New Form of DDoS

I was always hesitant to use pay-as-you-use services like Amazon AWS, Microsoft Azure and Google App Engine for fear that the cost might spiral out of control if I turn out to be the target of a DDos attack. I did eventually try out app engine, but only because it was possible not to link a credit card. It turns out that my fears are not unfounded though. Someone did manage to rack up $1000 in bandwidth bills here. This is a new form of DDoS, availability is not compromised since Amazon simply scales up, but your pockets are affected.

Much may have changed since the blog post 2 years ago, however the fact that you need to tie a credit card to the account does make me feel uncomfortable. Microsoft Azure works similarly although I am told that they will not charge to your card without your permission and would rather kill your server.

The other issue is the dozens of categories you have to take into account. By signing up for a $10 a month hosting, I know the amount I have to pay monthly. With AWS, you have to pay a few cents for storage, a few more cents for bandwidth, a few more for processing, so on and so forth. This is further complicated by having different rates for different locations and bulk rates that are cheaper. Unless you study all the documents religiously and carry out your own experiments and observations, you might end up paying a couple dollars more without optimising your usage.

Nevertheless, the beauty of services such as these is you pay for only what you use. If my website has low traffic, my costs might actually be lower than a fixed amount every month. To get me to switch over is rather simple, I ask for a monitoring feature that shuts down my instances once a certain amount is hit. To me, keeping my website below budget is more important than availability. As far as I know, amazon does not provide such as service as of yet.