Overview

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and anomalous behavior to protect your AWS accounts, workloads, Kubernetes clusters, and data stored in Amazon Simple Storage Service (Amazon S3). GuardDuty prices are based on the number of analyzed AWS CloudTrail events and Amazon Elastic Kubernetes Service (Amazon EKS) audit logs, as well as, the volume of Amazon Virtual Private Cloud (Amazon VPC) Flow Logs and DNS query logs. These services are directly integrated with GuardDuty, which means you don’t have to enable or pay for them separately. GuardDuty optimizes costs by applying smart filters and analyzing only a subset of logs relevant to threat detection.

CloudTrail management event analysis – GuardDuty continuously analyzes CloudTrail management events. Management events (also known as “control plane”) provide information about management operations that are performed on resources in your AWS account. CloudTrail management event analysis is charged per one million events per month and is prorated.

CloudTrail S3 data event analysis – GuardDuty continuously analyzes authenticated CloudTrail S3 data events, monitoring access and activity in all your S3 buckets. CloudTrail S3 data event analysis is charged per one million events per month, is prorated, and is discounted with volume.

Amazon EKS audit log analysis – Amazon GuardDuty continuously analyzes Amazon EKS audit logs and optimizes costs by only processing events that are used for security analysis. EKS audit log analysis is charged per one million audit logs per month, is prorated, and is discounted with volume. 

VPC Flow Log and DNS query log analysis – Amazon GuardDuty continuously analyzes Amazon VPC Flow Logs and DNS query logs. VPC Flow Log and DNS query log analysis is charged per gigabyte (GB) per month. Both VPC Flow Log and DNS query log analysis are discounted with volume.

Free trial

In supported regions, new Amazon GuardDuty account holders can try the service free for 30 days and gain access to all features and detection findings. The GuardDuty console indicates how many days are left in the free trial as well as average daily cost (based on volume of data analyzed), which takes the guesswork out of budget planning.

Pricing by region

Pricing examples

Example 1: In your environment, in one month, Amazon GuardDuty processes 40,000,000 AWS CloudTrail management events and 200,000,000 CloudTrail S3 data events in the US East (N. Virginia) region. In addition, 2,000 GB of VPC Flow Logs and 1,000 GB of DNS query logs are processed, for a total volume of 3,000 GB of logs.

Total Charges:

40 management events x $4.00 (40 million management events, priced per million)
+ 200 Amazon S3 data events x $0.80 (200 million data events, priced per million)
+ 500 GB logs x $1.00 (first 500 GB)
+ 2,000 GB logs x $0.50 (next 2,000 GB)
+ 500 GB logs x $0.25 (last 500 GB)

Total = $1,945 per month

Example 2: In your environment, in one month, Amazon GuardDuty processes 5,000,000 AWS CloudTrail management events and 1,000,000,000 CloudTrail S3 data events in the US East (N. Virginia) region. In addition, 200 GB of VPC Flow Logs and 50 GB of DNS query logs are processed, for a total volume of 250 GB of logs.

Total Charges:

Five management events x $4.00 (five million management events, priced per million)
+ 500 Amazon S3 data events x $0.80 (first 500 million data events, priced per million)
+ 500 Amazon S3 data events x $0.40 (next 500 million data events, priced per million)
+ 250 GB logs x $1.00 (first 500 GB)

Total = $870 per month

Example 3: In your Amazon Elastic Kubernetes Service (Amazon EKS) container environment, in one month, Amazon GuardDuty processes 200,000,000 Amazon EKS events in the US East (N. Virginia) region.

Total Charges:

100 EKS events x $1.60 (first 100 million events, priced per million)
+ 100 EKS events x $0.80 (next 100 million events, priced per million)

Total = $240 per month

Additional pricing resources

AWS Pricing Calculator

Easily calculate your monthly costs with AWS

Get pricing assistance

Contact AWS specialists to get a personalized quote

Standard Product Icons (Features) Squid Ink
Explore Amazon GuardDuty features

GuardDuty is a threat detection service that provides you with an accurate and easy way to continuously monitor and protect your AWS accounts and workloads.

Learn more 
Sign up for a free account
Sign up for a 30-day free trial

Try GuardDuty for 30-days at no cost. You will receive full access to GuardDuty features and its detection findings during the free trial.

Free trial 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with GuardDuty in the AWS Management Console.

Sign in