Free Tier
GuardDuty Free Tier is only available in the Amazon Web Services China (Ningxia) Region operated by NWCD and Amazon Web Services China (Beijing) Region operated by Sinnet. Any new account to Amazon GuardDuty can try the service for 30-days at no cost. You will have access to the full feature set and detections during the free trial. The GuardDuty console indicates how many days are left on the trial period and estimates how much the daily average cost for your account is based on the volume of data analyzed. This makes it easy for you to experience Amazon GuardDuty at no cost and take the guess work out of the cost of the service beyond the free trial. Start using Amazon GuardDuty.
Overview
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and anomalous behavior to help protect your Amazon Web Services accounts, workloads, and data. GuardDuty prices are based on the volume of service logs, events, workloads, or data analyzed.
GuardDuty pricing tiers include foundational pricing, which is the default level of service coverage, as well as optional protection plans pricing. When you activate GuardDuty for the first time, you will automatically have foundational protections and optional protection plans turned on. While you can turn off optional protection features at any time, the foundational protections are required for active GuardDuty accounts. Analyzed service logs are filtered for cost optimization and directly integrated with GuardDuty, which means you don’t have to activate or pay for them separately.
Pricing varies by data source and Region, and is subject to change as new log sources are introduced, existing log sources are optimized to reduce cost, and log volumes increase and decrease with your varying workload-related activity in Amazon Web Services.
Amazon EKS audit log analysis – When the GuardDuty EKS Protection feature is enabled, GuardDuty continuously analyzes EKS audit logs and optimizes costs by processing only events that are used for security analysis. EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume.
Data scanned for malware – When the GuardDuty Malware Protection feature is enabled, Amazon Elastic Compute Cloud (EC2) instance or container workloads with detected behavior indicative of malware will have a replica of their attached Amazon Elastic Block Store (EBS) volumes scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Configurable guardrails that you set up can help you control spend, such as setting up notifications when usage exceeds a specified limit and the ability to control which Amazon EC2 instances to scan using tags. Also, attached EBS volumes over 1 TB (1,024 GB) are not scanned.
Foundational threat detection pricing
To detect unauthorized and unexpected activity in your Amazon Web Services environment, GuardDuty analyzes and processes data from foundational data sources to detect anomalies involving Amazon Identity and Access Management (IAM) access keys and Amazon Elastic Compute Cloud (Amazon EC2).
- Amazon CloudTrail management event analysis: GuardDuty continuously analyzes CloudTrail management events. Management events (also known as control plane) provide information about management operations that are performed on resources in your Amazon Web Services account. CloudTrail management event analysis is charged per 1 million events per month and is prorated.
- Amazon Virtual Private Cloud (VPC) Flow Log and DNS query log analysis: GuardDuty continuously analyzes Amazon VPC Flow Logs and Domain Name System (DNS) query logs. VPC Flow Log and DNS query log analysis is charged per gigabyte (GB) per month. Both VPC Flow Log and DNS query log analyses are discounted with volume.
Pricing details - Beijing Region
| Amazon CloudTrail Management Event Analysis | |
| Per 1 million events / month | ¥ 35.30 per 1 million events |
| VPC Flow Log and DNS Log Analysis | |
| First 500 GB / month | ¥ 8.69 per GB |
| Next 2000 GB / month | ¥ 4.38 per GB |
| Next 7500 GB / month | ¥ 2.19 per GB |
| Over 10000 GB / month | ¥ 1.34 per GB |
Pricing details - Ningxia Region
| Amazon CloudTrail Management Event Analysis | |
| Per 1 million events / month | ¥ 30 per 1 million events |
| VPC Flow Log and DNS Log Analysis | |
| First 500 GB / month | ¥ 7.49 per GB |
| Next 2000 GB / month | ¥ 3.74 per GB |
| Next 7500 GB / month | ¥ 1.91 per GB |
| Over 10000 GB / month | ¥ 1.15 per GB |
Pricing examples
Example 1: Beijing Region
GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs
Charges =
40 x ¥ 35.30 (per 1,000,000 management events)
+ 500 x ¥ 8.69 (first 500 GB)
+ 2,000 x ¥ 4.38 (next 2,000 GB)
+ 500 x ¥ 2.19 (next 7,500 GB)
= ¥ 15,612 per month
Example 2: Beijing Region
GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs
Charges =
5 x ¥ 35.30 (per 1,000,000 events)
+ 250 x ¥ 8.69 (first 500 GB)
+ 500 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
= ¥ 5,899 per month
Example 1: Ningxia Region
GuardDuty processes
40,000,000 management events
2,000 GB of VPC Flow logs
1,000 GB of DNS Query Logs
Charges =
40 x ¥ 30 (per 1,000,000 management events)
+ 500 x ¥ 7.49 (first 500 GB)
+ 2,000 x ¥ 3.74 (next 2,000 GB)
+ 500 x ¥ 1.91 (next 7,500 GB)
= ¥ 13,380 per month
Example 2: Ningxia Region
GuardDuty processes
5,000,000 management events
200 GB of VPC Flow logs
50 GB of DNS Query Logs
Charges =
5 x ¥ 30 (per 1,000,000 events)
+ 250 x ¥ 7.49 (first 500 GB)
+ 500 * ¥ 6 (per 1,000,000 S3 data events for first 500 million)
= ¥ 4,648 per month
Optional protection plans
In addition to foundational log data sources, GuardDuty can use additional data from other Amazon Web Services services in your Amazon Web Services environment to monitor and analyze for potential security threats.
-
S3 Protection
-
EKS Protection
-
Malware Protection
-
Lambda Protection
-
S3 Protection
-
GuardDuty monitors threats against your Amazon S3 resources by analyzing Amazon CloudTrail management events and CloudTrail S3 data events. When the GuardDuty S3 Protection feature is turned on, GuardDuty continuously analyzes authenticated CloudTrail S3 data events, monitoring access and activity in your S3 buckets. CloudTrail S3 data event analysis is charged per 1 million events per month, is prorated, and is discounted with volume.
Pricing details - Beijing Region
Amazon CloudTrail S3 Data Event Analysis First 500 million events / month ¥ 7.10 per 1 million events Next 4500 million events / month ¥ 3.50 per 1 million events Over 5000 million events / month ¥ 1.70 per 1 million events Pricing details - Ningxia Region
Amazon CloudTrail S3 Data Event Analysis First 500 million events / month ¥ 6 per 1 million events Next 4500 million events / month ¥ 3 per 1 million events Over 5000 million events / month ¥ 1.50 per 1 million events Pricing examples
Example 1: Beijing Region
GuardDuty processes
200,000,000 S3 data eventsCharges =
200 * ¥ 7.10 (per 1,000,000 S3 data events for first 500 million)
= ¥1,420 per monthExample 2: Beijing Region
GuardDuty processes
1,000,000,000 S3 data eventsCharges =
500 * ¥ 3.50 (per 1,000,000 S3 data events for next 4500 million)
= ¥1,750 per monthExample 1: Ningxia Region
GuardDuty processes
200,000,000 S3 data eventsCharges =
200 * ¥ 6.00 (per 1,000,000 S3 data events for first 500 million)
= ¥1,200 per monthExample 2: Ningxia Region
GuardDuty processes
1,000,000,000 S3 data eventsCharges =
+ 500 * ¥ 3 (per 1,000,000 S3 data events for next 4500 million)
= ¥1,500 per month -
EKS Protection
-
Amazon Elastic Kubernetes Service (Amazon EKS) Protection in GuardDuty provides threat detection coverage to help you protect Amazon EKS clusters within your Amazon Web Services environment.
When the GuardDuty EKS Protection feature is activated, GuardDuty continuously analyzes Amazon EKS audit logs and optimizes costs by processing only events that are used for security analysis. Amazon EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume.
Pricing details - Beijing Region
Amazon EKS Audit Logs First 100 million events / month ¥ 16.00 per 1 million events Next 100 million events / month ¥ 8.00 per 1 million events Over 200 million events / month ¥ 2.04 per 1 million events Pricing details - Ningxia Region
Amazon EKS Audit Logs First 100 million events / month ¥ 12.00 per 1 million events Next 100 million events / month ¥ 6.00 per 1 million events Over 200 million events / month ¥ 1.50 per 1 million events Pricing examples
Example 1: Beijing Region
GuardDuty processes
200,000,000 Amazon EKS eventsCharges =
100 x ¥ 16.00 (per 1 million events for first 100 million events)
+ 100 x ¥ 8.00 (next 100 million events)
= ¥ 1,420 per monthExample 1: Ningxia Region
GuardDuty processes
200,000,000 Amazon EKS eventsCharges=
100 x ¥ 12.00 (per 1 million events for first 100 million events)
+ 100 x ¥ 6.00 (next 100 million events)= ¥ 1,600 per month
-
Malware Protection
-
GuardDuty identifies your resources that have already been compromised by malware, or those resources that are at risk. Malware Protection supports GuardDuty to detect the malware that may be the source of this compromise.
When the GuardDuty Malware Protection feature is turned on, Amazon Elastic Compute Cloud (EC2) instance or container workloads with detected behavior indicative of malware will have a replica of their attached Amazon Elastic Block Store (Amazon EBS) volumes scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Configurable guardrails that you set up can help you control spend, such as setting up notifications when usage exceeds a specified limit and the ability to control which Amazon EC2 instances to scan using tags. Also, attached EBS volumes over 1 TB (1,024 GB) are not scanned.
Amazon EBS snapshots are required for GuardDuty Malware Protection and are priced separately from GuardDuty Malware Protection. Please visit Amazon EBS pricing for details.
Pricing details - Beijing Region
EBS Data Volume Scan Analysis Per GB / month ¥ 0.2 per GB Pricing details - Ningxia Region
EBS Data Volume Scan Analysis Per GB / month ¥ 0.2 per GB Pricing examples
Example 1: Beijing Region
GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads
Charges =
500 x ¥ 0.2
= ¥100 per monthExample 1: Ningxia Region
GuardDuty scans 500 GB of data for malware from EBS volumes attached to EC2 instance and container workloads
Charges =
500 x ¥ 0.2
= ¥100 per month -
Lambda Protection
-
GuardDuty Lambda Protection continuously monitors network activity logs generated from the execution of Amazon Lambda functions to detect threats to Lambda, such as functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers.
Please note that expansion into additional forms of network activity monitoring will increase the volume of data that GuardDuty processes for Lambda Protection, and thus will increase the cost of the feature. Accordingly, Amazon Web Services will provide Lambda Protection customers with notice of additional network activity monitoring at least 30 days prior to their release. New and existing GuardDuty account holders can try optional GuardDuty protection plan features for 30 days at no cost on the Amazon Web Services Free Tier. During the free trial period and thereafter, you can always monitor your estimated monthly spend on the GuardDuty console usage page, broken down by data source.
Pricing details - Beijing Region
Network activity log analysis First 500 GB / month ¥ 8.69 per GB Next 2000 GB / month ¥ 4.38 per GB Next 7500 GB / month ¥ 2.19 per GB Over 10000 GB / month ¥ 1.34 per GB Pricing details - Ningxia Region
Network activity log analysis First 500 GB / month ¥ 7.49 per GB Next 2000 GB / month ¥ 3.74 per GB Next 7500 GB / month ¥ 1.91 per GB Over 10000 GB / month ¥ 1.15 per GB Pricing examples
Example 1: Beijing Region
GuardDuty processes
200 GB of VPC Flow Logs from Lambda functionsCharges =
200 x ¥ 8.69 (first 500 GB)
= ¥ 1,738 per monthExample 1: Ningxia Region
GuardDuty processes
200 GB of VPC Flow Logs from Lambda functionsCharges =
100 x ¥ 7.49 (first 500 GB)
= ¥ 1,498 per month
