AWS IoT Device Defender pricing

Get started for free
Request a pricing quote

With AWS IoT Device Defender, you pay only for what you use and there are no minimum fees or mandatory service usage. You are billed separately for the Audit and Detect features.

Audit monitors your device-related policies, certificates, and other resources to ensure that the proper security configuration is in place. You can generate reports that identify deviations from recommended settings and access policies on a scheduled or ad-hoc basis.

Detect allows you to continuously monitor high-value security metric data reported by your devices (e.g., the number of listening TCP/IP ports on your devices or list of IPs the device is communicating with) and the cloud (e.g., authorization failure count). When you use Rules Detect, the metric data is continuously evaluated against user-defined behaviors; when you use ML Detect, the metric data is continuously evaluated by automatically built machine-learning models to identify anomalies. In the case that an anomaly is detected, an alarm notification is sent to Amazon SNS.

AWS Pricing Calculator

AWS Pricing Calculator

Calculate your AWS IoT Device Defender and architecture cost in a single estimate.

Create your custom estimate now »

Audit pricing

When you turn on Audit, you are charged based on the number of active device principals in a month.
For certificates, we consider them as active when they were created, updated, or used to connect to AWS IoT Core. 
For principals other than certificates, we consider them as active when they were used to connect to AWS IoT Core.

Rules Detect pricing

Rule-based Detect lets you define rules and thresholds to monitor devices in your fleet for operational and security issues across metrics like messages sent and connection attempts. You can also take built-in actions to respond to detected issues like quarantining a device. You are charged based on the number of metric datapoints reported to AWS IoT Device Defender for monitoring. A metric datapoint, for example, is the number of messages sent by your device.

With AWS IoT Device Defender, you will be billed separately for usage of Connectivity to AWS IoT Core but will not incur additional AWS IoT Core Messaging costs for metric datapoints reported to AWS IoT Device Defender. You will be billed separately for alert notification delivery via Amazon SNS.

ML Detect pricing

ML Detect provides an easy way to monitor devices in your fleet for operational and security issues across metrics like messages sent and connection attempts. You can also take built-in actions to respond to detected issues like quarantining a device. You are charged based on the number of metric datapoints reported to AWS IoT Device Defender for monitoring. A metric datapoint, for example, is the number of messages sent by your device.

With ML Detect, metric datapoints are used for training ML models and performing anomaly evaluations. A charge will occur when metric datapoints are reported regardless whether ML Detect is ready to carry out anomaly evaluations or not.

Free Tier

The AWS Free Tier offers the following usage of AWS IoT Device Defender for new AWS customers:

  • Audit - For all the devices in your fleet for the first month
  • Rules Detect - 1 million metric datapoints for the first month

Usage beyond these levels is billed at the published rates.

Pricing examples for AWS IoT Device Defender components

Audit

You have 100 devices that connect to AWS IoT Core every month. Your cost for Audit would be calculated as:
Charges = 100 devices x $0.0011 per device per month = $0.11 per month
 
You have 100 devices that connect to AWS IoT Core during a given month using certificates. You created 100 new certificates for the same set of devices. You will be considered to have 200 principals "active" during that month.
Charges = 200 devices x $0.0011 per device per month = $0.22 per month

Rules Detect

You have 100 devices and they are reporting 4 metrics at the rate of 2 datapoints per hour with rule-based Detect turned on. Your cost for rule-based Detect would be calculated as:
Number of metric datapoints per month = 100 devices x 4 metrics x 2 datapoints per hour x 24 hours per day x 30 days per month = 0.576M
Charges = 0.576M metric datapoints x $0.025 per 100K metric datapoints = $0.14 per month

ML Detect

You have 20 devices and they are reporting 6 metrics at the rate of 2 datapoints per hour with ML Detect turned on. Your cost for ML Detect would be calculated as:
Number of metric datapoints per month = 20 devices x 6 metrics x 2 datapoints per hour x 24 hours per day x 30 days per month = 172.8K
Charges = 172.8K metric datapoints x $2.00 per 100K metric datapoints = $3.46 per month

If you increase your devices to 100 and they are reporting 6 metrics at the rate of 2 datapoints per hour with ML Detect turned on, your cost for ML Detect would be calculated as:
Number of metric datapoints per month = 100 devices x 6 metrics x 2 datapoints per hour x 24 hours per day x 30 days per month = 864K
Charges = 300K metric datapoints x $2.00 per 100K metric datapoints + (864-300)K metric datapoints x $0.75 per 100K metric datapoints = $10.23 per month

Total monthly charges for AWS IoT Device Defender

Your total monthly cost for AWS IoT Device Defender is as follows:

Total Monthly Charges = $0.11 Audit cost + $0.14 Rule Detect cost + $10.23 ML Detect cost (for 100 devices reporting 6 metrics) = $10.48

Discover more AWS IoT Device Defender features

Visit the features page
Ready to get started?
Sign up
Have more questions?
Contact us