| > In this case they are actually losing money not gaining by allowing this kind of abuse, both because the bandwidth usage costs money and also because of potential lost billing from other services which now is not billed. Your statement here is absolutely correct (we are in agreement); it is also absolutely orthogonal to what I (and others) have said. Let me use an analogy. Marijuana is illegal in most states of the US (and, federally, it is still a controlled substance). And yet a (relatively) recent survey[1] showed that around 7% of respondents grew marijuana at home. How is this possible? Shouldn't that be 0%? It's almost like the DEA is slacking off or something. ... or maybe it's because they can't practicably round up each and every one these people: the DEA isn't omniscient, and given the 4th amendment they can't ransack every home within the US to catch these people. If you don't do something that gives them sufficient evidence to acquire a search warrant, there's nothing they can do about you growing pot in your domicile. Back to Amazon. Could you, at a high level, describe a process by which they could, for a given account, determine if that account's use of LightSail is legitimate, or is instead intended to avoid incurring data fees from other services? And you must satisfy some additional, absolutely crucial qualifications: this process must not negatively impact abiding users (because they would abandon AWS, resulting in financial harm to AWS), the cost to AWS of executing this process must not be prohibitive (in terms of compute, human resources, etc), and the process must be applied across all accounts within a reasonable time frame (if it takes 1 year for AWS to comb through 1% of accounts, that means you have a mere 1/100 odds of having your service terminated for abusing LightSail for an entire year). Something being prohibited doesn't imply that it is practicably, fully enforceable. [1]: https://pubmed.ncbi.nlm.nih.gov/36288408/ |
If your workload is just Compute or stateless with commodity or standardized API interfaces you could maybe do a move maybe.
Even for those it is fraught with problems and takes a lot of time , time you are not developing features and adding product value.
If you are using S3 or any sort of proprietary stack on AWS to the cost to migrate (retrieval + b/w or rewrite your app ) is just too prohibitive .
All cloud providers know this and plan that in their models , reason why they give out generous free tier or give a ton of money in startup programs or other hooks to get you to start .
——
AWS does not just have an all or nothing suspension policy .
From personal experience I know they do suspend your access to a single service at even single region level - our account still has SES blocked in one region because early on we handled bounces poorly and this was at least 8 years ago they even sent few warnings too, so they have pretty robust framework to handle abuse. Back then I couldn’t get it unblocked with tickets and escalations , I am sure we spending 15/20k a year then so not super small either .
These days we spend more like 250k a year on AWS and I still don’t get a proper account manager. I could perhaps get it unblocked now if I really wanted, not just worth the hassle to jump the hoops, one of the reasons why Azure is our primary cloud partner and we spend most of our money on despite subpar tech compared to AwS (GCP is 10x worse on this) .
I cannot comment on specific controls that is put on lightsail never used the service but they definitely do have a framework to suspend for every service they offer.
Just given the generous free tier, there is huge industry of using stolen credit cards to run scams or send spam on AWS which they constantly have to fight against.