S3 what needs to ReadACL and ReadObjectTagging

1

Hi everyone.

I've an app that stores data in S3 via php sdk.

(1) In late April, as a security measure, I change the api of my app to create signed urls instead of just show the files using the bucket url + key of the file, and, (2) in late may, I've started using AWS Backup, that now supports S3, and created a plan to backup my bucket every day.

What happen was that the cost of S3 dramatically increased. Between January and April the GET (and all other requests EU-Requests-Tier2) were between 3,500,000 and 5,500,000. In may, after the adding of signed urls, the GET requests jumped to over 19,500,000. In June, after I started using AWS backup, the requests dropped to little over 7,000,000 but then in July the requests sky rocket to more than 120,000,000.

All over this months the usage of the app didn't change that much, in July there were more users using it but not that much different from the previous months.

In the billing of july, if I look at the details by api operation is shown that what made the price go up was the ReadACL and ReadObjectTagging operations, which leads me to ask if between AWS backup and createPresignedRequest (and getCommand('GetObject') ) what exactly is using the permission to ReadACL and ReadObjectTagging?

Thank you.

  • Having this same thing and it is killing our bill as GuardDuty as a result analyzed 150 million S3 events. Still cannot pinpoint what it is causing it

  • I'm experiencing the same issue (but around 2.4B requests per month). I'm struggling to find the cause but I am leaning toward AWS Backup. Tiago, were you ever able to find out the cause?

2 Answers
0
Accepted Answer

I've ran into a similar issue (millions of daily ReadACL and ReadObjectTagging operations) and was able to figure it out by activating AWS CloudTrail data events and analyzing the API operations. In my case it turns out the culprit was the AWS Backup plan, and I suspect in your case too, because you mention you started using it.

In my situation, it was because the bucket in question has millions of small files, making the backup process quite expensive.

apidae
answered 2 months ago
  • It was the AWS backup. But I didn't started having this problem when I started using AWS backup, I was already using the backup when it started so I have to go through the support to figure it out, and turn out it was because of a change in the way the AWS backup works. Only the support could tell me that because that change wasn't notified to users.

    I sorted the problem by changing the backup type to continuous, that way there's less things to backup.

    To finish, just have in mind that I had this problem about two years ago.

  • I realize that the issue is very old, and I appreciate you replying after all this time. When I was investigating this problem recently, your unanswered question was the only place I found with any information relating to this and it led me in the right direction. I had to add a comment in case someone in the future bumps into the same problem. The suggestion about using continuous backups to solve this is great. Thanks.

-3

Hi Tiago,

Sorry to hear about this experience.

You can check out our documentation for getting help with your AWS Billing and Cost Management here: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-get-answers.html.

Also, our Support team is more than happy to look into this for you. You can create a case by logging in at this page: http://go.aws/support-center.

— Aimee K.

AWS
EXPERT
answered 2 years ago
  • Thanks for the answer.

    The problem don't seem to be related with the billing but more with where this ReadACL and ReadObjectTagging are coming from.

    Are they coming from the createPresignedRequest or getCommand in the api side of things or is the AWS backup that are trigging this?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions