AWS Security Hub performs security best practice checks and ingests security findings from AWS security services and partners. It combines the results of the security checks with findings from other services and partner security tools to give you a comprehensive view of your security posture, dashboards that aggregate security findings, and remediation recommendations for identified issues. Security Hub is priced along two dimensions: the quantity of security checks and the quantity of ingested findings each month. 

Security check pricing: Prepackaged security standards are available for AWS Security Hub, such as the CIS AWS Foundations Benchmark, AWS Foundational Security Best Practices, and the Payment Card Industry Data Security Standard (PCI DSS). These help evaluate the security posture of your AWS accounts and resources. These prepackaged standards are collections of controls that Security Hub continuously evaluates to identify if any accounts or resources deviate from the defined security best practices. The evaluation of a control against a single AWS resource is referred to as a security check, and it results in a finding that shows the result of the check. You are charged per number of checks per account per region. You are only charged once for a check when identical controls that are common across different standards are evaluated against the same resource.

AWS Security Hub’s security checks leverage configuration items recorded by AWS Config. AWS Config is required for these security checks, and configuration items are priced separately from Security Hub. Please see Config pricing for details. Security Hub customers are not charged separately for any Config rules enabled by Security Hub. The Config rules enabled by Security Hub are referred to as service-linked rules.

Finding ingestion events: AWS Security Hub ingests findings from various AWS services and partner products. Finding ingestions include both new findings and updates to existing findings. You are not charged for finding ingestions associated with Security Hub's security checks. You are charged per number of findings sent to Security Hub per account per region each month. Security Hub offers a perpetual free tier of 10,000 findings per account per Region per month.

Free Trial

Free 30-day trial period

You can try AWS Security Hub at no charge with a 30-day free trial. The trial includes the complete Security Hub feature set and security best practice checks. Every AWS account in each Region that is enabled with Security Hub receives a free trial. The free trial will provide you an estimate of your monthly bill if you continue using Security Hub across the same accounts and regions.

Pricing details

Pricing examples (monthly)

The following examples explore organizations of different sizes using AWS Security Hub for both security checks and ingesting findings. All of the examples use the US East (Ohio) Region.

Example 1: Small to medium organization

You have one region, US East (Ohio), and one account in your AWS deployment. AWS Security Hub performs 250 security checks per account/region/month. Security Hub also aggregates 5,000 finding ingestions per account/region/month.

  Cost calculation Total cost
250 security checks

250 x 1 region x $0.0010 per check (first 100,000 checks tier)

$0.25
5,000 finding ingestions

5,000 x 1 region x $0.00 per event (first 10,000 events free tier)

$0
  Total Cost per month
$0.25

Example 2: Large organization

You have two regions, US East (Ohio) and Europe (Ireland), and 20 accounts in your AWS deployment. AWS Security Hub performs 500 security checks per account/regions/month. Security Hub also aggregates 10,000 finding ingestions per account/regions/month.

  Cost calculation Total cost
500 security checks

500 x 2 region x $0.0010 per check (first 100,000 checks tier) x 20 accounts

$20.00
10,000 finding ingestions

5,000 x 2 region x $0.00 per event (first 10,000 events free tier) x 20 accounts

$0
  Total Cost per month
$20.00

Example 3: Very large organization

You have three regions, US East (Ohio), Europe (Ireland), and Asia Pacific (Sydney), and 200 accounts in your AWS deployment. AWS Security Hub performs 1,000 security checks per account/regions/month. Security Hub also aggregates 50,000 finding ingestions per account/regions/month.

  Cost calculation Total cost
1,000 security checks

1,000 x 3 region x $0.0010 per check (first 100,000 checks tier) x 200 accounts

$600.00
10,000 finding ingestions

10,000 x 3 region x $0.00 per event (first 10,000 events free tier) x 200 accounts

$0
40,000 finding ingestions 40,000 x 3 region x $0.00003 per event (over 10,000 events free tier) x 200 accounts $720
  Total Cost per month
$1,320.00

Additional pricing resources

AWS Pricing Calculator

Easily calculate your monthly costs with AWS

Get pricing assistance

Contact AWS specialists to get a personalized quote

Explore AWS Security Hub features

Security Hub offers aggregated findings across AWS services and partner solutions, pre-configured and custom security insights, and multi-account support.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Enable AWS Security Hub in the AWS Console.

Sign in