Pricing details

Pricing examples (US East (Northern Virginia) Region prices)

Example #1

In this example, you enable Macie in an account with 15 Amazon S3 buckets and you don’t submit any sensitive data discovery jobs.

• 15 Amazon S3 buckets
• 0 GB of data processed for sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
= $1.50 + $0.00
= $1.50 per month

Example #2

In this example, you enable Macie in an account with 15 Amazon S3 buckets and you submit a sensitive data discovery job across buckets that result in 1 GB of data processed per month.

• 15 Amazon S3 buckets
• 1 GB of data processed for sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 1 * $0.00 (first 1 GB/month)
= $1.50 + $0.00
= $1.50 per month

Example #3

In this example, you enable Macie in an account with 15 Amazon S3 buckets and you submit a sensitive data discovery job for a bucket that has 1,000,000 objects in S3 standard storage resulting in 100 GB of data processed.

• 15 Amazon S3 buckets
• 100 GB of data processed for sensitive data discovery
• 1,000,000 objects, all supported object types

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 1 * $0.00 (first 1 GB/month)
+ 99 * $1.00 (next 50,000 GB/month)
= $1.50 + $0.00 + $99.00
= $100.50 Macie charge

S3 charges =
$0.005 (1,000 S3 LIST requests returning 1,000 objects each at $0.005 per 1,000 calls)
+ $0.0004 * 1000 (1,000,000 objects at $0.0004 per 1,000 S3 GET requests)
= $0.005 + $0.4
= $0.405 S3 charge

Example #4

In this example, you enable Macie in an account with 15 Amazon S3 buckets and submit a sensitive data discovery job for a bucket that has 1,000,000 objects and is reported to have 600 GB of estimated storage. However, 100,000 of the objects are image files representing 100 GB and therefore, ignored by Macie for sensitive data discovery (see Macie supported object types). All other objects are supported resulting in 500 GB of initial data processed.

You also configure the job as a periodic job to pick up any new supported objects placed in the bucket each day and evaluate those as well for which there is an additional 100,000 objects placed in the bucket that are of a supported object type representing 10 GB of data processed each month thereafter.

• 15 Amazon S3 buckets
• 900,000 objects, all supported object types
• 500 GB of initial data processed for sensitive data discovery

• 100,000 new objects placed in the bucket each month, all supported object types
• 10 GB of additional data processed for sensitive data discovery each month

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 1 * $0.00 (first 1 GB/month)
+ 499 * $1.00 (next 50,000 GB/month)
= $1.50 + $0.00 + $499.00
= $500.50 for first month

S3 charges =
$0.005 (1,000 S3 LIST requests returning 1,000 objects each at $0.005 per 1,000 calls)
+ $0.0004 * 900 (900,000 objects at $0.0004 per 1,000 S3 GET requests)
= $0.005 + $0.36
= $0.365 S3 charge for first month

Macie ongoing monthly charges =
15 * $0.10 ($0.10 per S3 bucket / month)
+ 1 * $0.00 (first 1 GB/month)
+ 9 * $1.00 (next 50,000 GB/ month)
= $1.50 + $0.00 + $9.00
= $10.50 per month (each month thereafter)

S3 ongoing monthly charges =
$0.005 / 10 (1,000 S3 LIST requests returning 1,000 objects each at $0.005 per 1,000 calls)
+ $0.0004 * 100 (100,000 objects at $0.0004 per 1,000 S3 GET requests)
= $0.0005 + $0.04
= $0.0405 S3 charge per month (each month thereafter)

Pricing FAQs

Q: How do I estimate the cost of initial enablement of Macie in my account?

A: You can enable the service and take advantage of the 30-day free trial. During that period, you are presented with a usage tab in the Macie console that will estimate your spend for S3 bucket-level inventory and evaluation for security and access controls before transitioning to paid usage.

Q: How do I know how much I’m spending on Macie sensitive data discovery each month?

A: As you configure and submit sensitive data discovery jobs, you are able to visit the usage tab in the Macie console to view month-to-date spend based on actual usage in your account. This gives you visibility into your spend as you configure sensitive data discovery jobs across your buckets.

Q: How do I monitor spend when configured in multi-account?

A: If deployed in a multi-account configuration, usage is rolled up to the Macie master account to provide total usage for all accounts and a breakout of usage by individual account. This allows you to review and monitor Macie spend across your entire organization.

Q: What service quotas are in place to control usage and spend?

A: Macie comes with a default service quota for sensitive data discovery of 5 TB per account that you can raise up to 25 TB in the AWS Management Console (see Quotas for Amazon Macie). You can further increase you service quota beyond 25 TB through AWS Support. These service quotas cap the total spend in an account and allow you to manage spend across accounts. If a service quota is reached, your sensitive data discovery jobs are paused to ensure no further charges are incurred and you are notified in the Macie console and the AWS Personal Health Dashboard. You can then increase your service quota or allow them to automatically reset in the next calendar month, where the jobs will automatically resume. There are no service quotas for S3 bucket inventory and bucket-level evaluation.

Q: How do I estimate the actual spend for a sensitive data discovery job on a bucket?

A: Macie provides an inventory of all your buckets including what S3 has listed as the estimated storage size, object count, and the presence of any compressed objects. This can be used to estimate the cost of running sensitive data discovery on a bucket or buckets, however, actual data processed could vary. For any unsupported object types in the bucket, Macie will skip those objects and you will not be charged for them. For any compressed objects, they will be decompressed and inspected, which could result in data processed above the reported compressed size.

Q: How do I estimate spend for continual sensitive data discovery?

A: You can configure your sensitive data discovery jobs to be periodic, where Macie will evaluate all existing data in a bucket and automatically inspect only new objects placed in the bucket over time. To estimate the cost of a periodic job, Macie will display the estimated size of the bucket at the time of submission, which can be used to calculate the initial cost to inspect the bucket. You can then estimate the growth of data in the bucket to calculate the cost to inspect new objects placed in the bucket over time. You can use the usage tab in the Macie console to monitor month-to-date spend across all jobs and service quotas to cap spend in an account.

Q: Does Macie support sampling as an option to further reduce cost?

A: Yes, you can configure a sensitive data discovery job to sample objects in a bucket by choosing a sample depth percentage. Macie will then pick up a random set of objects within a bucket based on the sample depth percentage you define. Each supported object within that sample set will be fully inspected and findings will be generated for any sensitive data found. This can be used to get an indication of any sensitive data present within a bucket at a lower cost than inspecting all objects within the bucket.

Read the documentation
Read the documentation

Learn more about Amazon Macie capabilities and implementation by reading the documentation.

Read documentation 
Sign up for an AWS account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Get started
Get started with Amazon Macie

Get started building with Amazon Macie.

Get started