Cost
You are responsible for the cost of the AWS services used while running this solution. As of this revision, the cost to run the solution in the US East (N. Virginia) Region is approximately:
-
$1,733.00 per month for a small organization
-
$18,951.00 per month for a large organization
These costs are for the resources shown in the Sample cost tables. The total cost to run this solution depends on the following:
-
Number of policies installed
-
Number of accounts managed
-
Number of rule sets and web ACLs installed
-
Number and invocation duration of Lambda functions
-
Number of EventBridge events published
For example, for two CloudFront global policies and one Regional policy, the total policy cost is:
3 policies x $100 = $300 per month
We recommend creating
a budget
through AWS Cost Explorer
Sample cost tables
The following tables provide a sample cost breakdown for deploying this solution with the default parameters in the US East (N. Virginia) Region for one month.
Cost per month for a small organization
Assumptions:
-
Accounts: 12 accounts across 2 OUs
-
Number of AWS Regions: 3
-
Subscription to AWS Shield Advanced: No
-
Number of policies: 13
-
CloudFront global policy: AWS WAF global policy ($100 x 1 global policy)
-
Regional policies:
-
AWS WAF Regional policy ($100 x 3 Regions)
-
Security group content audit policy ($100 x 3 Regions)
-
Security group usage audit policy ($100 x 3 Regions)
-
DNS Firewall policy ($100 x 3 Regions)
-
-
Note
The following cost
estimate doesn't account for a subscription to AWS Shield Advanced. With the Shield Advanced subscription, the AWS WAF
protection policy cost and the AWS WAF web ACL and rules cost
are included. For additional information, refer to the
AWS Firewall Manager pricing
Components | Quantity | Accounts | $/month [USD] | Monthly Total [USD] |
---|---|---|---|---|
AWS Firewall Manager | ||||
Policies | 13 | N/A | $100.00 | $1,300.00 |
AWS WAF web ACL | 4 | 12 | $5.00 | $240.00 |
AWS WAF rules | 4 x 4 | 12 | $1.00 | $192.00 |
Other AWS services* | ||||
N/A | N/A | 12 | less than $1.00 | $1.00 |
Total: | $1,733.00 | |||
* Other AWS services include Lambda, EventBridge, CloudFormation StackSets, AWS Config, DNS Firewall, and Parameter Store. |
Cost per month for a large organization
Assumptions:
-
Accounts: 150 accounts across 20 OUs
-
Number of AWS Regions: 10
-
Subscription to AWS Shield Advanced: No
-
Number of policies: 41
-
Global policy: AWS WAF global policy ($100 x 1 global policy)
-
Regional policies:
-
AWS WAF Regional policy ($100 x 10 AWS Regions)
-
Security group content audit policy ($100 x 10 Regions)
-
Security group usage audit policy ($100 x 10 Regions)
-
DNS Firewall policy ($100 x 10 Regions)
-
-
Note
The following cost
estimate doesn't account for a subscription to AWS Shield Advanced. With the Shield Advanced subscription, the AWS WAF
protection policy cost and the AWS WAF web ACL and rules cost
are included. For additional information, refer to the
AWS Firewall Manager pricing
Components | Quantity | Accounts | $/month [USD] | Monthly Total [USD] |
---|---|---|---|---|
AWS Firewall Manager | ||||
Policies | 41 | N/A | $100.00 | $4,100.00 |
AWS WAF web ACL | 11 | 150 | $5.00 | $8,250.00 |
AWS WAF rules | 4 × 11 | 150 | $1.00 | $6,600.00 |
Other AWS services* | ||||
N/A | N/A | 150 | less than $1.00 | $1.00 |
Total: | $18,951.00 | |||
* Other AWS services include Lambda, EventBridge, CloudFormation StackSets, AWS Config, DNS Firewall, and Parameter Store. |