GuardDuty Pricing Calculator - Threat Detection & Protection Plans

GuardDuty pricing calculator for AWS threat detection. Estimate Amazon GuardDuty monthly costs for CloudTrail event analysis, VPC Flow Logs, S3 Protection, EKS Protection, Lambda Protection, RDS Protection, Malware Protection, and Runtime Monitoring across all AWS regions.

+10 more

Frequently Asked Questions

How does GuardDuty foundational threat detection pricing work?

GuardDuty foundational threat detection analyzes CloudTrail management events at $4.00 per million events per month. VPC Flow Logs and DNS query logs use tiered pricing: first 500 GB at $1.00/GB, next 2,000 GB at $0.50/GB, next 7,500 GB at $0.25/GB, and over 10,000 GB at $0.15/GB. This foundational monitoring is required when GuardDuty is enabled.

What is GuardDuty S3 Protection and how is it priced?

S3 Protection monitors S3 data events (GetObject, PutObject, ListObjects, DeleteObject) for anomalous access patterns and potential data exfiltration. Pricing is tiered: first 500 million events at $0.80 per million, next 4.5 billion at $0.40/million, and over 5 billion at $0.20/million. This is automatically enabled for new GuardDuty accounts.

How does GuardDuty EKS Protection pricing work?

EKS Protection analyzes Kubernetes audit logs to detect threats in your EKS clusters. Tiered pricing: first 100 million events at $1.60 per million, next 100 million at $0.80/million, and over 200 million at $0.40/million. This covers API server activity, authentication attempts, and suspicious kubectl commands.

What is GuardDuty Runtime Monitoring?

Runtime Monitoring provides deep visibility into EC2, ECS, and EKS workloads by deploying a security agent. Pricing is approximately $0.0015 per vCPU-hour monitored. This detects runtime threats like cryptocurrency mining, container escapes, and suspicious process behavior. Note: VPC Flow Log charges are excluded when the agent is deployed.

What's included in the GuardDuty free trial?

GuardDuty offers a 30-day free trial for AWS accounts that have never enabled the service. During the trial, all features are included: foundational threat detection, S3 Protection, EKS Protection, Lambda Protection, RDS Protection, Malware Protection, and Runtime Monitoring. Monitor your estimated monthly spend in the GuardDuty console during the trial.

How is GuardDuty Malware Protection priced?

Malware Protection scans EBS volumes and S3 objects for malware at approximately $0.03 per GB scanned. EBS scans are triggered when GuardDuty detects suspicious behavior indicating malware. S3 scanning can be enabled for buckets to scan objects at upload time. Scans are performed using agentless technology.

What does GuardDuty RDS Protection monitor?

RDS Protection monitors Amazon RDS database login activity to identify potential threats like brute force attacks and anomalous access patterns. Pricing is approximately $0.15 per vCPU per month for monitored instances. It supports Aurora MySQL, Aurora PostgreSQL, and RDS for MySQL/PostgreSQL databases.

How does GuardDuty Lambda Protection work?

Lambda Protection monitors Lambda function network activity to detect suspicious behavior like communication with known malicious IP addresses or unusual data transfer patterns. Pricing is $1.00 per GB of network logs analyzed. This helps identify compromised Lambda functions or misconfigurations that could lead to data breaches.

Related tools you might like

CodeArtifact Pricing Calculator - Estimate AWS Artifact Repository Costs

CodeArtifact pricing calculator for package repository storage. Estimate costs for artifacts, requests, and data transfer across AWS regions.

AWS KMS Pricing Calculator - Keys, Requests & CloudHSM

KMS pricing calculator for encryption keys and cryptographic operations. Estimate key management costs with customer keys, requests, and CloudHSM by region.

Tip

Stop AWS bill surprises from happening.

Most infrastructure changes look harmless until you see next month's AWS bill. CloudBurn prevents this by analyzing the cost impact of your AWS CDK changes directly in GitHub pull requests, catching expensive mistakes during code review when fixes are quick, not weeks later when they're costly and risky.

Install CloudBurnShow Features

See the setup guide to get started.

← Back to tools