Sold by: Tigera Inc.
Deployed on AWS
Calico Cloud is a fully managed pay-as-you-go SaaS based networking, network security, and observability platform for AWS and EKS Kubernetes clusters.
4.5
Overview
Tigera provides Calico, a unified network security and observability platform to prevent, detect and mitigate security breaches in Kubernetes clusters. The Calico platform is engineered to secure all types of network traffic including egress, ingress, in-cluster and cross-cluster. Calico offers centralized network security management across multiple Kubernetes distributions, for individual and multi-cluster deployments in the cloud or on premises. It facilitates seamless and consistent network policy enforcement, while empowering teams with observability and risk mitigation capabilities.
Tigera is the creator and maintainer of Calico Open Source, the most widely adopted container networking and security solution. Calico software powers more than 100M containers across 8M+ nodes in 166 countries, and is supported across all major cloud providers and Kubernetes platforms.
Highlights
- Network security: Improve network security posture with fine-grained network policies. Limit egress traffic by IPs, domains and IP CIDRs. Automatically identify namespace boundaries and recommend policies for namespace isolation.
- Egress Gateway: Calico Egress Gateway assigns a static IP address to egress traffic from Kubernetes pod, to facilitate integration with firewalls, and other tools that require a static IP address for identification.
- Ingress Gateway: Provides a standardized approach to managing Kubernetes ingress traffic using the Gateway API. Integrates Envoy Gateway, hardened for enterprise use, to provide comprehensive security and observability for ingress traffic.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
5 vCPU Subscription | 5 vCPUs billed monthly | $90.00 |
Pro Subscription | Billed at $0.025/vCPU hour | $18.00 |
10 vCPU Subscription | 10 vCPUs billed monthly | $180.00 |
Dimension | Cost/unit |
|---|---|
vCPU Hour | $0.025 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
24x7 for Calico Cloud Pro. The complete support policy is here: https://www.tigera.io/legal/calico-cloud-support-policy . calicocloud-support@tigera.io
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Trend Micro
By Sophos
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Policy Enforcement
Fine-grained network policies that limit egress traffic by IPs, domains, and IP CIDRs with automatic namespace boundary identification and policy recommendations for namespace isolation.
Egress Traffic Management
Egress Gateway functionality that assigns static IP addresses to egress traffic from Kubernetes pods for integration with firewalls and tools requiring static IP identification.
Ingress Traffic Management
Ingress Gateway using Gateway API standard with integrated Envoy Gateway for comprehensive security and observability of ingress traffic.
Multi-Cluster Network Security
Centralized network security management across multiple Kubernetes distributions supporting individual and multi-cluster deployments in cloud and on-premises environments.
Network Observability and Risk Mitigation
Observability and risk mitigation capabilities for detecting and mitigating security breaches across all types of network traffic including egress, ingress, in-cluster, and cross-cluster communication.
Intrusion Detection and Prevention
Host-based intrusion detection and prevention (IDS/IPS) capabilities to defend against network threats and zero-day exploits
Application Control
Application control functionality to lock down servers and secure Docker containers with DevOps-friendly API security processes
Malware Protection
Anti-malware protection with behavioral analysis and predictive machine learning for Windows and Linux workloads
Integrity Monitoring
File and System Integrity Monitoring to streamline compliance and audit evidence gathering
Vulnerability Exploitation Prevention
Vulnerability exploit shielding to prevent exploitation of unpatched systems without requiring live system patching
Threat Detection and Response
Automatic threat detection and neutralization with 99.98% threat interception rate, supported by 24/7 managed detection and response service with threat hunting and neutralization experts
Cloud Security Posture Management
Continuous scanning of cloud environments to identify assets, assess security and compliance settings, detect malicious activity, and identify misconfigurations with agentless malware scanning for S3 storage and integration with AWS GuardDuty and SecurityHub
Endpoint and Workload Protection
Agent-based protection for Windows and Linux hosts against modern threats including ransomware, fileless attacks, and advanced malware
Network and Firewall Protection
Cloud-native, virtual, and physical firewall appliances providing network visibility, protection, and response across public, private, and hybrid cloud environments
Unified Management and Orchestration
Cloud-based centralized management platform enabling configuration, reporting, and real-time threat information sharing across endpoint, firewall, network, email, cloud, and identity solutions with automatic response actions
Standard contract
No
No
No
Customer reviews
Shahrukh K.
Effortless Kubernetes Networking with Top-Notch Security and Performance
Reviewed on Nov 13, 2025
Review provided by G2
What do you like best about the product?
Calico makes network management simple and reliable. I like how it handles Kubernetes networking with strong security and clear visibility. It’s lightweight, performs well at scale, and integrates smoothly with existing infrastructure. The policies are easy to configure, and troubleshooting is much faster compared to other tools.
What do you dislike about the product?
Calico works great overall, but upgrading between versions can occasionally cause minor compatibility issues. I’ve also noticed that troubleshooting complex network policies can take extra time. The UI and monitoring options could be more intuitive for beginners who prefer visual tools over command-line configurations.
What problems is the product solving and how is that benefiting you?
Calico solves the challenge of managing container networking and security at scale. It provides a clear way to control traffic between services and enforce policies consistently. This has improved overall network performance, reduced configuration errors, and given me more confidence in maintaining secure, stable Kubernetes environments.
Raj S.
Effortless Network Policy Management with Calico
Reviewed on Nov 06, 2025
Review provided by G2
What do you like best about the product?
I like that Calico makes it easy to manage network policies in Kubernetes. It keeps things secure and organized, without slowing everything down. Simple, fast, and reliable.
What do you dislike about the product?
Sometimes, Calico can be a bit tricky to set up, especially for beginners. If you’re not familiar with networking or Kubernetes, it might feel overwhelming at first. More straightforward guides would help.
What problems is the product solving and how is that benefiting you?
Calico solves the problem of managing secure and efficient network traffic in Kubernetes. It helps control which apps can talk to each other, keeps things safe from unwanted access, and improves performance. This gives me confidence that my apps are running smoothly and securely.
Erick Vincent Steve G.
A powerful Cloud Native Security Solution
Reviewed on Jul 20, 2025
Review provided by G2
What do you like best about the product?
What I like best about Calico Cloud is its deep integration with Kubernetes and its strong support for eBPF, which enables high-performance networking and observability. The user interface is intuitive, and the policies are easy to configure using either YAML or the GUI. It also supports zero-trust security models out of the box, which is essential in modern cloud-native environments.
What do you dislike about the product?
One downside of Calico Cloud is that the initial setup.
What problems is the product solving and how is that benefiting you?
Calico Cloud helps us improve container security and stay compliant with cloud regulations. It lets us create network policies to control traffic between pods, monitor activity, and detect threats in real time. This makes it easier to secure our workloads and meet compliance standards like PCI and SOC 2.
Architecture & Planning
Robust Kubernetes Security with Room for Improvement
Reviewed on Jul 18, 2025
Review provided by G2
What do you like best about the product?
Calico Cloud excels in providing enterprise-grade security features for Kubernetes environments. The platform offers exceptional network policy management and real-time visibility into container traffic. I particularly appreciate the intuitive policy builder that helps create and implement zero-trust security models. The live troubleshooting tools are invaluable for diagnosing connectivity issues, and the integration with existing cloud platforms is seamless. The dynamic threat detection and automated security controls have significantly improved our cluster security posture.
What do you dislike about the product?
The initial setup and configuration process can be challenging for teams without extensive Kubernetes expertise. The documentation, while comprehensive, could be more user-friendly with better examples and use cases. Some advanced features require considerable fine-tuning to work optimally, which can be time-consuming.
What problems is the product solving and how is that benefiting you?
The pricing structure could be more transparent, and the cost can be significant for larger deployments. Additionally, the UI occasionally feels sluggish when handling multiple clusters, and some error messages could be more descriptive to help with troubleshooting.
VIJAY H.
Evaluating Calico Cloud: Secure, Scalable, and Kubernetes-Ready
Reviewed on Jul 16, 2025
Review provided by G2
What do you like best about the product?
Calico Cloud enforces identity-aware microsegmentation and least-privilege access by default. It doesn’t just rely on IPs—workload identity (like Kubernetes labels and service accounts) is used to define policies. This helps achieve zero-trust security across clusters and clouds.
What do you dislike about the product?
Despite having a clean UI, the underlying concepts (like eBPF, policy tiers, workload identities) can be challenging for teams new to Kubernetes networking and security. Proper onboarding/training is often needed.
What problems is the product solving and how is that benefiting you?
Lack of Fine-Grained Network Security in Kubernetes
> Solution: Calico Cloud allows me to define fine-grained, identity-based network policies that go beyond IP addresses — using labels, namespaces, and service accounts to tightly control traffic between workloads.
> Solution: Calico Cloud allows me to define fine-grained, identity-based network policies that go beyond IP addresses — using labels, namespaces, and service accounts to tightly control traffic between workloads.