| Disclaimer: Work for AWS Support. Good and bad things about my employer. Opinions my own. One of the biggest questions here is what are customers asking for? And the necessary follow-up question: Do customers want to actually bear responsibility for their choices? Recently, I had a customer lodge a support case because their programmatic access keys were leaked. A malicious actor was then able to use those credentials to exfiltrate their S3 data, and delete it. Now the S3 data is being ransomed. The customer opened a case asking if there was any way to get the data back. If we had to go the 'extra mile', the customer demanded we do that. The answer is simply: No. We can't get that data back. Customers demand that they own the data they upload into S3. They don't want AWS to be able to read the data, nor do they want us to store the data internally as a backup. That's what customers demand, and what AWS gives them. Now something regrettable happened (a customer got pwned) and now a customer wants AWS to bear the responsibility for backing up the data. I bet a week ago they would've demanded that they have absolute sovereignty over their data. Shit changes when shit hits the fan. --- Hard caps are doable, but the question is: Do customers want responsibility for this feature? I read a comment wherein someone's startup was killed due to $30k of bandwidth costs because of misconfigurations that led to users abusing their platform. That sucks. It's not in AWS's interest to put their customers out of business. But let's look at the flip side. What if someone in the finance department puts a hard cap on an account. But then a tweet goes viral, and business is pouring in. Everyone, in their rush to keep everything scaling appropriately, forgets there's a hard cap. They hit the business and now there's a hard outage in the middle of the biggest business event they've ever had. Who's the customer going to hold responsible for the outage? As someone who deals with customer misconfigurations on AWS for a living, I assure you the customer won't be calling themselves demanding an explanation. What happens if the person in charge of budgets doesn't lift the cap before the Christmas holidays? Again, hard down. Again, customer won't be mad at themselves. --- It's better to let AWS run as the customer configures it to run than bring everything to an abrupt stop. Billing alerts exist, and you can use Lambda to turn off resources that are above their billing threshold. But doing a hard cap on an account? Something a subsection of customers might want, but something not many customers will want to take responsibility for when something goes sideways. |