Example 1: Turn on Reputation List Protection, Bad Bot Protection, Lambda Log Parser for HTTP Flood Protection, and Scanner and Probe Protection Example 2: Turn on Reputation List Protection, Bad Bot Protection, Athena Log Parser for HTTP Flood Protection, and Scanner and Probe Protection Example 3: Turn on IP retention on Allowed and Denied IP sets

Cost

You are responsible for the cost of the AWS services used while running the Security Automations for AWS WAF solution. The total cost for running this solution depends on the protection activated and the amount of data ingested, stored, and processed.

We recommend creating a budget through AWS Cost Explorer to help manage costs. For full details, refer to the pricing webpage for each AWS service used in this solution.

The following tables are example cost breakdowns for running this solution in the US East (N. Virginia) Region (excludes free tier). Prices are subject to change.

Example 1: Turn on Reputation List Protection, Bad Bot Protection, Lambda Log Parser for HTTP Flood Protection, and Scanner and Probe Protection

AWS service	Dimensions/Month	Cost/Month
Amazon Kinesis Data Firehose	100 GB	~$2.90
Amazon Simple Storage Service	100 GB	~$2.30
AWS Lambda	128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run 512 MB: 2 functions, total of 1M invocations and average 500 millisecond duration per Lambda run	~$5.4
Amazon API Gateway	1M requests	~$3.4
Total		~$14

Example 2: Turn on Reputation List Protection, Bad Bot Protection, Athena Log Parser for HTTP Flood Protection, and Scanner and Probe Protection

AWS service	Dimensions/Month	Cost/Month
Amazon Kinesis Data Firehose	100 GB	~$2.90
Amazon Simple Storage Service (Amazon S3)	100 GB	~$2.30
AWS Lambda	128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run 512 MB: 2 functions, total of 7560 invocations and average 500 millisecond duration per Lambda run	~$1.26
Amazon API Gateway	1M requests	~$3.4
Amazon Athena	1.2M CloudFront objects hits or 1.2M ALB requests per day that generates a ~500 byte log record per hit/request	~$4.32
Total		~$14.18

Example 3: Turn on IP retention on Allowed and Denied IP sets

AWS service	Dimensions/Month	Cost/Month
Amazon DynamoDB	1K writes, 1MB data storage	~$0
AWS Lambda	128 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run 512 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run	~$0.01
Amazon CloudWatch	2K events	~$0
Total		~$0.01

There are AWS services used in this solution, such as AWS Lambda, that generate Amazon CloudWatch logs. These logs incur charges. We recommend deleting or archiving old logs to reduce the cost. For log archive detail, refer to Exporting log data to Amazon S3 in the Amazon CloudWatch Logs User Guide.

If you choose to use the Athena log parser on installation, this solution schedules a query to run against the WAF and/or application access logs in your Amazon S3 bucket(s) as configured. You are charged based on the amount of data scanned by each query. Partitioning is applied to logs and queries to keep costs low. By default, application access logs are moved from their original S3 location to a partitioned folder structure. You have the option to keep original logs as well but you will be charged for duplicated log storage. This solution uses Workgroups to segment workloads and these can be configured to manage query access and costs.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Solution overview

Cost estimate of Amazon Athena