My Amazon S3 Mistake

[kephra]

The expensive mistake was to use Amazon at all. An own domain name costs about $1/month, an OVH root server less then $10. Install a minimal Debian and Linux Containers on it, and expand your own cloud, if you need it, e.g. by extending with cheap Hetzner servers.

[vertis]

Regardless of what service (AWS, Linode, Rackspace, OVH) if you leak keys or passwords you have the potential for costs incurred by malicious users.

I have not used OVH, but a quick perusal of the OVH API[1] suggests that you could invoke plenty of commands that would incur costs.

[1] https://api.ovh.com/console/#/order

[Dylan16807]

But your app would not have any keys. You would give it a server and that would be it. There's no API use in a toy project, and so no way to leak account authentication.