Mitigate possible bandwidth surge

[hcho3]

AWS charges a premium for outgoing traffic:

• S3 (storage): 0.023 USD per GB (https://aws.amazon.com/s3/pricing/)
• EC2 (compute): Free for first 1 GB per month, and 0.09 USD per GB thereafter (https://aws.amazon.com/ec2/pricing/on-demand/)

This results in surprise bills for many users. Here's one recent example: https://news.ycombinator.com/item?id=23956671

Here are some ways the XGBoost CI server can be hit with massive bandwidth bill:

• Someone may hard-link a nightly build of XGBoost in their Dockerfile or a Kubernetes script, and each deployment will download the build (~100 MB) from our S3 bucket.
• A mis-configured script or CI may send lots of requests to our S3 bucket or the website https://xgboost-ci.net.
• https://xgboost-ci.net may get hit with a DDoS attack.

We need to implement the following mitigation measures:

• Put https://xgboost-ci.net behind a CDN service like CloudFlare.
• Monitor outbound traffic from S3 buckets and set up alarms for anomalously high traffic.
• Automatically shut down access to S3 bucket when the traffic is anomalously high.

cc @trivialfis

[hcho3]

It might be easier to configure an alarm on the S3 bucket, instead of dealing with another VPS provider. Will investigate.

[hcho3]

I created a new Lambda function that will monitor all outbound traffic from the S3 buckets.