My $2375 Amazon EC2 Mistake

A word of warning: Know what your modules/extensions/pods/plugins are doing, especially if they use any of your credentials.

I’m actually surprised that this actually was up that long. I accidentally did this once and Amazon was on the phone with me 10 mins later.

Turns out through the S3 API you can actually spin up EC2 instances, and my key had been spotted by a bot that continually searches GitHub for API keys. Amazon AWS customer support informed me this happens a lot recently, hackers have created an algorithm that searches GitHub 24 hours per day for API keys… Once it finds one it spins up max instances of EC2 servers to farm itself bitcoins…

Boom! A $2375 bill in the morning. Just for trying to learn rails.