AWS CloudTrail pricing

AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking your user activity and API calls.

To learn more about event history, AWS CloudTrail Lake, and trails, see CloudTrail features.

Note: CloudTrail usage is calculated in binary gigabytes (GB), where 1 GB is 2³⁰ bytes. This unit of measurement is also known as a gibibyte (GiB), defined by the International Electrotechnical Commission (IEC). Similarly, 1 TB is 2⁴⁰ bytes or 1024 GBs.

You have 10 GB of events ingested to CloudTrail Lake (including management events, data events, and configuration items) in a given month in your account. You also designed your queries to scan this data twice in that month.

Monthly ingestion and storage charges: 10 GB * $2.5 per GB = $25
Monthly data scanned: 10 GB scanned two times * 0.005 per GB = $0.1
               First scan: 10 GB * 0.005 = $0.05
               Second scan: 10 GB * 0.005 = $0.05
               Total scans: $0.05 + $0.050 = $0.10

Monthly CloudTrail Lake charges: $25 +  $0.1 = $25.1

You have 50 TB of events ingested to CloudTrail Lake (including management events, data events, and configuration items) in a given month in your account. You also designed your queries to scan this data twice in that month.

Monthly ingestion and storage charges = $46,080

First 5 TB at $2.5 per GB = $12,800
Next 20 TB at $1 per GB = $20,480
Next 25 TB at $0.5 per GB = $12,800

Monthly Data Scanned
50 TB scanned two times at $0.005 per GB = $512

Monthly CloudTrail Lake charges = $46,080 + $512 = $46,592

You have 3 billion management events delivered to S3 in a given month.

First copy of management events delivered at $0: 3,000,000,000 * $0 = $0

Monthly CloudTrail charges = $0

S3 storage and analysis are not included in this pricing.

You have the following usage in a given month:

5 billion management events delivered
10 billion data events delivered
2.5 billion management events are copied across organizations and account-level trails
5 billion data events are copied across organizations and account-level trails

First copy of management events delivered at $0: 5,000,000,000 * $0 = $0
Data events at $0.10 per 100,000 events = (10,000,000,000 + 5,000,000,000 additional copies of data events delivered) / 100,000 * $0.10 = $15,000
Copies of management events delivered at $2.00 per 100,000 events = 2,500,000,000 / 100,000 * $2.00 = $50,000
Monthly CloudTrail charges = $15,000 + $50,000 = $65,000

S3 storage and analysis is not included in this pricing.

You have the following usage in a given month:

300,000,000 management events delivered to S3
20,000,000 write management events analyzed by CloudTrail Insights

Cost of CloudTrail trails:
First copy of management events delivered at $0: 300,000,000 * $0 = $0
Monthly CloudTrail trails charges = $0

Cost of CloudTrail Insights:
CloudTrail Insights events analyzed at $0.35 per 100,000 events = 20,000,000 / 100,000 * $0.35 = $70
Monthly CloudTrail Insights charges = $70
Total monthly CloudTrail charges = $70

Assume that you have stored one year's worth of CloudTrail events in S3 and that corresponds to 700 GB of storage. These events are stored in a GZIP (compressed) format. The import feature will first unzip the data, and then import these events to CloudTrail Lake. The unzipped data could be greater than the actual S3 storage (typically 5-10 times) and therefore the data metered and imported into CloudTrail Lake will be higher from the stored GZIP in S3.

Example:
700 GB of S3 stored events, assuming this results in 7000 GB of events uncompressed and imported.
First 5 TB at $2.5 per GB = $12,800
Next 2 TB at $1 per GB = $2,048
Total CloudTrail Lake import charges = $12,800 + $2,048 = $14,848.

Note: This pricing uses the same tier as CloudTrail Lake.