Small Charge for Security Hub every day
I am noticing a very small charge of $0.03 every day in my account even though SecurityHub is turned off in all my accounts in OU. I have followed the instructions as per AWS documentation to turn off Security Hub and I can confirm that it's not active.
I have also turned off Amazon Inspector checks and none of the services that are part of SecurityHub are enabled. I was wondering if you could guide me on where else I can look for the charge.
Security Hub ($) 0.03
I have also raised a ticket with AWS Support. The small charge has stopped approximately a week after disabling SecurityHub and removing Amazon Inspector checks. AWS Support team have advised that they will monitor for the next 3 days and then seek guidance from AWS engineers if required.
As of now, I don't see the charge anymore on my account.
Thank you all
Hi. Good question.
https://aws.amazon.com/security-hub/pricing/
Based off the pricing, there are a few categories that may be generating cost:
- Security Checks
- Ingested Events
Have you done the following to disable security hub completely?
- Disable Security Hub in the member accounts (Disabling Security Hub in an administrator account does not disable Security Hub for any associated member accounts).
- Disable Security Hub in each region (To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.)
- There's a specific order/complexity if you have integrated with Organizations (disassociating): https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-disable.html
Can you double check in the Config console if you have any Security Hub-related Config rules running?
Thank you for the response. Confirming that AWS Config is not enabled and no rules are running.
For future, you can use below script to scan all the services across all the region. it will scan everything. please include your service incase if missing :)
Clean up all the resources which cost money
import boto3
def lambda_handler(): ec2 = boto3.client('ec2')
# Get list of regions
regions = ec2.describe_regions().get('Regions',[] )
# Iterate over regions
for region in regions:
# Running following for a particular region
print ("*************** Checking region -- %s " % region['RegionName'])
reg=region['RegionName']
################################ Auto Scaling Groups ASG ####################################
print ("+++++++++++++ Starting Auto Scaling Group now -----------------")
clientAS = boto3.client('autoscaling', region_name=reg)
result = clientAS.describe_auto_scaling_groups()
for asg1 in result['AutoScalingGroups']:
print ("About to delete %s | in %s" % (asg1['AutoScalingGroupName'], region['RegionName']))
result = clientAS.delete_auto_scaling_group(AutoScalingGroupName=asg1['AutoScalingGroupName'], ForceDelete= True)
# Notice the ForceDelete part
################################ Load Balancers ####################################
print ("+++++++++++++ Starting LoadBalancers now [NLB & ALB] -----------------")
client = boto3.client('elbv2', region_name=reg)
response = client.describe_load_balancers()
for lb1 in response['LoadBalancers']:
print ("About to delete %s | in %s" % (lb1['LoadBalancerArn'], region['RegionName']))
response = client.delete_load_balancer(LoadBalancerArn=lb1['LoadBalancerArn'])
print ("+++++++++++++ Starting LoadBalancers now [Classic LB] -----------------")
client = boto3.client('elb', region_name=reg)
response = client.describe_load_balancers()
for lb1 in response['LoadBalancerDescriptions']:
print ("About to delete %s | in %s" % (lb1['LoadBalancerName'], region['RegionName']))
response = client.delete_load_balancer(LoadBalancerName=lb1['LoadBalancerName'])
print ("+++++++++++++ Starting Target Groups now -----------------")
client = boto3.client('elbv2', region_name=reg)
response = client.describe_target_groups()
for tg1 in response['TargetGroups']:
print ("About to delete %s | in %s" % (tg1['TargetGroupArn'], region['RegionName']))
response = client.delete_target_group(TargetGroupArn=tg1['TargetGroupArn'])
################################ VPC Components ####################################
print ("+++++++++++++ Starting NAT Gateways now -----------------")
client = boto3.client('ec2', region_name=reg)
response = client.describe_nat_gateways()
for ng1 in response['NatGateways']:
print ("About to delete %s | in %s" % (ng1['NatGatewayId'], region['RegionName']))
response = client.delete_nat_gateway(NatGatewayId=ng1['NatGatewayId'])
################################ EC2 & EBS ####################################
print ("+++++++++++++ Starting EC2 Instances now -----------------")
client = boto3.client('ec2', region_name=reg)
response = client.describe_instances()
for reservation in response["Reservations"]:
for instance in reservation["Instances"]:
print ("About to delete %s | in %s" % (instance['InstanceId'], region['RegionName']))
response = client.terminate_instances(InstanceIds=[instance['InstanceId']])
print ("+++++++++++++ Starting EBS Volumes now -----------------")
client = boto3.client('ec2', region_name=reg)
response = client.describe_volumes()
for volume in response["Volumes"]:
print ("About to delete %s | in %s" % (volume['VolumeId'], region['RegionName']))
response = client.delete_volume(VolumeId=volume['VolumeId'])
################################# DELETE S3 ############################################
client = boto3.client('s3', region_name=reg)
response = client.list_buckets()
for bucket in response['Buckets']:
s3 = boto3.resource('s3')
s3_bucket = s3.Bucket(bucket['Name'])
print ("About to delete %s " % s3_bucket)
bucket_versioning = s3.BucketVersioning(bucket['Name'])
if bucket_versioning.status == 'Enabled':
s3_bucket.object_versions.delete()
else:
s3_bucket.objects.all().delete()
response = client.delete_bucket(Bucket=bucket['Name'])
#for cluster in result ["rds"]:
#print ("About to delete %s | in %s" % (cluster['DBInstanceIdentifier']))
#response = client.delete_db_instance(DBInstanceIdentifier=cluster['DBInstanceIdentifier'])
lambda_handler()
Relevant questions
Small Charge for Security Hub every day
Accepted Answerasked 5 months agoSecurity Hub - Disabled in all accounts
asked 2 months agoCannot add AWS Management Account as member of Security Hub
Accepted Answerasked 2 months agoMany buckets created by AWSConfig StackSet (required for SecurityHub)
Accepted Answerasked 2 months agoSecurityHub member accounts stuck in "Enabling in process" for over a day
asked 5 months agoControl Tower - Unable to add new account to the Security OU?
Accepted Answerasked 3 months agoVerification Team is disrupting my work .... again
asked 4 months agoAccount hacked, still charged with bill
asked 4 months agoAWS Organization account has consolidated billing but got multiple invoices?
asked 23 days agoReservedInstancesLimitExceeded error for a new account of existing organization
asked 23 days ago
Thank you, I can confirm that I don't have SecurityHub enabled on any of my accounts in OU