Appendix F: Cost Estimate of Amazon Athena - AWS WAF Security Automations

Appendix F: Cost Estimate of Amazon Athena

If you use the Athena log parser option while running the HTTP Flood Protection and/or Scanner & Probe Protection rules, you will be charged for Athena usage. By default, each Athena query runs every five minutes and scans the past four hours of data. Partitioning is applied to logs and Athena queries to keep costs low. You can configure the number of hours of data that a query scans by changing the value for the WAF Block Period template parameter. However, increasing the amount of data scanned will likely increase Athena cost. Take CloudFront logs as an example, the cost calculation is as follows:

By average, each CloudFront hit might generate around 500 bytes of data.

If there are 1.2M CloudFront objects hits per day, then there will be 200k (1.2M/6) hits per four hours assuming that data comes in at a consistent rate. You will need to consider your actual traffic patterns when calculate your cost.

An average 100 MB (0.0001TB) data scanned per query = 500 * 200K

Athena charges $5.00 per TB of data scanned

Cost/query scan = 0.0001* $5/TB = $0.0005

Athena query runs every five minutes:

60 minutes / 5 = 12 runs per hour

12 * 24 = 288 runs a day

Cost estimate/month = $0.0005 * 288 * 30 = $4.32


Actual costs will vary depending on your application’s traffic patterns. For more information, see Amazon Athena pricing.