#0001
`CloudFront` + `Lambda@Edge` recursion turned into a **$4.6k** surprise bill
50radar
Lambda@EdgeEdge function service — runs globally on CloudFront requests
A self-calling edge function ran for nearly a day, while billing alerts lagged badly enough to miss the blast radius. If you use serverless on AWS, request alarms and hard stopgaps matter more than budget emails.
- A recursive
Lambda@Edgepath with a 30s timeout kept firing throughCloudFront, burning over 70M GB-seconds before it was stopped. AWS Budgetsdid not catch it in time becauseCloudFrontcharges arrive with delay across regions; next-day visibility is too late for runaway loops.- Removing the function within 30 minutes still was not enough, because the bad deploy had already been running for roughly 24 hours.
- The practical lesson is blunt: budget alerts are not a kill switch. Pair serverless with
CloudWatchrequest alarms, per-region monitoring, and tighter blast-radius limits.
Source: news.ycombinator.com/item?id=31907374Read original →