With AWS IoT Device Defender, you pay only for what you use and there are no minimum fees or mandatory service usage. You are billed separately for the Audit and Detect features.
Audit monitors your device-related policies, certificates, and other resources to ensure that the proper security configuration is in place. You can generate reports that identify deviations from recommended settings and access policies on a scheduled or ad-hoc basis.
Detect allows you to continuously monitor high-value security metrics data reported by your devices (e.g. the number of listening TCP/IP ports on your devices or list of IPs the device is communicating with) and the cloud (e.g. authorization failure count). The reported security metric datapoints are compared to user-defined rules to identify unexpected device behavior that may be indicative of a compromise (e.g. a device communicating with an unknown IP address). In case a compromise is detected, an alert notification is sent to Amazon SNS.
When you turn on Audit, you are charged based on the number of devices that have connected to AWS IoT Core in the month.
You are charged based on the number of metric datapoints reported to AWS IoT Device Defender for monitoring. A metric datapoint, for example, is the list of IPs that a device is communicating with at a specific time. Each metric datapoint is metered in increments of 0.1KB. You decide which metrics to report and how often.
Detect monitors both device-side and cloud-side metrics. Please see AWS IoT Device Defender User Documentation on how to use the AWS IoT SDK to control which device metrics are reported and how often. Cloud metrics (e.g. authorization failure counts from AWS IoT Core) are reported every 5 minutes. You can select which cloud metrics to report from the AWS IoT Device Defender console or via the UpdateSecurityProfile API.
With AWS IoT Device Defender, you will be billed separately for usage of Connectivity to AWS IoT Core but will not incur additional AWS IoT Core Messaging costs for metric datapoints reported to AWS IoT Device Defender. You will be billed separately for alert notification delivery via Amazon SNS.
The AWS Free Tier offers the following usage of AWS IoT Device Defender for new AWS customers:
- Audit - For all the devices in your fleet for the first month
- Detect - 1 million metric datapoints for the first month
Usage beyond these levels is billed at the published rates.
Pricing examples for AWS IoT Device Defender components
You have 10,000 devices that connect to AWS IoT Core every month. Your cost for Audit would be calculated as follows:
Charges = 10,000 devices X $0.0011 per device per month = $11 per month
Your 10,000 devices are also each reporting one metric (e.g., list of IPs the device is communicating with) at the rate of 10 datapoints per hour. Your cost for Detect would be calculated as follows:
Number of metric datapoints per month = 10,000 devices X 1 metric X 10 datapoints per hour X 24 hours per day X 30 days per month = 72 million
Charges = 72 million metric datapoints per month X $0.25 per 1 million metric datapoints = $18 per month
Your total monthly cost for AWS IoT Device Defender is as follows:
Total Monthly Charges = $11 Audit cost + $18 Detect cost = $29.00
Discover more AWS IoT Device Defender features