[HN Gopher] AWS now allows customers to pay for their usage in a...
___________________________________________________________________
AWS now allows customers to pay for their usage in advance
Author : msmithstubbs
Score : 119 points
Date : 2021-07-21 10:56 UTC (12 hours ago)
(HTM) web link (aws.amazon.com)
(TXT) w3m dump (aws.amazon.com)
| literallyaduck wrote:
| ELI5 does this mean I can prepay and not be at risk for more than
| I have prepaid?
| isbvhodnvemrwvn wrote:
| No. It just means that you can give money to AWS without having
| a bill, you are still responsible for the charges incurred
| regardless of how much you paid in advance.
| luxpsycho wrote:
| What's the point, if there isn't a discount for paying upfront?
|
| Will some people/businesses prefer this because it's not 'credit'
| --does AWS scrobble to your Credit Report in any country?
|
| I am failing to see the appeal here...
| eddieroger wrote:
| A very cynical take is that Bezos needs an advance for the next
| Blue Orbit launch, per his appreciation in all we've done to
| get the first one launched.
| cameroncf wrote:
| This is for when the departmental budget has a little cash left
| at the end of the fiscal year and they need to spend it.
| colmmacc wrote:
| I work at AWS, but I wasn't involved in this feature, so this
| isn't anything more than speculation on my part. I've certainly
| talked to customers who would time their reserved instances and
| savings plan purchases based on the USD exchange rate for their
| local currency. This could make sense for those customers too,
| who often don't have USD denominated bank accounts.
| theevilsharpie wrote:
| > What's the point, if there isn't a discount for paying
| upfront?
|
| In a past life, I did some work with government clients who
| preferred to be charged up-front in a lump sum, because it was
| much easier for them to get funding for that than a recurring
| subscription.
| koolba wrote:
| For companies operating on a cash basis with a standard Jan-Dec
| fiscal calendar (e.g. most small businesses), this would allow
| you to deduct future spending by prepurchasing AWS credits. It
| locks away whatever money you dedicate to it but that'd be
| peanuts compared to paying income tax on it in order to carry
| it forward as retained earnings.
| sokoloff wrote:
| I don't think that works the way you suggest, but I also
| admit the guidance is unclear.
|
| Reg. Section 1.461-1(a)(1) provides the following:
|
| If an expenditure results in the creation of an asset having
| a useful life which extends substantially beyond the close of
| the taxable year, such an expenditure may not be deductible,
| or may be deductible only in part, for the taxable year in
| which made.
|
| https://www.law.cornell.edu/cfr/text/26/1.461-1
|
| If you buy 10+ months of AWS credits in December and have a
| Jan-Dec fiscal year, I'd argue that you bought "an asset
| having a useful life which extends substantially beyond the
| close of your taxable year"
| binarymax wrote:
| This isn't purchase of a capitalizable asset, it's renting
| as an operational expense ;)
| gowld wrote:
| Why not use a dedicated escrow service for that, which wouold
| work with all expenses, not just AWS?
| koolba wrote:
| If it smells like a checking account then it's going to be
| treated as a checking account.
| ak217 wrote:
| Other comments have covered cases like departments having money
| left over in their quarterly budgets, or companies looking to
| spend in a particular quarter for earnings/tax deduction
| reasons, or reducing currency risk by hedging forex prices. But
| the biggest use by far that I've seen for this is
| government/public orgs that are prevented by outdated
| laws/auditing regulations/processes from using pay-as-you-go
| models. They are forced by their accounting
| department/government grant to treat infra expenses as capex
| and have zero budget to expense them as opex (this model
| assumes an on-prem physical plant for an IT department).
| Previously AWS had a way to get around part of that with
| reserved instances, this solution is more comprehensive.
| jrockway wrote:
| The pricing on reserved instances is so appealing over on-
| demand instances, though, that people are using it for more
| than just opex vs. capex accounting. You legitimately save
| money by buying in advance.
| bethecloud wrote:
| STORJ DCS (Decentralized Cloud Storage) has enabled users to pay
| in advance with crypto since day 1.
| svnpenn wrote:
| That site is weird. I get a "not found", then two seconds later
| the page loads. If that's my first interaction with the domain,
| I'm definitely not giving them money.
| AmericanChopper wrote:
| They haven't even had a working service since day 1 (still
| don't?...)? I consulted for a couple of blockchains startups a
| few years ago, and this was the biggest piece of perpetual
| vaporware I came across. Good for them if they've finally
| managed to have a working product, but I wouldn't be relying on
| it to work for a week, let alone some actually long period of
| time.
| daitangio wrote:
| Sorry but I did not understand the 'cool' part. With Linode &
| Webfaction I was able to prepay via credit card too. What is the
| advantage? To get block me if the credit is too low for s
| specific service?
| alexjplant wrote:
| Believe it or not a big part of cloud migration is figuring out
| how to cost it and get the finance people on board with after-
| the-fact operational expenses (*aaS) replacing capital/labor
| expenses (servers, sysadmins, network engineers, etc). When I
| worked in defense contracting I sat through half a dozen
| meetings with cloud vendors and virtually all of them took the
| time to explain how the costing model was distinct from on-
| prem, how to estimate and budget, governance, etc. At the end
| of the day many orgs with deep pockets also have very
| entrenched financial processes. AWS is doing everything that it
| can to make a play for these dollars by creating on-ramps such
| as this one.
| prepend wrote:
| This is really nice. Now just add that when the amount is met,
| everything stops. Or maybe dropped into glacier to accrue
| charges.
|
| I'd like this to work like a prepaid phone.
| vagrantJin wrote:
| Nope.
|
| Used AWS for 3 years at a decent sized agency. It seems we
| underestimated how much not to forget checking and scrutinize
| every line item in the bill because our lighsail instances had
| another DB attached to it that we had no idea about, but was
| charging a crazy fee (converting our local currency to dollars =
| 19x)
|
| There was much finger-pointing.
| YetAnotherNick wrote:
| But unless you plan to block your card and ignore AWS'
| email(might not be a healthy thing for business), how will
| prepaying bad?
| joelbondurant wrote:
| The AWS unexpected bills service has competition.
| devops000 wrote:
| I was thinking about switching from Digital Ocean+Cloud66 to AWS
| but all comments about invoices and saas helping forecast aws
| invoice they convinced me to stay with Digital Ocean
| ksec wrote:
| Is this for Tax benefits? Where you could put in all your annual
| net profits for AWS credit?
| ic4l wrote:
| You also can use this to meet credit card minimum spending for
| credit card bonuses.
| ValentineC wrote:
| I thought of this too, but it looks like they only allow
| transfers from US bank accounts for prepayment.
| smachiz wrote:
| No, GAAP solves for this.
| Frost1x wrote:
| Not sure about those but it'll be incredibly useful for
| research grant funding monies. Most research grants are "use it
| or lose it" so if you have any essential infrastructure,
| capital with short shelf lives/frequent replacement needs, etc.
| you want/need after the end of the grant, you pay for it in
| advance.
|
| A group I worked with bought about 5 years worth of a specific
| consumable they needed to continue working, 2-3 year service
| contract with a vendor to maintain aspects of things so some
| work could continue and be leveraged for future grants, and
| hosting/software licenses were often purchased for long time
| horizons in advance, where possible.
|
| With use it or lose it money, you use it. Whether money should
| be provisioned that way and coming in under budget should be
| punished is another story...
| ksec wrote:
| Oh this is a nice way to lock in all the money from Research
| Grants. I remember reading on Twitter about some of the
| research requiring massive amount of compute resources. (
| Like a whole region of AWS ). This AWS money pool usage makes
| sense in that context.
| axpy906 wrote:
| Why are the top comments companies promoting their solution?
| Don't get me wrong, I think it's find to do so I just don't
| expect them at the top.
| smoldesu wrote:
| This has been increasingly prevalent on HN, and I'd
| (eventually) like to see something done about it. Sure, Hacker
| News is a project incubator at heart, so it will naturally have
| a higher ratio of CEOs:normal_users. That doesn't excuse how
| obnoxious it is seeing someone plug their SAAS-of-the-day on
| seemingly innocuous information (like how Fig hitched a ride on
| a Brew PSA).
|
| It's frustrating me to the point where I might just leave this
| site. I'm sick and tired of this new-wave guerilla marketing.
| xeromal wrote:
| I don't see any top 1st level comments promoting anything. The
| only promotions I see are comments to the top comments which is
| hard to avoid!
| MattGaiser wrote:
| Demand for a solution is probably quite high.
| Havoc wrote:
| Not much of a feature.
|
| If that could be used as a hard limit that would be more
| interesting
| StratusBen wrote:
| I'm surprised it took this long for AWS to launch something as
| basic as this. As others in the thread have mentioned, the core
| problem of tracking your AWS costs and where they're coming from
| is still a very hard problem for most organizations. Especially
| startups.
|
| I'm a co-founder of https://www.vantage.sh/ which helps
| organizations track their AWS costs and we'll look at
| incorporating Advance Pay balances into the platform.
| mdoms wrote:
| Awesome can't wait to give one of the richest companies on the
| planet an interest free loan.
| villgax wrote:
| What I want is to assign pre-paid limits or just plain limits for
| a given resource group
| benjaminwootton wrote:
| AWS billing practices are horrible, and they are increasingly
| more "Oracle" like in their approach.
|
| I had a security issue related to a SaaS product which led to a
| $7k AWS line item when someone started sending a LIST request to
| S3 buckets billions of times. They would not consider refunding.
|
| Now I'm having a bunch of problems terminating some AWS Orgs
| accounts and they are being deliberately difficult in getting it
| tidied up whilst I'm incurring significant costs.
|
| The whole billing stuff is complex and opaque and there aren't
| enough controls and limits on spend. I feel like I need to
| dedicate 1 x FTE at least on AWS cost control which is a high
| cost for a small business.
|
| As a CTO, I've previously influenced $millions in spend on AWS,
| but would be very nervous putting my reputation on the line to
| spend big with them in future. I'm frankly losing trust in their
| commercial approach.
| rodgerd wrote:
| > and they are increasingly more "Oracle" like in their
| approach.
|
| Ironically the Oracle cloud seems more price-reasonable (for
| now).
| Terretta wrote:
| Anecdata, but my experience as CTO of a startup, a hedge fund,
| and a bank has been the opposite.
|
| I've never had an unexpected cost they didn't readily credit
| back, _provided_ we were taking the recommended and reasonably
| easy steps to keep on top of costs and limits.
| cube00 wrote:
| The problem is relying on this "good will" and "one time
| only" to credit back compared with having a way to set hard
| billing limits so you don't need to have this conversation as
| a part of your business as usual. Mistakes will always happen
| with something as complex as this and that's what billing and
| rate limits are supposed to protect your against.
| qaq wrote:
| Whats your monthly spend? I used to work for an org with 50K
| monthly spend none cared at AWS about us. Now I work for a
| big org with very serious spend and it's night and day we can
| get access to eng. quickly we have regular meetings with PMs
| and get our requests for AWS features put onto roadmap etc.
| toeknee123 wrote:
| We recently helped a small client of ours discover a cost
| increase where AWS RETROACTIVELY increased their costs for a
| service near the end of the month for previous days without
| letting them know.
|
| We were a bit shocked to see this happen and it was a very
| subtle increase that was sort of hidden in Cost Explorer unless
| you spent hours digging into it and comparing your past
| invoices.
|
| (I'm a co-founder of CloudForecast)
| scrollaway wrote:
| Extraordinary claims require extraordinary evidence.
| hfern wrote:
| What was the service that they retroactively increased the
| cost of?
| CSDude wrote:
| Which service and whay API?
| simonw wrote:
| Does this mean I can set up a static website on S3, pre-pay fir
| the next hundred years of hosting costs and then pretty much
| forget about it? Because I would genuinely love to be able to do
| that.
| bethecloud wrote:
| You can do this today with the decentralized cloud:
| https://docs.storj.io/dcs/how-tos/host-a-static-website/host...
| missedthecue wrote:
| what are the odds that that service exists in 5 years? Or 10
| years? I'm confident AWS will.
| jagger27 wrote:
| Of course it has its own cryptocurrency.
| akh wrote:
| I've also been thinking about that! I wonder if
| https://archive.org/web/ is an alternative though, as in could
| I pay them so they could mirror it for a 100 years?
| simonw wrote:
| I would absolutely love to be able to donate a domain name to
| the Internet Archive plus a lump sum cash donation and have
| them keep it hosted in perpetuity.
| toast0 wrote:
| Sign me up too, I've got a (very small) site that I would
| like to outlive me; my plan is to attempt to set it up with
| a large balance at NearlyFreeSpeach.net and also put the
| account identifier in an HTML comment so that motivated
| people could increase its balance in the future.
|
| I would be very interested in other credible perpetual
| hosting plans.
| 015a wrote:
| No. S3, like most AWS services, has uncapped costs. If you
| experience higher than expected load, such as a DDoS attempt,
| you'll burn through the preallocated spend and you'll still get
| a bill afterward.
|
| This doesn't appear to actually shut down the resources once
| the preallocated spend is exhausted. Its just a way to pay for
| bills preemptively instead of when you receive them. Its an
| accounting thing, not a new feature.
| nonfamous wrote:
| Yes, but no. You could pre-pay for the next 100 years, but
| there's no guarantee you would _get_ 100 years of service.
| Nothing stopping AWS increasing prices during that period, and
| you'd be subject to those increases just like everyone else.
| techrat wrote:
| You'd probably be better off signing up for an Oracle Always-
| Free tier as there's no billing information stored should
| anything run into costs. But as the name implies, it's always
| free, so your performance, bandwidth and space allocation is
| substantially lower than the paid options.
| sudhirj wrote:
| I think you could, yes. It's a different question as to how
| fast you'd hit the limit, but definitely possible to do a "this
| site can only have 100000 visits" type art project.
| ramoz wrote:
| Fwiw - GCP already does this through "Enterprise Agreements"
|
| This is largely desired by customers with complicated
| acquisitions and budget allocation periods (Government)
| simonebrunozzi wrote:
| Cheaper to park your money to AWS, rather than pay negative
| interests on your bank account.
| cube00 wrote:
| I can't wait until I can trade my credit with other AWS users.
| sudhirj wrote:
| No mention of discounts, so this is probably a purely cashflow /
| tax management system.
| MonaroVXR wrote:
| Discount?
| porker wrote:
| Gotta fund the next space trip somehow.
|
| /s
| zodiakzz wrote:
| I wish Digital Ocean would allow this. My country's debit/credit
| cards don't work online reliably, my attached cards can start
| getting rejected randomly any time. I'm always nervous about
| getting my account suspended due to missed payments, DO is pretty
| forgiving thankfully.
| freedomben wrote:
| Interesting, I had the opposite experience. The cardholder
| forgot what Digital Ocean was and placed a chargeback. Do
| immediately locked my account which had been in good standing
| for years. I couldn't log in the console or API to do anything.
| I wrote about it here if you're interested to learn more:
| https://news.ycombinator.com/item?id=25806086
|
| Linode is very similar pricing/offering and has incredible
| customer service. I'm very happy with them.
| prionassembly wrote:
| They do with PayPal at least.
|
| Their emails even use language like "you need to top up your
| account".
| tonyedgecombe wrote:
| Linode allows you to pre-fund your account.
| academia_hack wrote:
| I really wish you could just designate a group of resources as
| unimportant, set a billing limit, and let Amazon nuke everything
| / delete your files / whatever, if you go over the limit.
| Everytime I try to learn cloud infrastructure stuff I'm terrified
| of the literally infinite bill that might show up from a typo a
| month down the line.
| ZeroCool2u wrote:
| I think GCP's official method for doing this is pretty similar
| to what you describe. You basically create a cloud function
| that disables billing if your bill goes over a configured
| limit. It's not perfect, because there's a tiny bit of lag
| between usage and billing calculation, but you'll only end up
| with a few dollars over the limit instead of thousands. Truly
| the nuclear option though.
| outloudvi wrote:
| Oh, on the GCP story I was always reminded of this:
|
| https://blog.tomilkieway.com/72k-1/
| ZeroCool2u wrote:
| Wow, well they had some pretty fundamental design problems
| that the author points out. Infinite recursion due to back
| linking is a pretty easy way to max out your bill. I'm glad
| that Google forgave the bill at least.
| Terretta wrote:
| > _GCP 's official method for doing this is ... a cloud
| function that disables billing if your bill goes over a
| configured limit_
|
| I'd love it if GCP's official method were to disable
| _billing_ if your bill went over a limit.
|
| Sadly, I suspect it would just disable systems instead.
| nucleardog wrote:
| How does "disabling billing" but not "disabling systems"
| work?
|
| Is this like asking the phone company "When I reach my plan
| limits, stop charging me money but let me keep making
| calls?"
| modeless wrote:
| I did this last year for my project, except instead of
| disabling billing which would nuke everything, I wrote a
| service that runs every day, looks up my remaining monthly
| budget and sets the daily quotas on the APIs I use so they
| can't use more than my budget. (Which wouldn't be necessary
| if they offered monthly quotas to match the monthly billing
| period, but they don't.)
|
| Then last month I got an email saying "Hey, those quotas you
| were setting using the API documented to set quotas, those
| were actually not being enforced the whole time because of
| undocumented issues with our systems." So basically you can't
| rely on the documented behavior of these systems, there's no
| good way to test whether your code is correct or whether your
| limits will work without actually exceeding your budget for
| real, and the whole thing is a clusterfuck. When you get a
| surprise bill you just have to throw yourself at the mercy of
| whichever first line billing support rep is randomly assigned
| to your case.
|
| Limiting your bill to something less than "potentially
| infinite" is just a basic fundamental feature that shouldn't
| require rolling your own bill-monitoring service relying on
| poorly documented and malfunctioning APIs with no provision
| for testing. There's no excuse strong enough to explain why
| the cloud providers can't do _something_ reasonable here.
| Aerroon wrote:
| And this is something that should've been added _years_
| ago. How many people have decided not to use these services
| because trying things out to learn seemed too risky? They
| 're not going to gain these skills either, so they argue
| for alternatives when they actually need these
| capabilities.
| gcpthrow20221 wrote:
| This official method is so broken that it's embarrassing that
| they recommend it. It _looks_ like a solution, but it doesn
| 't work.
|
| The "tiny bit of lag" between usage and billing calculation
| explodes when there's a lot of usage - in my case, a broken
| job tried resubmitting itself continuously, and the lag
| increased to 8 hours and $5000 just when I needed the alert
| the most. My team's response time was 5 minutes... After the
| 8 hour GCP lag.
|
| Very similar to this guy's story:
| https://blog.tomilkieway.com/72k-1/
|
| I had to go back and forth with them on email for weeks, and
| ultimately threaten them with a draft blog post with a lot of
| graphs and screenshots of their recommendations for them to
| cancel the bill.
| Saris wrote:
| Yeah it has firmly kept me away from AWS, Google cloud, and
| similar.
|
| I use Vultr or Digitalocean if I need a server somewhere
| because at least it's just a pre-set cost.
| thorin wrote:
| I think the same, it's put me off using anything but the free
| tier for learning. Azure was slightly better but still not
| ideal.
| ramshanker wrote:
| If not possible to cap price, starting with the capacity
| limiter on S3 and bandwidth limit at VPC level would do.
|
| The possibility that someone flood the server even for static
| resources causing bandwidth spiked Bill is scary.
| Silhouette wrote:
| That threat even has its own name now: a denial-of-wallet
| attack.
|
| The limited protections available against this threat from
| the big cloud providers have to be seen as a warning sign.
| It's only a matter of time before any small business using
| these services for hosting can be subject to sudden
| shakedowns by criminals. "Nice business-critical
| infrastructure you have there, be a shame if anything were to
| happen to it." Some of the providers do offer a DoS
| mitigation service, but the cost for the higher levels can
| start to look like a shakedown itself.
| Nextgrid wrote:
| > The possibility that someone flood the server even for
| static resources causing bandwidth spiked Bill is scary.
|
| Genuinely curious, is this just a side-effect of the cloud
| craze or did DDoS attacks become so powerful that old-school
| approaches of appropriately-sized bare-metal infrastructure
| with finite but unmetered bandwidth are no longer viable?
|
| The way I see it, you can provision enough unmetered
| bandwidth to cover your typical load + a safety margin at a
| flat rate per month, and worst case scenario if the attack is
| big enough you merely get downtime (allowing you to re-
| evaluate the situation and decide whether to throw more
| bandwidth at the problem or purchase attack mitigation
| services) instead of an infinite bill?
|
| My current ISP gives me 1Gbps unmetered. Worst case scenario
| the connection is saturated but at no point the ISP will come
| to me and ask for extra money.
| Silhouette wrote:
| You could still run many systems just fine on private
| infrastructure with at most a business-class Internet
| connection to your office or a colo bill for putting your
| servers somewhere more central. This didn't magically stop
| working just because someone got paid a lot of money to do
| PR for cloud services. By the time you take into account
| the financial costs and inherent risks of cloud hosting,
| maybe more things should still run that way than actually
| do.
|
| The practical problem today is that cloud now has so much
| mindshare, justified or otherwise, that the ecosystem
| around private hosting is diminished. Finding good people
| with the required admin skills, good sources of equipment,
| even good software to run local versions of automation we
| take for granted in the cloud, can be harder than it used
| to be.
|
| I won't be surprised if in a few years some huge tech firm
| we all thought had faded into obscurity enjoys a new lease
| of life by offering a set of locally hosted equivalents to
| popular cloud services that are also easy to administer and
| scale but come with a lot more predictability because they
| run on the customer's own infrastructure.
| closeparen wrote:
| One big problem with that is the dichotomy between
| "cloud" and "open source" - people will pay for SaaS but
| they absolutely balk at paying for licenses.
| Silhouette wrote:
| In this hypothetical scenario the real money might be in
| consultancy. "Sure, we can get your organisation set up
| with OpenNotAWSBecauseTrademarks. Our rates are
| $20K/consultant/week and we expect to bring a team of 5
| for a fortnight." It just has to be a comparable cost and
| financial structure to how a large organisation trying to
| escape from cloud lock-in would have otherwise expected
| to engage their cloud architecture consultants or cloud
| security red team or other cloud specialists and then
| you're in the game.
| withinboredom wrote:
| We still use bare-metal at Automattic. All our global-
| scale admin stuff is open source... it shouldn't be
| surprising that bash scripts aren't all that interesting.
| People want it written in Go, with Raft-consensus to
| think for us humans, running on blockchain.
| res0nat0r wrote:
| Set an SNS alert to sent an email/SMS message to your phone
| if your monthly bill goes over whatever $X you decide. I've
| had this set on my personal account for years and it isn't
| too hard to configure, most of it is just point and click via
| the SNS and CloudWatch GUIs and is pretty foolproof.
| roystonvassey wrote:
| That fear of a huge bill is real and much more common than you
| think.
| dimitrios1 wrote:
| It's a rational fear as well. It happens more often than one
| would think.
| ctvo wrote:
| Just use the free tier? You're notified when you're approaching
| the free limit.
|
| AWS, anecdotally, has removed 5k++ mistakes I've made with
| little question.
|
| (One example they forgave due to my carelessness: ECS and
| Fargate service with logging to CloudWatch but with verbose
| logging on. The bill was 8k that month for just CloudWatch
| usage)
| onion2k wrote:
| It's great that they forgave you. I know a startup that
| incurred a $30k bill that they didn't forgive. The startup
| folded.
|
| AWS's unknowable policy for the cost of errors represents a
| _huge_ risk for individuals and small businesses. It puts a
| lot of people off.
| jjoonathan wrote:
| I have only asked for one refund, which was clearly the
| result of a bug on Amazon's part, and they haggled the whole
| way. They were quick to a 50% refund and slow to a 100%
| refund.
| dexterdog wrote:
| I've never had a refund denied. One was for 20k on an
| account that only billed that much monthly. If it's an
| honest mistake they'll wipe it if you have any history with
| them.
| nucleardog wrote:
| I've had $30k, and later $120k refunded on an account
| that billed ~$20-25k monthly. Both covered 100% of the
| overage.
|
| AWS is the one major tech company where I've never had
| any issue getting in touch with a real human who has been
| empowered to actually fix my issues.
|
| The only thing that's been required from us was to show
| them we were taking reasonable steps to prevent it
| happening again.
| weinzierl wrote:
| Oh yes, please. And to all the other commenters that suggest
| workarounds: Yes, better than nothing, but not exactly a
| solution to get beginners on board. AWS is complicated enough
| even without all the billing headaches.
| bostonsre wrote:
| I think confusion around billing has to be intentional at this
| point. I would guess they are making >$1b every year due to
| users not understanding the consequences of their actions
| fully.
| varelse wrote:
| Single most obvious customer obsessed (their tenet BTW) feature
| they could add, but after over a decade of requests, it's
| seemingly clear they won't. It keeps me from playing with AWS
| for side projects as well. Their loss.
| danpalmer wrote:
| This is something that everyone seems to ask for (I know I'd
| love it), but they haven't implemented it. To me that
| suggests that they _can't_.
|
| My guess is that billing lags enough that they can't stick to
| a price cap, which means that they either have to guarantee
| the price cap and swallow the difference, which could be
| exploited by malicious users to get free compute, or they
| have to say that there's a delay on it which makes the cap
| fairly useless.
|
| Some of these services are billed by such small increments I
| can't even imagine how complex billing for them is in
| practice. I'd be surprised if bills are eventually consistent
| within 24 hours.
|
| I wouldn't be surprised if we see an announcement like
| billing being guaranteed after 1 hour at some point in the
| not too distant future, but I'd be surprised if we see
| realtime caps.
| ValentineC wrote:
| Oddly enough, Budgets seem to work, since I've gotten
| alerted to runaway services fast enough (I set it at 80% of
| my previously-free monthly AWS credits) to be able to log
| in and fix them, or shut them down.
| Hokusai wrote:
| > This is something that everyone seems to ask for (I know
| I'd love it), but they haven't implemented it. To me that
| suggests that they _can't_.
|
| Or maybe it is a costly implementation that would not bring
| any profits.
|
| The strange thing is that the lack of this feature seems
| too incur a cost as it causes more calls to customer
| support. So, maybe it's that implement this feature will
| reduce profit more that it will reduce cost.
| varelse wrote:
| When I fill my tank with gas, there's a preauthorization
| with my credit card before I'm allowed to pump a single
| drop. It seems like a similar arrangement could be made
| here w/r to hourly level billing. And it would be a huge
| improvement over the current situation which scares me
| away.
| mediamachiner wrote:
| This terrifying scenario is kinda common. We've come across a
| bunch of tweets like:
| https://twitter.com/alexwlchan/status/1399095011178958851
|
| This inspired us to add billing limits to our SaaS product so
| that users don't have be in scary situations with bill run
| offs: https://mediamachine.io/blog/protect-your-customers-with-
| bil...
| itsibitzi wrote:
| I've read that some people use a pre-paid credit card with a $1
| spending limit when setting up their playground accounts. Seems
| like a reasonable approach.
| adriancr wrote:
| You will still owe the incurred charges and AWS can send it
| to collections.
| donmcronald wrote:
| I do this. I'd much rather have AWS needing to call me to
| negotiate / collect than having $15k go through my CC as a
| legit authorized charge.
| cube00 wrote:
| Unless they call you, refuse to negotiate and still send
| it to collections as it is (at least in their mind) a
| legitimate charge.
|
| All these stories of providers giving "good will" credit
| for these massive charges really concerns me when you
| look at how other parts of these companies ignore their
| customers or only reply with scripted responses.
| ValentineC wrote:
| AWS is oddly dysfunctional recently.
|
| They nerfed the $100 of AWS credits for Alexa developers
| with zero notice this month, which caused me to incur
| overages this and last month.
|
| I've gotten last month's bill waived, but still received a
| passive-aggressive email with bad English by a Territory
| Account Sales person from my region about how my account
| could be suspended, if I didn't reply to the email _within
| the day_. I 'm not sure I would trust said person to handle
| my accounts, even if I was on a corporate budget.
|
| I'm still in the process of moving most of my workload away
| from AWS.
| randompwd wrote:
| That doesn't make much sense. You would still be on the hook
| for the eventual bill. This sounds like a showerthought
| hashtag lifehack.
| viraptor wrote:
| It does change the dynamic / comfort though. Would you
| rather ask AWS to please revert $5k they put on your card,
| or talk with them about $5k they'd like to charge you but
| can't?
| gspr wrote:
| The former. But if we're talking about $5M instead, I'd
| be completely terrified of both options.
| adriancr wrote:
| It doesn't change the dynamic though.
|
| At their revenue, don't care about 5K charge, they can
| send to collections / sell to 3rd party collections
| agencies.
|
| They do care about keeping you happy as a customer since
| your employers will be swayed by their employees.
|
| So the former is much more likely to succeed, the latter
| will just make you look like a scammer.
|
| At larger sums - they will do much more rigorous checks
| to avoid issues.
| viraptor wrote:
| It doesn't change the dynamic for AWS. It doesn't change
| for many of us. But it does for example for a student who
| forgot to terminate a stack and suddenly can't afford
| rent/utilities/shopping until the charge is resolved.
| These are amounts which can really mess up people's lives
| for weeks.
| dom96 wrote:
| This is the reason I have always stayed away from AWS and stuck
| to Digital Ocean/Linode. I'm sure I'm not the only one. But I
| am always surprised to see people complaining about this and
| still using AWS.
| WrtCdEvrydy wrote:
| If this is an issue, use Lightsail or a tier 2 provider (like
| DigitalOcean)
| notwedtm wrote:
| That doesn't solve for the AWS only resources.
| WrtCdEvrydy wrote:
| Yeah, no fixing that.
|
| Billing can be 24 hours delayed.
| Someone1234 wrote:
| Then you aren't learning AWS, which was the stated goal.
| akh wrote:
| > I'm terrified of the literally infinite bill that might show
| up from a typo a month down the line
|
| Whilst this might sound funny, we were surprised to see it as a
| common use-cases with users putting
| https://github.com/infracost/infracost in their CI/CD pipelines
| to act as safety net. Currently it only works for Terraform
| users, but we plan to add other infra-as-code tools in the
| future. We're also discussing how we can do this for people who
| don't use infra-as-code in
| https://github.com/infracost/infracost/issues/840 but it's not
| clear what the workflow could look like for them. Perhaps
| having separate AWS accounts with a budget alert that emails
| you to run https://github.com/rebuy-de/aws-nuke is a work-
| around just now.
|
| (I'm co-founder of Infracost)
| koolba wrote:
| > Perhaps having separate AWS accounts ...
|
| You absolutely must, MUST, _MUST_ be using separate AWS
| accounts for separate purposes. You can have as many as you'd
| like and roll up the billing into one actual paying account.
|
| This is a win for accountability (roll up dev and easily see
| the split out for separate environments), but more
| importantly for security as it limits the blast radius for
| any one environment. Combined with per-account budget alerts
| it's a win across the board.
| Sevii wrote:
| It may be a 'must' for security but from a UX perspective
| it is a horrible experience.
|
| Does it make sense for one team to have 10+ AWS accounts
| per service because 'security'? How about if each team out
| of 1000s in your company has 10 AWS accounts per service?
|
| We run our service in 3 geographic regions and have a
| separate AWS account for each region and stage despite each
| account supporting resources in multiple regions.
| Considering that we have 4~ services that is roughly 40 AWS
| accounts for just one team with less than 10 people.
|
| What I'm describing above is the 'best practice' way to
| manage AWS accounts at scale. It is insane and saying
| 'security' does not magically make this reasonable.
| lostcolony wrote:
| The UX issue you're describing...can and should be solved
| with UX.
|
| While security and UX are oftentimes in tension, in this
| case they don't have to be. It would not be that hard to
| be signed into multiple accounts and allow you to switch
| seamlessly between them (allow the tagging of each
| account, such that you can say, effectively, "show me dev
| us-east-1" vs "show me us-east-1" vs "show me dev",
| slicing and dicing between accounts that way). At that
| point, separating infra across accounts becomes
| semantically meaningful, and you can slice/dice in
| whatever way seems best (so you could have a full account
| for a single service, sure. Or an environment. Or a
| region. Or a combination of those, only service-Foo in
| us-east-1 for dev. Whatever level of granularity you
| want; trading off instead between the security of
| isolation with the convenience of colocation, which
| should be the actual UX cost; infra in the us-east-1
| account has a harder time communicating with the infra in
| the us-west-1 account).
| GauntletWizard wrote:
| I already set this up. My customers are 5-10 man shops,
| and they have 5 different AWS Accounts: One for billing,
| one for Build Infrastructure, one each for
| Dev/Staging/Prod. Sometimes marketing is treated as a
| separate product team and their website has it's own
| staging/prod accounts (No real need for "dev" in that
| case).
|
| Users login to the Build Infra account and then Assume
| Role into the others - There's a list of magic links that
| does the assume role. There's also a list that is added
| to ~/.aws/config that does the equivalent: They configure
| one IAM key, and the rest are assumed automatically by
| the CLI or client libraries (Requires relatively recent
| client libraries; Java only started supporting this
| within the last year or two)
| WaxProlix wrote:
| I happily use 40+ accounts per service, and don't think
| it's an undue burden. Accounts are free and represent a
| convenient natural boundary for data, access, and oopsie-
| daisy mitigation.
| jsperx wrote:
| I was so happy when I finally got cross-account roles
| working so I could use a nice drop down and seamlessly
| switch between my accounts. So cool!
|
| Then I learned because they're saving it all browser-side
| I had to rebuild the whole menu whenever I first used a
| new browser or computer? Whaaaat? Of all people, AWS
| console users have to be highly likely to be using
| multiple devices/browsers. Having to recreate your own
| prefs at each new environment is nuts.
| nprateem wrote:
| https://addons.mozilla.org/en-US/firefox/addon/aws-
| extend-sw...
| thayne wrote:
| Not to mention that the there is a pretty small limit on
| how many can show up in the drop down (I don't remember
| how many) so it isn't very scalable if you follow the
| recommendations to create a lot of accounts.
|
| Plus you have to look up the account id in order to set
| it up initially.
| withinboredom wrote:
| This seems silly to me. I (personally) think it is much
| more likely for your computer to be stolen/hacked/ransomed
| than a single account credential to be leaked. If so, "the
| blast radius" will be whatever you're logged into ... and
| if you're logged into everything, what's the point?
| conradludgate wrote:
| Because you should have 2fa set up and your access to AWS
| accounts should expire after 1 hour. Also, you likely
| have full disk encryption enabled, and the person
| stealing your laptop is unlikely to know who you work for
| and are more interested in selling it.
|
| If someone acquires credentials, they are usually multi
| use and long term. And it can go unnoticed if an ec2
| instance is span up running crypto mining on your dime,
| only for you to notice at the end of the day that your
| estimated bill has shot through the roof
| jsperx wrote:
| With one giant caveat imho -- I have a root account, an
| admin account, a common account (load balancer, database)
| and then customer-specific accounts. Was working great,
| using Terraform for consistency, sharing VPC where made
| sense, etc... until I had an issue and realized that my
| paid support plan only covered the root account. From what
| I understand you have to get a separate support plan, with
| a paid minimum ($100 per for business plan), for _each_
| account if you're gonna need tech support, and you can't
| pool until you're in the $15K+ monthly spend: "AWS Support
| fees are calculated on a per-account basis for Business and
| Developer Support plans. For Enterprise Support, you are
| billed based on the aggregate monthly AWS charges for all
| your account IDs subscribed to Enterprise Support."
|
| Really soured me on the setup, tbh.
| philwelch wrote:
| This is true. It does add additional complexity, especially
| if you have to do cross-account access, but the tooling for
| that is improving over time.
| YetAnotherNick wrote:
| I think most of the cost for medium-large sized business are
| elastic(number of pods, bandwidth cost depends on requests
| per second, storage cost for many things increases linearly
| with users etc).
| akh wrote:
| Yep - it seems to depend on the architecture too (e.g.
| companies that lift-and-shift to the cloud use VMs
| heavily). We're discussing ideas on
| https://github.com/infracost/infracost/issues/730, e.g.
| could CloudWatch be used to fetch the usage so user has
| context of what those elastic services used last
| week/month.
| YetAnotherNick wrote:
| Didn't imagined that this functionality would be present.
| Looks very useful and I would try it out for my terraform
| setup!
| underseacables wrote:
| I use Glacier For cold storage of family videos and photos. I
| have pre-paid for the next 10 years of expected usage. I just
| wanted to be sure that we would never lose that data, so I think
| advanced billing is great.
| dekhn wrote:
| Wasn't this already a negotiable option?
___________________________________________________________________
(page generated 2021-07-21 23:01 UTC)