Corey Quinn Profile picture
Jan 31, 2022 9 tweets 3 min read Read on X
So let's find out why GuardDuty is the spendiest @awscloud service in one of my AWS accounts for January.
Okay, a crapton of CloudTrail events. Hmm.

This account is part of an organization. I'd have expected this to show up either in the CloudTrail bucket account, or the org payer management account.
GuardDuty console in this account confirms it.
Daily GuardDuty cost is fairly spikey.
Okay, this makes some sense. It's a "legacy" account that predates my adoption of Control Tower. Instead of sending cloudtrail logs to the central logging / audit account, it's using its own.

And there's a bunch of stuff in this account.
The first management event trail is free. Cool! The second would cost me ~$6.50 for this, which is also fine.

Why is GuardDuty costing 4x that?
Well that'd do it; GuardDuty analysis of the CloudTrail events is 4x more expensive than the CloudTrail cost would be (disregarding the first free trail, obviously).

Now, wtf is causing that many events without showing up on the bill?
Time to click the suspicious and frightening "Create Athena Table" button.
And this thing tells me that it's a third party vendor I was playing around with making 9.6 million queries against the account so far this month. Somehow I'm only being billed for 6 million of those in GuardDuty. Hmm.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Jul 10
I'm at the AWS Summit in NYC, where I believe that nicknames are for friends--and Gennifer Artificial Intelligence is no friend of mine.

Good morning.
Thirsty much? Image
A game / challenge at the AWS Startups booth: how long can an AWS employee go without mentioning GenAI? Someone just made it all the way to one minute, ten seconds! Image
Read 49 tweets
Jun 27
Oh god I have to take a technical cert too.

Okay. Let's do Networking Specialty. Practice question 1:

Correct answer is B. Image
"Wrong!" says the answer key, "it's B because network load balancers don't support client IP preservation." Image
Except that they do. They absolutely do. They have for the past year. I'm just a boy, standing in front of an AWS Cert team, asking them to do their damn jobs. Image
Read 4 tweets
Apr 17
Today's cloud marketing story is called "The Tale of Hot Rebecca," and is a truthful recounting of dinner last night.

Strap in; it's a fun ride.
Back in my early 20s, I had a number of friends / acquaintances in my (primarily Jewish) social circle named "Rebecca." It was kind of a problem.

("Can't we spray for them?"
"…not since the 1940s.")
So every Rebecca got an adjective, much like the seven dwarves. One of them asked me once what her adjective was, and I responded in a fit of unadulterated honesty, "you're Hot Rebecca" because honestly? Damn.
Read 9 tweets
Apr 9
Made it to the #GoogleCloudNext keynote seating finally. Let's see how this goes now that the world is starting to wake up to a "much of the AI hype is unwarranted" reality.
Boeing: "HOW ARE THEY DOING IT?!"
Airbus: "We bought a torque wrench?"
Boeing: "No, how are you being a featured customer testimonial at #GoogleCloudNext?"
Airbus: "Oh, that? We made a strategic decision to not be walking poster children for corporate negligence." Image
In any case, fear not. I am here for this. Image
Read 39 tweets
Feb 13
And now, some DevOps / SRE / Sysadmin / Ops / ENOUGH already tips I learned from early in my career--brought to us by our friends at Chex™ Mix. All of these are great ideas that you should implement immediately... Image
DNS is notoriously unreliable, so use configuration management to sync all of the servers' /etc/hosts files. Boom, no more single point of failure.
Future-proofing is an early optimization, so don't do it. Every network should be a /24 because that's how developers think. I mean come on, what are the odds you'll ever have more than 253 hosts in a network?
Read 14 tweets
Feb 1
And the Amazon earnings are out for Q4. A miss on @awscloud revenue by $20 million because analysts didn't expect one of you to turn off a single Managed NAT Gateway.

Let's explore deeper into their press release.
For 2023, AWS sold $90.8 billion of services, most of which were oversized EC2 instances because you all refuse to believe Compute Optimizer when it tells you there are savings to be had if you're just a smidgen more reasonable.
Word frequency in the earnings release:
Customer: 87
Employee: 11
Generative: 16
Cloud: 24
Serverless: 3
DynamoDB: 2
Union: 0
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(