> But, I don’t think the idea of just stopping charging works.
You don't stop CHARGING. You stop providing the service that is accumulating charges in excess of what limit I set. And you give some short period of time to settle the bill, modify the service, etc. You can keep charging me, but provide a way to stop the unlimited accrual of charges beyond limits I want to set.
> No, I think cloud billing is just inherently complicated.
You're making it more complicated than it needs to be.
> The only reasonable interpretation of “emergency stop on all charges completely” would be to delete those images.
It's by far certainly not the 'only reasonable interpretation'.
"Stop all charges" is a red herring. No one is asking for a stop on charges. They want an option to stop/limit/cap the stuff that causes the charges.
So you want to proactively determine if, at the current rate charges are accumulating, the budget will be exceeded?
That _also_ runs into problems!
Take, for example, a nightly job that spins up a few giant instances to do some batch processing and shuts them down. Running an hour a night, over the course of the month that's going to accumulate ~$300 in charges. Great, we can set a $400/mo budget and have some wiggle room and all is well!
But how can AWS know that you're going to shut the instances down? Looking only at the rate charges are accumulating, the first night those instances start up you are on track to run up a $7,000 bill!
So do we set a $400/mo budget and then just kill the account so it stops accumulating charges when we hit $400, or do we set a $7,000/mo budget to account for the potential rate of accumulation and risk exceeding our budget by 2,000%?
It would be nice if this were in fact just overcomplicating things, but after much thought and many arguments on the internet I really can't see an easy "general" solution to this. The solution is heavily dependent on your specific workload and usage patterns, and the tooling is there to manage that if you want: Create billing alerts, and run code to adjust your usage in response to them.
That all said: I would fully support some sort of "developer sandbox" account that allowed a "kill the account" billing limit. I'd really prefer it had some sort of obvious limitation to avoid people accidentally using it for production workloads or dev workloads turning into production ones. Something like a hard limit that shuts the account down in 30 days, or limiting inbound connectivity to only via a VPN or something. That's purely self interest though--I don't want to see the article on the top of HN every few weeks about how "Amazon killed my startup" because someone set a billing limit and then all their customers' data was deleted.
So, are you looking for some “rate of charges” cap? Like, allow the charges to accumulate indefinitely, but keep track of how much $/sec is being accumulated, and don’t start up new services if it would cause the rate of charges to pass that threshold?
Might work. I do think that part of the appeal of these types of services is that you might briefly want to have a very high $/sec. But the idea makes sense, at least.
A theme of many of the horror stories is something like "I set up something personal, costing a few dollars a month, and I was DDOSed or (in earlier terms) slashdotted out of the blue, and I now have a bill for $17k accumulated over 4 hours".
As someone else pointed out, some(?) services prevent unlimited autoscaling, but even without unlimited, you may still hit a much larger limit.
Being able to say 'if my bill goes above $400, shut off all compute resources' or something like that. Account is still on, and you have X days (3? 1? 14?) to re-enable services, pay the bill, or proceed as you wish.
Yes, you might still want some period of high $/sec, but nearly every horror story in this vein ends with an issue with the final bill. Whether I burn $300 in 5 minutes or 26 days, I want some assurance that the services that are contributing most to that - likely/often EC2 or lambda in the AWS world - will be paused to stop the bleeding.
If you could pipe "billing notification" SNS message to something that could simply shut off public network access to certain resources, perhaps that would suffice. I imagine there's enough internal plumbing there to facilitate that, but even then, that's just AWS - how other cloud providers might handle that would be different. Having it be a core feature would be useful.
I was on a team that had our github CI pipeline routinely shutdown multiple times over a few weeks because some rogue processes were eating up a lot of minutes. We may have typically used $50/$100 per month - suddenly it was $100 in a day. Then... $200. Github just stopped the ability to run, because the credits used were over the limits. They probably could run their business where they would have just moved to charging us hundreds per day, perhaps with an email to an admin, and then set the invoice at $4500 for the month. But they shut down functionality a bit after the credits were exhausted.
You can do that today. Billing alerts can trigger workflows.
Sounds like this should be a standard workflow that's a very simple and visible option.
Because your specific work case of how you want to disable processes is completely based on your requirements. AWS just gives you the tools.
I think "free or low cost tier that doesn't rack up a $100,000 bill" would be pretty common actually, enough to warrant a prominent preset template/option in their UI. They'd probably save a lot in support requests too.
There is no such thing as a “free or low cost tier” in AWS. Or at least there wasn’t before July 15th of this year when they actually added a free tier where you can’t go over $200.
There are services that give you a free year and there are services that give you a free amount every month.
If you want AWS with training wheels, use AWS Lightsale
https://aws.amazon.com/lightsail/
I don't understand how this is hard to grasp.
Compute and API access to storage is usually the thing that bites people with cloud costs.
I want an option that says if I go over $20 on my lambda costs for lambda X, shut it off. If I go over $10 on s3 reads, shut it off.
The disconnect comes from the difference between 'shut it off' and 'clear the account'. If I read an earlier poster correctly, the claim is "the only reasonable interpretation is to immediately delete the contents of the entire account". But to you point, yes, this seems like it would be pretty easy to grasp. Stop incoming access, don't delete the entire account 5 seconds after I go 3 cents over a threshold.
I missed a water bill payment years ago. They shut off the water. They didn't also come in and rip out all my plumbing and take every drop of water from the house.
"They want an option to stop/limit/cap the stuff that causes the charges."
Most (aws) services support limits which prevents unlimited autoscaling (and thus unlimited billing)
It's fairly straightforward for compute, as you allude to; it's not straightforward for storage, as GP describes.