An AWS Free Tier Bill Shock: Your Next Steps

There are thousands of posts out there from the past 15 years talking about what to do to ensure that you don’t run afoul of the AWS Free Tier limits and headlong into the land of Giant Billing Surprise. But if you have ventured into that ominous territory, made a mistake, and received a disturbingly high bill, the prophylactic guidance screams to a halt. The articles I’ve seen don’t offer meaningful advice past “contact AWS Support and be patient as you wait to see whether you’ll owe AWS more than the remaining balance of your mortgage.”

This post is intended to remedy that lack of useful, actionable steps for scrubbing those five- and six-figure charges from your bill.

Don’t panic! Then do the obvious: File a support ticket

Breathe. It’s going to be OK. Now then! The first thing you should do is, in fact, to open a support case with AWS immediately. Again, remember to breathe.

What should your support case say? I’d suggest being honest!

That said, here are some things to bear in mind.

First, it’s not going to be treated as the emergency you almost certainly think it is. It’s true: You’ll need to be prepared to wait a bit. AWS Support is overloaded at the best of times, and there are a lot of issues people bring them — like “production is down,” for example — that are more pressing than a billing issue. Rest assured, though it feels like your world is collapsing at the time, an AWS billing issue is something that can absolutely be handled competently during business hours.

Further, when I say you’ll wait “a bit,” you should be aware that I mean “the better part of five business days for an initial response, followed by a few more days every round of exchanges.” You don’t need a paid support plan for handling billing issues, but the response time you get is about what you’d expect for not paying for support. It’s a mixed bag, admittedly.

It may help you to remember that whatever it may feel like at the moment, AWS is not in the business of screwing people over. There’s a better than good chance that your request will be granted and your debt will be discharged.

An interlude: Things not to do when filing your support ticket

I shouldn’t have to include this section, which boils down to “don’t be a jerk,” but based upon some field experience reports, I very much do.

1. Remember that you’re asking for a favor. The person you’re talking to is, in fact, a human being. They’re empowered to advocate on your behalf, but they’re also empowered to follow the precise letter of the policy set down for them. How do you think that insulting them is going to affect which path they choose to go down?
2. Your overall tone when opening your support case is to differentiate yourself from someone who spun up a bunch of resources to mine cryptocurrency intentionally, followed by a sob story to AWS support to get away with this scot-free. You don’t want to present as a scammer in your support case!
3. It should be clear that threatening AWS is a non-starter here. AWS is bigger than you are, and it can act accordingly.

Two notable threats people love to toss around are filing a chargeback and suing AWS. Let me explain why both of those are counterproductive.

“I’m filing a chargeback!” For those unaccustomed to the way that credit cards work in the U.S., “filing a chargeback” with your credit card company means that you’re disputing the charge as illegitimate. Perhaps you win, perhaps you get overruled, but either way, it just means that AWS is going to send a collections agency after you if you don’t clean up the misunderstanding. Remember, you’re trying to present as sympathetic; causing trouble for them with their card processor cuts directly against that! I might feel differently if the tactic works, but it absolutely doesn’t.

“I’m going to sue!” Whenever you’re involved in a customer service dispute with a company, threatening legal action is probably the dumbest possible thing you can do until you’ve exhausted all other options. As soon as you go down that path, support reps at virtually every company are required to stop responding and refer your case to the legal department, whose responses are measured in weeks and which are designed entirely to shield the company from liability.

Plus, it’s just not credible. People who are going to sue don’t chest-thump about it; they call their attorney, who says “say nothing to them that doesn’t go through me first,” and the opposing party finds out when the attorney sends them a nasty-gram or files the suit.

While you wait for your response …

While you’re waiting, see whether you can figure out what went wrong so you don’t find yourself digging the hole deeper. It’s invariably going to be something that strongly resembles the compromise of credentials on your end, and that’s going to be harder to find than you might expect. It’s theoretically possible that you just misconfigured something yourself and haven’t been compromised, but that bill usually totals a few hundreds of dollars in most cases or a couple grand on the outside, unless you’ve just gone completely wild.

I don’t suggest stress-Googling. But when you inevitably do, you might notice that historical posts on Reddit, Hacker News, or Twitter show bill problems with dollar figures that are way, way smaller than the problem you’re staring at. This is because there are now more regions, each with their own service quotas, along with ever-more ways to exploit AWS services to mine cryptocurrency. With so many ways to run containers on AWS, every one of those containers could theoretically be put to work mining BitCoin. Isn’t web3 wonderful?

And the results are in

In most cases, AWS will make a lot of the pain go away. I obviously can’t promise results, but this is the template I’ve seen get success in many previous scenarios.

The crucial final step: Close your AWS Free Tier account

This may be considered controversial, but lastly, I’d make sure that it’s the last time I’d let AWS give me a bill surprise like this.

Therefore, if I were you, I would wait until the charges were reversed and the issue settled, and then I would proceed to close my AWS account and not use the platform again for a while — if ever!

My reasoning is pretty straightforward. First, it’s entirely possible you missed something that an attacker can use to regain access. Secondly, until Amazon fixes the AWS Free Tier, I’ve got to urge people to work in more safely sandboxed environments that don’t charge customers five or occasionally six figures as a surprise when credentials become compromised. The Giant Billing Surprise is a stressful, stressful thing! Why would anyone risk going through it more than once?