[7ewis]

Have you found that any web crawlers have tried accessing your subdomain?

Wondering if services like Google or Shodan may have tried querying it and causing your server to turn on?

[doctorray]

Either the subscription filter or the lambda could be modified to only fire based on source IP; not the whole thing but perhaps the CIDR of your ISP, so that only you can start it. Perhaps it could be done with the route53 geolocation options as well.

In the 2 months I've been using this method before deciding to write it all down, I've not run into any issues with anyone else or any bots triggering the container to start, at least not yet...

[Pawka]

Setting IP whitelisting would help.

[0xbkt]

Yet be rather inflexible.