New users try Amazon GuardDuty free for 30 days, protect your accounts and workloads

 ✕

Amazon GuardDuty pricing

价格计算器

Free Tier

GuardDuty Free Tier is only available in the Amazon Web Services China (Ningxia) Region operated by NWCD and Amazon Web Services China (Beijing) Region operated by Sinnet. Any new account to Amazon GuardDuty can try the service for 30-days at no cost. You will have access to the full feature set and detections during the free trial. The GuardDuty console indicates how many days are left on the trial period and estimates how much the daily average cost for your account is based on the volume of data analyzed. This makes it easy for you to experience Amazon GuardDuty at no cost and take the guess work out of the cost of the service beyond the free trial. Start using Amazon GuardDuty.

Overview

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and anomalous behavior to help protect your Amazon Web Services accounts, workloads, and data. GuardDuty prices are based on the volume of service logs, events, workloads, or data analyzed.

GuardDuty pricing tiers include foundational pricing, which is the default level of service coverage, as well as optional protection plans pricing. When you activate GuardDuty for the first time, you will automatically have foundational protections and optional protection plans turned on. While you can turn off optional protection features at any time, the foundational protections are required for active GuardDuty accounts. Analyzed service logs are filtered for cost optimization and directly integrated with GuardDuty, which means you don’t have to activate or pay for them separately.

Pricing varies by data source and Region, and is subject to change as new log sources are introduced, existing log sources are optimized to reduce cost, and log volumes increase and decrease with your varying workload-related activity in Amazon Web Services. 

Amazon EKS audit log analysis – When the GuardDuty EKS Protection feature is enabled, GuardDuty continuously analyzes EKS audit logs and optimizes costs by processing only events that are used for security analysis. EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume.

Data scanned for malware – When the GuardDuty Malware Protection feature is enabled, Amazon Elastic Compute Cloud (EC2) instance or container workloads with detected behavior indicative of malware will have a replica of their attached Amazon Elastic Block Store (EBS) volumes scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Configurable guardrails that you set up can help you control spend, such as setting up notifications when usage exceeds a specified limit and the ability to control which Amazon EC2 instances to scan using tags. Also, attached EBS volumes over 1 TB (1,024 GB) are not scanned.

Foundational threat detection pricing

To detect unauthorized and unexpected activity in your Amazon Web Services environment, GuardDuty analyzes and processes data from foundational data sources to detect anomalies involving Amazon Identity and Access Management (IAM) access keys and Amazon Elastic Compute Cloud (Amazon EC2).

  • Amazon CloudTrail management event analysis: GuardDuty continuously analyzes CloudTrail management events. Management events (also known as control plane) provide information about management operations that are performed on resources in your Amazon Web Services account. CloudTrail management event analysis is charged per 1 million events per month and is prorated.
  • Amazon Virtual Private Cloud (VPC) Flow Log and DNS query log analysis: GuardDuty continuously analyzes Amazon VPC Flow Logs and Domain Name System (DNS) query logs. VPC Flow Log and DNS query log analysis is charged per gigabyte (GB) per month. Both VPC Flow Log and DNS query log analyses are discounted with volume.

Pricing details - Beijing Region

Amazon CloudTrail Management Event Analysis
Per 1 million events / month ¥ 35.30  per 1 million events

VPC Flow Log and DNS Log Analysis 
First 500 GB / month ¥ 8.69 per GB
Next 2000 GB / month ¥ 4.38 per GB
Next 7500 GB / month ¥ 2.19 per GB
Over 10000 GB / month ¥ 1.34 per GB

Pricing details - Ningxia Region

Amazon CloudTrail Management Event Analysis
Per 1 million events / month ¥ 30  per 1 million events

VPC Flow Log and DNS Log Analysis 
First 500 GB / month ¥ 7.49 per GB
Next 2000 GB / month ¥ 3.74 per GB
Next 7500 GB / month ¥ 1.91 per GB
Over 10000 GB / month ¥ 1.15 per GB

Pricing examples

Example 1: Beijing Region

GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs

Charges =
40 x ¥ 35.30 (per 1,000,000 management events)
+ 500 x ¥ 8.69 (first 500 GB)
+ 2,000 x ¥ 4.38 (next 2,000 GB)
+ 500 x ¥ 2.19 (next 7,500 GB)
= ¥ 15,612 per month

Example 2: Beijing Region

GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs

Charges =
5 x ¥ 35.30 (per 1,000,000 events)
+ 250 x ¥ 8.69 (first 500 GB)
+ 500 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
= ¥ 5,899 per month

Example 1: Ningxia Region

GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs

Charges =
40 x ¥ 30 (per 1,000,000 management events)
+ 500 x ¥ 7.49 (first 500 GB)
+ 2,000 x ¥ 3.74 (next 2,000 GB)
+ 500 x ¥ 1.91 (next 7,500 GB)
= ¥ 13,380 per month

Example 2: Ningxia Region

GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs

Charges =
5 x ¥ 30 (per 1,000,000 events)
+ 250 x ¥ 7.49 (first 500 GB)
+ 500 * ¥ 6 (per 1,000,000 S3 data events for first 500 million)
= ¥ 4,648 per month

Optional protection plans

In addition to foundational log data sources, GuardDuty can use additional data from other Amazon Web Services services in your Amazon Web Services environment to monitor and analyze for potential security threats. 

  • S3 Protection
  • GuardDuty monitors threats against your Amazon S3 resources by analyzing Amazon CloudTrail management events and CloudTrail S3 data events. When the GuardDuty S3 Protection feature is turned on, GuardDuty continuously analyzes authenticated CloudTrail S3 data events, monitoring access and activity in your S3 buckets. CloudTrail S3 data event analysis is charged per 1 million events per month, is prorated, and is discounted with volume.

    Pricing details - Beijing Region

    Amazon CloudTrail S3 Data Event Analysis
    First 500 million events / month ¥ 7.10  per 1 million events
    Next 4500 million events / month ¥ 3.50  per 1 million events
    Over 5000 million events / month ¥ 1.70  per 1 million events

    Pricing details - Ningxia Region

    Amazon CloudTrail S3 Data Event Analysis
    First 500 million events / month ¥ 6  per 1 million events
    Next 4500 million events / month ¥ 3  per 1 million events
    Over 5000 million events / month ¥ 1.50  per 1 million events

    Pricing examples

    Example 1: Beijing Region

    GuardDuty processes
    200,000,000 S3 data events

    Charges =
    200 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
    = ¥1,420 per month

    Example 2: Beijing Region

    GuardDuty processes
    1,000,000,000 S3 data events

    Charges =
    500 * ¥ 3.50 (per 1,000,000 S3 data events for next 4500 million)
    = ¥1,750 per month

    Example 1: Ningxia Region

    GuardDuty processes
    200,000,000 S3 data events

    Charges =
    200 * ¥ 6.00 (per 1,000,000 S3 data events for first 500 million)
    = ¥1,200 per month

    Example 2: Ningxia Region

    GuardDuty processes
    1,000,000,000 S3 data events

    Charges =
    + 500 * ¥ 3 (per 1,000,000 S3 data events for next 4500 million)
    = ¥1,500 per month

  • EKS Protection
  • Amazon Elastic Kubernetes Service (Amazon EKS) Protection in GuardDuty provides threat detection coverage to help you protect Amazon EKS clusters within your Amazon Web Services environment. 

    When the GuardDuty EKS Protection feature is activated, GuardDuty continuously analyzes Amazon EKS audit logs and optimizes costs by processing only events that are used for security analysis. Amazon EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume.

    Pricing details - Beijing Region

    Amazon EKS Audit Logs  
    First 100 million events / month ¥ 16.00  per 1 million events
    Next 100 million events / month ¥ 8.00  per 1 million events
    Over 200 million events / month ¥ 2.04  per 1 million events

    Pricing details - Ningxia Region

    Amazon EKS Audit Logs  
    First 100 million events / month ¥ 12.00  per 1 million events
    Next 100 million events / month ¥ 6.00  per 1 million events
    Over 200 million events / month ¥ 1.50  per 1 million events

    Pricing examples

    Example 1: Beijing Region

    GuardDuty processes
    200,000,000 Amazon EKS events 

    Charges =
    100 x ¥ 16.00 (per 1 million events for first 100 million events)
    + 100 x ¥ 8.00 (next 100 million events)

    = ¥ 1,420 per month

    Example 1: Ningxia Region

    GuardDuty processes
    200,000,000 Amazon EKS events 

    Charges=
    100 x ¥ 12.00 (per 1 million events for first 100 million events)
    + 100 x ¥ 6.00 (next 100 million events)

    = ¥ 1,600 per month

  • Malware Protection
  • GuardDuty identifies your resources that have already been compromised by malware, or those resources that are at risk. Malware Protection supports GuardDuty to detect the malware that may be the source of this compromise.

    When the GuardDuty Malware Protection feature is turned on, Amazon Elastic Compute Cloud (EC2) instance or container workloads with detected behavior indicative of malware will have a replica of their attached Amazon Elastic Block Store (Amazon EBS) volumes scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Configurable guardrails that you set up can help you control spend, such as setting up notifications when usage exceeds a specified limit and the ability to control which Amazon EC2 instances to scan using tags. Also, attached EBS volumes over 1 TB (1,024 GB) are not scanned.

    Amazon EBS snapshots are required for GuardDuty Malware Protection and are priced separately from GuardDuty Malware Protection. Please visit Amazon EBS pricing for details.

    Pricing details - Beijing Region

    EBS Data Volume Scan Analysis  
    Per GB / month ¥ 0.2 per GB

    Pricing details - Ningxia Region

    EBS Data Volume Scan Analysis  
    Per GB / month ¥ 0.2 per GB

    Pricing examples

    Example 1: Beijing Region

    GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads

    Charges =
    500 x ¥ 0.2
    = ¥100 per month

    Example 1: Ningxia Region

    GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads

    Charges =
    500 x ¥ 0.2
    = ¥100 per month

  • Lambda Protection
  • GuardDuty Lambda Protection continuously monitors network activity logs generated from the execution of Amazon Lambda functions to detect threats to Lambda, such as functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers. 

    Please note that expansion into additional forms of network activity monitoring will increase the volume of data that GuardDuty processes for Lambda Protection, and thus will increase the cost of the feature. Accordingly, Amazon Web Services will provide Lambda Protection customers with notice of additional network activity monitoring at least 30 days prior to their release. New and existing GuardDuty account holders can try optional GuardDuty protection plan features for 30 days at no cost on the Amazon Web Services Free Tier. During the free trial period and thereafter, you can always monitor your estimated monthly spend on the GuardDuty console usage page, broken down by data source. 

    Pricing details - Beijing Region

    Network activity log analysis  
    First 500 GB / month ¥ 8.69 per GB
    Next 2000 GB / month ¥ 4.38 per GB
    Next 7500 GB / month ¥ 2.19 per GB
    Over 10000 GB / month ¥ 1.34 per GB

    Pricing details - Ningxia Region

    Network activity log analysis  
    First 500 GB / month ¥ 7.49 per GB
    Next 2000 GB / month ¥ 3.74 per GB
    Next 7500 GB / month ¥ 1.91 per GB
    Over 10000 GB / month ¥ 1.15 per GB

    Pricing examples

    Example 1: Beijing Region

    GuardDuty processes
    200 GB of VPC Flow Logs from Lambda functions

    Charges =
    200 x ¥ 8.69 (first 500 GB)
    = ¥ 1,738 per month

    Example 1: Ningxia Region

    GuardDuty processes
    200 GB of VPC Flow Logs from Lambda functions 

    Charges =
    100 x ¥ 7.49 (first 500 GB)
    = ¥ 1,498 per month