Access to DynamoDB without own intervention

-1

Hello :)

I have 2 AWS accounts, one for testing and one for the live system, the last few weeks I have been working exclusively on the live system. Of course I have set up budgets, but unfortunately I overlooked the mails, as I also use different mail accounts. Apparently there was a lot of access to the database from my test account.

  • I would personally rule out a misconfiguration, as the costs in my other account are completely normal.

Cost Explorer Test-System Cost Explorer Live-System

  • There are no new entries in the tables and I have not accessed them. Neither reading nor writing. However, to cause daily costs of 1.03$ there must have been hundreds of thousands of accesses per day.

  • My tables have a random ID at the end like this 0a8600f909e2. I have a total of 9 tables in the test account with a total size of less than 5kB. In one of the tables I write via an IoT rule, but IoT has no deflection and DynamoDB creates the timestamps for it. In this table I have 14 entries and the latest timestamp is 1697802597587 i.e. Fri Oct 20 2023 13:49:57 GMT+0200 (Central European Summer Time) The entry is therefore 9 months old. This is how actively the database is used on the account.

  • Unfortunately, I have not yet configured CloudTrail in the test account, but if the requests had come via the API gateway, the free quota should have been used up long ago. I don't even have 8000 calls.

Kostenloses Kontingent - API Gateway

  • My Lambda functions were not active the whole month. Invocations
  1. is it possible that this is a mistake on the part of AWS?
  2. what can I do to avoid such unexpected costs in the future?
  3. how can I further protect my database? - After all, I don't want anyone unauthorized to access it.
  4. will I incur costs if someone tries to access the database and is denied access because the IAM authorizations are missing?

At the moment I don't understand what has happened and what I could have done better. I would be grateful for any tips and advice.

2 Antworten
0

Hello, can you check the bill of the abnormal account according to the following steps?

  • Sign in to the AWS Management Console and open the AWS Billing and Cost Management console at https://console.aws.amazon.com/billing/.
  • In the navigation pane, choose Bills.
  • Choose a Billing period (for example, August 2024).
  • View DynamoDB charges in Charges by service for details.

From your description, I can only guess that the provisioned throughput or storage exceeds the free quota.

It depends on the actual items you charge. If it is indeed as you guessed, please create a support ticket to contact AWS.

beantwortet vor 2 Monaten
-1
Akzeptierte Antwort

During further research, I found out that the queries to the database have been going up since mid-June. I deployed a change that day. I then continued working on the other account and improved my code. That's probably why I can't find the source of the calls. It's been 6 weeks, a lot has happened in that time.

The number of queries runs over the free quota after about 2 weeks and therefore the costs only occur then. Last month it was $1.91 because the last two days went over the free quota.

I also installed the new code from the live system on the test system and the queries went down. I am already being charged less for yesterday. Today the costs should go to zero. It was obviously my own mistake.

Costs ($) Usage (WriteCapacityUnit-Hrs)

Robin
beantwortet vor 2 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen