Agentless Vulnerability & Threat Detection estimated deployment costs for AWS

Views:

Estimate and track the costs of deploying and operating Agentless Vulnerability & Threat Detection in your AWS accounts. Agentless Vulnerability & Threat Detection uses two scanning methods: the EC2-based scanner instance method (most cost-effective, launches temporary EC2 instances to scan volumes) and the EBS Direct API method (higher cost, uses API operations for licensed AWS Marketplace images).

Important

You must update to Agentless Vulnerability & Threat Detection template version 1.603.03150442 to use the ECR-based scanner instance method.
Prices reflected in the following tables are estimates and may not consider all applicable pricing factors. Changes to AWS pricing or differences between environments might incur costs inconsistent with the estimate data.

EC2-based scanner instance method

Agentless Vulnerability & Threat Detection uses an EC2-based scanner instance method for most workloads. This method launches temporary EC2 instances to scan volumes, providing the most cost-effective scanning approach. The following tables show estimated costs for this method.

Estimated AWS CloudFormation costs for vulnerability scanning (EC2-based scanner instance method)

Resource type	Stack (monthly)	EBS operation (monthly)	Total (monthly)
EBS Operating system: Red Hat Linux File system: XFS Files: 27,485	1,000 EC2 = USD 0.93	1,000 EC2 = USD 9.32	1,000 EC2 = USD 10.25
	3,000 EC2 = USD 2.78	3,000 EC2 = USD 27.95	3,000 EC2 = USD 30.73
ECR Image size: 741.33 MB	1,000 ECR = USD 3.10	N/A	1,000 ECR = USD 3.10
ECR Image size: 741.33 MB	3,000 ECR = USD 9.30	N/A	3,000 ECR = USD 9.30
Lambda Lambda size: 68.3 MB	1,000 Lambda = USD 1.00	N/A	1,000 Lambda = USD 1.00
Lambda Lambda size: 68.3 MB	3,000 Lambda = USD 3.00	N/A	3,000 Lambda = USD 3.00

Estimated AWS CloudFormation costs for Agentless Vulnerability & Threat Detection anti-malware scanning (EC2-based scanner instance method)

Resource type	Stack (monthly)	EBS operation (monthly)	Total (monthly)
EBS Operating system: Red Hat Linux File system: XFS Files: 27,485	1,000 EC2 = USD 20.48	N/A	1,000 EC2 = USD 20.48
	3,000 EC2 = USD 61.47	N/A	3,000 EC2 = USD 61.47
ECR Image size = 741.33 MB	1,000 ECR = USD 13.00	N/A	1,000 ECR = USD 13.00
ECR Image size = 741.33 MB	3,000 ECR = USD 39.00	N/A	3,000 ECR = USD 39.00
Lambda Lambda size: 68.3 MB	1,000 Lambda = USD 1.50	N/A	1,000 Lambda = USD 1.50
Lambda Lambda size: 68.3 MB	3,000 Lambda = USD 4.50	N/A	3,000 Lambda = USD 4.50

EBS Direct API method

For licensed AWS Marketplace images that cannot be scanned using the EC2-based scanner instance method, Agentless Vulnerability & Threat Detection uses the EBS Direct API method. This method incurs higher costs due to API operation charges. The following tables show estimated costs for this method.

Estimated AWS CloudFormation costs for Agentless Vulnerability & Threat Detection vulnerability scanning (EBS Direct API method)

Resource type	Stack (monthly)	EBS operation (monthly)	Total (monthly)
EBS Operating system: Red Hat Linux File system: XFS Files: 27,485	1,000 EC2 = USD 59.00	1,000 EC2 = USD 28.00	1,000 EC2 = USD 87.00
	3,000 EC2 = USD 177.00	3,000 EC2 = USD 84.00	3,000 EC2 = USD 261.00
ECR Image size: 741.33 MB	1,000 ECR = USD 3.10	N/A	1,000 ECR = USD 3.10
ECR Image size: 741.33 MB	3,000 ECR = USD 9.30	N/A	3,000 ECR = USD 9.30
Lambda Lambda size: 68.3 MB	1,000 Lambda = USD 1.00	N/A	1,000 Lambda = USD 1.00
Lambda Lambda size: 68.3 MB	3,000 Lambda = USD 3.00	N/A	3,000 Lambda = USD 3.00

Estimated AWS CloudFormation costs for Agentless Vulnerability & Threat Detection anti-malware scanning (EBS Direct API method)

Resource type	Stack (monthly)	EBS operation (monthly)	Total (monthly)
EBS Operating system: Red Hat Linux File system: XFS Files: 27,485	1,000 EC2 = USD 11.88	1,000 EC2 = USD 227.06	1,000 EC2 = USD 238.94
	3,000 EC2 = USD 35.63	3,000 EC2 = USD 681.19	3,000 EC2 = USD 716.81
ECR Image size = 741.33 MB	1,000 ECR = USD 13.00	N/A	1,000 ECR = USD 13.00
ECR Image size = 741.33 MB	3,000 ECR = USD 39.00	N/A	3,000 ECR = USD 39.00
Lambda Lambda size: 68.3 MB	1,000 Lambda = USD 1.50	N/A	1,000 Lambda = USD 1.50
Lambda Lambda size: 68.3 MB	3,000 Lambda = USD 4.50	N/A	3,000 Lambda = USD 4.50

Cost savings highlight

The EC2-based scanner instance method provides significant cost savings compared to the EBS Direct API method:

Vulnerability scanning: Up to 88% cost reduction (from USD 87.00 to USD 10.25 per 1,000 EC2 instances)
Anti-malware scanning: Up to 91% cost reduction (from USD 238.94 to USD 20.48 per 1,000 EC2 instances)

To track stack costs of Agentless Vulnerability & Threat Detection excluding EBS operations:

Go to the AWS Cost Explorer console and sign in.
Enable the AWS Cost Explorer feature.
Activate the AppManagerCFNStackKey cost allocation tag.
Go to the AWS Cost Explorer dashboard and sign in.
Set the Group by dimension to Service.

Configure the following filters:

Filter	Value
Tag	Select the following tag: Tag: AppManagerCFNStackKey Include the following tag values: Tag value: V1 Common Stack Tag value: V1 Agentless Vulnerability and Threat Detection

Filter

Value

Tag

Select the following tag:

Tag: AppManagerCFNStackKey

Include the following tag values:

Tag value: V1 Common Stack
Tag value: V1 Agentless Vulnerability and Threat Detection

To track EBS operation costs of Agentless Vulnerability & Threat Detection:

Go to the AWS Cost Explorer dashboard and sign in.
Set the Group by dimension to API operation.

Configure the following filters:

Filter

Value

Service

EC2 - Other

Region

Regions in which Agentless Vulnerability & Threat Detection is installed

API operation

Includes the following API operations:

CreateSnapshot
GetSnapshotBlock
ListSnapshotBlocks

Note

These API operations could also be used by other cloud services and users in your environment.