Pricing details

Pricing examples (US East (Northern Virginia) Region prices)

Example #1

In this example, you enable Macie in an account with 15 S3 buckets. The buckets are empty and do not contain any objects.

• 15 S3 buckets
• 0 GB of data inspected for automated sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
= $1.50 + $0.00
= $1.50 per month

Example #2

In this example, you enable Macie in an account with 15 S3 buckets and the buckets have a total of 10,000,000 objects (all supported object types). Macie inspects 150 GB data for automated sensitive data discovery.

• 15 S3 buckets
• 10,000,000 objects, all supported object types for automated sensitive data discovery
• 150 GB of data inspected for automated sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 100 *$0.01 ($0.01 per 100K objects)
+ (150 -1) * $1 ($1 per GB with 1 GB free tier for automated sensitive data discovery)
= $1.50 + $1.00 + $149
= $151.50 per month

Example #3

In this example, you enable Macie in an account with 15 S3 buckets and the buckets have a total of 10,000,000 objects (all supported object types). Macie inspects 150 GB data for automated sensitive data discovery. Also, you submit a targeted sensitive data discovery job for a bucket that has 200 GB of data.

• 15 S3 buckets
• 10,000,000 objects, all supported object types for automated sensitive data discovery
• 150 GB of data inspected for automated sensitive data discovery
• 200 GB of data inspected for targeted sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 100 *$0.01 ($0.01 per 100K objects)
+ (150 -1) * $1 ($1 per GB with 1 GB free tier for automated sensitive data discovery)
+ (200) * $1 ($1 per GB for targeted sensitive data discovery)
= $1.50 + $1.00 + $149 + $200
= $351.50 per month

Example #4

In this example, you enable Macie in an account with 15 S3 buckets and the buckets have a total of 10,000,000 objects (all supported object types). Macie inspects 150 GB data for automated sensitive data discovery. Also, you submit a targeted sensitive data discovery job for a bucket that is reported to have 600 GB of estimated storage. However, image files represent 100 GB and therefore, are ignored by Macie for sensitive data discovery (see Macie supported object types). All other objects are supported resulting in 500 GB of data inspected. 

• 15 S3 buckets
• 10,000,000 objects, all supported object types for automated sensitive data discovery
• 150 GB of data inspected for automated sensitive data discovery
• 500 GB of data inspected for targeted sensitive data discovery

Macie charges =
15 * $0.10 ($0.10 per S3 bucket/month)
+ 100 *$0.01 ($0.01 per 100K objects)
+ (150 -1) * $1 ($1 per GB with 1 GB free tier for automated sensitive data discovery)
+ (500) * $1 ($1 per GB for targeted sensitive data discovery)
= $1.50 + $1.00 + $149 + $500
= $651.50 per month

Pricing FAQs

Q: How do I estimate the cost of the initial enablement of Macie on my account?

A: You can enable the service and take advantage of the 30-day free trial. During that period, you can access a usage tab in the Macie console that will estimate your usage for S3 bucket-level inventory and an evaluation for security and access controls. The console will also estimate your automated data discovery, which includes the data inspected for sensitive data discovery and the objects monitored in your S3 storage, before transitioning to paid usage. However, your estimated usage during free-trial can be lower for accounts which have more than 150TB data. Please contact AWS Support for assistance with a more accurate estimate.

Q: How does automated data discovery lower my spend for discovering sensitive data?

A: Macie uses various techniques including resource clustering by attributes such as bucket name, file types, and prefixes to cost-efficiently sample data broadly across an organization and minimize the data scanning needed to uncover sensitive data in S3 buckets. You can use automated data discovery to identify where your sensitive data resides in S3 and continually evaluate how well it is being protected without manually configuring and running targeted data discovery jobs.

Q: How do I know how much I’m spending on Macie targeted sensitive data discovery each month?

A: As you configure and submit targeted sensitive data discovery jobs, you can visit the usage tab in the Macie console to view month-to-date spend based on actual usage in your account. This provides visibility into your spend as you configure targeted sensitive data discovery jobs across your buckets.

Q: How do I monitor spend in multi-account configuration?

A: If deployed in a multi-account configuration, usage is rolled up to the Macie master account to provide total usage for all accounts and a breakdown of usage by individual account. This helps you review and monitor Macie spend across your entire organization.

Q: What service quotas are in place to control usage and spend?

A: Macie comes with a default service quota of 5 TB per account for targeted sensitive data discovery. You can further increase your service quota (see Quotas for Amazon Macie) beyond 25 TB through AWS Support. These service quotas cap the total spend in an account and help you manage your spend across accounts. If a service quota is reached, your targeted sensitive data discovery jobs are paused to verify no further charges are incurred. You are then notified in the Macie console and the AWS Personal Health Dashboard. You can then increase your service quota or allow them to automatically reset in the next calendar month, where the jobs will automatically resume. There are no service quotas for S3 bucket inventory evaluation.

Q: How do I estimate the actual spend for a targeted sensitive data discovery job on a bucket?

A: Macie provides an inventory of all your buckets including what S3 has listed as the estimated storage size, object count, and the presence of any compressed objects. This can be used to estimate the cost of running targeted sensitive data discovery on a bucket or buckets; however, actual data processed could vary. For any unsupported object types in the bucket, Macie will skip those objects and you will not be charged for them. For any compressed objects, they will be decompressed and inspected, which could result in data processed above the reported compressed size. For targeted sensitive data discovery jobs that run periodically, Macie will evaluate all existing data in a bucket and automatically inspect only new objects placed in the bucket over time. To estimate the cost of a periodic targeted discovery job, Macie will display the estimated size of the bucket at the time of submission, which can be used to calculate the initial cost to inspect the bucket. You can then estimate the growth of data in the bucket to calculate the cost to inspect new objects placed in the bucket over time. You can use the usage tab in the Macie console to monitor month-to-date spend across all jobs and service quotas to cap spend in an account.

Read the documentation
Read the documentation

Learn more about Amazon Macie capabilities and implementation by reading the documentation.

Read documentation 
Sign up for an AWS account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Get started
Get started with Amazon Macie

Get started building with Amazon Macie.

Get started