It's relatively easy to build a web app. However, it's far more difficult to build one that's secure, scalable, and does not expose the user to DDOS/cost attacks.
In this article, I'll cover some important things I've learned as a self-taught programmer who hosts my own web apps.
The motivation for this post
The following video popped into my YouTube feed the other day: I got my first DDoS (and what you can do to help prevent it)
A YouTuber, Web Dev Cody, racked up a $269 AWS bill when his Icon Generator website got hit with over 200,000,000 requests in about an hour.
The $269 bill is honestly quite tame compared to what's possible. For example, here's a $104k bill for a static Netlify website.
Public cases, such as the Netlify one above, often have the bills forgiven. However, there's no guarantee of this. You may also leave yourself open to smaller, less obvious ways in which you're paying too much for cloud services.
While Web Dev Cody's bill wasn't particularly massive, it's a great example of unnecessary exposure to runaway cloud bills.
Use Cloudflare for Static Assets
After reviewing Cody's bill, I found that he incurred costs for Amazon CloudFront (AWS's CDN) requests and bandwidth.
The pinned comment on this YouTube video currently reads:
from all the comments I've read from people smarter than myself, you should probably just use cloudflare.
I could not agree more.
AWS charged him $269 because a (presumably bad) actor repeatedly made requests to a static page on his website.
Had I been building the same website as him, I'd have used Cloudflare pages to host the static assets... And my bill would still be $0 after the attack.
I don't want to pick on Cody at all, but I quickly learned when reading/watching tutorials that content creators usually fail to take into account or explain how to avoid massive bills. When Cloudflare launched its Pages product, it was a game changer for me when launching personal sites, prototyping, and hosting MVPs.
For example, I recently (re)built a game sensitivity converter website with thousands of pages. As it's currently just a static website, I was able to host it with Cloudflare pages at $0.
Even if you're using another server or cloud platform to host/generate your content, you should still utilize Cloudflare's (free or very cheap) CDN and proxy services to cache static assets. Unlike other CDNs, Cloudflare does not charge for bandwidth (at least until you reach enterprise levels), assuming you're abiding by their very legitimate TOS.
Compute
To be honest, I haven't looked too much into Cody's website, but presumably, it also needed compute.
When it comes to compute, I unfortunately haven't found an overwhelming obvious choice like with Cloudflare for static assets.
There are always tradeoffs:
- Serverless is easy but absurdly overpriced once you reach scale (go beyond free tiers, etc).
- Companies like Heroku, DigitalOcean Apps Platform, Netlify, etc. do indeed make things easier, but again, they're overpriced.
Whatever you do, make sure you thoroughly read through companies' billing terms.
If there's no guaranteed fixed cost, make sure there are ways to programmatically monitor your billing and limit/stop services if you reach a certain threshold.
It's also important to choose a service that updates usage/billing in real-time. This $72,000 Google Cloud bill was partially a result of the Firebase Dashboard taking 24 hours to update.
While likely not the optimal choice, I usually use Heroku for prototyping, personal projects, and MVPs. It's not cheap for what you're getting, but they offer fixed prices and don't charge overages on basic plans (as far as I understand).
However, you can use anything as long as you can monitor your usage/billing. But whatever you do, don't expose yourself to potentially massive runaway costs.
Top comments (0)