Views:
Estimate the costs of using Amazon ECS for your container environment. All cost estimations are for one account per month with all features enabled.
Note
Note
The following data is an estimate provided with no guarantees. Changes to Amazon ECS pricing, or differences between environments, might incur costs that are inconsistent with the estimated costs.
You can use these estimates as a baseline to project costs for your environment, adjusting proportionally based on your number of accounts, regions, images, clusters, nodes, and services.
The cost grows proportionally with the size of the ECS resources in your environment. The table below is an estimation for an account with the following attributes:
  • 1 AWS account and 1 region
  • 1000 unique images
  • 10 ECS clusters
    • 100 EC2 nodes
    • 100 Fargate services

Root Stack

The root stack cost is under a dollar per month.

Regional Stack

The following table summarizes the cost estimate of each ECS protection feature with a non-negligible cost. The lambda execution times and the amount of logs stored that are used to calculate the estimates are based on values observed in a test environment.
Note
Note
The runtime security feature deploys a daemon service on each EC2 node and attaches the sensor as a sidecar container for Fargate services. While the sensor itself does not incur separate charges, it does consume compute resources that may require you to scale up your EC2 instances or increase Fargate task allocations, which could potentially impact your overall costs.
Feature
Cost estimate
Additional information
Vulnerability scanning
Scan lambda:
  • 1000 daily scans
  • 10000ms lambda execution time
  • 0.01MB of CloudWatch logs per invocation
  • Total: Around USD.8.00
The cost is proportional to the number of unique images found in tasks running in your clusters.
Almost all of the cost comes from the ScanLambda invoked on each image scan.
Runtime security
ECS Fargate tasks patcher:
  • 1000ms execution time
  • 1000 daily lambda invocations
  • 0.01MB of logs per invocation
  • Total: Around USD.0.40
Runtime sensors logs:
  • 200 sensors running
  • 0.05MB of logs per hour
  • Total: Around USD.3.60
Clusters authorization token storage:
  • 10 clusters with 1 secret each
  • Total: Around USD.4.00
Most of the cost is proportional to the amount of runtime events triggered by the cluster. Each runtime detection is logged to CloudWatch.
A small portion of the cost is proportional to the frequency of updates to your ECS services. A lambda monitors each event to attach the runtime security sensor to Fargate services.
Each ECS cluster has an authentication token stored in their associated secrets manager.
Core infrastructure
Security manager lambda:
  • 8640 monthly invocations
  • 10000ms average duration
  • 0.2MB of logs per invocation
  • Total: Around USD.3.50
Authorization token:
  • 1 secret for security manager lambda authentication
  • Total: Around USD.0.40
Other resources deployed have either a negligible or a small fixed cost.
Only resources with more than USD.0.10 monthly cost are included.
Total Total: Around USD.20.00