I feel so STUPID setting up a billing alert on Cloudflare SQL (d1) for READS, ...
for a $5 a month account it's capped at 5 BILLION ROW reads!
Let's put this into perspective, assuming you're developing edge app on cloudflare it's not a stretch to assume you're caching results in cloudflare's edge cache, that's like a monster really cheap REDIS cache on a app server, only many orders of magnitude faster with near zero latency, and where the reads are 100% free. So you can READ a billion rows for $5 and cache the results, ...hehe..., so, ... it feels laughable to setup a billing alert in case that get's hammered, but, in case somewhere I forget to cache results, I WILL actually setup a billing alert, sigh! This is more of a technicality than addressing any real risk.
Of course, if you have a database with a million rows, and you're not caching things, and you're doing a select or sum across non indexed rows, and that page get's hit with a DDOS attack, say a few thousand parallel requests a second for a few hours, well... that's another story altogether. A single DDOS attack overnight could mean you wake up to ... a personalised invoice in your inbox, with a picture of a smiling cat with speech bubble ALL YOUR DOLLARS ARE BELONG TO US!
In case you think DDOS attacks are limited to big corporations; I have roughly about 100 parked domains with nothing on them, and even my empty websites occasionally get DDOS-ed from time to time with these incredibly high rates of attack, its a hackers way of radomly testing things to see what they find.
p.s. In case it's not obvious, this isn't a dig at Cloudflare, I'm a big fan. It's a backward compliment in fact, their pricing is so absurdly different to other cloud vendors that it's easy to think about it as water and air, like a human right
;D But you still need to remain vigilent and even the cheapest of services need to be monitored.