AWS CloudTrail pricing
Why AWS CloudTrail?
AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking your user activity and API calls.
AWS Free Tier
To learn more about event history, AWS CloudTrail Lake, and trails, see CloudTrail features.
| Event history | CloudTrail logs management events across AWS services by default and is available for no charge. You can view, search, and download the most recent 90-day history of your account’s control plane activity at no additional cost using CloudTrail in the CloudTrail console. You can also use the CloudTrail lookup-events API to achieve this. |
|---|---|
| Lake | If you’re a new customer, you can try CloudTrail Lake for 30 days at no additional cost. You’ll have access to the full feature set during this time. During the 30-day free trial period, you’ll have the following limits:
Your free trial expires after 30 days or when you reach the free usage limits, whichever comes first. When your free trial expires, you can continue using CloudTrail Lake without interruption at the standard, pay-as-you-go service rates described in the Paid Tier section. |
| Trails | You can deliver one copy of your ongoing management events to your Amazon Simple Storage Service (S3) bucket for free by creating trails. Limits may apply. |
Paid Tier
-
Lake
-
Trails
-
Insights
-
Lake
-
For CloudTrail Lake, you pay for data ingestion, retention, and analysis. Ingestion charges are based on the volume and type of data ingested to your event data store(s). Retention charges are based on the selected pricing option and the volume of data retained within your event data store(s). Data querying, performed by CloudTrail Lake, charges are based on the amount of data scanned by your queries. The same data querying charges apply when you run a SQL query created with the natural language query generation feature. CloudTrail Lake offers two pricing options: (1) one-year extendable retention pricing and (2) seven-year retention pricing.
- One-year extendable retention pricing is recommended if your monthly usage is under 25 TB. The first year of data retention is included with the ingestion cost, and you can extend your retention period to a maximum of 10 years.
- Seven-year retention pricing is recommended if your monthly usage exceeds 25 TB. Seven years of retention are included with the ingestion cost, and the retention period cannot be extended past 7 years.
For querying, choose which data to analyze, and pay as you proceed. Queries performed by Amazon Athena on CloudTrail Lake data will be charged as Athena query pricing.
One-year extendable retention pricing
Seven-year retention pricingData ingestion*
CloudTrail management, data, and network activity events: $0.75/GB
Other AWS and non-AWS auditable data sources**: $0.50/GB
First 5 TB/month: $2.5 per GB
Next 20 TB/month: $1 per GB
Over 25 TB/month: $0.50 per GBData retention*
The retention period is calculated starting from event-time and not from the time the event was ingested into CloudTrail Lake.
The first year of data retention is included with the ingestion cost.
Extended data retention available at $0.023/GB/monthSeven years of data retention are included with the ingestion cost.
Maximum data retention period
10 years
7 years
Data queries performed by CloudTrail Lake*
For queries performed by Amazon Athena, see Athena pricing.
$0.005/GB of data scanned
$0.005/GB of data scanned
* Data ingestion charges are based on uncompressed data while data retention, and data querying performed by CloudTrail Lake are based on optimized and compressed data. To understand how to better calculate how this will affect your costs, view our documentation.
** This includes CloudTrail Insights events, configuration items from AWS Config, evidence from AWS Audit Manager, (uncompressed) historical CloudTrail logs imported from S3, and non-AWS sources.
- One-year extendable retention pricing is recommended if your monthly usage is under 25 TB. The first year of data retention is included with the ingestion cost, and you can extend your retention period to a maximum of 10 years.
-
Trails
-
Pay for only what you use. No minimum fee is required. You can deliver additional copies of events, including data and network activity events, by using trails. Amazon S3 charges apply and are not included in the listed pricing.
Note: If the management account has an organization trail that delivers management events, the same events delivered with trails created in member accounts are charged as additional copies.
Feature Pricing
Management events delivered to Amazon S3 $2.00 per 100,000 management events delivered (after first free copy; see AWS Free Tier for details) Data events delivered to Amazon S3 $0.10 per 100,000 data events delivered
Network activity events delivered to Amazon S3 $0.10 per 100,000 network activity events delivered -
Insights
-
CloudTrail Insights is charged based on the number of management events analyzed per Insights type. You can enable CloudTrail Insights events in your trails or in your CloudTrail Lake event data store. You will be charged separately if you enable Insights for both a trail and a CloudTrail Lake event data store.
Feature Pricing
CloudTrail Insights $0.35 per 100,000 events analyzed per Insight type
Pricing examples
Note: CloudTrail usage is calculated in binary gigabytes (GB), where 1 GB is 230 bytes. This unit of measurement is also known as a gibibyte (GiB), defined by the International Electrotechnical Commission (IEC). Similarly, 1 TB is 240 bytes or 1024 GBs.
Example 1: Ingesting and storing events using CloudTrail Lake
You have 1 TB (1024 GB) of CloudTrail management and data events ingested to CloudTrail Lake from CloudTrail in a given month in your account. You want to choose a retention period of 1 year on your event data store. You have two options:
Option 1 (Recommended): CloudTrail Lake charges with one-year extendable retention pricing option
When you choose the one-year extendable retention pricing for CloudTrail Lake, your first year of retention is included with the ingestion cost.
Ingestion charge for the month: 1024 GB * $0.75/GB = $768
Total CloudTrail Lake charges for ingesting the monthly usage data of 1 TB and storing it for the configured retention period of 1 year = $768
Option 2: CloudTrail Lake seven-year retention pricing option
When you choose the seven-year retention pricing for CloudTrail Lake, 7 years of retention comes at no additional charge to your ingestion costs.
Ingestion for the month (includes retention of 7 years): 1024 GB * $2.5/GB = $2560
Total CloudTrail Lake charges for ingesting the monthly usage data of 1 TB and storing it for the configured retention period of 1 year = $2560
Savings with recommendation
For this example, the one-year extendable retention pricing is 70% less compared to the seven-year retention pricing ($768 vs $2560). For monthly ingestion usage needs below 25 TB, one-year extendable retention pricing is recommended.
Example 2: Ingesting and storing events using CloudTrail Lake
You have 25 TB of CloudTrail management and data events ingested to CloudTrail Lake from CloudTrail in a given month in your account. You have chosen a retention period of 3 years on your event data store. You have two options:
Option 1 (Recommended): CloudTrail Lake charges with one-year extendable retention pricing option
When you choose the one-year extendable retention pricing for CloudTrail Lake, your first year of retention is included with the ingestion cost. So, in this example, you will be paying extended retention charges after the first year on a monthly basis since you have chosen a retention period of 3 years.
Ingestion charge: 25600 GB * $0.75/GB = $19,200
Extended retention charges for the configured retention period: Assume that the 25 TB of monthly ingested data was compressed to 8 TB for storing in CloudTrail Lake. For the first year (366 days), you do not incur any additional retention charges. Starting on day 367 after ingestion, you will incur a monthly retention charge of 8192 GB * 0.023/GB/month = $188.4. Hence your total extended retention charges for the total duration of configured retention period of 3 years = $188.4/month * (36-12) months =$4,522
Total CloudTrail Lake charges for ingesting the monthly usage data of 25 TB and storing it for the configured retention period of 3 years = $19,200 + $4,522 = $23,722
Option 2: CloudTrail Lake seven-year retention pricing option
When you choose the seven-year retention pricing for CloudTrail Lake, 7 years of retention comes at no additional charge to your ingestion costs.
Ingestion charge for the month: First 5 TB at $2.5/GB ($12,800) + Next 20 TB at $1/GB ($20,480) = $33,280.
Total CloudTrail Lake charges for ingesting the monthly usage data and storing it for the configured retention period of 3 years = $33,280.
Savings with recommendation
For this example, the one-year extendable retention pricing option is cheaper by 28% compared to seven-year retention pricing ($23,722 vs $33,280). For monthly ingestion usage needs below 25 TB, the one-year extendable retention pricing is recommended.
Example 3: Ingesting and storing events using CloudTrail Lake
You have 50 TB of live CloudTrail management and data events ingested to CloudTrail Lake in a given month in your account. You have configured a retention period of 7 years on your event data store. You have two options:
Option 1: CloudTrail Lake charges with one-year extendable retention pricing option
When you choose the one-year extendable retention pricing for CloudTrail Lake, your first year of retention is included with the ingestion cost. So, in this example, you will be paying extended retention charges after the first year on a monthly basis.
Ingestion charge for the month: 50 * 1024 GB * $0.75/GB = $38,400
Extended retention charges for the configured retention period: Assume that the 50 TB of monthly ingested data was compressed to 17 TB for storing in CloudTrail Lake. For the first year (366 days), you do not incur any additional retention charges. Starting on day 367 after ingestion, you will incur a monthly retention charge of 17 TB * 0.023/GB/month = $400. Hence your extended retention charges for the total duration of configured retention period of 7 years = $400/month * (84-12) months = $28,800
Total CloudTrail Lake charges for ingesting the monthly usage data of 50 TB and storing it for the configured retention period of 7 years = $38,400 + $28,800 = $67,200
Option 2 (Recommended): CloudTrail Lake seven-year retention pricing option
When you choose the seven-year retention pricing for CloudTrail Lake, 7 years of retention comes at no additional charge to your ingestion costs.
Ingestion charges for the month:
First 5 TB at $2.5/GB ( $12,800)
+ Next 20 TB at $1/GB ($20,480)
+ Next 25 TB at $0.5/GB ( $12,800)
= $46,080.
Total CloudTrail Lake charges for ingesting the monthly usage data and storing it for the configured retention period of 7 years = $46,080.
Savings with recommendation
For this example, the seven-year retention pricing option is cheaper than the one-year extendable retention pricing option by 31% ($46,080 vs $67,200). If your monthly usage exceeds 25 TB and you need a seven-year retention period, it is recommended to go with the seven-year retention pricing.
Example 4: Import historical CloudTrail event logs from S3 to CloudTrail Lake
Assume that you have stored one year's worth of CloudTrail events in S3 and that corresponds to 700 GB of storage. These events are stored in a GZIP (compressed) format. The import feature will first unzip the data, and then import these events to CloudTrail Lake. The unzipped data could be greater than the actual S3 storage (typically 5-10 times) and therefore the data metered and imported into CloudTrail Lake will be higher from the stored GZIP in S3. Let’s assume that 700 GB of S3 stored events translates to 7000 GB of events uncompressed and imported to CloudTrail Lake. You have chosen a retention period of 1 year for your CloudTrail Lake event data store. You have two options:
Option 1 (Recommended): CloudTrail Lake charges with one-year extendable retention pricing option
For importing historical CloudTrail events from S3 to CloudTrail Lake, the one-year extendable retention pricing is $0.5/GB.
CloudTrail Lake charge from import for the month = 7000 GB *$ 0.5/GB= $3,500.
Option 2: CloudTrail Lake charges with seven-year retention pricing option
First 5 TB at $2.5 per GB = $12,800
Next 2 TB at $1 per GB = $2,048
Total CloudTrail Lake import charges for the month = $12,800 + $2,048 = $14,848.
Savings with recommendation
For this example, the one-year extendable retention pricing is cheaper by 76% compared to the seven-year retention pricing ($3,500 vs $14,848). The one-year extendable retention pricing is generally more cost-effective and recommended for data sources other than live CloudTrail management and data events ingested in by CloudTrail.
Note: Before copying trail events, check the retention period of the event data store. CloudTrail only copies trail events that have an eventTime within the event data store’s retention period. For example, if an event data store’s retention period is 90 days, then CloudTrail will not copy any trail events with an eventTime older than 90 days. We recommend that when you choose a retention period, you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 6 months old and specify a retention period of 1 year, the event data store will retain those events for 6 months from the time of ingestion.
Example 5: Ingestion of configuration items in CloudTrail Lake
Assume that you have 100 GB of configuration items from AWS Config ingested to CloudTrail Lake in a given month in your account. You have configured a retention period of 1 year on your event data store. You have two options:
Option 1 (Recommended): CloudTrail Lake charges with one-year extendable retention pricing option
For ingesting configuration items to CloudTrail Lake, the one-year extendable retention pricing is $0.5/GB.
CloudTrail Lake data ingestion charge for the month = 100 GB *$ 0.5/GB= $50.
Option 2: CloudTrail Lake seven-year retention pricing option
CloudTrail Lake ingestion charge for the month = 100 GB *$ 2.5/GB= $250.
Savings with recommendation:
For this example, the one-year extendable retention pricing is cheaper by 80% compared to the seven-year retention pricing ($50 vs $250). The one-year extendable retention pricing is generally more cost-effective for monthly usage under 25 TB.
Note: AWS Config recording charges still apply when you ingest configuration items to CloudTrail Lake, and should be added to the total.
Example 6: Recording and analyzing events using CloudTrail Lake queries & dashboards
You have 1 TB of events ingested to CloudTrail Lake in a given month in your account. You also designed your queries to scan this data twice in that month. Now you enabled CloudTrail Lake dashboards that scanned this data three times in that month. Configured retention period is 1 year. You have two options:
Option 1 (Recommended): CloudTrail Lake charges with one-year extendable retention pricing option
Monthly ingestion charges (includes retention for 1 year): 1024 GB * $0.75/GB = $768
Data Scanned charges:
1 TB scanned two times by your ad-hoc queries at $0.005 per GB = 2 * 1024 GB *$0.005/GB = $10.24
1 TB scanned three times by CloudTrail Lake dashboards triggered queries at $0.005 per GB = 3* 1024 GB * $0.005/GB = $15.36
Total data scanned charges = $10.24 + $15.36 = $25.6
Total CloudTrail Lake ingestion and analysis charges for the month = $768 + $25.6 = $793.6
Option 2: CloudTrail Lake seven-year retention pricing option
Monthly ingestion charges (includes retention of 7 years): 1024 GB * $2.5 per GB = $2560
Monthly Data Scanned charges:
1 TB scanned two times by your ad-hoc queries at $0.005 per GB = 2 * 1024 GB *$0.005/GB = $10.24
1 TB scanned three times by CloudTrail Lake dashboards triggered queries at $0.005 per GB = 3* 1024 GB * $0.005/GB = $15.36
Total data scanned charges for the month = $10.24 + $15.36 = $25.6
Total CloudTrail Lake ingestion and analysis charges for the month = $2560 + $25.6 = $2,585.6
Unlike your CloudTrail Lake ingestion charges, your CloudTrail Lake analysis charges are independent of the chosen retention pricing option.
Example 7: Delivering management, data, and network activity events plus additional copies of management and data events through trails
You have the following usage in a given month:
5 million management events delivered
10 million data events delivered
5 million data events are copied across organizations and account-level trails
5 million network activity events delivered
2.5 million management events are copied across organizations and account-level trails
First copy of management events delivered at $0: 5,000,000 * $0 = $0
Data events at $0.10 per 100,000 events = (10,000,000 + 5,000,000 additional copies of data events delivered) / 100,000 * $0.10 = $15
Network activity events at $0.10 per 100,000 events = 5,000,000 / 100,000 * $0.10 = $5
Copies of management events delivered at $2.00 per 100,000 events = 2,500,000 / 100,000 * $2.00 = $50
CloudTrail charges for the month = $15 + $5 + $50 = $70
You will also incur charges for S3 storage and analysis, which are not yet included in this pricing calculation.
Example 8: Identifying unusual activities with CloudTrail Insights
You have the following usage in a given month:
300,000,000 management events delivered to S3
20,000,000 write management events analyzed by CloudTrail Insights
Cost of CloudTrail trails:
First copy of management events delivered at $0: 300,000,000 * $0 = $0
CloudTrail trails charges for the month = $0
Cost of CloudTrail Insights:
CloudTrail Insights events analyzed at $0.35 per 100,000 events = 20,000,000 / 100,000 * $0.35 = $70
CloudTrail Insights charges = $70
Total CloudTrail charges for the month = $70
Additional pricing resources
Easily calculate your monthly costs with AWS.
Contact AWS specialists to get a personalized quote.