Amazon Inspector is a security assessment service for your Amazon EC2 instances and the applications running on those instances. Pricing is based on two dimensions, the number of EC2 instances included in each assessment, and the type(s) of rules package you select. An Inspector assessment can have any combination of two rules package types - host assessment rules packages and/or the network reachability rules package. Host assessment rules packages include Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior Analysis. If your assessments include both host rules packages and the network reachability rules package, you will be billed for both separately.
With Amazon Inspector, there are no upfront investments required, no additional software licenses or maintenance fees, and no need to purchase expensive hardware. Flexible pricing based on assessment type and the number of instances included in each assessment is ideal for applications deployed in the cloud. You only pay for what you use, and it provides the flexibility to support popular dynamic use cases like continuous deployment or auto scaling, where per-host or per-IP licensing models can be difficult to manage due to dynamic changes in your cloud environment.
Accounts that have never run an Amazon Inspector assessment are eligible for 250 agent-assessments with host rules packages and 250 instance-assessments with the network reachability rules package at no cost during your first 90 days. All other agent-assessments and instance-assessments will be billed at the pricing tiers in the pricing details tables below.
Pricing for the network reachability rules package
Pricing for host assessment rules packages
For any combination of Common Vulnerabilities and Exposures (CVE), Center for Internet Security (CIS) benchmarks, Security Best Practices, and Runtime Behavior Analysis included in assessments
Free Trial Details
Consider a scenario where you have 10 Amazon EC2 instances in your assessment target with the Inspector Agent installed on each instance. During the billing period, you run one assessment that includes both host assessment rules packages (example: CVE, CIS, and security best practices) and the network reachability rules package.
In this example, you would be billed for 10 host agent-assessments and 10 network reachability instance-assessments. The Amazon Inspector charges for your account for this billing period would be:
For host assessment rules packages: 10 agent-assessments @ $0.30 per agent-assessment
For network reachability rules package: 10 instance-assessments @ $0.15 per instance-assessment
Adding them up, the Amazon Inspector bill would be $3.00 for host agent-assessments and $1.50 for network reachability instance-assessments, for a total of $4.50.