By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Small Charge for Security Hub every day/

Small Charge for Security Hub every day

0

I am noticing a very small charge of $0.03 every day in my account even though SecurityHub is turned off in all my accounts in OU. I have followed the instructions as per AWS documentation to turn off Security Hub and I can confirm that it's not active.

I have also turned off Amazon Inspector checks and none of the services that are part of SecurityHub are enabled. I was wondering if you could guide me on where else I can look for the charge.

Security Hub ($) 0.03
Topics
Security Identity & ComplianceCloud Financial Management
Tags
AWS Security HubAmazon InspectorAWS Billing
Sri
asked 9 months ago42 views
4 Answers
0
Accepted Answer

I have also raised a ticket with AWS Support. The small charge has stopped approximately a week after disabling SecurityHub and removing Amazon Inspector checks. AWS Support team have advised that they will monitor for the next 3 days and then seek guidance from AWS engineers if required.

As of now, I don't see the charge anymore on my account.

Thank you all

Sri
answered 9 months ago
0

Hi. Good question.

https://aws.amazon.com/security-hub/pricing/

Based off the pricing, there are a few categories that may be generating cost:

  • Security Checks
  • Ingested Events

Have you done the following to disable security hub completely?

  • Disable Security Hub in the member accounts (Disabling Security Hub in an administrator account does not disable Security Hub for any associated member accounts).
  • Disable Security Hub in each region (To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.)
  • There's a specific order/complexity if you have integrated with Organizations (disassociating): https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-disable.html
jsonc
answered 9 months ago
  • Sri 9 months ago

    Thank you, I can confirm that I don't have SecurityHub enabled on any of my accounts in OU

0

Can you double check in the Config console if you have any Security Hub-related Config rules running?

Ely_K
answered 9 months ago
  • Sri 9 months ago

    Thank you for the response. Confirming that AWS Config is not enabled and no rules are running.

0

For future, you can use below script to scan all the services across all the region. it will scan everything. please include your service incase if missing :)

Clean up all the resources which cost money

import boto3

def lambda_handler(): ec2 = boto3.client('ec2')

# Get list of regions
regions = ec2.describe_regions().get('Regions',[] )

# Iterate over regions
for region in regions:
    
    # Running following for a particular region
    print ("*************** Checking region  --   %s " % region['RegionName'])
    reg=region['RegionName']
    
    
    ################################ Auto Scaling Groups ASG ####################################
    print ("+++++++++++++ Starting Auto Scaling Group now -----------------")
    clientAS = boto3.client('autoscaling', region_name=reg)
    result = clientAS.describe_auto_scaling_groups()
   
    
    for asg1 in result['AutoScalingGroups']:
        print ("About to delete %s | in %s" % (asg1['AutoScalingGroupName'], region['RegionName']))
    
        result = clientAS.delete_auto_scaling_group(AutoScalingGroupName=asg1['AutoScalingGroupName'], ForceDelete= True)
        # Notice the ForceDelete part
    
    
    ################################ Load Balancers ####################################    
    print ("+++++++++++++ Starting LoadBalancers now [NLB & ALB] -----------------")
    client = boto3.client('elbv2', region_name=reg)
    response = client.describe_load_balancers()
    
    for lb1 in response['LoadBalancers']:
        print ("About to delete %s | in %s" % (lb1['LoadBalancerArn'], region['RegionName']))
        response  = client.delete_load_balancer(LoadBalancerArn=lb1['LoadBalancerArn'])
        
        
    print ("+++++++++++++ Starting LoadBalancers now [Classic LB] -----------------")
    client = boto3.client('elb', region_name=reg)
    response = client.describe_load_balancers()
    
    for lb1 in response['LoadBalancerDescriptions']:
        print ("About to delete %s | in %s" % (lb1['LoadBalancerName'], region['RegionName']))
        response = client.delete_load_balancer(LoadBalancerName=lb1['LoadBalancerName'])
        
    
    print ("+++++++++++++ Starting Target Groups now -----------------")    
    client = boto3.client('elbv2', region_name=reg)
    response = client.describe_target_groups()
    
    for tg1 in response['TargetGroups']:
        print ("About to delete %s | in %s" % (tg1['TargetGroupArn'], region['RegionName']))
        response = client.delete_target_group(TargetGroupArn=tg1['TargetGroupArn'])
        
    
    ################################ VPC Components #################################### 
    print ("+++++++++++++ Starting NAT Gateways now -----------------") 
    client = boto3.client('ec2', region_name=reg)
    response = client.describe_nat_gateways()
    
    for ng1 in response['NatGateways']:
        print ("About to delete %s | in %s" % (ng1['NatGatewayId'], region['RegionName']))
        response = client.delete_nat_gateway(NatGatewayId=ng1['NatGatewayId'])
        
        
    ################################ EC2 & EBS ####################################
    print ("+++++++++++++ Starting EC2 Instances now -----------------") 
    client = boto3.client('ec2', region_name=reg)
    response = client.describe_instances()
    
    for reservation in response["Reservations"]:
        for instance in reservation["Instances"]:
            print ("About to delete %s | in %s" % (instance['InstanceId'], region['RegionName']))
            response = client.terminate_instances(InstanceIds=[instance['InstanceId']])
            
    
    print ("+++++++++++++ Starting EBS Volumes now -----------------") 
    client = boto3.client('ec2', region_name=reg)
    response = client.describe_volumes()
    
    for volume in response["Volumes"]:
        print ("About to delete %s | in %s" % (volume['VolumeId'], region['RegionName']))
        response = client.delete_volume(VolumeId=volume['VolumeId'])
    
	
	################################# DELETE S3 ############################################
    
    client = boto3.client('s3', region_name=reg)
    response = client.list_buckets()
    for bucket in response['Buckets']:
        s3 = boto3.resource('s3')
        s3_bucket = s3.Bucket(bucket['Name'])
        print ("About to delete %s " % s3_bucket)
        bucket_versioning = s3.BucketVersioning(bucket['Name'])
        if bucket_versioning.status == 'Enabled':
            s3_bucket.object_versions.delete()
        else:
            s3_bucket.objects.all().delete()
        response = client.delete_bucket(Bucket=bucket['Name'])
		
	#for cluster in result ["rds"]:
		#print ("About to delete %s | in %s" % (cluster['DBInstanceIdentifier']))
		#response = client.delete_db_instance(DBInstanceIdentifier=cluster['DBInstanceIdentifier'])

lambda_handler()

Maulik_Makadiya
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions