I enabled Cloudtrail to log all DynamoDB read/write data events when trying to troubleshoot an issue. Even though I only left this enabled for a few days, the Cloudtrail line item was $5k more than it should have been. My back of the napkin math with assumptions came out to be 100 times less than that, so I had a really awkward support email asking them to reverse the charges, which they did fortunately.
A lot of the times this comes down to a user error.
For example, very similar to your case, I knew someone what enabled Cloudtrail, and configured some things to have Cloudtrail logs dumped on S3. Guess what? Dumping things on S3 also creates a Cloudtrail that gets logged to S3 that Cloudtrail logs. Etc
Doing things like that and creating a loop can get you massive bills
What I referenced earlier actually happened to me with Azure once. Unfortunately, I discovered at that last minute, but they thankfully just closed that account and never charged me.
“Did you accidentally leave an unused function running? Too bad.”
I enabled Cloudtrail to log all DynamoDB read/write data events when trying to troubleshoot an issue. Even though I only left this enabled for a few days, the Cloudtrail line item was $5k more than it should have been. My back of the napkin math with assumptions came out to be 100 times less than that, so I had a really awkward support email asking them to reverse the charges, which they did fortunately.
A lot of the times this comes down to a user error.
For example, very similar to your case, I knew someone what enabled Cloudtrail, and configured some things to have Cloudtrail logs dumped on S3. Guess what? Dumping things on S3 also creates a Cloudtrail that gets logged to S3 that Cloudtrail logs. Etc
Doing things like that and creating a loop can get you massive bills
What I referenced earlier actually happened to me with Azure once. Unfortunately, I discovered at that last minute, but they thankfully just closed that account and never charged me.