Cost - AWS Security Hub Automated Response and Remediation

Cost

You are responsible for the cost of the AWS services used to run the AWS Security Hub Automated Response and Remediation solution. As of November 2021, the cost for running this solution with the default settings in the US East (N. Virginia) AWS Region is approximately $3.33 for 300 remediations/month, $26.83 for 3,000 remediations/month and $261.90 for 30,000 remediations/month. Prices are subject to change. For full details, see the pricing page for each AWS service used in this solution.

Note

Many AWS Services include a Free Tier – a baseline amount of the service that customers can use at no charge. Actual costs may be more or less than the pricing examples provided.

The total cost to run this solution depends on the following factors:

  • The number of AWS Security Hub member accounts

  • The number of active automatically-invoked remediations

  • The frequency of remediation

This solution uses the following AWS components, which incur a cost based on your configuration. Pricing examples are provided for small, medium, and large organizations.

Service Free Tier Pricing
AWS Systems Manager Automation - Step Count 100,000 steps per account per month Beyond the free tier, each basic step is charged at $0.002 per step. For multi-account automations, all steps including those run in any child accounts are counted only in the originating account.
AWS Systems Manager Automation - Step Duration 5,000 seconds per month Beyond the free tier, each aws:executeScript action step is charged at $0.00003 for every second after a free tier of 5,000 seconds per month.
AWS Systems Manager Automation - Storage No free tier $0.046 per GB per month
AWS Systems Manager Automation - Data Transfer No free tier $0.900 per GB transferred (for cross-account or out-of-Region)
AWS Security Hub - Security Checks No free tier

First 100,000 checks/account/region/month costs $0.0010 per check

Next 400,000 checks/account/region/month costs $0.00.0 per check

Over 500,000 checks/account/region/month costs $0.0005 per check

AWS Security Hub - Finding Ingestion Events First 10,000 events/account/region/month is free. Finding ingestion events associated with Security Hub’s security checks. Over 10,000 events/account/region/month costs $0.00003 per event
Amazon CloudWatch - Metrics Basic Monitoring Metrics (at 5-minute frequency) 10 Detailed Monitoring Metrics (at 1-minute frequency) 1 Million API requests (not applicable to GetMetricData and GetMetricWidgetImage)

First 10,000 metrics costs $0.30 metric/month

Next 240,000 metrics costs $0.10 metric/month

Next 750,000 metrics costs $0.05 metric/month

Over 1,000,000 metrics costs $0.02 metric/month

Amazon CloudWatch - Dashboard 3 Dashboards for up to 50 metrics per month $3.00 per dashboard per month
Amazon CloudWatch - Alarms 10 Alarm metrics (not applicable to high-resolution alarms)

Standard Resolution (60 sec) costs $0.10 per alarm metric

High Resolution (10 sec) costs $0.30 per alarm metric

Standard Resolution Anomaly Detection costs $0.30 per alarm

High Resolution Anomaly Detection costs $0.90 per alarm

Composite costs $0.50 per alarm

Amazon CloudWatch - Logs Collection 5GB Data (ingestion, archive storage, and data scanned by Logs Insights queries) $0.50 per GB
Amazon CloudWatch - Logs Storage 5GB Data (ingestion, archive storage, and data scanned by Logs Insights queries) $0.005 per GB of data scanned
Amazon CloudWatch - Events All events except custom events are included $1.00 per million events for custom events $1.00 per million events for cross-account events
AWS Service Catalog 1,000 API calls per month Over 1,000 API calls costs $0.0007 (14 calls for 1 cent)
AWS Lambda - Requests 1M free requests per month $0.20 per 1M requests
AWS Lambda - Duration 400,000 GB-seconds of compute time per month $0.0000166667 for every GB-second. The price for Duration depends on the amount of memory you allocate to your function. You can allocate any amount of memory to your function between 128MB and 10,240MB, in 1MB increments.
AWS Step Functions - State Transitions 4,000 free state transitions per month $0.025 per 1,000 state transitions thereafter
Amazon EventBridge All state change events published by AWS services are free

Custom events cost $1.00/million custom events published

Third-party (SaaS) events cost $1.00/million events published

Cross-account events cost $1.00/million cross-account events sent

Amazon SNS First 1 million Amazon SNS requests per month are free $0.50 per 1 million requests thereafter

Pricing Examples (monthly)

Example 1: 300 remediations per month

  • 10 accounts, 1 Region

  • 30 remediations per account/region/month

  • Total cost $3.33 per month

Service Assumptions Monthly Charges
AWS Systems Manager Automation

Steps: ~4 steps * 300 remediations * $0.002 = $2.40

Duration: 10s * 300 remediations * $0.00003 = $0.09

$2.49
AWS Security Hub No billable services utilized $0
Amazon CloudWatch Logs

300 remediations * $0.000002 = $0.0006

$0.0006 * 0.03 = $0.000018

< $0.01
AWS Service Catalog No charge for portfolio $0
AWS Lambda - Requests

300 remediations * 6 requests = 1,800 requests

$0.20 * 1,000,000 requests = $0.20

$0.20
AWS Lambda - Duration 256M: 1.875 GB sec * 300 remediations * $0.0000167 = $0.009375 < $0.01
AWS Step Functions

15 state transitions * 300 remediations = 4,500

$0.025 * (4,500/1,000) state transitions = $0.1125

< $0.12
Amazon EventBridge Rules No charge for rules $0
Amazon SNS $0.50 * 1,000,000 notifications = $0.50 $0.50
Total $3.33

Example 2: 3,000 remediations per month

  • 100 accounts, 1 Region

  • 30 remediations per account/region/month

  • Total cost $26.75 per month

Service Assumptions Monthly Charges
AWS Systems Manager Automation

Steps: ~4 steps * 3,000 remediations * $0.002 = $24.00

Duration: 10s * 3,000 remediations * $0.00003 = $0.90

$24.90
AWS Security Hub No billable services utilized $0
Amazon CloudWatch Logs

3,000 remediations * $0.000002 = $0.006

$0.006 * 0.03 = $0.00018

< $0.01
AWS Service Catalog No charge for portfolio $0
AWS Lambda - Requests

3,000 remediations * 6 requests = 18,000 requests

$0.20 * 1,000,000 requests = $0.20

$0.20
AWS Lambda - Duration 256M: 1.875 GB sec * 3,000 remediations * $0.000167 = $0.09375 $0.09
AWS Step Functions

15 state transitions * 3,000 remediations = 45,000

$0.025 * (45,000/1,000) state transitions = $1.125

$1.13
Amazon EventBridge Rules No charge for rules $0
Amazon SNS $0.50 * 1,000,000 notifications = $0.50 $0.50
Total $26.83

Example 3: 30,000 remediations per months

  • 1000 accounts, 1 Region

  • 30 remediations per account/region/month

  • Total cost $261.90 per month

Service Assumptions Monthly Charges
AWS Systems Manager Automation

Steps: ~4 steps * 30,000 remediations * $0.002 = $240.00

Duration: 10s * 30,000 remediations * $0.00003 = $9.00

$249.00
AWS Security Hub No billable services utilized $0
Amazon CloudWatch Logs

30,000 remediations * $0.000002 = $0.06

$0.06 * 0.03 = $0.0018

< $0.01
AWS Service Catalog No charge for portfolio $0
AWS Lambda - Requests

30,000 remediations * 6 requests = 180,000 requests

$0.20 * 1,000,000 requests = $0.20

$0.20
AWS Lambda - Duration 256M: 1.875 GB sec * 30,000 remediations * $0.000167 = $0.9375 $0.94
AWS Step Functions

15 state transitions * 30,000 remediations = 450,000

$0.025 * (450,000/1,000) state transitions = $11.25

$11.25
Amazon EventBridge Rules No charge for rules $0
Amazon SNS $0.50 * 1,000,000 notifications = $0.50 $0.50
Total 261.90