Cost
You are responsible for the cost of the AWS services used while running the Security Automations for AWS WAF solution. The total cost for running this solution depends on the protection activated and the amount of data ingested, stored, and processed.
We recommend creating a budget through AWS Cost Explorer
The following tables are example cost breakdowns for running this solution in the US East (N. Virginia) Region (excludes free tier). Prices are subject to change.
Example 1: Turn on Reputation List Protection, Bad Bot Protection, Lambda Log Parser for HTTP Flood Protection, and Scanner and Probe Protection
AWS service | Dimensions/Month | Cost/Month [USD] |
---|---|---|
Amazon Kinesis Data Firehose | 100 GB | ~$2.90 |
Amazon Simple Storage Service | 100 GB | ~$2.30 |
AWS Lambda |
128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run 512 MB: 2 functions, total of 1M invocations and average 500 millisecond duration per Lambda run |
~$5.4 |
Amazon API Gateway | 1M requests | ~$3.4 |
Total | ~$14 |
Example 2: Turn on Reputation List Protection, Bad Bot Protection, Athena Log Parser for HTTP Flood Protection, and Scanner and Probe Protection
AWS service | Dimensions/Month | Cost/Month [USD] |
---|---|---|
Amazon Kinesis Data Firehose | 100 GB | ~$2.90 |
Amazon Simple Storage Service (Amazon S3) | 100 GB | ~$2.30 |
AWS Lambda |
128 MB: 3 functions, total of 1M invocations and average 500 millisecond duration per Lambda run 512 MB: 2 functions, total of 7560 invocations and average 500 millisecond duration per Lambda run |
~$1.26 |
Amazon API Gateway | 1M requests | ~$3.4 |
Amazon Athena | 1.2M CloudFront objects hits or 1.2M ALB requests per day that generates a ~500 byte log record per hit/request | ~$4.32 |
Total | ~$14.18 |
Example 3: Turn on IP retention on Allowed and Denied IP sets
AWS service | Dimensions/Month | Cost/Month [USD] |
---|---|---|
Amazon DynamoDB | 1K writes, 1MB data storage | ~$0 |
AWS Lambda |
128 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run 512 MB: 1 function, total of 2K invocations and average 500 millisecond duration per Lambda run |
~$0.01 |
Amazon CloudWatch | 2K events | ~$0 |
Total | ~$0.01 |
There are AWS services used
in this solution, such as AWS Lambda, that generate Amazon
CloudWatch logs. These logs incur charges
If you choose to use the Athena log parser on installation, this solution schedules a query to run against the WAF and/or application access logs in your Amazon S3 bucket(s) as configured. You are charged based on the amount of data scanned by each query. Partitioning is applied to logs and queries to keep costs low. By default, application access logs are moved from their original S3 location to a partitioned folder structure. You have the option to keep original logs as well but you will be charged for duplicated log storage. This solution uses Workgroups to segment workloads and these can be configured to manage query access and costs.