- Lyft agreed to pay Amazon Web Services an aggregate minimum of $300 million between January 2019 and December 2021 for its services, according to the rideshare company's SEC filing.
- If Lyft fails to "meet the minimum purchase commitment" of $80 million each year in the designated time frame, the company is still responsible for paying the difference. This failure could lead to unintended financial harm on Lyft's part, according to the filings.
- AWS is already Lyft's primary third-party cloud provider and the agreement between the companies will remain in effect. However, AWS can end the agreement with Lyft "for convenience" after March 31, 2022 if done with an advance notice.
Lyft outlined the impact a potential interruption in AWS' services could mean for the rideshare company, including reducing "the attractiveness of our offerings," according to the filing.
But Lyft is clearly confident in AWS' reliability because last week the rideshare company announced it's "going all-in" with the cloud provider, according to a company announcement. The rideshare company provides more than 50 million rides every month and the cloud platform is able to scale to meet times of demands, like weekends and holidays, according to AWS.
Because AWS owns the servers Lyft relies on, the rideshare company does not "have control over the operations of the facilities of AWS that we use," according to the filing. It also means Lyft may feel the pains of damages inflicted on AWS.
When Lyft competitor Uber disclosed its 2016 data breach, it revealed intruders had accessed data stored on a third-party cloud-based service, AWS. Uber subsequently addressed the cloud-based storage controls, which falls on the shoulders of the customer, not AWS.
Notably, Lyft's C-suite lacks a formal technology chief, according to the filing. On February 22, former CISO Mike Johnson announced his resignation. Instead of a lead security head, the company is embracing a shared responsibility security model, similar to Facebook.
However, AWS customers have had a string of mismanaged access controls. Open AWS S3 buckets have resulted in data leaks for the Department of Defense, the WWE and Verizon.