Cost - Automations for AWS Firewall Manager
Sample cost tables

Cost

You are responsible for the cost of the AWS services used while running this solution. As of this revision, the cost to run the solution in the US East (N. Virginia) Region is approximately:

  • $1,733.00 per month for a small organization

  • $18,951.00 per month for a large organization

These costs are for the resources shown in the Sample cost tables. The total cost to run this solution depends on the following:

  • Number of policies installed

  • Number of accounts managed

  • Number of rule sets and web ACLs installed

  • Number and invocation duration of Lambda functions

  • Number of EventBridge events published

For example, for two CloudFront global policies and one Regional policy, the total policy cost is:

3 policies x $100 = $300 per month

We recommend creating a budget  through AWS Cost Explorer to help manage costs. Prices are subject to change. For full details, see the pricing webpage for each AWS service used in this solution.

Sample cost tables

The following tables provide a sample cost breakdown for deploying this solution with the default parameters in the US East (N. Virginia) Region for one month.

Cost per month for a small organization

Assumptions:

  • Accounts: 12 accounts across 2 OUs

  • Number of AWS Regions: 3

  • Subscription to AWS Shield Advanced: No

  • Number of policies: 13

    • CloudFront global policy: AWS WAF global policy ($100 x 1 global policy)

    • Regional policies:

      • AWS WAF Regional policy ($100 x 3 Regions)

      • Security group content audit policy ($100 x 3 Regions)

      • Security group usage audit policy ($100 x 3 Regions)

      • DNS Firewall policy ($100 x 3 Regions)

Note

The following cost estimate doesn't account for a subscription to AWS Shield Advanced. With the Shield Advanced subscription, the AWS WAF protection policy cost and the AWS WAF web ACL and rules cost are included. For additional information, refer to the AWS Firewall Manager pricing page.

Components Quantity Accounts $/month [USD] Monthly Total [USD]
AWS Firewall Manager
Policies 13 N/A $100.00 $1,300.00
AWS WAF web ACL 4 12 $5.00 $240.00
AWS WAF rules 4 x 4 12 $1.00 $192.00
Other AWS services*
N/A N/A 12 less than $1.00 $1.00
Total: $1,733.00
* Other AWS services include Lambda, EventBridge, CloudFormation StackSets, AWS Config, DNS Firewall, and Parameter Store.

Cost per month for a large organization

Assumptions:

  • Accounts: 150 accounts across 20 OUs

  • Number of AWS Regions: 10

  • Subscription to AWS Shield Advanced: No

  • Number of policies: 41

    • Global policy: AWS WAF global policy ($100 x 1 global policy)

    • Regional policies:

      • AWS WAF Regional policy ($100 x 10 AWS Regions)

      • Security group content audit policy ($100 x 10 Regions)

      • Security group usage audit policy ($100 x 10 Regions)

      • DNS Firewall policy ($100 x 10 Regions)

Note

The following cost estimate doesn't account for a subscription to AWS Shield Advanced. With the Shield Advanced subscription, the AWS WAF protection policy cost and the AWS WAF web ACL and rules cost are included. For additional information, refer to the AWS Firewall Manager pricing page.

Components Quantity Accounts $/month [USD] Monthly Total [USD]
AWS Firewall Manager
Policies 41 N/A $100.00 $4,100.00
AWS WAF web ACL 11 150 $5.00 $8,250.00
AWS WAF rules 4 × 11 150 $1.00 $6,600.00
Other AWS services*
N/A N/A 150 less than $1.00 $1.00
Total: $18,951.00
* Other AWS services include Lambda, EventBridge, CloudFormation StackSets, AWS Config, DNS Firewall, and Parameter Store.