How Security Lake pricing is determined
Amazon Security Lake pricing is based on two dimensions: data ingestion and data conversion. Security Lake also works with other AWS services to store and share your data, and you may incur separate charges for these activities.
When you turn on log collection for the first time in an AWS account in any AWS Region that Security Lake supports, that account is automatically enrolled in a 15-day free trial of Security Lake. You may still incur charges from other services during the free trial.
- Data ingestion
These costs derive from the volume of ingested AWS CloudTrail logs and other AWS service logs and events (Amazon Route 53 resolver query logs, AWS Security Hub findings, and Amazon VPC Flow Logs).
- Data conversion
These costs derive from the volume of AWS service logs and events that Security Lake normalizes to Open Cybersecurity Schema Framework (OCSF) schema and converts to Apache Parquet format.
- Costs of related services
Here are some costs you may incur from other AWS services for storing and sharing the data in your security data lake:
Amazon S3 – These costs derive from maintaining Amazon S3 buckets in your Security Lake account, storing your data there, and evaluating and monitoring your bucket for security and access control. For more information, see Amazon S3 pricing
. Amazon SQS – These costs derive from creating an Amazon SQS queue for message delivery. For more information, see Amazon SQS pricing
. Amazon EventBridge – These costs derive from Amazon EventBridge sending object notifications to subscription endpoints. For more information, see Amazon EventBridge pricing
.
Costs that a subscriber incurs by querying data from Security Lake and storing query results are the responsibility of the subscriber.
For more information, see Security Lake pricing
