A prominent open-source developer’s decade-old AWS account was permanently deleted during a verification process, highlighting potential risks in cloud provider policies and regional operational differences.
Amazon Web Services (AWS) has come under scrutiny after permanently deleting a 10-year customer account and all associated data without warning, according to a detailed account published by Abdelkader Boudih, a prominent Ruby developer known for maintaining widely-used gems like capistrano-puma and capistrano-sidekiq.
The Incident
On July 23, 2025, Boudih’s AWS account was terminated following a failed verification process that began on July 10. Despite having multi-region replication, proper backup architecture, and segregated encryption keys following AWS best practices, all data was immediately deleted without the 90-day retention period typically promised in AWS documentation.
“I put them in one provider, with what should have been bulletproof redundancy,” Boudih wrote in his account of the incident. “Multi-region replication across AWS Europe, dead man’s switch implemented for disaster recovery, proper backup architecture following AWS’s own best practices.”
The account deletion occurred on Boudih’s birthday, destroying years of work including:
- Infrastructure for maintaining dozens of open-source Ruby gems used worldwide
- A complete programming book in development
- Electronics tutorials and educational materials
- Testing environments for open-source contributions
Support Process Breakdown
The incident began when AWS requested account verification with a 5-day deadline over a weekend. After the initial form expired, Boudih spent 20 days attempting to resolve the issue through AWS support, documenting increasingly frustrating interactions where support agents repeatedly avoided answering the simple question: “Does my data still exist?”
Key timeline points include:
- July 10: Initial verification request with weekend deadline
- July 14: Form expired, customer contacts support
- July 16-20: Four days of silence from AWS
- July 22: AWS claims submitted documents are “unreadable”
- July 23: Account terminated
- July 24-30: Multiple support interactions with template responses and evasion
Policy Discrepancies
AWS’s public documentation states that accounts have a 90-day post-closure retention period before permanent deletion. However, Boudih’s case appears to fall into an undocumented exception for “verification-suspended” accounts, which bypass this retention period entirely.
“The community standard across cloud providers? 30-90 days retention unless there’s actual fraud or abuse. AWS? Zero days. Zero hours. Zero mercy,” Boudih noted.
Regional Operations Concerns
The incident has highlighted potential operational differences within AWS regional divisions. According to Boudih’s account, AWS MENA (Middle East and North Africa) was allegedly running a “proof of concept” on dormant accounts that may have gone wrong due to a command-line parameter parsing error in internal Java-based tools.
Industry observers have noted that some developers pay premiums to avoid being assigned to AWS MENA regions, citing concerns about different operational standards and support quality.
Technical Theory
An AWS insider allegedly suggested the deletions resulted from a developer typing --dry (standard in modern CLIs) instead of -dry (Java’s older parameter format) when attempting to run a test on dormant accounts. This would cause Java applications to ignore the dry-run flag and execute operations on production data.
While unverified, this theory aligns with reports of multiple accounts being affected simultaneously and the subsequent scrambling to manage the situation.
Industry Implications
The incident raises several critical questions for cloud computing:
- Provider Risk: How much trust should organizations place in single cloud providers, regardless of internal redundancy?
- Regional Consistency: Are all AWS regions operating under the same policies and standards?
- Data Sovereignty: What happens when cloud providers themselves become the single point of failure?
- Support Accountability: How can customers get straight answers during critical incidents?
Economic Impact
Beyond personal data loss, the incident affects the broader open-source ecosystem. Boudih’s gems are used in production systems worldwide, and his testing infrastructure was critical for maintaining these widely-adopted tools. AWS ironically benefits from these same open-source contributions in their own infrastructure.
Boudih has indicated that clients representing over $400,000 per month in AWS billing have agreed to migrate to alternative providers including Oracle OCI, Azure, and Google Cloud in response to the incident.
AWS Response
AWS has not provided public comment on the specific incident. Support interactions documented by Boudih show template responses and requests for customer satisfaction ratings even while the data deletion was occurring.
Lessons for Enterprise
Cloud architecture experts suggest this incident reinforces several key principles:
- Multi-provider strategies: Redundancy across different cloud providers, not just regions
- Documentation practices: Maintaining detailed records of all provider interactions
- Exit strategies: Having rapid migration plans that can be executed within hours
- Backup verification: Regular testing of disaster recovery procedures
Moving Forward
Boudih has announced plans to build a free tool to help organizations migrate away from AWS, while continuing to maintain his open-source contributions despite the setback.
The incident serves as a stark reminder that cloud providers, despite their reliability promises, remain single points of failure that can impact not just individual customers but entire ecosystems that depend on their work.
For enterprise customers, the lesson is clear: trust, but verify – and always have a Plan B that doesn’t depend on your primary provider’s goodwill or operational competence.
This story is developing. We have reached out to AWS for comment and will update this article with any official responses. You can read more in https://www.seuros.com/blog/aws-deleted-my-10-year-account-without-warning/
