Thanks so much, I really appreciate your comment.

Either the subscription filter or the lambda could be modified to only fire based on source IP; not the whole thing but perhaps the CIDR of your ISP, so that only you can start it. Perhaps it could be done with the route53 geolocation options as well.

In the 2 months I've been using this method before deciding to write it all down, I've not run into any issues with anyone else or any bots triggering the container to start, at least not yet...

I just added this in. Not super elegant but can publish to a topic with the notifications, then up to the user how they want to receive them.

Cool. Probably not as elegant as Twilio, but free is hard to beat.

I was looking for a way to incorporate forging responses to the pings but couldn't find a way to consistently have a socket open on 25565 that didn't incur a hard monthly cost. Your service and approach looks great, I'm surprised I didn't run across it when researching before...