CloudTrail Pricing Calculator - Trails, Lake & Insights Costs

CloudTrail pricing calculator for Trails and Lake. Estimate AWS CloudTrail costs for management events, data events, network activity, Insights analysis, and Lake storage with one-year or seven-year retention options.

+6 more

Frequently Asked Questions

What is the difference between CloudTrail Trails and CloudTrail Lake?

CloudTrail Trails deliver events to S3 buckets and optionally to CloudWatch Logs. The first copy of management events is free. Use Trails for compliance archival and integration with SIEM tools. CloudTrail Lake is a managed, query-ready event data store. Use Lake when you need to run SQL queries directly on your events without setting up additional infrastructure. For S3 storage costs, use our S3 calculator.

What's included in the CloudTrail Free Tier?

CloudTrail provides several free features: 90-day event history of management events viewable in the console, the first copy of management events delivered to S3, and a 30-day Lake trial with 5 GB ingest and 5 GB scan limits. Data events, network activity events, and additional copies of management events are always charged.

What is the difference between management and data events?

Management events (also called control plane operations) capture actions like CreateBucket, StartInstances, and IAM policy changes. They're typically lower volume but important for security auditing. Data events (data plane operations) capture high-volume actions like S3 GetObject and Lambda Invoke. Data events are charged at $0.10 per 100,000 while additional management event copies cost $2.00 per 100,000.

What is CloudTrail Insights and when should I use it?

CloudTrail Insights automatically analyzes your management and data events to detect unusual API call patterns, like a spike in failed API calls or changes in provisioning activity. Insights charges $0.35 per 100,000 management events and $0.03 per 100,000 data events analyzed. Use Insights for security monitoring and operational issue detection without building custom analysis tools.

Should I choose one-year or seven-year Lake retention?

One-year extendable retention charges $0.75/GB for CloudTrail events ingestion with the first year included, and $0.023/GB/month for extended retention (up to 10 years total). Best for monthly usage under 25 TB. Seven-year retention uses tiered ingestion pricing ($2.50/GB for first 5 TB, $1.00/GB for next 20 TB, $0.50/GB above 25 TB) with 7 years of retention included. Better for high-volume workloads exceeding 25 TB/month.

What are data event aggregations?

Data event aggregations consolidate your data events into 5-minute summaries showing key trends like access frequency, error rates, and most-used actions. Aggregations are charged at $0.03 per 100,000 events analyzed, in addition to the regular data event charges. Enable aggregations when you need trend analysis without storing every individual event detail.

When should I deliver CloudTrail events to CloudWatch Logs?

Delivering events to CloudWatch Logs enables real-time monitoring, alerting, and metric filters. This costs $0.25/GB for CloudTrail delivery plus standard CloudWatch Logs charges. Use CloudWatch delivery when you need immediate alerting on specific API activities. For CloudWatch costs, use our CloudWatch calculator.

Related tools you might like

GuardDuty Pricing Calculator - Threat Detection & Protection Plans

GuardDuty pricing calculator for threat detection and malware protection. Estimate security monitoring costs for VPC Flow Logs, CloudTrail, DNS logs, and S3.

AWS Glue Pricing Calculator - ETL Jobs, Crawlers, DataBrew & Data Catalog

Glue pricing calculator for ETL jobs, crawlers, DataBrew, and Data Catalog. Estimate data processing costs with DPU hours and storage by region.

Tip

Stop AWS bill surprises from happening.

Most infrastructure changes look harmless until you see next month's AWS bill. CloudBurn prevents this by analyzing the cost impact of your AWS CDK changes directly in GitHub pull requests, catching expensive mistakes during code review when fixes are quick, not weeks later when they're costly and risky.

Install CloudBurnShow Features

See the setup guide to get started.

← Back to tools