Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ve always been a bit wary of putting a static site on S3 specifically - what happens if I piss someone off, and they have a botnet just load my site a zillion times? A few kb * a zillion = large egress bill.

I haven’t really sat down and done the numbers; does anyone have a reason to think this isn’t a real concern? I’d love to stop worrying about it.



This is what the CDN is for.

Ex - Cloudflare has a flat-rate CDN that has no price changes based on bandwidth spikes, and is free for non-commercial use.

Cloudfront is free up to 1TB of egress.

BunnyCDN is a penny a GB.

etc...

And they basically all include DDOS mitigation - so if it's DDOS instead of actual traffic, you usually aren't billed for it.

Not to mention, you'll usually get much better regional performance, since they'll just cache it and serve it from a local instance closer to your user.

You're still going to pay egress with a VPS. So a CDN makes sense in either case.


In your hypothetical scenario this is a potential problem regardless if you make static content or not.

At least the static content is potentially less resource heavy but I don’t see how your concerns don’t apply to any online service.


You can host somewhere where it is mainly limited by bandwidth instead of traffic. So something like a hetzner dedicated server wouldn't be impacted by this (it's 1GB/s unlimited). The worst that can happen is that your site is sluggish or that hetzner takes it offline due to excessive usage (but I've only heard that happen when you use the full bandwidth for weeks and it is your fault).

Plenty other providers have similar offers, its not a given that you pay by traffic.


Putting it on a $10 VPS means it costs $10 whatever happens. How to limit spend like this on static storage providers?


ah I misread it, thanks for clarifying what they were trying to say.


> does anyone have a reason to think this isn’t a real concern?

I suppose it is, but it's possible for someone to DOS a $5/month server too (touch wood they don't).

AWS could get expensive but it will always be up, so there's a trade-off there. You could use AWS WAF to mitigate someone running up your bill, but I'm not sure how well it works/how easy it is to configure/how cost-effective it is.


Difference is that I don’t usually care if a static site gets DDoS’d - They’ll get bored eventually, and it’s not that important to have uptime. I do care about DDoS’ing my wallet.


That's what the CDN is for


Billing alerts and don't piss people off. Or host on GH pages.


Yes!

Any time you are doing anything with AWS, set up billing alerts. You likely will never need them, but it is free insurance.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: