little control of the cost.
I'll bite...

Because, if you are a company that uses AWS at scale (deploying literally thousands of resources at a time), you care more about meeting demand and getting resources to spec, than you do about the cost of an individual elastic IP...

The price of each individual resource isn't something that you want to see on every screen you touch. It literally clutters the console with information that you couldn't give a shit about when your company is making millions (or billions) on the services you provide. You care more about your service's reliability/scalability/uptime/etc than anything else. This is priority numero uno.

If and when cost analysis becomes priority, you look to see where you may be overprovisioning resources - hence, the billing console.

But for the larger players on AWS (the multi-billion dollar ones that AWS cares more about making happy than you or I), an extra $100k in AWS expenses in a year isn't a worry, it's a write-off.

You also get much better negotiated rates for everything when you are big.
If I go to billing I can see an itemized breakdown of every service I'm using. What is wrong with that?
Students and self-learners want to experiment with doing complicated things on AWS without getting a surprise $3,000 bill because their script didn't shut down those instances like they thought it did. They want a hard fail-safe to protect them from surprise bills. And they want a solution that's easier and more reliable than checking the AWS itemized breakdown twice a day.
I agree with that. That is why there are "Billing Alarms" in big letters on the billing page. But that wasn't the point of the reply: the person above me was complaining that there's no way to tell what services are being billed, which is bunk.
The breakdown isn't granular enough by far. ec2 is a very big bucket to go digging into for costs.
Disclosure: I'm the Co-Founder of Vantage.

This is exactly what we do with Vantage: http://vantage.sh/

We give point-in-time run-rates of all active resources based off of the region and resource/service configuration.

In addition we try to simplify people's understanding of where their costs are coming from. If anyone needs help with this, they can personally reach out to me at ben@vantage.sh

With all due respect, I think the issue here is that your company should not need to exist. Amazon should provide this feature as part of the UX.
Yea they should, but if it doesn't, are you gonna keep waiting or do something about it?
I would be more worried that if you do something about it, Amazon is gonna do something about you.

Starting with obnoxious API changes, followed by ToS changes. Hopefully that's as far as it has to go.

If you're operating at a scale that would require something like vantage you probably don't need vantage as you have or will need to have a very good understanding of AWS infra / costs anyways.
Agreed. Nothing new about this request.

It's like hiring a plane to fly over your house repeatedly to tell you whether or not it's on fire. There has to be a better way.

We have a tier for that, too!

Vantage: Plane View

Same respect, nice tool, but it is sad it is needed. But I guess it's similar to lawyers, police, army, I don't like the need for them, it, but good they exist.
This is what keeps me from tinkering with the free tiers and never even attempt to host my own projects in the cloud.

I want a free tier with a lock on it. I'd very much appreciate advice for what tiers would fit my monthly use if I hit free tier caps, but if I got hit with $500 right now I'd be ruined.

I think my Google compute stuff is safe, but I really don't like having any doubt.

I don't understand why so many people want to use AWS for such small budgets. At that scale wouldn't it be easier to just build everything out of a few VMs at a cheap service?

AWS is awesome when you have a large number of resources, that are created programmatically and reproducibly, with redundancy and duplicate environments.

The budgeting tools are really amazing at letting you categorize your costs and create appropriate alerts. The permissions system lets you define very specific roles.

Its complex. But if your system is complex, it gives you the tools to keep track of it all. If you have a <=$5000/month budget, it is probably too small to make sense in AWS. You can probably run your system on a couple servers.

Linux server administration requires a certain amount of know-how and determination. I can't tell you how many times I had to rebuild a DigitalOcean server because I messed something up and wanted to start with a clean slate.

A lot of hackathons, workshops and courses ask you to use AWS these days. Whether it's to run machine learning instances, win a sponsor prize or learn how to use Lambda, students are often encouraged to learn one of the major cloud providers.

Also it's a resume boost. It's another buzzword you can add to your resume.

> At that scale wouldn't it be easier to just build everything out of a few VMs at a cheap service?

I have a handful of AWS Lambda functions with a DynamoDB backend serving hundreds of clients, my bill for the month of April was $0.01.

No, a VM wouldn't cut it.

But you are right that there are certain slots where AWS doesn't make sense: There's one in the lower middle range where you can save a bunch of money by using a VM or two with your own DB servers. And there's the one where you're so big it might actually be worth it to implement the whole stack yourself.

> I have a handful of AWS Lambda functions with a DynamoDB backend serving hundreds of clients, my bill for the month of April was $0.01.

What kind of thing do they serve? Somewhere I could read more about this kind of project?

It's a common backend for chat bots (Discord, Matrix, IRC, Telegram).

Basically it takes different inputs and commands and uses different APIs to fetch data based on the input efficiently without the need for web scraping. DynamoDB is used mostly as a cache for common queries so I don't go over API quotas.

Most of the bots are made by me, but with AWS API Gateway I can easily generate API keys for anyone else and keep track of their usage.

> At that scale wouldn't it be easier to just build everything out of a few VMs at a cheap service?

No. I looked into AWS vs Azure vs Cloudflare vs Digital Ocean for something I'd like to build this year and (for my thing) Cloudflare (Workers) was the best balance of cost, scalability, and maintainability.

> I don't understand why so many people want to use AWS for such small budgets.

Serverless (I hate the term) makes a lot of sense for small budgets and projects. You're investing very little, so the downside of (severe) vendor lock-in is somewhat low. The upside is HA infrastructure, horizontal scalability, zero maintenance, ignorable monitoring (at least initially), consumption based costs, etc..

The biggest problem with all of them, except Digital Ocean, is that it's difficult to "own" your data in the sense that you can download a copy of a DB and keep using it somewhere else. IIRC Digital Ocean has a fairly nice managed PostgreSQL offering, but it still scales similar to a traditional DB (ie: not automatically).

The next biggest problem with AWS and Azure is that you can't figure out what anything costs, at least not easily. For example, I know for a page I'd want to serve via Cloudflare Workers, I could do 1 hit = 1 point read from Azure CosmosDB, but I couldn't figure out if the pricing includes egress. Just look at the pricing page for CosmosDB [1]. It's ridiculously complicated and that's one service on Azure.

1. https://azure.microsoft.com/en-us/pricing/details/cosmos-db/...

Until AWS fixes this the best thing to do is just use their service as little as possible. There are plenty of other cloud providers out there these days which don't employ this hostile practice.

I closed an AWS account for this reason just a few days ago, we hadn't used it for a while but there was no clear way to remove our credit card so it felt like a risk just to have it open, what if a developer logs in to mess around and accidentally flips some switch that smacks us with a charge of a couple grand... unlikely, sure, but the fact that it's even possible is terrible system design. Better to just nuke the account and move on to other cloud providers that don't make it harder for me to sleep at night.

AWS is literally trying to trick you. With friend like these, who needs enemies?

The Trough of Disillusionment for AWS is going to be Bastille Day levels of ugly.

A way to limit the max spend per month would be great, even if that means creates outages.

I would happily put a $20/mo limit on many of my accounts. They should never bill more than few dollars a month.

I had an AWS account for one of my businesses, and decided to bring it in-house about 2 months ago.

went through the account deletion, and got yet charge/another bill today - account is deleted, so can't log in to see why I'm being charged.

hopefully their support will help out, but not holding my breath.

editing to add: billing was for db backups, I terminated the db, and no clue how to remove the automatic backups it made. of course I can't log in to look any further.

Without a receipt to show what's being charged for I'd just call the bank and ask for a chargeback.
I once had a cloud computing class and a lot of it was based on the AWS free tier. The number of students who got dinged and needed the professor to pull strings was... too many.
Came here to say the exact same.
This doesn't help those that have already been hurt, but when you're using any cloud provider for personal use make sure to set budgets and alerts for them. It's quite easy to set these up and they can save you a headache later on. Truth be told they should all be asking you what you expect to spend when you set up an account and alert you by default but just remember these cloud providers are not your friends.
I took a grad course course 2 years ago on cloud computing and we were showed how to setup a student account. I ran a few machines, shut them down, mostly did the stuff on a local server.

Suddenly I started getting hit with these real small charges each week. I never did figure it out and I certainly didn’t willfully authorize them. I just paid and then I annoyed them to shut off the account. I never could figure out what they were for.

I know many of you would hate this but I would love an option to shutdown everything until the bill is paid option. I bet the description of what I was paying for would have been a lot more helpful if they were losing the business then when they just auto charged!

I have a couple of $20 AWS vouchers from various things. I kind of want to give them to juniors and tell them to go and learn the product. But I won't, because if someone incurs a charge accidentally it'll be on me.

These threads always open a discussion about how hard limits would be unacceptable to some businesses, but the opposite also applies in other scenarios.

Funny story: I keep receiving a $0.01 monthly invoice from AWS for a very old account (opened 5+ years ago) I have lost access to. I have no idea why (the invoice doesn't list the services being used) and the associated credit card has expired a long time ago. They requested notarized documents to prove my identity. Obviously I'd rather settle my $6 (+ interest) debt 50 years from now than give hundreds to a notary today!
Any bank at which you are a customer will notarize documents for you for free.
I'm not from the US. This is not available in any of my banks.
If notarization isn't common in the country where you are, you should probably escalate through AWS support in that country. They probably have an alternate procedure. If you're talking to US-based support, they are used to thinking this is a trivial request. Getting something notarized is something that can be handled in 5 minutes at places as common as convenience stores. Most people have coworkers that are notaries and can do it without even getting up from their desk.

If that's not the case in your country, ask them for a different procedure. It's not something they intend to be onerous.

I'm not interested in recovering that account anyway, I'd spend more money (in terms of time spent dealing with them) on trying to get it back than what I'd owe in a few decades.
In Germany you can also get documents notarized in (Catholic) parish offices. I think they do it for free.

That said, this sounds unreasonable and if you're not in the US this may violate consumer protection regulations if they didn't require the same level of verification to sign the contract in the first place.

It is unreasonable but it's just not worth engaging with them even to exchange a few emails, financially speaking :)
It doesn’t cost hundreds of dollars to notarize something. https://www.nationalnotary.org/knowledge-center/about-notari...

Edit: as the other comment mentions, most banks where you have an account offer this for free. My local UPS store where I have a mailbox also offers the service to me for free.

I'm not from the US.
In the USA, in Marin County, I was charged $25 per document. The guy doing it was adding a finger print, which is not a bad idea if the originator of the document is present.

(Finger print is not legally required though.)

GP is probably not in Germany, but just an example of why I’d be uninterested in getting something notarized here unless my continued freedom and/or good fortune depended upon it:

American notary: someone who doesn’t have a history of fraud, sat through a workshop and passed a test.

German Notar: a very specialized lawyer, bills like a very specialized lawyer.

Theoretically, you can get stuff notarized at US embassies and consulates, for $50 and an appointment, must bring your own witness(es). That of course has not been an option much of the past year.

All states, with exceptions listed below, cap notary charge to $10 at most. Most states are less. These states don't have limits one way or another:

Alaska

Arkansas

Iowa

Kansas

Kentucky

Loisiana

Maine

Massachusetts

Puerto Rico

Tennessee

Vermont

I'm not from the US.
Then you have not provided enough information to validate your claim. For example, the EU imposes price controls as well, while in Japan it can be expensive.

However, there's a much simpler route: Amazon is a US country, so you can simply use notorize.com for $25.

My claim is that it's ridiculous to send $0.01 monthly invoices for an inactive account, not sure what you mean by "validate", maybe it isn't that funny of a story? :) But it doesn't make sense for me to spend even $1 on anything regarding this matter. I'm ok with not having access to that account anyway. If anything they should pay me to go through the hassle.
(comment deleted)
> “It’s the student’s responsibility to know what they’re deploying.”

Anyone who seriously argues this is 100% unaware of the quagmire that is AWS billing. There are companies with entire teams built around just optimizing AWS billing - it's whole unsurprising that some AWS feature actually spun up 5 separate AWS features that end up being billed.

Not to mention it only goes one-way. If you destroy the service that created all those others, it won't clean those others up.
Ill seriously argue this.

The issue is that when students are "learning" "cloud", they are not really learning cloud as much as following tutorials to click together turnkey solutions. Dynamo DB, ElasicSearch, and whatever else are all business-oriented, quick to set up services. And such, these services are hiding what is going on underneath, with the expectation that the company will cover the costs of whatever those services run. This is a standard buisness practice.

If you want to learn how to put together cloud solutions with those technologies involved, you don't even need an AWS account. All you need is a decent laptop or a desktop, with docker or VM software, where you install everything yourself and learn how to configure it (since all of the software is free), do all the networking yourself. This is what actually learning the cloud involves and translating those skills to AWS is very easy.

Perhaps the blame is on the universities and/or tutorials that push the students towards creating free AWS accounts, but regardless, there should be some incentive to takes one profession seriously so you don't end up making this mistake in a company that will not have protections in place that people want for free tier. And money is as good as incentive as any. Id rather people be smarter rather than treat ignorance as a standard and put blame on others for not expecting people to be ignorant.

(comment deleted)
You are making the assumption that most people are starting these AWS accounts to "learn cloud" when that isn't the case. AWS advertises a free tier for many functions that have nothing to do with "learning cloud".

For example, in the article, the poor student was using Amazon SageMaker to likely build and train models. Blaming the student and saying "why didn't he just buy his own GPU" when Amazon offered 50 hours of free training comes across of out of touch. If the student had the money for a decent desktop he wouldn't be crying over $200.

Amazon could fix this problem easily by introducing a billing cap. While others say it's malevolence as to why Amazon doesn't build one, I think it's more likely that even Amazon couldn't even add this feature to their sprawling billing infrastructure even if they wanted dto.

And even when you spin things up knowing their cost you may not be accounting for data transfer, storage, mismatched reserved instance purchases, unused EIPs, and so many more "hidden costs"
Honestly, my company only forces everyone to add tags with ‘platform’ and ‘team’ to every resource that gets deployed to AWS (otherwise your resource is automatically destroyed).

This works perfectly for going to cost explorer and seeing exactly where you are spending your dollars.

I don’t think this is a very high difficulty exercise.

Lots of companies also gets hacked each month for thousands of dollars because some key to S3 with too many privileges gets leaked.

The entire system is completely sinister. The fact that keys pertaining to S3 has anything do with being able to start hundreds of VM's in different parts of the AWS system or do whatever is bad.

I've seen companies be ruined by this, and it's in no way obvious how stupid their system is. You have to read huge manuals to know how to "only give access to s3" through a key.

Instead of starting with "no access" then adding atomized access you have to understand this extremely complex "json privilege system". Instead of just programming, this is the only allowed IP, the is the only allowed bucket, this is the only allowed service, and my max is 200usd, or something to that effect.

Also the fact that a key can start new services that are billable is almost criminal in my mind when people don't even gen an email when it happens - makes zero sense.

The feature I most want from AWS is a simple way to create credentials that are only allowed to read from or write to a specific S3 bucket.

The way you do this at the moment genuinely involves copying and pasting JSON policy documents around! It's horrific.

I want this for myself, but more importantly I want it for users of software that I write. I would love to be able to build something that stores a user's data in an S3 bucket that they own (and are billed for directly) - but it's currently just too difficult to talk them through setting up the bucket and creating the right credentials for it.

They simply have to be in separate AWS accounts for this to work. To that end, you can provide them with a CloudFormation template that deploys a stack with the necessary configuration.
> Instead of starting with "no access" then adding atomized access you have to understand this extremely complex "json privilege system". Instead of just programming, this is the only allowed IP, the is the only allowed bucket, this is the only allowed service, ...

What would that look like if it’s not going to be a series of access permissions and filters represented as JSON?

Security is never a simple checkbox and complaints like this about it needing to be simpler need to be backed up with an alternative. I genuinely wonder what alternative there is to the current permissions model.

It’s incredibly expressive and doesn’t take that long to understand. People who cannot master it would likely leave some other side door open anyway.

> ... and my max is 200usd, or something to that effect.

This has been a valid complaint for years. Though to solve it you need to answer what happens to legit resources when your billing cap is reached. Do all your ephemeral serves turn off? Do your EBs volumes all her deleted? Do your S3 objects all disappear?

Json is great. Their implementation of it, not so much.

Way to complex only needing to give permission to a single "thing". And much of the naming makes little sense to new yes.

DigitalOceans interface is easier for 90% of people.

But to be honest it's years ago that i worked with AWS, but i remember everything being way more complex than it had to be and i had to use days undestanding their enourmous interface and "usersystem". And as long as this is a problem that pops up again and again, something is very wrong with their system i would say.

If not creating a simpler interface / user system for regular users then at least give some huge warnings that unless you know what you are doing a key with the wrong JSON means access to all funds on the credit card.

I tried signing up with a prepaid credit card and they refused the card so I moved on. It's setup for massive profits on minor mistakes. The risk on a free tier is like shorting a stock, one bad day and you go bankrupt unless you have a connected twitter account.

Sounds like a new dystopian future that is best not to be part of.

When IBM ruled or Microsoft or AOL things you had one main evil corp. We're in a period where Google, Apple, Amazon, Microsoft, Facebook can appear the hero or villian depending on the day but the sum of the faangs is much greater than the worst evils of the original megacorps. Could you envision forced unlimited billing on a free tier with no ability to limit charges on the account?

Use a temp number card. Either privacy.com or Citi cc also offers this feature
It is only available to US citizens.