GuardDuty pricing investigation

Question

A customer is using S3 and Glue Job to combine all the files in their s3.  
As it stands their s3 cost is almost half of guard duty and glue job.

Is there a way to find out what made the guard duty cost to go up? I mean it tells me the usage ie. this bucket but thats pretty much it, what was scan etc there is no informaiton on that, and why almost double the cost of the data that is there.

I can tell the customer not to use s3 data events for guard duty by turning it off, not something I want to do, but just trying to understand if there is a way to tell or visualize why the cost almost double of the data there.

Accepted Answer

When enabling GuardDuty for S3, GD starts looking for S3 Data Events, e.g. GetObject, ListObjects, DeleteObject, and PutObject API operations. They are often high-volume activities, especially if used in the context of ETL processes.

You can find more details by creating a Cost Usage Report (CUR) and filter by `product/group = Security Services - Amazon GuardDuty Paid S3 Data Events Processed`. If you are using tags, you can get a more granular view of which buckets are contributing the most (this is also available from the Events section in the GD console)

GuardDuty pricing investigation

相关内容