They locked my account, without refunding the ~$200 balance, with no reason given except "We reviewed the account and found it matches unusual patterns associated with violations of our Terms of Service and Acceptable Use Policy." When asked, they would not reveal which terms were violated.
No warning was given, and no way to retrieve any data. Fortunately nothing essential was lost.
"It's interesting how many companies simply shut down service rather than say give a warning and wait for a response (or at least start a clock)."
I'm sure many people have started their companies firmly convinced that they'll give plenty of warnings and never automatically shut anything down.
The problem is, you rapidly discover that doesn't scale, not even on a human level. You send your notice. 48 hours later, you've gotten no response. If you act now, it isn't materially different from your point of view as if you simply acted right away.
Also, in a cloud environment, even Digital Ocean, as many people have learned the hard way with leaked credentials, you can rack up charges faster than the relevant humans can even conceivably be notified. As the hosting company, you can't just let abusive or accidental usage go. You can refund their money, but that's still resources of yours that went to something that failed to produce revenue rather than something that did; you can't absorb that indefinitely.
I'm pretty sure you'll inevitably discover that you have no choice but to put automation in.
This is exactly why AWS has relatively low default account limits, and you have to open a support ticket to raise them. It's largely to prevent run-away costs from surprising the customer.
I accidentally left a 24xlarge instance running for a month without realizing it and they looked at the activity and were totally cool about zeroing the bill for that instance for the month. Basically gave me us a $2000 credit.
It does probably help that I said I would be careful not to do that again and had already put in a CloudWatch Alarm to automatically power-off the instance after a set period of idleness before filing the ticket.
There have been so many stories of AWS accounts being “hacked” (actually they weren’t. someone posted their keys to a public github repo), the person panicking, then sending a ticket to AWS and then getting a refund. AWS support is excellent - especially on the business tier and above.
I will gladly pay the extra money for AWS than to even think about DO or even GCP for a money making project.
But more on topic: with Aurora/MySQL you can have an on-site hosted read replica from an AWS hosted database. That would be a cheap, easy real time backup solution if I were really worried about AWS screwing me over.
The good will generated by the stream of customer testimonials of this process we hear about is priceless.
The proposition seems to go something like this: it's a new thing, mistakes are statistically expected, you make an honest one and plead "oops!" and we refund you, no doubt pointing you to resources on best practices and account throttling. As long as the customer takes the lesson to heart, everyone wins.
This. It's fairly easy to setup from the provider side and easily solves this problem. Rate limits are fairly easy and can be automated based on criteria like account length/payment/abuse incidents. I think disabling the account is a little heavy handed unless it's brand new
For the customer, there is a big difference. Hitting an API to send an email and a text 48hrs before shutting down services is a common courtesy and easily automatable.
The host should throttle resources in the interim if its at risk of running up massive bills or adversely impacting other clients. None of this is breaking new ground, there isn't a good reason for large hosts to act like shit.
Your point is reasonable in many cases. But in this particular case, the charges would not have been substantially bigger than what this company paid before, and an automated system ought to take that into account.
If I’m a $10/month customer, kill my account early, and it’ll save me more often than not. If I’m a big spender, maybe wait a bit longer.
Granted that would require people to communicate and use some form of reason.
Even DMCA for all its warts fires up a warning and has a response mechanism (granted other issues there).