AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive. There are no upfront commitments. AWS WAF charges are in addition to Amazon CloudFront Pricing and/or the Application Load Balancer (ALB) pricing.

WebACLs and Rule Charges

AWS WAF charges based on the number of WebACLs that you create and the number of Rules that you add per WebACL. WebACLs and their added Rules are metered regardless of whether they are associated with a resource which could be ether a CloudFront distribution or an Application Load Balancer. There is no additional charge for reusing web ACLs across multiple CloudFront distributions and Application Load Balancers.

WebACL Charges (in all available Regions)

$5 per web ACL per month

Rule Charges (in all available Regions)

$1 per rule per web ACL per month

Request Charges 

AWS WAF also charges for the amount of web request AWS WAF handles. This is based upon the number of web requests that are evaluated.

Request Charge (in all available Regions)

$0.60 per million web requests

Get Started with AWS for Free

Create a Free Account

Receive twelve months of access to the AWS Free Tier and enjoy AWS Basic Support features including, 24x7x365 customer service, support forums, and more.

Let’s assume you start using AWS WAF at the first of the month to protect eight CloudFront web distributions. For this example, we’ll create two web ACLs, one web ACL with four rules associated to six CloudFront web distributions, and another web ACL with six rules associated to two remaining CloudFront web distributions. The CloudFront web distributions are expected to receive 10 million requests per month in total.


Web ACL charge = # of web ACLs per month * $5

Total web ACL charge = 2 * $5 = $10


The price for a rule is $1 per month (pro-rated by the hour)

Rule charge = # of rules associated per month * $1

Total rule charge = (4 + 6) * $1 = $10


The price for request is $0.60 per million

Request charge = # of requests per month (in millions) * $0.60

Total request charge = 10 million requests * $0.60 = $6.00

Total Monthly Bill

Total web ACL charge + total rule charge + total request charge = $10 + $10 + $6 = $26