Cloud provider charges

Your cloud provider will charge you for Cloud Optix activity that collects or sends log data. The charge depends on usage and amount of data.

We recommend that you do as follows:

  • Monitor the charges in your cloud provider dashboard.
  • If you have a Cloud Optix trial, consider using a cloud environment that generates less log data.

This is how Cloud Optix uses data and why you might incur charges:

  1. Cloud Optix creates an access IAM role (AWS), access key (Azure), or service account (GCP).

    This enables Cloud Optix to use the cloud provider’s APIs to perform continuous assessment and to provide an inventory of resources.

    Cloud providers don’t usually charge for this.

  2. Cloud Optix enables logs (if not enabled already) and sets up continuous streaming of log data to Cloud Optix.

    This collects admin activity logs (for example AWS CloudTrail) and Network Flow Logs, to provide the network traffic view, anomaly detection alerts, and more.

    Cloud providers do charge for this.

    Note If you’re concerned about provider charges, you can choose not to enable logs, but you’ll lose some Cloud Optix functionality. Use the Custom settings on the Add an environment page.
    Tip In AWS, the first CloudTrail is free, but subsequent CloudTrails incur additional cost. You can customize the Cloud Optix setup to reuse an existing CloudTrail.

Here are more details of charges for each stage in log streaming.

Network Flow Logs

All Cloud providers charge for Network Flow Logs. Please see the following references for guidance on flow log pricing from each cloud provider.

AWS: https://aws.amazon.com/cloudtrail/pricing/

https://aws.amazon.com/about-aws/whats-new/2018/01/cloudwatch-introduces-tiered-pricing-with-up-to-90-percent-discount-for-vpc-flow-logs-and-other-vended-logs/

Azure: https://azure.microsoft.com/en-us/pricing/details/network-watcher/

GCP: https://cloud.google.com/stackdriver/

Log routing

AWS: https://aws.amazon.com/cloudwatch/pricing/

Azure: https://azure.microsoft.com/en-us/pricing/details/storage/

GCP: https://cloud.google.com/storage/pricing

Serverless functions

A serverless function (created in your environment by Cloud Optix) is triggered when new logs reach CloudWatch, Azure storage or GCP sink. This takes the logs and sends them via https to the Cloud Optix service.

Cloud providers charge for serverless functions on the basis of usage.

AWS: https://aws.amazon.com/lambda/pricing/

Azure: https://azure.microsoft.com/en-us/pricing/details/functions/

GCP: https://cloud.google.com/functions/pricing

Data transfer to Cloud Optix

The Cloud Optix service is hosted in the AWS US-West region. Cloud providers may charge for data transfer to the service in this region.

AWS: https://aws.amazon.com/lambda/pricing/

Azure: https://azure.microsoft.com/en-us/pricing/details/bandwidth/

GCP: https://cloud.google.com/pricing/list