Security Hub CSPM pricing for EU (Germany) Region

AWS Security Hub CSPM Pricing

Security Hub Cloud Security Posture Management (CSPM) is priced along three dimensions: the quantity of security checks, the quantity of finding ingestion events, and the quantity of rule evaluations processed per month. With AWS Organizations support, Security Hub CSPM allows you to connect multiple AWS accounts and consolidate findings across those accounts to enjoy tiered pricing for your entire organization’s security checks, finding ingestion events, and automation rule evaluations.

Page-Illo_PricingCalculator_Wallet_1x

AWS Pricing Calculator

Calculate your AWS Security Hub CSPM costs in a single estimate.

Create your custom estimate now »

Pricing details

  • Security Checks

  • Prepackaged security standards are available for Security Hub CSPM, such as the CIS AWS Foundations Benchmark, AWS Foundational Security Best Practices, National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5, and the Payment Card Industry Data Security Standard (PCI DSS). Conducting security checks against these standards can help evaluate the security posture of your AWS accounts and resources. These prepackaged standards are collections of controls that Security Hub CSPM continuously evaluates to identify if any accounts or resources deviate from the defined security best practices. The evaluation of a control against a single AWS resource is referred to as a security check, and it results in a finding that shows the result of the check. You are only charged once for a check when identical controls that are common across different standards are evaluated against the same resource.

    Security Hub CSPM security checks leverage configuration items recorded by AWS Config. AWS Config is required for these security checks, and configuration items are priced separately from Security Hub CSPM. Please see Config pricing for details. Security Hub CSPM customers are not charged separately for any AWS Config rules enabled by Security Hub CSPM. The AWS Config rules enabled by Security Hub CSPM are referred to as service-linked rules.

     

  • Finding Ingestion Events

  • Security Hub CSPM ingests findings from various AWS services and partner products. Finding ingestions include both new findings and updates to existing findings.

    You are not charged for finding ingestion events associated with Security Hub CSPM security checks. 

  • Automation Rules

  • Security Hub CSPM automation rules allow you to automatically update or suppress findings in near-real time. You can automatically update various fields in findings, suppress findings, update finding severity and workflow status, add notes, and more. You can set criteria such as finding title or severity to make sure rules act only on relevant findings. This feature is priced by the quantity of automation rule evaluations per month.

Pricing examples

The following examples explore organizations of different sizes using Security Hub CSPM for security checks, ingesting findings, and automation rules evaluations. 

  • You have one AWS Region, US East (Ohio), AWS European Sovereign Cloud Region, and one account in your AWS deployment. In one month, Security Hub CSPM performs 250 security checks per account and aggregates 5,000 finding ingestions per account. You also have automation rules enabled, and you have 10 automation rules set up with 5 criteria each.  

      Cost calculation Cost

    250 security checks    		 250 x 1 account = 250
    • 250 x €0.0009868576 per check (first 100,000 checks tier) = €0.25
    • x 1 Region
    		 €0.25

    5,000 finding ingestions

    5,000 x 1 account = 5,000

    • 5,000 x €0.00 per event  =
      €0.00
    • x 1 Region
    		 €0.00
    10 automation rules with 5 criteria each

    (250 + 5,000) x 10 x 5 = 262,500

    • 262,500 x €0.00 per evaluation  = €0.00 = €0.00
    • x 1 Region
    		 €0.00
    Total monthly cost   €0.25

  • You have two Regions, US East (Ohio) and Europe (Ireland), AWS European Sovereign Cloud Region and EU (Frankfurt), and 20 accounts in your AWS deployment. Security Hub CSPM performs 500 security checks per account (for a total of 10,000 per Region) and aggregates 10,000 finding ingestions per account (for a total of 200,000 per Region). You also have automation rules enabled, and you have 30 automation rules set up with 5 criteria each.

      Cost calculation Cost

    500 security checks

    500 checks x 20 accounts = 10,000

    • 0,000 x €0.0009868576 per check (first 100,000 checks tier) = €9.87
    • x 2 Regions
    		 €19.74

    10,000 finding ingestions

    10,000 x 20 accounts = 200,000

    • 190,000 x €0.0000296057 per event = €5.63
    • x 2 Regions
    		 €11.25
    30 automation rules with 5 criteria each

    (500 + 10,000) x 20 accounts x 30 x 5 = 31,500,000

    • 30,500,000 x €0.10 €0.0000001283 per one million rule evaluations = €3.91
    • x 2 Regions

     

    		 €7.83
    Total monthly cost   €38.81

Additional pricing resources

AWS Pricing Calculator

Easily calculate your monthly costs with AWS.

Get pricing assistance

Contact AWS specialists to get a personalized quote