Cost - Automations for AWS Firewall Manager

Cost

You are responsible for the cost of the AWS services used while running this solution. The total cost to run this solution depends on the number of policies installed, the number of rule sets and Web ACLs installed, the number and execution duration of AWS Lambda functions, and the number of Amazon EventBridge events published.

Prices are subject to change. For full details, refer to the pricing webpage for each AWS service you will be using in this solution.

The cost for each policy is $100 per policy per month and per Region. For example, for two Amazon CloudFront global policies and one Regional policy, the total policy cost is three policies x $100 = $300 per month. The significant factors influencing the total cost of running this solution are the number of accounts managed and the number of policies installed. As of August 2021, the cost to run the solution for a small organization in the US East (N. Virginia) Region is approximately $1,733.00 per month.

Cost per month for a small organization

Assumptions:

  • Accounts: 12 accounts across two organizational units (OUs)

  • Number of AWS Regions: 3

  • No subscription to AWS Shield Advanced

  • Number of policies: 13

  • Amazon CloudFront global policy: AWS WAF global policy ($100 x 1 global policy)

  • Regional policies:

  • AWS WAF Regional policy ($100 x 3 Regions)

  • Security group content audit policy ($100 x 3 Regions)

  • Security group usage audit policy ($100 x 3 Regions)

  • Route 53 Resolver DNS Firewall policy ($100 x 3 Regions)

AWS Service Components Quantity Accounts $/month Monthly Total
AWS Firewall Manager Policies 13 N/A $100.00 $1,300.00
AWS WAF Web ACL 4 12 $5.00 $240.00
AWS WAF Rules 4*4 12 $1.00 $192.00
Other Services* N/A N/A 12 less than $1.00 $1.00
Total: $1,733.00

*Note: Other AWS services include AWS Lambda, AWS EventBridge, AWS CloudFormation StackSets, AWS Config, Amazon Route 53 Resolver DNS Firewall, and AWS Systems Manager Parameter Store.

Cost per month for a large organization

Assumptions:­­

  • Accounts: 150 accounts across 20 OUs

  • Number of AWS Regions: 10

  • No subscription to AWS Shield Advanced

  • Number of policies: 41

  • Global policy: AWS WAF global policy ($100 x 1 global policy)

  • Regional policies:

  • AWS WAF Regional policy ($100 x 10 AWS Regions)

  • Security group content audit policy ($100 x 10 Regions)

  • Security group usage audit policy ($100 x 10 Regions)

  • Route 53 Resolver DNS Firewall policy ($100 x 10 Regions)

AWS Service Components Quantity Accounts $/month Monthly Total
AWS Firewall Manager Policies 41 N/A $100.00 $4,100.00
AWS WAF Web ACL 11 150 $5.00 $8,250.00
AWS WAF Rules 4 x 11 150 $1.00 $6,600.00
Other Services* N/A N/A 150 less than $1.00 $1.00
Total: $18, 951.00

*Note: Other AWS services include AWS Lambda, AWS EventBridge, AWS CloudFormation StackSets, AWS Config, Amazon Route 53 Resolver DNS Firewall, and AWS Systems Manager Parameter Store.

The cost estimates in the tables does not account for a subscription to AWS Shield Advanced. With the Shield Advanced subscription, the AWS WAF protection policy cost and the AWS WAF Web ACL and Rules cost are included. For additional information, refer to the AWS Firewall Manager pricing page.

Prices are subject to change. For full details, refer to the pricing webpage for each AWS service you will be using in this solution.