AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking your user activity and API calls.
AWS Free Tier
To learn more about event history, AWS CloudTrail Lake, and trails, see CloudTrail features.
| Event history | CloudTrail logs management events across AWS services by default and is available for no charge. You can view, search, and download the most recent 90-day history of your account’s control plane activity at no additional cost using CloudTrail in the CloudTrail console. You can also use the CloudTrail lookup-events API to achieve this. |
|---|---|
| Lake | If you’re a new customer, you can try CloudTrail Lake for 30 days at no additional cost. You’ll have access to the full feature set during this time. During the 30-day free trial period, you’ll have the following limits:
Your free trial expires after 30 days or when you reach the free usage limits, whichever comes first. When your free trial expires, you can continue using CloudTrail Lake without interruption at the standard, pay-as-you-go service rates described in the Paid Tier section. |
| Trails | You can deliver one copy of your ongoing management events to your Amazon Simple Storage Service (S3) bucket for free by creating trails. Limits may apply. |
Paid Tier
-
Lake
-
Trails
-
Insights
-
Lake
-
For CloudTrail Lake, you pay for ingestion and storage together, where the billing is based on the amount of uncompressed data ingested. You can store your data for up to seven years. The ingestion and storage price and tiering remain the same for the following features:
- Ingestion of AWS sources including configuration items from AWS Config
- Ingestion of non-AWS sources
- Import from Amazon S3
For querying, choose which data to analyze, and pay as you proceed.
Feature Monthly pricing
Ingest and store
(price includes seven years of storage)
First 5 TB: $2.5 per GB
Next 20 TB: $1 per GB
Over 25 TB: $0.5 per GB
Analyze $0.005 per GB of data scanned
- Ingestion of AWS sources including configuration items from AWS Config
-
Trails
-
Pay for only what you use. No minimum fee is required. You can deliver additional copies of events, including data events, by using trails. Amazon S3 charges apply and are not included in the listed pricing.
Note: If the management account has an organization trail that delivers management events, the same events delivered with trails created in member accounts are charged as additional copies.
Feature Pricing
Management events delivered to Amazon S3 $2.00 per 100,000 management events delivered (after first free copy; see AWS Free Tier for details) Data events delivered to Amazon S3 $0.10 per 100,000 data events delivered
-
Insights
-
For CloudTrail Insights, choose which event to analyze and pay as you go. You can enable CloudTrail Insights events in your trails.
Feature Pricing
CloudTrail Insights $0.35 per 100,000 events analyzed per Insight type
Pricing examples
Note: CloudTrail usage is calculated in binary gigabytes (GB), where 1 GB is 230 bytes. This unit of measurement is also known as a gibibyte (GiB), defined by the International Electrotechnical Commission (IEC). Similarly, 1 TB is 240 bytes or 1024 GBs.
Example 1: Recording and analyzing events using CloudTrail Lake queries
You have 10 GB of events ingested to CloudTrail Lake (including management events, data events, configuration items, activity events from non-AWS sources) in a given month in your account. You also designed your queries to scan this data twice in that month.
Monthly ingestion and storage charges: 10 GB * $2.5 per GB = $25
Monthly data scanned: 10 GB scanned two times * 0.005 per GB = $0.1
First scan: 10 GB * 0.005 = $0.05
Second scan: 10 GB * 0.005 = $0.05
Total scans: $0.05 + $0.050 = $0.10
Monthly CloudTrail Lake charges: $25 + $0.1 = $25.1
Example 2: Recording and analyzing events using CloudTrail Lake queries & dashboards
You have 50 TB of events ingested to CloudTrail Lake in a given month in your account. You also designed your queries to scan this data twice in that month. Now you enabled CloudTrail Lake dashboards that scanned this data three in that month.
Monthly ingestion and storage charges:
First 5 TB at $2.5 per GB = $12,800
Next 20 TB at $1 per GB = $20,480
Next 25 TB at $0.5 per GB = $12,800
Total of monthly ingestion and storage charges = $12,800 + $20,480 + $12,800 = $46,080
Monthly Data Scanned charges:
50 TB scanned two times by your ad-hoc queries at $0.005 per GB = $512
50 TB scanned three times by CloudTrail Lake dashboards triggered queries at $0.005 per GB = $768
Total of monthly data scanned charges = $512 + $768 = $1280
Monthly CloudTrail Lake charges = $46,080 + $1280 = $47,360
Example 3: Delivering management events through trails
You have 3 billion management events delivered to S3 in a given month.
First copy of management events delivered at $0: 3,000,000,000 * $0 = $0
Monthly CloudTrail charges = $0
S3 storage and analysis are not included in this pricing.
Example 4: Delivering management and data events plus additional copies through trails
You have the following usage in a given month:
5 billion management events delivered
10 billion data events delivered
2.5 billion management events are copied across organizations and account-level trails
5 billion data events are copied across organizations and account-level trails
First copy of management events delivered at $0: 5,000,000,000 * $0 = $0
Data events at $0.10 per 100,000 events = (10,000,000,000 + 5,000,000,000 additional copies of data events delivered) / 100,000 * $0.10 = $15,000
Copies of management events delivered at $2.00 per 100,000 events = 2,500,000,000 / 100,000 * $2.00 = $50,000
Monthly CloudTrail charges = $15,000 + $50,000 = $65,000
S3 storage and analysis is not included in this pricing.
Example 5: Identifying unusual activities with CloudTrail Insights
You have the following usage in a given month:
300,000,000 management events delivered to S3
20,000,000 write management events analyzed by CloudTrail Insights
Cost of CloudTrail trails:
First copy of management events delivered at $0: 300,000,000 * $0 = $0
Monthly CloudTrail trails charges = $0
Cost of CloudTrail Insights:
CloudTrail Insights events analyzed at $0.35 per 100,000 events = 20,000,000 / 100,000 * $0.35 = $70
Monthly CloudTrail Insights charges = $70
Total monthly CloudTrail charges = $70
Example 6: Import CloudTrail event log from S3
Assume that you have stored one year's worth of CloudTrail events in S3 and that corresponds to 700 GB of storage. These events are stored in a GZIP (compressed) format. The import feature will first unzip the data, and then import these events to CloudTrail Lake. The unzipped data could be greater than the actual S3 storage (typically 5-10 times) and therefore the data metered and imported into CloudTrail Lake will be higher from the stored GZIP in S3.
Example:
700 GB of S3 stored events, assuming this results in 7000 GB of events uncompressed and imported.
First 5 TB at $2.5 per GB = $12,800
Next 2 TB at $1 per GB = $2,048
Total CloudTrail Lake import charges = $12,800 + $2,048 = $14,848.
Note: This pricing uses the same tier as CloudTrail Lake.
Additional pricing resources
Easily calculate your monthly costs with AWS.
Contact AWS specialists to get a personalized quote.
Get started building with AWS CloudTrail in the AWS Management Console.
