AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive. There are no upfront commitments. AWS WAF charges are in addition to Amazon CloudFront Pricing and/or the Application Load Balancer (ALB) pricing.
WebACLs and Rule Charges
AWS WAF charges based on the number of WebACLs that you create and the number of Rules that you add per WebACL. WebACLs and their added Rules are metered regardless of whether they are associated with a resource which could be ether a CloudFront distribution or an Application Load Balancer. There is no additional charge for reusing web ACLs across multiple CloudFront distributions and Application Load Balancers.
WebACL Charges (in all available Regions)
$5 per web ACL per month
Rule Charges (in all available Regions)
$1 per rule per web ACL per month
AWS WAF also charges for the amount of web request AWS WAF handles. This is based upon the number of web requests that are evaluated.
Request Charge (in all available Regions)
$0.60 per million web requests
Let’s assume you start using AWS WAF at the first of the month to protect eight CloudFront web distributions. For this example, we’ll create two web ACLs, one web ACL with four rules associated to six CloudFront web distributions, and another web ACL with six rules associated to two remaining CloudFront web distributions. The CloudFront web distributions are expected to receive 10 million requests per month in total.
Web ACL charge = # of web ACLs per month * $5
Total web ACL charge = 2 * $5 = $10
The price for a rule is $1 per month (pro-rated by the hour)
Rule charge = # of rules associated per month * $1
Total rule charge = (4 + 6) * $1 = $10
The price for request is $0.60 per million
Request charge = # of requests per month (in millions) * $0.60
Total request charge = 10 million requests * $0.60 = $6.00
Total Monthly Bill
Total web ACL charge + total rule charge + total request charge = $10 + $10 + $6 = $26