Free Tier
GuardDuty Free Tier is only available in the Amazon Web Services China (Ningxia) Region operated by NWCD and Amazon Web Services China (Beijing) Region operated by Sinnet. Any new account to Amazon GuardDuty can try the service for 30-days at no cost. You will have access to the full feature set and detections during the free trial. The GuardDuty console indicates how many days are left on the trial period and estimates how much the daily average cost for your account is based on the volume of data analyzed. This makes it easy for you to experience Amazon GuardDuty at no cost and take the guess work out of the cost of the service beyond the free trial. Start using Amazon GuardDuty.
Overview
Amazon GuardDuty is priced based on the quantity of Amazon CloudTrail Events analyzed and the volume of Amazon VPC Flow Log and DNS Log data analyzed. There is no additional charge to enable these log sources for GuardDuty analysis.
Amazon CloudTrail Management Event analysis – GuardDuty continuously analyzes CloudTrail management events, monitoring all access and behavior of your Amazon Web Services accounts and infrastructure. CloudTrail management event analysis is charged per 1,000,000 events per month and pro-rated.
Amazon CloudTrail S3 Data Event analysis – GuardDuty continuously analyzes CloudTrail S3 data events, monitoring access and activity of all your Amazon S3 buckets. CloudTrail S3 data event analysis is charged per 1,000,000 events per month and are pro-rated.
VPC Flow Log and DNS Log analysis – GuardDuty continuously analyzes VPC Flow Logs and DNS requests and responses to identify malicious, unauthorized, or unexpected behavior in your Amazon Web Services accounts and workloads. Flow log and DNS log analysis is charged per Gigabyte (GB) per month. Flow log and DNS log analysis is offered with tiered volume discounts.
Amazon EKS audit log analysis – When the GuardDuty EKS Protection feature is enabled, GuardDuty continuously analyzes EKS audit logs and optimizes costs by processing only events that are used for security analysis. EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume.
Data scanned for malware – When the GuardDuty Malware Protection feature is enabled, Amazon Elastic Compute Cloud (EC2) instance or container workloads with detected behavior indicative of malware will have a replica of their attached Amazon Elastic Block Store (EBS) volumes scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Configurable guardrails that you set up can help you control spend, such as setting up notifications when usage exceeds a specified limit and the ability to control which Amazon EC2 instances to scan using tags. Also, attached EBS volumes over 1 TB (1,024 GB) are not scanned.
Pricing details - BJS
| Amazon CloudTrail Management Event Analysis | |
| Per 1 million events / month | ¥ 35.30 per 1 million events |
| Amazon CloudTrail S3 Data Event Analysis | |
| First 500 million events / month | ¥ 7.10 per 1 million events |
| Next 4500 million events / month | ¥ 3.50 per 1 million events |
| Over 5000 million events / month | ¥ 1.70 per 1 million events |
| Amazon EKS Audit Logs | |
| First 100 million events / month | ¥ 16.00 per 1 million events |
| Next 100 million events / month | ¥ 8.00 per 1 million events |
| Over 200 million events / month | ¥ 2.04 per 1 million events |
| VPC Flow Log and DNS Log Analysis | |
| First 500 GB / month | ¥ 8.69 per GB |
| Next 2000 GB / month | ¥ 4.38 per GB |
| Next 7500 GB / month | ¥ 2.19 per GB |
| Over 10000 GB / month | ¥ 1.34 per GB |
| GuardDuty Malware Protection | |
| Per GB / month | ¥ 0.2 per GB |
Pricing examples (monthly) - BJS
Example 1
GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs
200,000,000 S3 data events
Charges =
40 x ¥ 35.30
(per 1,000,000 management events)
+ 500 x ¥ 8.69 (first 500 GB)
+ 2,000 x ¥ 4.38 (next 2,000 GB)
+ 500 x ¥ 2.19 (next 7,500 GB)
+ 200 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
= ¥ 17,032 per month
GuardDuty scans
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs
200,000,000 S3 data events
Charges =
40 x ¥ 35.30
(per 1,000,000 management events)
+ 500 x ¥ 8.69 (first 500 GB)
+ 2,000 x ¥ 4.38 (next 2,000 GB)
+ 500 x ¥ 2.19 (next 7,500 GB)
+ 200 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
= ¥ 17,032 per month
Example 3
GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads
Charges =
500 x ¥ 0.2
= ¥100 per month
Example 2
GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs
1,000,000,000 S3 data events
Charges =
5 x ¥ 35.30 (per 1,000,000 events)
+ 250 x ¥ 8.69 (first 500 GB)
+ 500 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
+ 500 * ¥ 3.50 (per 1,000,000 S3 data events for next 4500 million)
= ¥7,649 per month
GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs
1,000,000,000 S3 data events
Charges =
5 x ¥ 35.30 (per 1,000,000 events)
+ 250 x ¥ 8.69 (first 500 GB)
+ 500 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
+ 500 * ¥ 3.50 (per 1,000,000 S3 data events for next 4500 million)
= ¥7,649 per month
Pricing details - ZHY
| Amazon CloudTrail Management Event Analysis | |
| Per 1 million events / month | ¥ 30 per 1 million events |
| Amazon CloudTrail S3 Data Event Analysis | |
| First 500 million events / month | ¥ 6 per 1 million events |
| Next 4500 million events / month | ¥ 3 per 1 million events |
| Over 5000 million events / month | ¥ 1.50 per 1 million events |
| Amazon EKS Audit Logs | |
| First 100 million events / month | ¥ 12.00 per 1 million events |
| Next 100 million events / month | ¥ 6.00 per 1 million events |
| Over 200 million events / month | ¥ 1.50 per 1 million events |
| VPC Flow Log and DNS Log Analysis | |
| First 500 GB / month | ¥ 7.49 per GB |
| Next 2000 GB / month | ¥ 3.74 per GB |
| Next 7500 GB / month | ¥ 1.91 per GB |
| Over 10000 GB / month | ¥ 1.15 per GB |
| GuardDuty Malware Protection | |
| Per GB / month | ¥ 0.2 per GB |
Pricing examples (monthly) - ZHY
Example 1
GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs
200,000,000 S3 data events
Charges =
40 x ¥ 30 (per 1,000,000 management events)
+ 500 x ¥ 7.49 (first 500 GB)
+ 2,000 x ¥ 3.74 (next 2,000 GB)
+ 500 x ¥ 1.91 (next 7,500 GB)
+ 200 * ¥ 6 (per 1,000,000 S3 data events for first 500 million)
= ¥ 14,580 per month
Example 3
GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads
Charges =
500 x ¥ 0.2
= ¥100 per month
Example 2
GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs
1,000,000,000 S3 data events
Charges =
5 x ¥ 30 (per 1,000,000 events)
+ 250 x ¥ 7.49 (first 500 GB)
+ 500 * ¥ 6 (per 1,000,000 S3 data events for first 500 million)
+ 500 * ¥ 3 (per 1,000,000 S3 data events for next 4500 million)
= ¥6,148 per month