With AWS IoT Device Defender, you pay only for what you use and there are no minimum fees or mandatory service usage. You are billed separately for the Audit and Detect features.

Audit monitors your device-related policies, certificates, and other resources to ensure that the proper security configuration is in place. You can generate reports that identify deviations from recommended settings and access policies on a scheduled or ad-hoc basis.

Detect allows you to continuously monitor high-value security metrics data reported by your devices (e.g. the number of listening TCP/IP ports on your devices or list of IPs the device is communicating with) and the cloud (e.g. authorization failure count). The reported security metric datapoints are compared to user-defined rules to identify unexpected device behavior that may be indicative of a compromise (e.g. a device communicating with an unknown IP address). In case a compromise is detected, an alert notification is sent to Amazon SNS.

Audit pricing

When you turn on Audit, you are charged based on the number of devices that have connected to AWS IoT Core in the month.

  Price per 1,000 devices audited monthly (Beijing) Price per 1,000 devices audited monthy (Ningxia)
Tier 1 (Up to 100,000 devices) ¥ 10.4 ¥ 10.4
Tier 2 (Over 100,000 devices) ¥ 9.47 ¥ 9.47

Detect pricing

You are charged based on the number of metric datapoints reported to AWS IoT Device Defender for monitoring. A metric datapoint, for example, is the list of IPs that a device is communicating with at a specific time. Each metric datapoint is metered in increments of 0.1KB. You decide which metrics to report and how often.

Detect monitors both device-side and cloud-side metrics. Please see AWS IoT Device Defender User Documentation on how to use the AWS IoT SDK to control which device metrics are reported and how often. Cloud metrics (e.g. authorization failure counts from AWS IoT Core) are reported every 5 minutes. You can select which cloud metrics to report from the AWS IoT Device Defender console or via the UpdateSecurityProfile API

  Price per 1 million metrics (Beijing) Price per 1 million metrics (Ningxia)
Tier 1 (Up to 10 billion metric datapoints) ¥ 2.38 ¥ 2.38
Tier 2 (Over 10 billion metric datapoints) ¥ 1.89 ¥ 1.89

Pricing examples for AWS IoT Device Defender components


You have 10,000 devices that connect to AWS IoT Core every month. Your cost for Audit would be calculated as follows:

Charges = 10,000 devices X ¥0.0104 per device per month = ¥104 per month


Your 10,000 devices are also each reporting one metric (e.g., list of IPs the device is communicating with) at the rate of 10 datapoints per hour. Your cost for Detect would be calculated as follows:

Number of metric datapoints per month = 10,000 devices X 1 metric X 10 datapoints per hour X 24 hours per day X 30 days per month = 72 million

Charges = 72 million metric datapoints per month X ¥2.38 per 1 million metric datapoints = ¥171.36 per month

Total Monthly Charges for AWS IoT Device Defender

Your total monthly cost for AWS IoT Device Defender is as follows:

Total Monthly Charges = ¥104 Audit cost + ¥171.36 Detect cost = ¥275.36