High GuardDuty costs involving CloudTrail

Besides getting the cost reviewed through support case, here are some ways that you can use to reduce CloudTrail and GuardDuty costs:

• CloudTrail cost is based on the number of events in the CloudTrail trail you created, so removing the unused trails should help reduce the cost in both staging and production account to some extent. I suggest you use Cost Explore to view the detailed CloudTrail cost and usage. Here is a reference article that you can refer to: Why did my CloudTrail cost and usage increase unexpectedly?.
• AWS has a best-practice document (Managing CloudTrail trail costs) that can be used to optimize the CloudTrail trail cost, you can take a look if you have not.

GuardDuty cost is closely related to the workload in your AWS environment and the number of protections you enabled. Here are some possible ways to reduce GuardDuty cost:

• Besides using the above way to reduce the CloudTrail cost, enabling GuardDuty only in accounts and regions that have active workloads (or have critical workloads if more cost reduction is needed) can help.
• GuardDuty have optional protections (S3, EKS, RDS etc.), you can check if any of them are enabled and disable the protections that are not required. CloudTrail logs and events are foundational data sources for GuardDuty so there is no option to stop GuardDuty from processing CloudTrail logs and events.

Hope the above suggestions can help you lowe the cost.

Hello,

Sorry to hear about the trouble with this. I'd recommend reaching out to our Billing team for further assistance. You can open a case, in our Support Center: go.aws/support-center:

— Ann D.