AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive. There are no upfront commitments. AWS WAF charges are in addition to Amazon CloudFront pricing, Application Load Balancer (ALB) pricing, Amazon API Gateway pricing, and/or AWS AppSync pricing.
You will be charged for each web ACL that you create and each rule that you create per web ACL. In addition, you will be charged for the number of web requests processed by the web ACL.
Note 1: Price is the same across all AWS Regions.
Note 2: Price for AWS WAF Classic is same as shown in the table above.
AWS WAF uses Web ACL Capacity Units (WCUs) to calculate and control the operating resources required to process your web ACLs. WCUs for an individual rule varies according to its type and any additional configuration. WCUs do not directly affect pricing.
Managed Rule Groups through AWS Managed Rules
Bot Control is a paid AWS Managed Rules that can be added to your web ACL. You will be charged for each time Bot Control is added to your web ACL. In addition, you will be charged for the number of web requests processed by Bot Control. Bot Control charges are in addition to the AWS WAF fees described above.
Bot Control free usage tier includes 10M free requests processed by Bot Control per month.
|Bot Control||$10.00 per month (prorated hourly)|
|Request||$1.00 per 1 million requests|
Managed Rule Groups from AWS Marketplace
When you subscribe to a managed rule group provided by an AWS Marketplace seller, you will be charged additional fees based on the price set by the seller. These charges are in addition to the AWS WAF fees described above.