Cost - AWS WAF Security Automations

Cost

You are responsible for the cost of the AWS services used while running the AWS WAF Security Automations solution. The total cost for running this solution depends on the protection activated and the amount of data ingested, stored, and processed.

We recommend creating a budget through AWS Cost Explorer to help manage costs. For full details, refer to the pricing webpage for each AWS service used in this solution.

The following tables are example cost breakdowns for running this solution in the US East (N. Virginia) Region (excludes free tier). Prices are subject to change.

Example 1: Turn on Reputation List Protection, Bad Bot Protection, and Lambda Log Parser for HTTP Flood Protection and Scanner & Probe Protection.

AWS service Dimensions/Month Cost/Month
Amazon Kinesis Data Firehose 100 GB ~$2.90
Amazon Simple Storage Service 100 GB ~$2.30
AWS Lambda

128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run

512 MB: 2 functions, total of 1M invocations and average 500 millisecond duration per Lambda run

~$5.4
Amazon API Gateway 1M requests ~$3.4
Total ~$14

Example 2: Turn on Reputation List Protection, Bad Bot Protection, and Athena Log Parser for HTTP Flood Protection and Scanner & Probe Protection

AWS service Dimensions/Month Cost/Month
Amazon Kinesis Data Firehose 100 GB ~$2.90
Amazon Simple Storage Service (Amazon S3) 100 GB ~$2.30
AWS Lambda

128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run

512 MB: 2 functions, total of 7560 invocations and average 500 millisecond duration per Lambda run

~$1.26
Amazon API Gateway 1M requests ~$3.4
Amazon Athena 1.2M CloudFront objects hits or 1.2M ALB requests per day that generates a ~500 byte log record per hit/request ~$4.32
Total ~$14.18

Example 3: Turn on IP retention on Allowed and Denied IP sets

AWS service Dimensions/Month Cost/Month
Amazon DynamoDB 1K writes, 1MB data storage ~$0
AWS Lambda

128 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run

512 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run

~$0.01
Amazon CloudWatch 2K events ~$0
Total ~$0.01

There are AWS services used in this solution, such as AWS Lambda, that generate Amazon CloudWatch logs. These logs incur charges. We recommend deleting or archiving old logs to reduce the cost. For log archive detail, refer to Exporting log data to Amazon S3 in the Amazon CloudWatch Logs User Guide.

If you choose to use the Athena log parser on installation, this solution schedules a query to run against the WAF and/or application access logs in your Amazon S3 bucket(s) as configured. You are charged based on the amount of data scanned by each query. Partitioning is applied to logs and queries to keep costs low. By default, application access logs are moved from their original S3 location to a partitioned folder structure. You have the option to keep original logs as well but you will be charged for duplicated log storage. This solution uses Workgroups to segment workloads and these can be configured to manage query access and costs. Refer to Cost estimate of Amazon Athena for a sample cost estimate calculation. For more information, refer to Amazon Athena Pricing.