Pricing for firewall logging

You are charged for Amazon CloudWatch vended logs, on top of the basic charges for using Network Firewall. Vended logs are specific AWS service logs published by AWS on your behalf at volume discount pricing. Your logging costs can vary depending on factors such as the destination type that you choose and the amount of data that you log. For example, flow logging sends logs for all of the network traffic that reaches your firewall's stateful rules, but alert logging sends logs only for network traffic that your stateful rules drop or explicitly alert on. For information about CloudWatch vended log pricing, see Logs on the Amazon CloudWatch pricing page. For information about Network Firewall pricing, see Network Firewall pricing.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Permissions to configure firewall logging

Firewall logging destinations