9

What happens if my EC2 instance gets ddosed/flooded, which could potentially go up to tens of gigabytes an hour(and even more) of undesired incoming traffic, will i be charged for this traffic?

My guess is yes, but what can i do in such nightmare scenarios? Can i complain or ask Amazon to help and not charge in such scenarios? Basically such a a ddos could run for weeks and amount for serious amounts of traffic, thus unwanted incurring charges. How can one guard himself from such scenarios?

Shinnok
  • 319
  • 2
  • 8

4 Answers4

9
$0.000 per GB - data transfer in per month

Amazon only charges you for OUTGOING traffic, so if you will not respond to ddos requests you will not notice any additional charges.

Andrei Mikhaltsov
  • 2,987
  • 1
  • 22
  • 31
  • 1
    The very nature of [proper] ddos attacks is such that you couldn't identify a ddos request from a nonddos request. So to stop responding to ddos requests, you'll have to stop responding to **all** requests, including the legitimate ones. In other words, this is no different from shutting down your servers, because you wouldn't be responding to legitimate requests anyway. – Pacerier Apr 18 '16 at 02:28
  • You'll be charged for data transfer in on ELB. And, in my understanding, in case of heavy load AWS will try to autoscale the servers (if setup) which will also impact the cost. – Amit Kumar Gupta Dec 10 '18 at 09:17
  • @Pacerier Modern heavy traffic DDOS are usually amplification attacks, and the server does not have to reply to these packets. – maP1E bluE May 05 '22 at 07:19
7

Basically, you can not. Whom do you charge for wasted fuel when you get stuck in a traffic jam?

This is part of your business risk. Don't want to defend - shut down your instances, no traffic then.

Regardless how bad you feel for it, Amazon still provides your service and you still use up amazon resources.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
TomTom
  • 50,857
  • 7
  • 52
  • 134
  • 2
    @MadHatter, but i do want to defend, but how can you, shutting down an instance is not a desired solution? You can't do much in such cases, since the traffic gets in no matter what you do at the instance firewall level, since by the time it gets to the firewall it already counts as in traffic to your instance, unless you forbid the traffic using the ec2 provided firewall. Now if that ddos is targeted at your service ports/services, shutting them down is not a desired solution either since that will basically shut your service down(which is bad business). Now what remains is help from amazon.. – Shinnok Feb 07 '11 at 07:52
  • Shinnok, this is not my answer, it's TomTom's; all I did was tidy up his syntax and spelling a little. You should address any questions about his answer to him. – MadHatter Feb 07 '11 at 15:56
  • THe problem with DDOS Is that you can not shut it down using a firewall normally. It looks like tons of good requests from thousands of tens of thousands of hosts. VERY hard to eliminate. Stop services is the only way. Some even anti spam companies learned that lesson the hard way. – TomTom Feb 08 '11 at 06:49
  • @MadHatter - Sorry, the comment was definitely addressed to TomTom. – Shinnok Apr 11 '11 at 20:05
  • 1
    Yes DDOS is one of the few cases where you can't do much, especially if done *right*. I was more interested in the Amazon's side of things and if they are willing to provide support or fee reduction for those cases, rather then ethics or how can I defend from the instance standpoint(which is basically impossible). Thanks for the answer, nonetheless. – Shinnok Apr 11 '11 at 20:08
7

There is a feature in AWS that lets you Create an Alarm for high bandwidth in or out.

enter image description here

This dialog is in Services / EC2 / Instances. From that page, where you see a list of your instances, there is a column Alarm Status, looking like this:

enter image description here

I set it for listening for network in over 1 MB in 5 mins. I really don't know what to expect, so I'll probably have to adjust this alarm if it goes off as a "false alarm" too often.

Once you have a condition you are confident in being just too much usage, you can simply Stop or Terminate the instance.

bobobobo
  • 769
  • 6
  • 14
  • 26
1

There's also a discussion about this on the Amazon Web Services Forums https://forums.aws.amazon.com/thread.jspa?messageID=294632

Sean Bannister
  • 741
  • 8
  • 19
  • 1
    Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Mark Henderson Nov 10 '13 at 23:27