> Do you need to tweet about it to be reimbursed?

This is what scares me, is social media the only way to get things sorted out nowadays? What if I don't have a large following nor an account in the first place, do I have to stomach the bill?

No, at least in enterprise consulting for these kind of hosting, usually there is a contact person on the support team that one can reach directly.

However these projects are measured in ways that make Oracle licenses rounding errors.

Which naturally creates market segmentation on who gets tier 1 treatment and everyone else.

Relying on the mercy of a support agent that may be having a bad day is a poor strategy

I mean if developer got charged with 100k, more often than not the bank would decline that first maybe if you didn't have that high credit limit

but what happen if this happen to corporate account and somewhere resource get leaked???

multi billions dollar company probably just shrug it off as opex and call it a day

How to destroy your competition. Love it. Also why i dislike AWS. Zero interest to protect their SMB customers from surprise bills. Azure isn't much better but at least they got a few more protections in place.

I believe they changed that shortly after that blog post went viral: https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-s3...

> I thought this would be about the horrors of hosting/developing/debugging on “Serverless” but it’s about pricing over-runs.

Agreed about that. I was hired onto a team that inherited a large AWS Lambda backend and the opacity of the underlying platform (which is the value proposition of serverless!) has made it very painful when the going gets tough and you find bugs in your system down close to that layer (in our case, intermittent socket hangups trying to connect to the secrets extension). And since your local testing rig looks almost nothing like the deployed environment...

I have some toy stuff at home running on Google Cloud Functions and it works fine (and scale-to-zero is pretty handy for hiding in the free tier). But I struggle to imagine a scenario in a professional setting where I wouldn't prefer to just put an HTTP server/queue consumer in a container on ECS.

Same, I was hoping for tales of woe and cloud lock-in, of being forced to use Lambda and Dynamo for something that could easily run on a $20/month VPS with sqlite.

Vercel used to be called Zeit. They had a server product called Now that gave you 10 1CPU/1GPU instances for $10/month (or $20 I forgot). It was the best deal.

When Vercel switched everything to serverless, it all became pretty terrible. You need 3rd party services for simple things like DB connection pooling, websockets, cron jobs, simple queue, etc because those things aren’t compatible with serverless. Not to mention cold starts. Just a few weeks ago, I tried to build an API on Next.js+Vercel and get random timeouts due to cold start issues.

Vercel made it easier to build and deploy static websites. But really, why are you using Next.js for static websites? Wordpress works fine. Anything works fine. Serverless makes it drastically harder to build a full app with a back end.

No, s3 objects should always be private and then have a cloudfront proxy in front of them at the least. You should always have people hitting a cache for things like images.

No. Your buckets should be private, with a security rule that they can only be accessed by your CDN provider, precisely to force the CDN to be used.

This story is giving "I leave OWASP top 10 vulns in my code because hacker mindset".

It's not that hard to configure access controls, they're probably cutting corners on other areas as well. I wouldn't trust anything this person is responsible for.

Thats true!

"There's no cloud; it's just someone else's computer"

Not _really_. AWS has a budget tool, but it doesn’t natively support shutting down services. Of course, you can ingest the alerts it sends any way you want, including feeding them into pipelines that disable services. There’s plenty of blueprints you can copy for this. More seriously - and this is a legitimate technical limitation - of course AWS doesn’t check each S3 request or Lambda invocation against your budget, instead, it consolidates periodically via background reporting processes. That means there’s some lag, and you are responsible for any costs incurred that go over budget between such reporting runs.

Just set alerts that are not really timely and homeroll your own kill scripts its easy. It doesn't really work but its not really any harder than just fucking self hosting.

Nope, basically none of these services have a way to set a hard budget. They let you configure budget warnings, but it’s generally up to you to login and actually shut down everything to prevent from being billed for overages (or you have to build your own automation - but the billing alerts may not be reliable)

That’s why I prefer prepaid cards or those I can easily freeze to prevent any booking.

> Amazon then charged me one hundred thousand dollars as the server was hit by bot spam.

LOOOOOOOOOL

I took a "course" through my company as an intro to AWS. It was an excruciating hour long of copying whatever the fuck the guy on the screen was doing. There was no feedback that things were linking together correctly and the latency was unbelievable. At the very end VOILA! it doesn't even fucking work and the "teacher" couldn't tell me why not. Fuck that shit.

Cloud/Serverless is like what if we designed sys admin tools but the sys admins are all retarded and also us the designers are retarded. USA: "IM LISTENING"

My disdain for cloud/serverless is almost as deep as my disdain for LABView. In fact I think you could probably repurpose LABView for networking better than what Azure has done.