AWS to begin charging for public IPv4 addresses(aws.amazon.com) |
AWS to begin charging for public IPv4 addresses(aws.amazon.com) |
It's essentially a tax on the people gullible enough to believe in cloud tech or unable to set up real hardware.
It would be nice if this came with reasonably priced NAT gateways. The current pricing is outrageous.
I was curious how they do this, so I set up a service on Google Cloud Run that just echo'd the user's public IP address. When curl'd over IPv4, it said I was coming from a unique local (i.e. private) IPv6 address. The private IPv4 address of my server was embedded in the address, along with some other random-looking bits that probably identified my VPC somehow. So they must have been doing some sort of stateless IPv4 to IPv6 translation behind the scenes.
It was a clever solution that takes advantage of the fact that all of Google's API endpoints are dual-stack, even though (at the time) they didn't support IPv6 on customer VMs. The problem AWS currently has is not all of their internal endpoints are dual-stack, so even using IPv6 can't save you from cloud NAT costs when accessing AWS services.
I would find it rather surprising if the actual cost to Amazon of connecting a VPC to S3 were substantially lower than the cost of connecting a VPC to any other AWS service.
$0.045 per GB is nuts. That’s $20.25/hour or $14580/mo for 1 Gbps. One can buy a cheap gadget using very little power that can NAT 1 Gbps at line rate for maybe $200 (being generous). One can buy a perfectly nice low power server that can NAT 10Gbps line rate for $1k with some compute to spare. One can operate one of these systems, complete with a rack and far more power than needed, plus the Internet connection, for a lot less money than $14580/mo. (Never mind that your $14580 doesn’t actually cover the egress fee on AWS.)
A company with a couple full time employees could easily operate quite a few of these out of any normal datacenter, charge AWS-like fees, and make a killing, without breaking a sweat. But they wouldn’t get many clients because most datacenter customers already have a NAT-capable router and don’t need this service to begin with.
In other words, the OpEx associated with a service like this, including the sysadmin time, is simply not in the ballpark of what AWS charges.
At that point, you might as well be running a Layer 7 Firewall or an Intrusion Protection System.
LOL. Not Metronet. They are doubling down on CGNAT. They've acquired ISPs with IPv6 and killed it in favor of CGNAT.
AWS has notoriously high egress fees.
But I think the point is more that it's outrageous compared to the marginal costs.
For a little traffic $40 is outrageous.
I would expect them to reduce NAT pricing in the long run, but who knows.
Almost all of my use cases I could easily ride out to the internet through a shared pipe (apt updates and such) and don't care whatsoever what IP that exits the AWS network from, since I'm not applying firewall rules or anything.
Edit: I see from another post that NAT gateway costs $0.045/hr + $0.045/GB of transfer. That seems... not terrible? An a1.large on EC2 is $0.051/hr + $0.09/GB transfer to the internet (which I assume this type of box would be doing a lot of).
AWS used to maintain a AMI to do just that, nowadays you have to do it yourself, but it's honestly not much more than adding 2/3 iptables rules.
I find this trade-off to be exactly the reason why AWS is so good even for small startups. You can bootstrap something quickly, though it will be a tad expensive.
And if you need to down your costs later on, you start chasing the quickwins like maintaining your own NAT gateway. The same could apply for all managed services.
Maintaining your own OpenVPN VS AWS VPN. Maintaining your own Postgres VS RDS. etc
If we have ended up at a place where it’s cheaper to run them yourself on an EC2 box then something has gone awry.
I think my team's use is kind of high, with 16 TB going through NAT last month. The bill for that came to ~1300, which is higher than I'd like, but that's only about 1.5% of our AWS spend. Tbh I never really looked at the spend for NAT before, but this doesn't alarm me.
AWS over the last decade has spent $ billions buying up ASN blocks.
I've never been one to use the word "rent seeking", but owning IPs is the ultimate rent seeking cloud business. Domain names can change registries but if you own the underlining IP being used (and there's a depleting supply of them) - it's a great business to charge rents on.
https://www.techradar.com/news/amazon-has-hoarded-billions-o...
AWS: IPv4 addresses cost too much, so you’re going to pay
https://news.ycombinator.com/item?id=36942424 (3 days ago, 186 comments)
AWS Begins Charging for Public IPv4 Addresses
https://news.ycombinator.com/item?id=36910994 (6 days ago, 36 comments)
AWS Public IPv4 Address Charge and Public IP Insights
https://news.ycombinator.com/item?id=36910855 (6 days ago, 9 comments)
Does anyone have experience switching a small personal site to IPv6 only in 2023?
I'm guessing the vast majority of my (North American/European-based) friends and visitors can probably connect just fine to an IPv6 address. I wish I knew what percentage it is.
I guess I could add an AAAA record and check what percentage of traffic actually uses it.
Every other VPS platform I've seen handed out at least /64s. You need a better VPS provider.
I use ipv6 everywhere, but I get annoyed when some features are missing.
For example, OVH won't let me transfer an IPv6 prefix like they do for IPv4. I thought I could just migrate my VMs to another box, but one of them had lots of clients with their own DNS/domains, so it was a huge pain to update.
I asked their support about this a year ago. They said they were discussing increasing the prefix size internally.
That kind of makes me want to move to Hertzner or another competitor.
https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-su...
why are these large hosting companies so incompetent?
GitHub does not even have an IPv6 address.
Not within AWS.
So instead of 192.0.0.1 it becomes 0.0.0.0.192.0.0.1
All existing addresses work, you simply append zeroes to any address which is too short for the new standard. Any old timey software still works as long as you use a router between the two systems with an old timey address.
This would give us as many addresses as we want without any changes or downsides. So why no do?
https://en.wikipedia.org/wiki/Internet_Protocol_version_4#He...
So it's not as simple as changing only the IP packet format either.
Calling it IPv5 is genius though.
Let's say the requirement is to build a platform like Twitter with 100mln daily active users. Wouldn't cloud like Hetzner with AWS/GCP/Azure failover, survive this?
I worked with AWS as a developer for a long time, but in pretty much ever case 10 was more than enough.
Would be very grateful if someone could share some insight into it!
[1] example list of clouds https://www.vpsbenchmarks.com/plans
Most end-users don't care what they're using as long as they can access the Internet, and since our other option to IPv6 adoption is living in a CGNAT hellscape that destroys the whole peer-to-peer idea of the Internet, then for the love of all that is holy start moving. Personally I think nation states need to take a bigger responsibility here and create incentives to move the market, because it's one of those things where the negative effects aren't obvious until they're overwhelming.
And I normally would be worried if my company was focusing on break even initiatives instead of higher impact ones.
NetRange: 18.32.0.0 - 18.255.255.255
The other large threads on this a week ago (when this link was also posted) weren't good enough?
We pay $0.55/mo (€0.50) on Hetzner.
They should have charged more. $3.50/mo per IP for their average customer is going to be a completely insignificant amount of money.
https://stackoverflow.com/a/74397920/563420
Seems like a big blindspot with no work-around.
a) build something that automatically scales broken services to 0
b) use that AWS service that let's you pull ECR images without internet access; I forgot the name of it...
Putting a price on IP address usage again is a mechanism to prevent squatting/hoarding a scarce resource.
But if you don’t want to “rent” IP addresses from anyone, you can still find blocks for sale. Last time I checked (last year) class C blocks were going for $15k-$20k.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoi...
What you have described is effectively a China-style ICP license[1]. Unless you are willing to give a big name cloud provider $x per month, you shouldn't be able to put a service on the internet?
Is this valuable use of IPv4 space? I think yes.
That isn't one company's call, it's past time for the DOJ to step in.
You can't buy/sell/trade "ASN blocks". The only people handling "ASN blocks" are the 5 RIRs (APNIC, RIPE NCC, ARIN, AfriNIC and LACNIC) and IANA.
> owning IPs is the ultimate rent seeking cloud business
It also seems that your use of "rent seeking" doesn't match established use. It normally refers to people extracting money for things far beyond their actual value. The IPv4 market is working pretty well on a supply vs. demand price feedback loop, i.e. the prices are in fact just reflecting the scarcity of IPv4 addresses. The term "rent seeking" does not fit that situation.
No, OP used it exactly correctly. It's the textbook definition.
> It normally refers to people extracting money for things far beyond their actual value.
No, it doesn't. The use was popularized in Wealth of Nations (yes, the original) and it refers to, as the name implies, renting out land.
I buy land. Once I've done that, I extract wealth from the economy from the economy while putting nothing new in. There's a finite amount of land.
This contrasts with investing in businesses (which allows them to buy capital, thereby generating further wealth), work, and other forms of income which generate wealth for the economy.
In broad strokes, rent-seeking behavior is unproductive, while work, investment, etc. are productive.
That's not what "rent-seeking" means at all.
Rent-seeking is extracting wealth from a system without creating anything. It's a term meant to differentiate profiting via productivity/adding value (eg. manufacturing a better product and outcompeting others) and profiting via extracting value from others without adding anything (eg. buying out all of the manufacturers of a product and leveraging your monopoly position to jack up prices).
Amazon haven't created any value here - they own enough of a stock of a scarce, in-demand resource that they can charge a great deal for it. It's the definition of rent-seeking.
You absolutely can sell ASNs or ASN blocks, just like you can sell IPs.
Want to sell an ASN? Ask the buyer for money. When the money is in your account/escrow, transfer the ASN to them. Get money. Sale complete.
But that’s besides the point, this has got nothing to do with ASNs.
VPNs just resell internet under a “more private than the next” unverifiable claim, and hope they get enough sycophants believing it
Most of YC this year resells access to ChatGPT
Its the game
I'd say that VPN is a way for Internet to work around artificial obstacles.
They even did backroom deals to steal large blocks of IP space, most notably from the HAM radio community.
This was an issue with Azure’s PostgreSQL service, which would fail if you deployed other unrelated IPv6 services in the same virtual network.
We need a guild of software engineering so that the people responsible for this can be summarily ejected from it.
What's Google's IPv4 DNS? 8.8.8.8.
What SHOULD Google's IPv6 DNS be? 8.8.8.8.8.8.
What SHOULD Google's IPv8 DNS be? 8.8.8.8.8.8.8.8.
What IS Google's IPv6 DNS? 2001::some::shit::I::::can't::remember//::h0ff::affblah
This is why I'm still stuck on IPv4. I'm a walking DNS server for all the instances I own, I can hammer out IPs when DNS fails me and that's a very useful feature, especially when idiot Wi-Fi hotspots try to DNS poison you when you're trying to SSH into something and the poisoned IPs stay cached even after you've accepted the stupid TOS.
But I don't think that's representative. "Or just stop working" isn't a valid alternative to the rest of the world. Outside of mobile ecosystems and maybe web development most things aren't on these 6 to 12 month update cycles. It would be absolutely unreasonable to tell a hospital that every piece of hardware and software and MRI machine in their building has to be upgraded every 2 years or it's positively geriatric and do you even `pacman -Syyu` bro?
Theres a whole world of things that haven't been, and may never be, transitioned. Useful things like utility control computers and even peoples' 10 year old, still perfectly functional and supported desktops. Heck, my "end user" newly-installed fibre ISP doesn't support IPv6! And their previous DSL installation to the same address did! So much for "solved problem" :(
As a individual/hobbyist, it's a much bigger disincentive.
For students and the like, it might actually be prohibitive.
The problem is it's really the first group that needs to drive the remaining IPv6 adoption by replacing their middleware boxes etc. and they're the group who are unlikely to care at this price.
NBD, except that elastic hosts their client deb repos on google infra, so apt-get update was failing from it.
The solution was to single stack the server, or manually install the clients having downloaded from elsewhere.
In the US, it would be about ~50% of users, while in Europe it's ranging from 30% (France) to 98% (Spain) who wouldn't be able to visit the website.
But yeah, I'd do what you say in the bottom of your comment. Add AAAA records and then see how many people uses ipv6 compared to ipv4 and then decide.
IPv6 has been around for so long now, I'm disappointed it doesn't have a little bit higher adoption.
It’s not clear to me on that page how it describes “can’t”, other than ambiguous (to me) graph labels.
Is there more info elsewhere that describes the “can’t”?
I'd recommend just migrating to cloudflare pages or github pages; they're both free
Trivial. Just put Cloudflare in front of it.
Replaced them with lightsail and don’t have any of those problems, plus I can pick FreeBSD.
It's not hidden, they put it right up on their blog https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address... the opening line of which is "We are introducing a new charge for public IPv4 addresses" and when it starts and what the cost is. I assume like every other AWS charge it's broken out in great detail on their billing statements and even have APIs to query costs. Usually they send an email with these changes too so if they haven't I assume they will. It's a regular old price hike but it's not a hidden one.
Secondly since "the cost to acquire a single public IPv4 address has risen more than 300% over the past 5 years", there's no accompanying decrease in server costs that would be "reasonable" to account for this. Charging for the IP itself makes total sense since that's the cost they're accounting for. If it were packed into the instance costs, then instances without a public IP would be paying for it too. This incentivises you to do exactly what they want you to do: use fewer public IPs where you don't need them. This is way more reasonable than an across-the-board instance cost bump which would be a hidden price hike. This is a bridge toll that covers the cost of the bridge by its users instead of raising taxes on everyone.
I guess you're wanting to pay the same and just distribute the cost between the IP and the instance differently? And hey me too, I love not being charged more. But they want to account for their costs without eating into their margin and this is how they're going about it. You don't have to like it; I sure don't. You can wish AWS would just keep eating the cost for you; me too! But I don't think "hidden" or "unreasonable" is accurate.
There has been a decrease in server costs. Prices of computers continue to fall. AWS hosting has become (relatively) more expensive over time.
I guarantee there are a ton of unused IP's just sitting on accounts doing absolutely nothing.
oh my god when the demand for a scarce resource outstrips supply, prices go up. this is high school microecon, not some conspiracy by tHe oLiGaRcHy
It was also shortsighted. It was a massive resource, MIT presumably sold it for under $200M (I assume far under), and now AWS plans to rent the addresses at a rate that will be around $600M per year if they manage to rent them all.
No you can't, because you can't actually acquire an ASN *block* to begin with.
Which is the point of my comment. Only the RIRs handle blocks of ASNs. As a non-RIR entity you can get individual ASNs, or multiple individual ASNs, but not an ASN block.
A bit of pain will be necessary to finally get modern IP across the line of mainstream usage.
Edit: furthermore, in both of your examples you can just go to another provider or not use those services. If you are locked in to AWS, you HAVE to pay this price.
Also few legal documents needed to register.
https://www.arin.net/resources/fees/fee_schedule/#registrati...
just like the air is supposed to be free!
In reality, nothing can be free. The cost was initially not being paid for, because initially there's just quite a bit of addresses, and there wouldnt have been any quarrels.
I maintain that the world is being polluted because things aren't free. Imagine if every cubic inch of air, water and land is owned. You would not be allowed to pollute! You'd pay for your use of it!
No one is saying that maintaining the fiber optics and routers should be free though, that's why we pay ISPs.
Sure, yeah. That's how price increases work. Nobody's arguing that it's not a price increase. But if your delivered pizza's costs are fuel+ingredients and the price of fuel goes up, well, the whole price goes up or you have to give on the amount of pizza. The price of the ingredients didn't go down, so yeah you're just going to have to pay more or get less pizza. Sorry.
You can quibble on the pizzeria's margin I guess: AWS could just eat the increased price themselves, and probably have been until now. But apparently they don't want to so they're raising the price to compensate in frankly the most reasonable way possible. AWS has insane pricing for many of its services, especially bandwidth, but this isn't one of them.
And let me quote from CIS SUSE Linux Enterprise 15 Benchmark v1.1.1 page 191: "3.1.1 Disable IPv6 (Automated). Profile Applicability: Level 2 - Server, Level 2 - Workstation."
Repeat that scenario across multiple BUs and multiple locations and no leader wants to commit to doing that kind of due diligence. What's wrong with our current IP?
My company makes what is essentially an enterprise IoT device. I'd guesstimate 10% of networks with our hardware in them have no ipv6 support at all. And these are businesses that are on the more tech savvy side (I would assume, since they're ordering our stuff).
If you go down this path consider using Transit Gateway so you can route multiple VPC traffic to a central security VPC in a region. I’ve done this a Palo Alto VM and it seems to work well.
Instead of putting the fragmentation in L4 (like QUIC now does) and including a UDP header on every fragmented packet in a datagram, UDP only includes the header on the first packet. With fragmentation happening; firewalls, NATs, and end-hosts have to buffer and coalesce IP packets based on IP IDs, before the destination can be identified. It's a real nuisance. A lot of CGNAT "stateless" implementations can't handle this and you get very hard to debug issues when there are fragmentation and MTU mismatches.
It has a legitimate purpose in old-timey systems which have bespoke MTUs on each link, but now the usual thing is to use 1500 bytes for WAN traffic, which is the generic Ethernet MTU, and reserve larger sizes for intra-datacenter communications.
You'll start to care pretty quickly if it's the same IP as a bad actor that's blocked everywhere.
Both are dominating the internet-cyberspace and both are screwing it over for everyone else.
You have to define health checks on your instances that reflect the availability of all services they host.
And you have to allow there to be more instances than your target number in each autoscaling group.
Thank you, p1mrx!
But anything that connects to the internet needs to be updated regularly, if only for security and vulnerability reasons. If you have a 10-year-old functional and supported desktop, it most likely supports being IPv6 only just fine. The typical 10-year-old desktop came from the factory with Windows 8 and could be upgraded to Windows 10 (since it's supported). It even gets relatively new features such as IPv6 RDNSS allowing DHCP-less deployments.
> I don't think it's in Amazon's purview to make those judgement calls.
I already said I don't agree with GP that this is a motive for Amazon.
GCP especially takes a lot more trial and error building systems that compose a bunch of different primitives. That the API is awful doesn't help either.
Have quite a bit of experience with AWS and Azure, and only recently learning about GCP, it’s very clear that Google nailed Some of GCP’s core cloud engineering concepts and got them exactly right.
Although unfortunately they will never reach the size of AWS or (maybe Azure? It’s hard to tell Azure’s market size as they don’t disclose it.)
As the first hyperscaler, they gotta pay the legacy tax.
This investment wasn't just of a strategic nature: they have enough market power to hold back the move towards ipv6.
it will have the exact opposite effect
Nothing is free forever.
The second would be a timesaver.
But that discussion aside, if you adopt the IPv4 naming scheme to the 128-bit IPv6 adresses, Google's DNS would be 8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.8.
I would never be confident that I put in the right number of 8's in that case. And I have a feeling that you being overwhelmed has more to do with the total increase of possibilities, than with hexadecimal notation.
I guess it shows that IPv6 was designed for computers, not humans. Because we need a vast number if IP adressses. And that is fine for me.
Colons are inherently more frightening than dots, especially double colons, which seems like some badly written C++ class escaped from gaol. Dots feel friendly and cute, I would pet an IPv4 address.
> then I'm not sure you can be helped
Sure, and the rest of the planet hasn't adopted IPv6 either. It's a horrible UX.
> Colons are inherently more frightening than dots
I highly disagree. In traditional text usage, dots end a sentence. They are terminal. A symbol of stasis. Like death. Contrary to that, a colon always refers to something that comes after: it transcends itself, and wakes my curiosity. It is a symbol of growth and learning.
The rest of the world has adopted IPv6 because they never had the vast IPv4 space.
In that case you don't need to remember the google's DNS address or any DNS servers address for that matter.
so that's: source ip, dest ip, protocol, source port, dest port, connection state (say 16 bytes total)
doing NAT too is what, 3 more bytes per connection (8 bits for an offset into an IP table and 16 bits for the translated port)
I hear such takes all the time and its really frustrating; usually in threads regarding IPv6, incidentally it is usually programmers who think they understand everything about networks because they know how tcp operates.
> I hear such takes all the time and its really frustrating
maybe you'd be less frustrated if you understood what people were saying, because I didn't say that
AWS already do 1:1 NAT and there's additionally a stateful firewall, which necessitates connection state tracking
adding the extra few bytes to do port translation shouldn't vastly increase the memory required
> incidentally it is usually programmers who think they understand everything about networks because they know how tcp operates.
from someone who has written a commercial packet filter: in terms of complexity, TCP blows the preceding layers of the stack out of the water
Is that really conceptually so different from a stateful firewall allowing inbound packets only for established connections/flows?
"NATs are good because otherwise people wouldn't have any firewalls" is a tired take, yes, but I don't see the point being needlessly pedantic about the semantics of NAT vs. stateful firewalls when in this case, the effect is the same: No inbound packets without prior outbound packets (or a connection establishment for TCP).
The threat of professional exclusion is one of the big levers provided by such a guild. Given the way tech companies behave, why do you believe that this lever will be left in the hands of good people, and not taken over (like the rest of the internet)?
I would be shocked if this were true for hardware. Even for software, every major OS in the last 10 years as supported IPv6, and prefers it over IPv4
I’m sure there’s horror stories, but I doubt it’s systemic.
That's the problem. If the OS starts using IPv6 preferentially but the software on top can't handle it, then you get a crash.
E.g.: if you turn on IPv6 for DNS and it starts returning AAAA records instead of A records, then a lot of applications fall flat on their face.
Usually the type written in C and insisting on maintaining compatibility with whatever Berkley did in the 1970s.
1500 is absolutely not a pervasively usable WAN MTU, you're going to need pMTUd if you're sending 1500 byte packets broadly. Plenty of WAN links won't tolerate it. If you don't want to deal with fragmentation at all ... 500 is the minimum guaranteed MTU, but in practice it's exceptionally rare to see anything below about 1200 require fragmentation. But you can always only control what you send, not what others are sending you.
https://ipv6.ams2.test-ipv6.com/ip/?callback=?&testdomain=te...
I get the following from Chrome:
> This site can’t be reached
> Check if there is a typo in ipv6.ams2.test-ipv6.com.
>DNS_PROBE_FINISHED_NXDOMAIN
This is because your OS is not querying AAAA records. I am gonna guess that your using macos.
The most common error would be a "connection time out".
This would require a proper RFC of course, with support from IANA and web browsers.
There is no possible use case in no possible universe where AWS is cost effective.
Renting the same compute resources wholesale will cost you 20 times less. (Not a typo.)
Right now, this is done on AWS, with lambda + S3, and costs under $0.02/month.
Can you point me to something more cost effective that that? Don't forget I also need backup for data, automatic failover in case of machine failure or crash, amd no maintenance (like OS upgrades) for 5+ years.
Enterprise workloads need compliance. AWS and GCP provide that. They are very few hosting companies out there who are better at security and compliance than those two.
You mean like S3 object storage? That costs less outside AWS because you are usually getting less. That's if you can get it at all.
Just because it's a 128-bit number doesn't mean it should be difficult to remember, the standard notation goes a long way toward that. 2001:db8::cafe:f00d and fc00:bad:beef::1 aren't what I'd call the epitome of "can't remember"
Mind that real-world global addresses often have four groups of almost-random at the beginning, but it's usually not terrible to commit to memory.
For sure this is a self-hoster thing, where you have pets not cattle, but so is memorizing your v4 address(es)
Asides from potential address conflicts, should your work VPN space overlap with your LAN subnet, for example.
Also gives you a lot of traffic which you can use to test new deployments without disrupting paying customers.
Yes, technically correct, though the harder / more annoying part tends to be sifting through Algolia, HN itself, or Google for the relevant gems.
I'm also usually on my phone these days, haven't logged into HN from a desktop in ages.
If it's the former... oh sweet jesus, what? Probably way cheaper to just run an a1.large or something with Linux on it, plus a very short shell script to set up NAT. That's assuming well more than half of the traffic going through it is ingress from the internet. If it's 50/50 ingress and egress, then it's basically the same pricing as NAT gateway.
> You also incur standard AWS data transfer charges for all data transferred via the NAT gateway.
Yes, the $0.045/GB “data processing” charge is in addition to the usual $0.09/GB egress charge. You are paying an effective $0.135/GB for all of your egress, in addition to the $0.045/hr just to keep the NAT gateway running.
And yes, your ingress and even internal-to-AWS traffic is also billed at the $0.045/GB rate. (An example given on the aforementioned page is traffic from an EC2 instance to a same-region S3 bucket, which they note doesn’t generate an egress charge but does generate a NAT processing charge.) As far as I can tell, the only traffic which isn’t billed is traffic routed with internal VPC private IP addresses, which don’t hit the NAT gateway and thus aren’t counted.
There are highly paid AWS consultants who shave literal millions of dollars off of many company’s AWS bills by just setting it up a cheap EC2 box to handle their NAT instead of using the built-in solution. Doing that instantly wipes out the ingress charges and effectively halves the egress charges, and it’s probably a lower hourly cost than they’re already paying: an a1.large is $0.051/hr on-demand but that immediately drops to just $0.032/hr with a 1 year no upfront reserved plan. If you’re willing to pay upfront and/or sign a longer contract, you can get it as low as $0.019/hr.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Ins...
I say sorta because it's built on an old version of Amazon Linux and is headed towards EOL with no replacement except "go build your own" as you suggest.
https://www.lastweekinaws.com/blog/an-alternat-future-we-now...
AlterNAT uses managed NAT Gateways as a fallback when the NAT Instance is out of service, but again you will have to make your own NAT AMI.
This is not to excuse AWS' frankly absurd NATGW pricing, but to point out other ways around it.
https://github.com/somleng/somleng-project/blob/main/infrast...
I always love this comments. We pay them literally hundreds of thousands a year.
My monthly costs are minuscule with a reserved with a t4g instance, Lambda, S3 and Cloudfront as my primary usage.
Honestly, it beats out the “budget” VPS providers I was previously using, and is a heck of a lot more powerful/reliable.
I use very little bandwidth and processing with the vast majority of my projects. In the even that I do need heavy lifting for a couple hours, it still tends to be a pretty minimal cost.
Now for sustained heavy loads/bandwidth… I definitely would look elsewhere for hobby projects.
Edit: and I agree with your point about attacks. I have pretty aggressive monitoring set up around billing.
AWS has the easy to use Lightsail[1] VPS offer with cheapest product at $3.5/mo but they'll likely increase these prices as well, since there's an IPv4 address included.
Edited to extend: this is why TCP has a "Maximum Segment Size", and why Path MTU Discovery information has to be passed into the TCP state machine. It is TCP that takes responsibility for carving up the data into the packets, not IP.
One of the goals of UDP was to avoid needing this kind of state, which is why the IP layer handles fragmentation for it instead. This is allowed on a hop-by-hop basis, unless the DF bit is set; so when a "too big" packet gets to a node with a smaller MTU, it can just split it and send on the fragments. No PMTUD needed.
The design could have been for the fragmenting node to also add a UDP header as part of that process, but was not. It would have been a simple change at the time. It's had a lot of consequences since and is responsible for a decent amount of complexity in hardware and software packet pipelines.
TCP, UDP, ICMP and IP were all designed contemporaneously; UDP fragmentation could also easily have just been specified for. It's just an odd regrettable quirk.
I have no doubt that there are plenty of cases when local hardware is cheaper, but gp said "There is no possible use case in no possible universe where AWS is cost effective."... and I claim there are many use cases where AWS is cheaper.
A) Promising scale (and delivering to a certain extent)
B) being significantly more convenient than contemporary solutions
C) becoming trendy
D) hoodwinking CxO’s into the belief that not owning your data is better for you, actually. (CapEx vs OpEx)
E) unfathomable amounts of DevRel.
Nobody has ever claimed AWS was cost effective, they have said that “it’s worth the cost” though.
> it’s worth the cost
Sounds about the same.
The issue tends to be that people do not actually stay on top of their spend- they claim to need less headcount but then spend more than a few salaries worth on their cloud spend.
They claim they do not need headcount but then spend the same headcount in infra people anyway, or finops people in the best case.
people have lost touch with how much compute actually costs, because its little by little and claims to scale to zero or you only pay what you want. - yet every installation I’ve ever seen has had a base cost higher than the largest colo installation cost we would have needed times 2.
Its not cost effective, because its on average 11x more expensive than a fully managed colocation installation. - your packets dont care that you spent 11x more on half the performance.
AWS is a boutique retail reseller for compute. It's okay for very tiny projects, or for vanity purposes.
For a provisioned IOPS volume, you can get up to 256k IOPS (so still a fraction of a single drive) at a cost of $25600/month (plus per-GB storage costs). For that price, you could buy 8x of these: https://www.newegg.com/micron-30-72-tb-9400/p/N82E1682036315... giving you 240 TB of raw SSD storage.