A lot of the times this comes down to a user error.
For example, very similar to your case, I knew someone that enabled Cloudtrail, and configured some things to have Cloudtrail logs dumped on S3. Guess what? Dumping things on S3 also creates a Cloudtrail that gets logged to S3 that Cloudtrail logs. Etc
Doing things like that and creating a loop can get you massive bills
Yeah, in my case, I wasn’t familiar with the settings for Cloudtrail Data Events, and didn’t realize you could select which events to log, based on the actor or resource, as opposed to all events in DynamoDB. That would have saved me a lot processing power to filter the logs to look for the actions I was looking for.
A lot of the times this comes down to a user error.
For example, very similar to your case, I knew someone that enabled Cloudtrail, and configured some things to have Cloudtrail logs dumped on S3. Guess what? Dumping things on S3 also creates a Cloudtrail that gets logged to S3 that Cloudtrail logs. Etc
Doing things like that and creating a loop can get you massive bills
Yeah, in my case, I wasn’t familiar with the settings for Cloudtrail Data Events, and didn’t realize you could select which events to log, based on the actor or resource, as opposed to all events in DynamoDB. That would have saved me a lot processing power to filter the logs to look for the actions I was looking for.