Access to DynamoDB without own intervention

-1

Hello :)

I have 2 AWS accounts, one for testing and one for the live system, the last few weeks I have been working exclusively on the live system. Of course I have set up budgets, but unfortunately I overlooked the mails, as I also use different mail accounts. Apparently there was a lot of access to the database from my test account.

  • I would personally rule out a misconfiguration, as the costs in my other account are completely normal.

Cost Explorer Test-System Cost Explorer Live-System

  • There are no new entries in the tables and I have not accessed them. Neither reading nor writing. However, to cause daily costs of 1.03$ there must have been hundreds of thousands of accesses per day.

  • My tables have a random ID at the end like this 0a8600f909e2. I have a total of 9 tables in the test account with a total size of less than 5kB. In one of the tables I write via an IoT rule, but IoT has no deflection and DynamoDB creates the timestamps for it. In this table I have 14 entries and the latest timestamp is 1697802597587 i.e. Fri Oct 20 2023 13:49:57 GMT+0200 (Central European Summer Time) The entry is therefore 9 months old. This is how actively the database is used on the account.

  • Unfortunately, I have not yet configured CloudTrail in the test account, but if the requests had come via the API gateway, the free quota should have been used up long ago. I don't even have 8000 calls.

Kostenloses Kontingent - API Gateway

  • My Lambda functions were not active the whole month. Invocations
  1. is it possible that this is a mistake on the part of AWS?
  2. what can I do to avoid such unexpected costs in the future?
  3. how can I further protect my database? - After all, I don't want anyone unauthorized to access it.
  4. will I incur costs if someone tries to access the database and is denied access because the IAM authorizations are missing?

At the moment I don't understand what has happened and what I could have done better. I would be grateful for any tips and advice.

2 回答
0

Hello, can you check the bill of the abnormal account according to the following steps?

  • Sign in to the AWS Management Console and open the AWS Billing and Cost Management console at https://console.aws.amazon.com/billing/.
  • In the navigation pane, choose Bills.
  • Choose a Billing period (for example, August 2024).
  • View DynamoDB charges in Charges by service for details.

From your description, I can only guess that the provisioned throughput or storage exceeds the free quota.

It depends on the actual items you charge. If it is indeed as you guessed, please create a support ticket to contact AWS.

已回答 2 个月前
-1
已接受的回答

During further research, I found out that the queries to the database have been going up since mid-June. I deployed a change that day. I then continued working on the other account and improved my code. That's probably why I can't find the source of the calls. It's been 6 weeks, a lot has happened in that time.

The number of queries runs over the free quota after about 2 weeks and therefore the costs only occur then. Last month it was $1.91 because the last two days went over the free quota.

I also installed the new code from the live system on the test system and the queries went down. I am already being charged less for yesterday. Today the costs should go to zero. It was obviously my own mistake.

Costs ($) Usage (WriteCapacityUnit-Hrs)

Robin
已回答 2 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则