AWS Verified Access Pricing

Overview

With AWS Verified Access, you only pay for what you use. There is no upfront commitment or minimum fee. Verified Access supports secure connectivity to two types of applications: HTTP(S) and non-HTTP(S), with pricing for each outlined below. Additionally, you incur standard AWS data transfer charges for all data transferred using Verified Access.

Photo of calculator
  • HTTP(S) Applications

  • Pricing table for HTTP(S) applications

    There are two pricing dimensions that determine your Verified Access bill for HTTP(S) applications 1) hourly charges for associated applications, and 2) per-GB charges for data processed.

    Application hours

    You are charged per hour for each application associated with an active HTTP(S) Verified Access endpoint. Each partial application hour (app-hour) consumed is billed as a full hour. For example, if you associate 10 applications with 10 Verified Access endpoints, each for an hour, you will be charged 10 app-hours.

    GB of data processed

    You are also charged per GB for data processed by Verified Access. When users request access or connect to your applications, Verified Access processes the data flowing between users and the application. For example, if all your applications using Verified Access require 10 GB of total data processing, you will be charged for that 10 GB of data processed.

    Pricing examples for AWS Verified Access for HTTP applications

    Example 1:

    You created a Verified Access in US East (Ohio) and associated 10 applications. These 10 applications were associated for an hour, resulting in 10 app-hours. Also, each app required 0.5 GB for data processing. We will charge $0.27/hr for each app and 5 GB for data process, resulting in a bill of $2.80. The following table shows the cost breakdown.

    App hours 10 hours * $0.27 $2.70
    Data processing 0.5 GB * 10 applications * $0.02 $0.10
    Total charge   $2.80

    Example 2:

    You created a Verified Access in US East (Ohio) and associated 300 applications. These 300 applications were associated for a month with 31 days. This will result in 223,200 app hours. Also, each application required 1 GB for data processing. The total charge will be $55,062.00, and the below table provides the details.

    First 148,800 app hours 148,800 hours * $0.27     $40,176.00
    Next 74,400 (223,200-148,800) app hours         74,400 hours * $0.20                                   $14,880.00
    Data processing                                                     1 GB * 300 applications * $0.02 $6.00
    Total charge   $55,062.00
  • Non-HTTP(S) applications

  • Pricing table for non-HTTP(S) applications

    There are two pricing dimensions that determine your Verified Access bill for non-HTTP(S) applications 1) Non-HTTP endpoint hours, and 2) per-connection to Verified Access instance. Non-HTTP endpoints can include ENI, load-balancers, RDS instance, RDS proxy, RDS database, or a network within a VPC defined by an IP address range.

    Non-HTTP endpoint hours

    You can create non-HTTP Verified Access endpoints to enable secure access to your applications and infrastructure resources that are accessed over non-HTTP protocols such as TCP, SSH, and RDP. You will be charged for each hour that your non-HTTP Verified Access endpoint remains active. Charging begins once an endpoint is created, and each partial hour consumed is prorated for the hour.

    Connections

    With every non-HTTP endpoint, you receive up to 100 free client connections per hour, from user’s devices to Verified Access. You will be charged for every connection beyond the total number of free connections (number of non-HTTP endpoints * 100). For example, if you create 2 endpoints, you will receive up to 200 free connections and will only pay for any connections beyond 200. Any connection that is less than an hour is also prorated for the hour. Each partial connection-hour consumed is prorated for the hour.

    Pricing table for non-HTTP(s) endpoints

    Pricing examples for AWS Verified Access for non-HTTP applications

    Example 1:

    You created a Verified Access instance in US East 1 (N. Virginia) and created 10 non-HTTP endpoints. The 10 endpoints were active for an hour, resulting in a total of 10 non-HTTP endpoint hours, cumulatively billed at $2 per hour. The 10 endpoints also included up to an aggregate of 1000 free connections (10 endpoints * 100 free connections per endpoint). If you had 500 connections from user devices to the Verified Access instance to access non-HTTP apps , it would result in a $0 charge for connections, as the endpoints covered up to 1000 free connections. The following table shows the cost breakdown.

    Endpoint hours 10 endpoint hours * $0.2 $2.00
    Connections 0 connections above free limit * 0.001 $0.00
    Total charge   $2.00

    Example 2:

    You created a Verified Access instance in US East 2 (Ohio) and created 30 non-HTTP endpoints. The 30 endpoints were active for 31 days, resulting in 22320 non-HTTP endpoint hours (30 endpoints * 31 days * 24 hours). The 30 endpoints also included up to an aggregate of 3000 free connections (30 endpoints * 100 free connections per endpoint). If you had 3500 connections for every hour for 31 days from user devices to the Verified Access instance to access non-HTTP apps, you will only be billed for hours associated with 500 connections since 3000 free connections are included with the 30 active endpoints. You will be billed for 372000 connection hours for 500 connections that are active for every hour for 31 days. The following table shows the cost breakdown.

    Endpoint hours 22,320 endpoint hours * $0.2 $4,464.00
    Connections 372,000 * 0.001 connections above free limit $372.00
    Total charge   $4,836.00

Additional pricing resources