Amazon Inspector is a security assessment service for your Amazon EC2 instances and the applications running on those instances. Pricing is based on two dimensions, the number of EC2 instances included in each assessment, and the type(s) of rules package you select. An Inspector assessment can have any combination of two rules package types - host assessment rules packages and/or the network reachability rules package. Host assessment rules packages include Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior Analysis. If your assessments include both host rules packages and the network reachability rules package, you will be billed for both separately.

With Amazon Inspector, there are no upfront investments required, no additional software licenses or maintenance fees, and no need to purchase expensive hardware. Flexible pricing based on assessment type and the number of instances included in each assessment is ideal for applications deployed in the cloud. You only pay for what you use, and it provides the flexibility to support popular dynamic use cases like continuous deployment or auto scaling, where per-host or per-IP licensing models can be difficult to manage due to dynamic changes in your cloud environment.

Free Trial

Accounts that have never run an Amazon Inspector assessment are eligible for 250 agent-assessments with host rules packages and 250 instance-assessments with the network reachability rules package at no cost during your first 90 days. All other agent-assessments and instance-assessments will be billed at the pricing tiers in the pricing details tables below.

Pricing for the network reachability rules package

Pricing for host assessment rules packages

For any combination of Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior Analysis included in assessments

Free Trial Details

Pricing example

Consider a scenario where you have 10 Amazon EC2 instances in your assessment target with the Inspector Agent installed on each instance. During the billing period, you run one assessment that includes both host assessment rules packages (example: CVE, CIS, and security best practices) and the network reachability rules package.

In this example, you would be billed for 10 host agent-assessments and 10 network reachability instance-assessments. The Amazon Inspector charges for your account for this billing period would be:

For host assessment rules packages: 10 agent-assessments @ $0.30 per agent-assessment
For network reachability rules package: 10 instance-assessments @ $0.15 per instance-assessment
Adding them up, the Amazon Inspector bill would be $3.00 for host agent-assessments and $1.50 for network reachability instance-assessments, for a total of $4.50.

Additional pricing resources

AWS Pricing Calculator

Easily calculate your monthly costs with AWS

Economics Resource Center

Additional resources for switching to AWS

Standard Product Icons (Features) Squid Ink
Learn how to get started

Find links to our developer's guide, helpful video, and console guides.

Learn more 
Sign up for a free account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Get started building with Amazon Cloud Directory in the AWS Console.

Sign in