Cost
You are responsible for the cost of the AWS services used while running this solution. The total cost to run this solution depends on the number of policies installed, the number of rule sets and Web ACLs installed, the number and execution duration of AWS Lambda functions, and the number of Amazon EventBridge events published.
Prices are subject to change. For full details, refer to the pricing webpage for each AWS service you will be using in this solution.
The cost for each policy is $100 per policy per month and per Region. For example, for two Amazon CloudFront global policies and one Regional policy, the total policy cost is three policies x $100 = $300 per month. The significant factors influencing the total cost of running this solution are the number of accounts managed and the number of policies installed. As of August 2021, the cost to run the solution for a small organization in the US East (N. Virginia) Region is approximately $1,733.00 per month.
Cost per month for a small organization
Assumptions:
-
Accounts: 12 accounts across two organizational units (OUs)
-
Number of AWS Regions: 3
-
No subscription to AWS Shield Advanced
-
Number of policies: 13
-
Amazon CloudFront global policy: AWS WAF global policy ($100 x 1 global policy)
-
Regional policies:
-
AWS WAF Regional policy ($100 x 3 Regions)
-
Security group content audit policy ($100 x 3 Regions)
-
Security group usage audit policy ($100 x 3 Regions)
-
Route 53 Resolver DNS Firewall policy ($100 x 3 Regions)
| AWS Service | Components | Quantity | Accounts | $/month | Monthly Total |
|---|---|---|---|---|---|
| AWS Firewall Manager | Policies | 13 | N/A | $100.00 | $1,300.00 |
| AWS WAF Web ACL | 4 | 12 | $5.00 | $240.00 | |
| AWS WAF Rules | 4*4 | 12 | $1.00 | $192.00 | |
| Other Services* | N/A | N/A | 12 | less than $1.00 | $1.00 |
| Total: | $1,733.00 |
*Note: Other AWS services include AWS Lambda, AWS EventBridge, AWS CloudFormation StackSets, AWS Config, Amazon Route 53 Resolver DNS Firewall, and AWS Systems Manager Parameter Store.
Cost per month for a large organization
Assumptions:
-
Accounts: 150 accounts across 20 OUs
-
Number of AWS Regions: 10
-
No subscription to AWS Shield Advanced
-
Number of policies: 41
-
Global policy: AWS WAF global policy ($100 x 1 global policy)
-
Regional policies:
-
AWS WAF Regional policy ($100 x 10 AWS Regions)
-
Security group content audit policy ($100 x 10 Regions)
-
Security group usage audit policy ($100 x 10 Regions)
-
Route 53 Resolver DNS Firewall policy ($100 x 10 Regions)
| AWS Service | Components | Quantity | Accounts | $/month | Monthly Total |
|---|---|---|---|---|---|
| AWS Firewall Manager | Policies | 41 | N/A | $100.00 | $4,100.00 |
| AWS WAF Web ACL | 11 | 150 | $5.00 | $8,250.00 | |
| AWS WAF Rules | 4 x 11 | 150 | $1.00 | $6,600.00 | |
| Other Services* | N/A | N/A | 150 | less than $1.00 | $1.00 |
| Total: | $18, 951.00 |
*Note: Other AWS services include AWS Lambda, AWS EventBridge, AWS CloudFormation StackSets, AWS Config, Amazon Route 53 Resolver DNS Firewall, and AWS Systems Manager Parameter Store.
The cost estimates in the tables does not account for a
subscription to AWS Shield Advanced. With the Shield Advanced
subscription, the AWS WAF protection policy cost and the AWS WAF
Web ACL and Rules cost are included. For additional information,
refer to the
AWS Firewall Manager pricing
Prices are subject to change. For full details, refer to the pricing webpage for each AWS service you will be using in this solution.
