Archived for now, possibly Making Cloud Great Again in around 2025 Spring to Summer ??
I need to take outbound egress fees seriously. I need zero egress cloud solutions. If I expose any public S3 file in my bucket (or any public files), someone can repeatedly pull and exhaust me thousands of dollars, this is not bearable for me.
In fact, cloud inbound egress is mostly free. If someone set up a AWS Lambda function (or similar serverless functions) to pull my files, the serverless Lambda will boot up a different IP each time, and it is impossible to stop my finanical loss. Inbound egress is free in AWS, and easily more than 100 MB/s (8TB/day), so attacker don't need to pay anything. Serverless functions cost very few dollars in compute time. Not being attacked once doesn't mean I won't ever be attacked, and a small misconfig can trigger the same thing. It is kind of paradoxical to host public stuff in cloud when I am an individual dev who can't afford to loss thousands of dollars.
In conclusion, a zero-egress solution like Upcloud or Cloudflare is a must. Cloudflare doesn't have VPS, so...
See here: https://getdeploying.com/reference/data-egress
- AWS: Bedrock, EC2
- Cloudflare (Free): R2, DNS
Ports: 443(https), 80(http), 22(ssh), 27017(mongo)
nginx files are in /etc/nginx/sites-available/
sudo ln -sf /etc/nginx/sites-available/jimchen.me.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/llm.jimchen.me.conf /etc/nginx/sites-enabled/
I use Cloudflare certs and place them in
ssl_certificate /etc/cloudflare/jimchen.me/cert.pem;
ssl_certificate_key /etc/cloudflare/jimchen.me/privatekey.pem;
url: llm.jimchen.me
Using us-east-1 Anthropic
url: jimchen.me