AWS IAM Access Analyzer pricing
Pricing Overview
IAM Access Analyzer guides you toward least privilege by providing tools to set, verify, and refine permissions. IAM Access Analyzer provides access analysis, policy checks, and policy generation.
When you enable IAM Access Analyzer, you create an analyzer, which is a resource that continuously evaluates your accounts or AWS organization for either external access or unused access. An analyzer generates access findings for your IAM roles, IAM users, and AWS resources. An external access analyzer creates public and cross-account access findings for resources, and is provided at no additional charge. An unused access analyzer is a paid feature that simplifies inspecting unused access to guide you toward least privilege. With this feature, you pay per IAM role or IAM user analyzed per analyzer per Region per month. IAM roles and users are global, so you can create an analyzer to cover multiple regions.
IAM Access Analyzer also offers two types of policy checks. IAM Access Analyzer policy validation guides you to author and validate secure and functional policies based on IAM best practices, and is provided at no additional charge. IAM Access Analyzer custom policy checks are a paid feature to validate that developer-authored policies adhere to your specified security standards ahead of deployments. Custom policy checks use the power of automated reasoning—provable security assurance backed by mathematical proof— so that security teams to proactively detect nonconformant updates to policies. For custom policy checks, you are charged based on the number of checks you run by calling the IAM Access Analyzer APIs.
IAM Access Analyzer policy generation creates a fine-grained policy based on the access activity captured in your logs and is provided at no additional charge.
Pricing
-
Unused access
-
Custom policy checks
-
Unused access
-
Pricing Examples
Example 1:
You have one account with 10 IAM users and 60 IAM roles. You have enabled the unused access analyzer for IAM Access Analyzer for this account in US East (N. Virginia) Region.
Total number of IAM roles or users analyzed in a month
10 users + 60 roles = 70 IAM roles and users
Cost of analysis
$0.20*70 IAM roles and users = $14 per month
Example 2:
You have 5 accounts in your AWS organization. You have enabled the unused access analyzer for this organization in US East (N. Virginia) Region. Following is a breakdown of number of IAM roles and users in each account and the total monthly cost.
Account # Number of IAM roles Number of IAM Users Total per account 1 150 10 160 2 200 15 215 3 100 20 120 4 250 10 260 5 80 15 95 Total IAM roles and users in the organization 850 Cost of analysis
$0.20*850 IAM roles and users = $170 per month
-
Custom policy checks
-
Pricing Examples
Example 1:
You have a single AWS account and make 1,000 calls per month to the IAM Access Analyzer APIs to run custom policy checks as a part of your automated policy review process.
Cost of analysis
$0.0020*1000 API calls = $2 per monthExample 2:
You make 10,000 calls each month to the IAM Access Analyzer APIs to run custom policy checks across 5 accounts signed up for consolidated billing with AWS Organizations.
Cost of analysis
$0.0020*10,000 API calls = $20 per month
Additional pricing resources
Easily calculate your monthly costs with AWS
Contact AWS specialists to get a personalized quote