Posted By Rich Miller On February 18, 2008 @ 9:54 am In Amazon | Comments Disabled
This incident has exposed a large vulnerability in the authentication system: a competing service could explicitly send large amounts of authenticated calls to S3 in an attempt to overload it. Fortunately, Amazon plans to address this, stating that they will add “additional defensive measures around the authenticated calls.”The post-outage  blogging  around the web also revealed that not all major users of Amazon’s utility computing services were affected. One customer that reported no impact was SmugMug, the photo sharing service that has been one of the most prominent success stories for Amazon. Don MacAskill of SmugMug  wrote that although the outage didn’t slow his service, he’s prepared for the probability that this will happen.
Yes, I believe there will probably be times where SmugMug is seriously affected, possibly even offline completely, because Amazon (or some other web services provider) is having problems. Today wasn’t that day. Nobody likes outages, especially not us, but we’ve decided the tradeoffs are worth it. You should have your eyes wide open when you make the decision to use AWS or any other external service, though. It will fail from time to time.The savings-to-reliability tradeoff may be somewhat different for enterprise customers. It’s safe to say that the performance of Amazon’s utility computing platform will continue to be closely watched.
Article printed from Data Center Knowledge: http://www.datacenterknowledge.com
URL to article: http://www.datacenterknowledge.com/archives/2008/02/18/encrypted-traffic-cited-in-amazon-s3-outage/
URLs in this post:
 online banking logins to non-SSL pages: http://news.netcraft.com/archives/2005/08/23/banks_shifting_logins_to_nonssl_pages.html
 dashboard providing details on service performance: http://radar.oreilly.com/archives/2008/02/amazon-ec2-s3-aws-outage-failure-happens.html
 interesting commentary: http://cubist.cs.washington.edu/Security/2008/02/17/amazons-s3-outage-usage-spike-or-ddos-attack/
 post-outage: http://www.roughtype.com/archives/2008/02/why_s3_failed.php
 blogging: http://www.centernetworks.com/amazon-s3-downtime-update
 Don MacAskill of SmugMug: http://blogs.smugmug.com/don/2008/02/15/s3-outage-we-werent-affected/
 Rich Miller: http://www.datacenterknowledge.com/archives/author/richm/
Copyright © 2011 Data Center Knowledge. All rights reserved.