A software engineer has warned against trusting cloud data storage services in a painstakingly detailed blog post detailing their own “complete digital annihilation” at the hands of AWS admins. Developer Abdelkader Boudih, pen name Seuros, says they had been a fee-paying AWS subscriber for a decade, with the cloud service becoming a firm part of their workflow. Suffice to say, the developer’s long-standing relationship with AWS has now ended acrimoniously.
On top of all the other horrors, am I the only one seriously bothered by the fact that every dry-run is just a single fat-finger away from deleting all of a customer’s data across all of AWS? I know that whenever I design a script to do something as dangerous as this, at the very least the default behavior is for it to do a dry-run so that if you want it to actually go ahead and make the changes you have to pass in an additional argument such as
--confirm-deletion; for something this dangerous and apparently irreversible, I would probably also prompt the user to type “IAMSURE” before proceeding.Even AWS forces you to empty a bucket before deleting and confirms it by making you type delete to delete the bucker.
Protip: Never use the console or CLI.
Just use CDK. Test deleting and redeploying. Script the whole deployment process so it can be updated multiple times a day against different accounts by different people. Never worry about fat-fingering nothing.
That sounds even more reasonable to me!
What does “CDK” refer to?
Cloud Development Kit: https://aws.amazon.com/cdk/
Ah, so just adding the irony of AWS not even using its own tools to prevent these kinds of mishaps.