Reply to post: Re: This is the kind of thing that keeps me up at night

Bloke clicks GitHub 'commit' button in Visual Studio, gets slapped with $6,500 AWS bill

Daniel Voyce

Re: This is the kind of thing that keeps me up at night

You can set limits on what an AWS IAM key does, it sounds like he has put in a root IAM key into his code which basically gives full control over things like this when all he possibly wanted was to be able to access an S3 bucket.

There are also perfectly valid use cases where one might want to spin up a huge memory instance and then shut it down after a job completes, that is one of the benefits of AWS is that it can respond to changing conditions - having a confirmation required in each of these cases simply wouldn't be possible - hence why you can create different keys with different permissions.

IAM is extremely flexible, unfortunately it cant protect from stupidity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019