[HN Gopher] AWS now allows customers to pay for their usage in a... ___________________________________________________________________ AWS now allows customers to pay for their usage in advance Author : msmithstubbs Score : 119 points Date : 2021-07-21 10:56 UTC (12 hours ago) (HTM) web link (aws.amazon.com) (TXT) w3m dump (aws.amazon.com) | literallyaduck wrote: | ELI5 does this mean I can prepay and not be at risk for more than | I have prepaid? | isbvhodnvemrwvn wrote: | No. It just means that you can give money to AWS without having | a bill, you are still responsible for the charges incurred | regardless of how much you paid in advance. | luxpsycho wrote: | What's the point, if there isn't a discount for paying upfront? | | Will some people/businesses prefer this because it's not 'credit' | --does AWS scrobble to your Credit Report in any country? | | I am failing to see the appeal here... | eddieroger wrote: | A very cynical take is that Bezos needs an advance for the next | Blue Orbit launch, per his appreciation in all we've done to | get the first one launched. | cameroncf wrote: | This is for when the departmental budget has a little cash left | at the end of the fiscal year and they need to spend it. | colmmacc wrote: | I work at AWS, but I wasn't involved in this feature, so this | isn't anything more than speculation on my part. I've certainly | talked to customers who would time their reserved instances and | savings plan purchases based on the USD exchange rate for their | local currency. This could make sense for those customers too, | who often don't have USD denominated bank accounts. | theevilsharpie wrote: | > What's the point, if there isn't a discount for paying | upfront? | | In a past life, I did some work with government clients who | preferred to be charged up-front in a lump sum, because it was | much easier for them to get funding for that than a recurring | subscription. | koolba wrote: | For companies operating on a cash basis with a standard Jan-Dec | fiscal calendar (e.g. most small businesses), this would allow | you to deduct future spending by prepurchasing AWS credits. It | locks away whatever money you dedicate to it but that'd be | peanuts compared to paying income tax on it in order to carry | it forward as retained earnings. | sokoloff wrote: | I don't think that works the way you suggest, but I also | admit the guidance is unclear. | | Reg. Section 1.461-1(a)(1) provides the following: | | If an expenditure results in the creation of an asset having | a useful life which extends substantially beyond the close of | the taxable year, such an expenditure may not be deductible, | or may be deductible only in part, for the taxable year in | which made. | | https://www.law.cornell.edu/cfr/text/26/1.461-1 | | If you buy 10+ months of AWS credits in December and have a | Jan-Dec fiscal year, I'd argue that you bought "an asset | having a useful life which extends substantially beyond the | close of your taxable year" | binarymax wrote: | This isn't purchase of a capitalizable asset, it's renting | as an operational expense ;) | gowld wrote: | Why not use a dedicated escrow service for that, which wouold | work with all expenses, not just AWS? | koolba wrote: | If it smells like a checking account then it's going to be | treated as a checking account. | ak217 wrote: | Other comments have covered cases like departments having money | left over in their quarterly budgets, or companies looking to | spend in a particular quarter for earnings/tax deduction | reasons, or reducing currency risk by hedging forex prices. But | the biggest use by far that I've seen for this is | government/public orgs that are prevented by outdated | laws/auditing regulations/processes from using pay-as-you-go | models. They are forced by their accounting | department/government grant to treat infra expenses as capex | and have zero budget to expense them as opex (this model | assumes an on-prem physical plant for an IT department). | Previously AWS had a way to get around part of that with | reserved instances, this solution is more comprehensive. | jrockway wrote: | The pricing on reserved instances is so appealing over on- | demand instances, though, that people are using it for more | than just opex vs. capex accounting. You legitimately save | money by buying in advance. | bethecloud wrote: | STORJ DCS (Decentralized Cloud Storage) has enabled users to pay | in advance with crypto since day 1. | svnpenn wrote: | That site is weird. I get a "not found", then two seconds later | the page loads. If that's my first interaction with the domain, | I'm definitely not giving them money. | AmericanChopper wrote: | They haven't even had a working service since day 1 (still | don't?...)? I consulted for a couple of blockchains startups a | few years ago, and this was the biggest piece of perpetual | vaporware I came across. Good for them if they've finally | managed to have a working product, but I wouldn't be relying on | it to work for a week, let alone some actually long period of | time. | daitangio wrote: | Sorry but I did not understand the 'cool' part. With Linode & | Webfaction I was able to prepay via credit card too. What is the | advantage? To get block me if the credit is too low for s | specific service? | alexjplant wrote: | Believe it or not a big part of cloud migration is figuring out | how to cost it and get the finance people on board with after- | the-fact operational expenses (*aaS) replacing capital/labor | expenses (servers, sysadmins, network engineers, etc). When I | worked in defense contracting I sat through half a dozen | meetings with cloud vendors and virtually all of them took the | time to explain how the costing model was distinct from on- | prem, how to estimate and budget, governance, etc. At the end | of the day many orgs with deep pockets also have very | entrenched financial processes. AWS is doing everything that it | can to make a play for these dollars by creating on-ramps such | as this one. | prepend wrote: | This is really nice. Now just add that when the amount is met, | everything stops. Or maybe dropped into glacier to accrue | charges. | | I'd like this to work like a prepaid phone. | vagrantJin wrote: | Nope. | | Used AWS for 3 years at a decent sized agency. It seems we | underestimated how much not to forget checking and scrutinize | every line item in the bill because our lighsail instances had | another DB attached to it that we had no idea about, but was | charging a crazy fee (converting our local currency to dollars = | 19x) | | There was much finger-pointing. | YetAnotherNick wrote: | But unless you plan to block your card and ignore AWS' | email(might not be a healthy thing for business), how will | prepaying bad? | joelbondurant wrote: | The AWS unexpected bills service has competition. | devops000 wrote: | I was thinking about switching from Digital Ocean+Cloud66 to AWS | but all comments about invoices and saas helping forecast aws | invoice they convinced me to stay with Digital Ocean | ksec wrote: | Is this for Tax benefits? Where you could put in all your annual | net profits for AWS credit? | ic4l wrote: | You also can use this to meet credit card minimum spending for | credit card bonuses. | ValentineC wrote: | I thought of this too, but it looks like they only allow | transfers from US bank accounts for prepayment. | smachiz wrote: | No, GAAP solves for this. | Frost1x wrote: | Not sure about those but it'll be incredibly useful for | research grant funding monies. Most research grants are "use it | or lose it" so if you have any essential infrastructure, | capital with short shelf lives/frequent replacement needs, etc. | you want/need after the end of the grant, you pay for it in | advance. | | A group I worked with bought about 5 years worth of a specific | consumable they needed to continue working, 2-3 year service | contract with a vendor to maintain aspects of things so some | work could continue and be leveraged for future grants, and | hosting/software licenses were often purchased for long time | horizons in advance, where possible. | | With use it or lose it money, you use it. Whether money should | be provisioned that way and coming in under budget should be | punished is another story... | ksec wrote: | Oh this is a nice way to lock in all the money from Research | Grants. I remember reading on Twitter about some of the | research requiring massive amount of compute resources. ( | Like a whole region of AWS ). This AWS money pool usage makes | sense in that context. | axpy906 wrote: | Why are the top comments companies promoting their solution? | Don't get me wrong, I think it's find to do so I just don't | expect them at the top. | smoldesu wrote: | This has been increasingly prevalent on HN, and I'd | (eventually) like to see something done about it. Sure, Hacker | News is a project incubator at heart, so it will naturally have | a higher ratio of CEOs:normal_users. That doesn't excuse how | obnoxious it is seeing someone plug their SAAS-of-the-day on | seemingly innocuous information (like how Fig hitched a ride on | a Brew PSA). | | It's frustrating me to the point where I might just leave this | site. I'm sick and tired of this new-wave guerilla marketing. | xeromal wrote: | I don't see any top 1st level comments promoting anything. The | only promotions I see are comments to the top comments which is | hard to avoid! | MattGaiser wrote: | Demand for a solution is probably quite high. | Havoc wrote: | Not much of a feature. | | If that could be used as a hard limit that would be more | interesting | StratusBen wrote: | I'm surprised it took this long for AWS to launch something as | basic as this. As others in the thread have mentioned, the core | problem of tracking your AWS costs and where they're coming from | is still a very hard problem for most organizations. Especially | startups. | | I'm a co-founder of https://www.vantage.sh/ which helps | organizations track their AWS costs and we'll look at | incorporating Advance Pay balances into the platform. | mdoms wrote: | Awesome can't wait to give one of the richest companies on the | planet an interest free loan. | villgax wrote: | What I want is to assign pre-paid limits or just plain limits for | a given resource group | benjaminwootton wrote: | AWS billing practices are horrible, and they are increasingly | more "Oracle" like in their approach. | | I had a security issue related to a SaaS product which led to a | $7k AWS line item when someone started sending a LIST request to | S3 buckets billions of times. They would not consider refunding. | | Now I'm having a bunch of problems terminating some AWS Orgs | accounts and they are being deliberately difficult in getting it | tidied up whilst I'm incurring significant costs. | | The whole billing stuff is complex and opaque and there aren't | enough controls and limits on spend. I feel like I need to | dedicate 1 x FTE at least on AWS cost control which is a high | cost for a small business. | | As a CTO, I've previously influenced $millions in spend on AWS, | but would be very nervous putting my reputation on the line to | spend big with them in future. I'm frankly losing trust in their | commercial approach. | rodgerd wrote: | > and they are increasingly more "Oracle" like in their | approach. | | Ironically the Oracle cloud seems more price-reasonable (for | now). | Terretta wrote: | Anecdata, but my experience as CTO of a startup, a hedge fund, | and a bank has been the opposite. | | I've never had an unexpected cost they didn't readily credit | back, _provided_ we were taking the recommended and reasonably | easy steps to keep on top of costs and limits. | cube00 wrote: | The problem is relying on this "good will" and "one time | only" to credit back compared with having a way to set hard | billing limits so you don't need to have this conversation as | a part of your business as usual. Mistakes will always happen | with something as complex as this and that's what billing and | rate limits are supposed to protect your against. | qaq wrote: | Whats your monthly spend? I used to work for an org with 50K | monthly spend none cared at AWS about us. Now I work for a | big org with very serious spend and it's night and day we can | get access to eng. quickly we have regular meetings with PMs | and get our requests for AWS features put onto roadmap etc. | toeknee123 wrote: | We recently helped a small client of ours discover a cost | increase where AWS RETROACTIVELY increased their costs for a | service near the end of the month for previous days without | letting them know. | | We were a bit shocked to see this happen and it was a very | subtle increase that was sort of hidden in Cost Explorer unless | you spent hours digging into it and comparing your past | invoices. | | (I'm a co-founder of CloudForecast) | scrollaway wrote: | Extraordinary claims require extraordinary evidence. | hfern wrote: | What was the service that they retroactively increased the | cost of? | CSDude wrote: | Which service and whay API? | simonw wrote: | Does this mean I can set up a static website on S3, pre-pay fir | the next hundred years of hosting costs and then pretty much | forget about it? Because I would genuinely love to be able to do | that. | bethecloud wrote: | You can do this today with the decentralized cloud: | https://docs.storj.io/dcs/how-tos/host-a-static-website/host... | missedthecue wrote: | what are the odds that that service exists in 5 years? Or 10 | years? I'm confident AWS will. | jagger27 wrote: | Of course it has its own cryptocurrency. | akh wrote: | I've also been thinking about that! I wonder if | https://archive.org/web/ is an alternative though, as in could | I pay them so they could mirror it for a 100 years? | simonw wrote: | I would absolutely love to be able to donate a domain name to | the Internet Archive plus a lump sum cash donation and have | them keep it hosted in perpetuity. | toast0 wrote: | Sign me up too, I've got a (very small) site that I would | like to outlive me; my plan is to attempt to set it up with | a large balance at NearlyFreeSpeach.net and also put the | account identifier in an HTML comment so that motivated | people could increase its balance in the future. | | I would be very interested in other credible perpetual | hosting plans. | 015a wrote: | No. S3, like most AWS services, has uncapped costs. If you | experience higher than expected load, such as a DDoS attempt, | you'll burn through the preallocated spend and you'll still get | a bill afterward. | | This doesn't appear to actually shut down the resources once | the preallocated spend is exhausted. Its just a way to pay for | bills preemptively instead of when you receive them. Its an | accounting thing, not a new feature. | nonfamous wrote: | Yes, but no. You could pre-pay for the next 100 years, but | there's no guarantee you would _get_ 100 years of service. | Nothing stopping AWS increasing prices during that period, and | you'd be subject to those increases just like everyone else. | techrat wrote: | You'd probably be better off signing up for an Oracle Always- | Free tier as there's no billing information stored should | anything run into costs. But as the name implies, it's always | free, so your performance, bandwidth and space allocation is | substantially lower than the paid options. | sudhirj wrote: | I think you could, yes. It's a different question as to how | fast you'd hit the limit, but definitely possible to do a "this | site can only have 100000 visits" type art project. | ramoz wrote: | Fwiw - GCP already does this through "Enterprise Agreements" | | This is largely desired by customers with complicated | acquisitions and budget allocation periods (Government) | simonebrunozzi wrote: | Cheaper to park your money to AWS, rather than pay negative | interests on your bank account. | cube00 wrote: | I can't wait until I can trade my credit with other AWS users. | sudhirj wrote: | No mention of discounts, so this is probably a purely cashflow / | tax management system. | MonaroVXR wrote: | Discount? | porker wrote: | Gotta fund the next space trip somehow. | | /s | zodiakzz wrote: | I wish Digital Ocean would allow this. My country's debit/credit | cards don't work online reliably, my attached cards can start | getting rejected randomly any time. I'm always nervous about | getting my account suspended due to missed payments, DO is pretty | forgiving thankfully. | freedomben wrote: | Interesting, I had the opposite experience. The cardholder | forgot what Digital Ocean was and placed a chargeback. Do | immediately locked my account which had been in good standing | for years. I couldn't log in the console or API to do anything. | I wrote about it here if you're interested to learn more: | https://news.ycombinator.com/item?id=25806086 | | Linode is very similar pricing/offering and has incredible | customer service. I'm very happy with them. | prionassembly wrote: | They do with PayPal at least. | | Their emails even use language like "you need to top up your | account". | tonyedgecombe wrote: | Linode allows you to pre-fund your account. | academia_hack wrote: | I really wish you could just designate a group of resources as | unimportant, set a billing limit, and let Amazon nuke everything | / delete your files / whatever, if you go over the limit. | Everytime I try to learn cloud infrastructure stuff I'm terrified | of the literally infinite bill that might show up from a typo a | month down the line. | ZeroCool2u wrote: | I think GCP's official method for doing this is pretty similar | to what you describe. You basically create a cloud function | that disables billing if your bill goes over a configured | limit. It's not perfect, because there's a tiny bit of lag | between usage and billing calculation, but you'll only end up | with a few dollars over the limit instead of thousands. Truly | the nuclear option though. | outloudvi wrote: | Oh, on the GCP story I was always reminded of this: | | https://blog.tomilkieway.com/72k-1/ | ZeroCool2u wrote: | Wow, well they had some pretty fundamental design problems | that the author points out. Infinite recursion due to back | linking is a pretty easy way to max out your bill. I'm glad | that Google forgave the bill at least. | Terretta wrote: | > _GCP 's official method for doing this is ... a cloud | function that disables billing if your bill goes over a | configured limit_ | | I'd love it if GCP's official method were to disable | _billing_ if your bill went over a limit. | | Sadly, I suspect it would just disable systems instead. | nucleardog wrote: | How does "disabling billing" but not "disabling systems" | work? | | Is this like asking the phone company "When I reach my plan | limits, stop charging me money but let me keep making | calls?" | modeless wrote: | I did this last year for my project, except instead of | disabling billing which would nuke everything, I wrote a | service that runs every day, looks up my remaining monthly | budget and sets the daily quotas on the APIs I use so they | can't use more than my budget. (Which wouldn't be necessary | if they offered monthly quotas to match the monthly billing | period, but they don't.) | | Then last month I got an email saying "Hey, those quotas you | were setting using the API documented to set quotas, those | were actually not being enforced the whole time because of | undocumented issues with our systems." So basically you can't | rely on the documented behavior of these systems, there's no | good way to test whether your code is correct or whether your | limits will work without actually exceeding your budget for | real, and the whole thing is a clusterfuck. When you get a | surprise bill you just have to throw yourself at the mercy of | whichever first line billing support rep is randomly assigned | to your case. | | Limiting your bill to something less than "potentially | infinite" is just a basic fundamental feature that shouldn't | require rolling your own bill-monitoring service relying on | poorly documented and malfunctioning APIs with no provision | for testing. There's no excuse strong enough to explain why | the cloud providers can't do _something_ reasonable here. | Aerroon wrote: | And this is something that should've been added _years_ | ago. How many people have decided not to use these services | because trying things out to learn seemed too risky? They | 're not going to gain these skills either, so they argue | for alternatives when they actually need these | capabilities. | gcpthrow20221 wrote: | This official method is so broken that it's embarrassing that | they recommend it. It _looks_ like a solution, but it doesn | 't work. | | The "tiny bit of lag" between usage and billing calculation | explodes when there's a lot of usage - in my case, a broken | job tried resubmitting itself continuously, and the lag | increased to 8 hours and $5000 just when I needed the alert | the most. My team's response time was 5 minutes... After the | 8 hour GCP lag. | | Very similar to this guy's story: | https://blog.tomilkieway.com/72k-1/ | | I had to go back and forth with them on email for weeks, and | ultimately threaten them with a draft blog post with a lot of | graphs and screenshots of their recommendations for them to | cancel the bill. | Saris wrote: | Yeah it has firmly kept me away from AWS, Google cloud, and | similar. | | I use Vultr or Digitalocean if I need a server somewhere | because at least it's just a pre-set cost. | thorin wrote: | I think the same, it's put me off using anything but the free | tier for learning. Azure was slightly better but still not | ideal. | ramshanker wrote: | If not possible to cap price, starting with the capacity | limiter on S3 and bandwidth limit at VPC level would do. | | The possibility that someone flood the server even for static | resources causing bandwidth spiked Bill is scary. | Silhouette wrote: | That threat even has its own name now: a denial-of-wallet | attack. | | The limited protections available against this threat from | the big cloud providers have to be seen as a warning sign. | It's only a matter of time before any small business using | these services for hosting can be subject to sudden | shakedowns by criminals. "Nice business-critical | infrastructure you have there, be a shame if anything were to | happen to it." Some of the providers do offer a DoS | mitigation service, but the cost for the higher levels can | start to look like a shakedown itself. | Nextgrid wrote: | > The possibility that someone flood the server even for | static resources causing bandwidth spiked Bill is scary. | | Genuinely curious, is this just a side-effect of the cloud | craze or did DDoS attacks become so powerful that old-school | approaches of appropriately-sized bare-metal infrastructure | with finite but unmetered bandwidth are no longer viable? | | The way I see it, you can provision enough unmetered | bandwidth to cover your typical load + a safety margin at a | flat rate per month, and worst case scenario if the attack is | big enough you merely get downtime (allowing you to re- | evaluate the situation and decide whether to throw more | bandwidth at the problem or purchase attack mitigation | services) instead of an infinite bill? | | My current ISP gives me 1Gbps unmetered. Worst case scenario | the connection is saturated but at no point the ISP will come | to me and ask for extra money. | Silhouette wrote: | You could still run many systems just fine on private | infrastructure with at most a business-class Internet | connection to your office or a colo bill for putting your | servers somewhere more central. This didn't magically stop | working just because someone got paid a lot of money to do | PR for cloud services. By the time you take into account | the financial costs and inherent risks of cloud hosting, | maybe more things should still run that way than actually | do. | | The practical problem today is that cloud now has so much | mindshare, justified or otherwise, that the ecosystem | around private hosting is diminished. Finding good people | with the required admin skills, good sources of equipment, | even good software to run local versions of automation we | take for granted in the cloud, can be harder than it used | to be. | | I won't be surprised if in a few years some huge tech firm | we all thought had faded into obscurity enjoys a new lease | of life by offering a set of locally hosted equivalents to | popular cloud services that are also easy to administer and | scale but come with a lot more predictability because they | run on the customer's own infrastructure. | closeparen wrote: | One big problem with that is the dichotomy between | "cloud" and "open source" - people will pay for SaaS but | they absolutely balk at paying for licenses. | Silhouette wrote: | In this hypothetical scenario the real money might be in | consultancy. "Sure, we can get your organisation set up | with OpenNotAWSBecauseTrademarks. Our rates are | $20K/consultant/week and we expect to bring a team of 5 | for a fortnight." It just has to be a comparable cost and | financial structure to how a large organisation trying to | escape from cloud lock-in would have otherwise expected | to engage their cloud architecture consultants or cloud | security red team or other cloud specialists and then | you're in the game. | withinboredom wrote: | We still use bare-metal at Automattic. All our global- | scale admin stuff is open source... it shouldn't be | surprising that bash scripts aren't all that interesting. | People want it written in Go, with Raft-consensus to | think for us humans, running on blockchain. | res0nat0r wrote: | Set an SNS alert to sent an email/SMS message to your phone | if your monthly bill goes over whatever $X you decide. I've | had this set on my personal account for years and it isn't | too hard to configure, most of it is just point and click via | the SNS and CloudWatch GUIs and is pretty foolproof. | roystonvassey wrote: | That fear of a huge bill is real and much more common than you | think. | dimitrios1 wrote: | It's a rational fear as well. It happens more often than one | would think. | ctvo wrote: | Just use the free tier? You're notified when you're approaching | the free limit. | | AWS, anecdotally, has removed 5k++ mistakes I've made with | little question. | | (One example they forgave due to my carelessness: ECS and | Fargate service with logging to CloudWatch but with verbose | logging on. The bill was 8k that month for just CloudWatch | usage) | onion2k wrote: | It's great that they forgave you. I know a startup that | incurred a $30k bill that they didn't forgive. The startup | folded. | | AWS's unknowable policy for the cost of errors represents a | _huge_ risk for individuals and small businesses. It puts a | lot of people off. | jjoonathan wrote: | I have only asked for one refund, which was clearly the | result of a bug on Amazon's part, and they haggled the whole | way. They were quick to a 50% refund and slow to a 100% | refund. | dexterdog wrote: | I've never had a refund denied. One was for 20k on an | account that only billed that much monthly. If it's an | honest mistake they'll wipe it if you have any history with | them. | nucleardog wrote: | I've had $30k, and later $120k refunded on an account | that billed ~$20-25k monthly. Both covered 100% of the | overage. | | AWS is the one major tech company where I've never had | any issue getting in touch with a real human who has been | empowered to actually fix my issues. | | The only thing that's been required from us was to show | them we were taking reasonable steps to prevent it | happening again. | weinzierl wrote: | Oh yes, please. And to all the other commenters that suggest | workarounds: Yes, better than nothing, but not exactly a | solution to get beginners on board. AWS is complicated enough | even without all the billing headaches. | bostonsre wrote: | I think confusion around billing has to be intentional at this | point. I would guess they are making >$1b every year due to | users not understanding the consequences of their actions | fully. | varelse wrote: | Single most obvious customer obsessed (their tenet BTW) feature | they could add, but after over a decade of requests, it's | seemingly clear they won't. It keeps me from playing with AWS | for side projects as well. Their loss. | danpalmer wrote: | This is something that everyone seems to ask for (I know I'd | love it), but they haven't implemented it. To me that | suggests that they _can't_. | | My guess is that billing lags enough that they can't stick to | a price cap, which means that they either have to guarantee | the price cap and swallow the difference, which could be | exploited by malicious users to get free compute, or they | have to say that there's a delay on it which makes the cap | fairly useless. | | Some of these services are billed by such small increments I | can't even imagine how complex billing for them is in | practice. I'd be surprised if bills are eventually consistent | within 24 hours. | | I wouldn't be surprised if we see an announcement like | billing being guaranteed after 1 hour at some point in the | not too distant future, but I'd be surprised if we see | realtime caps. | ValentineC wrote: | Oddly enough, Budgets seem to work, since I've gotten | alerted to runaway services fast enough (I set it at 80% of | my previously-free monthly AWS credits) to be able to log | in and fix them, or shut them down. | Hokusai wrote: | > This is something that everyone seems to ask for (I know | I'd love it), but they haven't implemented it. To me that | suggests that they _can't_. | | Or maybe it is a costly implementation that would not bring | any profits. | | The strange thing is that the lack of this feature seems | too incur a cost as it causes more calls to customer | support. So, maybe it's that implement this feature will | reduce profit more that it will reduce cost. | varelse wrote: | When I fill my tank with gas, there's a preauthorization | with my credit card before I'm allowed to pump a single | drop. It seems like a similar arrangement could be made | here w/r to hourly level billing. And it would be a huge | improvement over the current situation which scares me | away. | mediamachiner wrote: | This terrifying scenario is kinda common. We've come across a | bunch of tweets like: | https://twitter.com/alexwlchan/status/1399095011178958851 | | This inspired us to add billing limits to our SaaS product so | that users don't have be in scary situations with bill run | offs: https://mediamachine.io/blog/protect-your-customers-with- | bil... | itsibitzi wrote: | I've read that some people use a pre-paid credit card with a $1 | spending limit when setting up their playground accounts. Seems | like a reasonable approach. | adriancr wrote: | You will still owe the incurred charges and AWS can send it | to collections. | donmcronald wrote: | I do this. I'd much rather have AWS needing to call me to | negotiate / collect than having $15k go through my CC as a | legit authorized charge. | cube00 wrote: | Unless they call you, refuse to negotiate and still send | it to collections as it is (at least in their mind) a | legitimate charge. | | All these stories of providers giving "good will" credit | for these massive charges really concerns me when you | look at how other parts of these companies ignore their | customers or only reply with scripted responses. | ValentineC wrote: | AWS is oddly dysfunctional recently. | | They nerfed the $100 of AWS credits for Alexa developers | with zero notice this month, which caused me to incur | overages this and last month. | | I've gotten last month's bill waived, but still received a | passive-aggressive email with bad English by a Territory | Account Sales person from my region about how my account | could be suspended, if I didn't reply to the email _within | the day_. I 'm not sure I would trust said person to handle | my accounts, even if I was on a corporate budget. | | I'm still in the process of moving most of my workload away | from AWS. | randompwd wrote: | That doesn't make much sense. You would still be on the hook | for the eventual bill. This sounds like a showerthought | hashtag lifehack. | viraptor wrote: | It does change the dynamic / comfort though. Would you | rather ask AWS to please revert $5k they put on your card, | or talk with them about $5k they'd like to charge you but | can't? | gspr wrote: | The former. But if we're talking about $5M instead, I'd | be completely terrified of both options. | adriancr wrote: | It doesn't change the dynamic though. | | At their revenue, don't care about 5K charge, they can | send to collections / sell to 3rd party collections | agencies. | | They do care about keeping you happy as a customer since | your employers will be swayed by their employees. | | So the former is much more likely to succeed, the latter | will just make you look like a scammer. | | At larger sums - they will do much more rigorous checks | to avoid issues. | viraptor wrote: | It doesn't change the dynamic for AWS. It doesn't change | for many of us. But it does for example for a student who | forgot to terminate a stack and suddenly can't afford | rent/utilities/shopping until the charge is resolved. | These are amounts which can really mess up people's lives | for weeks. | dom96 wrote: | This is the reason I have always stayed away from AWS and stuck | to Digital Ocean/Linode. I'm sure I'm not the only one. But I | am always surprised to see people complaining about this and | still using AWS. | WrtCdEvrydy wrote: | If this is an issue, use Lightsail or a tier 2 provider (like | DigitalOcean) | notwedtm wrote: | That doesn't solve for the AWS only resources. | WrtCdEvrydy wrote: | Yeah, no fixing that. | | Billing can be 24 hours delayed. | Someone1234 wrote: | Then you aren't learning AWS, which was the stated goal. | akh wrote: | > I'm terrified of the literally infinite bill that might show | up from a typo a month down the line | | Whilst this might sound funny, we were surprised to see it as a | common use-cases with users putting | https://github.com/infracost/infracost in their CI/CD pipelines | to act as safety net. Currently it only works for Terraform | users, but we plan to add other infra-as-code tools in the | future. We're also discussing how we can do this for people who | don't use infra-as-code in | https://github.com/infracost/infracost/issues/840 but it's not | clear what the workflow could look like for them. Perhaps | having separate AWS accounts with a budget alert that emails | you to run https://github.com/rebuy-de/aws-nuke is a work- | around just now. | | (I'm co-founder of Infracost) | koolba wrote: | > Perhaps having separate AWS accounts ... | | You absolutely must, MUST, _MUST_ be using separate AWS | accounts for separate purposes. You can have as many as you'd | like and roll up the billing into one actual paying account. | | This is a win for accountability (roll up dev and easily see | the split out for separate environments), but more | importantly for security as it limits the blast radius for | any one environment. Combined with per-account budget alerts | it's a win across the board. | Sevii wrote: | It may be a 'must' for security but from a UX perspective | it is a horrible experience. | | Does it make sense for one team to have 10+ AWS accounts | per service because 'security'? How about if each team out | of 1000s in your company has 10 AWS accounts per service? | | We run our service in 3 geographic regions and have a | separate AWS account for each region and stage despite each | account supporting resources in multiple regions. | Considering that we have 4~ services that is roughly 40 AWS | accounts for just one team with less than 10 people. | | What I'm describing above is the 'best practice' way to | manage AWS accounts at scale. It is insane and saying | 'security' does not magically make this reasonable. | lostcolony wrote: | The UX issue you're describing...can and should be solved | with UX. | | While security and UX are oftentimes in tension, in this | case they don't have to be. It would not be that hard to | be signed into multiple accounts and allow you to switch | seamlessly between them (allow the tagging of each | account, such that you can say, effectively, "show me dev | us-east-1" vs "show me us-east-1" vs "show me dev", | slicing and dicing between accounts that way). At that | point, separating infra across accounts becomes | semantically meaningful, and you can slice/dice in | whatever way seems best (so you could have a full account | for a single service, sure. Or an environment. Or a | region. Or a combination of those, only service-Foo in | us-east-1 for dev. Whatever level of granularity you | want; trading off instead between the security of | isolation with the convenience of colocation, which | should be the actual UX cost; infra in the us-east-1 | account has a harder time communicating with the infra in | the us-west-1 account). | GauntletWizard wrote: | I already set this up. My customers are 5-10 man shops, | and they have 5 different AWS Accounts: One for billing, | one for Build Infrastructure, one each for | Dev/Staging/Prod. Sometimes marketing is treated as a | separate product team and their website has it's own | staging/prod accounts (No real need for "dev" in that | case). | | Users login to the Build Infra account and then Assume | Role into the others - There's a list of magic links that | does the assume role. There's also a list that is added | to ~/.aws/config that does the equivalent: They configure | one IAM key, and the rest are assumed automatically by | the CLI or client libraries (Requires relatively recent | client libraries; Java only started supporting this | within the last year or two) | WaxProlix wrote: | I happily use 40+ accounts per service, and don't think | it's an undue burden. Accounts are free and represent a | convenient natural boundary for data, access, and oopsie- | daisy mitigation. | jsperx wrote: | I was so happy when I finally got cross-account roles | working so I could use a nice drop down and seamlessly | switch between my accounts. So cool! | | Then I learned because they're saving it all browser-side | I had to rebuild the whole menu whenever I first used a | new browser or computer? Whaaaat? Of all people, AWS | console users have to be highly likely to be using | multiple devices/browsers. Having to recreate your own | prefs at each new environment is nuts. | nprateem wrote: | https://addons.mozilla.org/en-US/firefox/addon/aws- | extend-sw... | thayne wrote: | Not to mention that the there is a pretty small limit on | how many can show up in the drop down (I don't remember | how many) so it isn't very scalable if you follow the | recommendations to create a lot of accounts. | | Plus you have to look up the account id in order to set | it up initially. | withinboredom wrote: | This seems silly to me. I (personally) think it is much | more likely for your computer to be stolen/hacked/ransomed | than a single account credential to be leaked. If so, "the | blast radius" will be whatever you're logged into ... and | if you're logged into everything, what's the point? | conradludgate wrote: | Because you should have 2fa set up and your access to AWS | accounts should expire after 1 hour. Also, you likely | have full disk encryption enabled, and the person | stealing your laptop is unlikely to know who you work for | and are more interested in selling it. | | If someone acquires credentials, they are usually multi | use and long term. And it can go unnoticed if an ec2 | instance is span up running crypto mining on your dime, | only for you to notice at the end of the day that your | estimated bill has shot through the roof | jsperx wrote: | With one giant caveat imho -- I have a root account, an | admin account, a common account (load balancer, database) | and then customer-specific accounts. Was working great, | using Terraform for consistency, sharing VPC where made | sense, etc... until I had an issue and realized that my | paid support plan only covered the root account. From what | I understand you have to get a separate support plan, with | a paid minimum ($100 per for business plan), for _each_ | account if you're gonna need tech support, and you can't | pool until you're in the $15K+ monthly spend: "AWS Support | fees are calculated on a per-account basis for Business and | Developer Support plans. For Enterprise Support, you are | billed based on the aggregate monthly AWS charges for all | your account IDs subscribed to Enterprise Support." | | Really soured me on the setup, tbh. | philwelch wrote: | This is true. It does add additional complexity, especially | if you have to do cross-account access, but the tooling for | that is improving over time. | YetAnotherNick wrote: | I think most of the cost for medium-large sized business are | elastic(number of pods, bandwidth cost depends on requests | per second, storage cost for many things increases linearly | with users etc). | akh wrote: | Yep - it seems to depend on the architecture too (e.g. | companies that lift-and-shift to the cloud use VMs | heavily). We're discussing ideas on | https://github.com/infracost/infracost/issues/730, e.g. | could CloudWatch be used to fetch the usage so user has | context of what those elastic services used last | week/month. | YetAnotherNick wrote: | Didn't imagined that this functionality would be present. | Looks very useful and I would try it out for my terraform | setup! | underseacables wrote: | I use Glacier For cold storage of family videos and photos. I | have pre-paid for the next 10 years of expected usage. I just | wanted to be sure that we would never lose that data, so I think | advanced billing is great. | dekhn wrote: | Wasn't this already a negotiable option? ___________________________________________________________________ (page generated 2021-07-21 23:01 UTC)