Amazon Verified Permissions Pricing
Amazon Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and administrators can define policy-based access controls by using roles and attributes for more granular, context-aware access control.
With Verified Permissions, you pay only for what you use. There are no upfront or minimum fees. There is no minimum number of requests that a customer must make to use Amazon Verified Permissions. The service supports Authorization and Policy Management.
Authorization requests are metered on a per API call basis. Each call to the IsAuthorized API, BatchIsAuthorized API, IsAuthorizedWithToken API, and BatchIsAuthorizedWithToken API counts as a single request. For example, a call to the BatchIsAuthorized API is metered as a single request, irrespective of the number of authorizations within the request.
Policy management requests, except for BatchGetPolicies, are also metered on a per API call basis. For example, each call to the CreatePolicy API, UpdatePolicy API, GetPolicy API, and ListPolicy API is metered as a single request. BatchGetPolicies is metered per policy returned. For example, calling the BatchGetPolicies API to return ten policies is metered as ten requests, and is price equivalent to calling the GetPolicy API ten times.
Pricing
Region: US East (N. Virginia) – same pricing for all Regions
Pricing tier (authorization requests per month) | Price per request |
First 40 million requests per month | $0.00015 per authorization request |
Next 60 million requests per month | $0.000075 per authorization request |
More than 100 million requests per month | $0.00004 per authorization request |
Policy management requests | $0.00004 per policy management request |
There is no minimum number of requests that you must make to use Amazon Verified Permissions. For example, if your application makes 1000 authorization requests, then you are charged for 1000 requests ($0.00015 * 1,000 requests = $0.15).
Pricing examples (monthly)
A vendor management application based on a serverless architecture is using Verified Permissions to authorize requests. The application uses API Gateway and has secured APIs using the Verified Permissions quick start wizard. The application is used by 250 vendors to manage product information and inventory. Each vendor uses the application everyday which results in 1000 API calls to the application. Across all vendors the application makes 250,000 API requests daily. The application authorizes requests using an API Gateway Lambda authorizer deployed by the quick start wizard. The quick start wizard automatically sets up authorization decision caching in API Gateway, and 70% of API requests are authorized from the cache. Overall, the application calls Verified Permissions for 75k authorizations every weekday (30% of 250k API requests). Assuming 20 working days each month, the application makes 1.5M API calls to Verified Permissions.
Usage type | Number of requests | Price per request | Charge for the month |
First 40 million authorization requests | 1.5 million | $0.00015 | 1.5M * $0.00015M = $225 |
Total Charges: $225 /month |
A pharmaceutical testing company with patient data is using Verified Permissions to filter privacy data using Verified Permissions to authorize access to private patient data attributes based on the API caller. Each patient has an average of 25 private attributes that need to be authorized before they can be displayed or updated. There are 10,000 active patients across all of the lab studies and their data is accessed 3 times per day to update vital statistics. (900,000 AuthZ/month, assuming a 30-day month). Since each attribute needs to be authorized, this results in 22.5M authorizations/month. Verified Permissions is also used by the lab application to authorize requests to 20 assorted microservices. These services are called 125k/month. The application does not employ caching, but it does use batch authorization on access calls for private data attributes.
Authorizations for Patient Data: (22.5M AuthZ/month) / (25 AuthZ per batch) = 900k AuthZ/month
Authorizations for accessing Microservices: 125k API Requests/month * 20 microservices = 2.5M AuthZ/month
Total Authorization: 2.5M + 900k = 3.4M AuthZ/month
Usage type | Number of requests | Price per request | Charge for the month |
First 40 million authorization requests | 3.4 million | $0.00015 | 3.4M * $0.00015 = $510 |
Total Charges: $510 /month |
A high-frequency trading application requires a high volume of trade authorizations with the lowest latency. The application uses the avp-local-agent to evaluate authorizations inside the application to reduce network latency and provide the fastest response times. The agent performs 200M authorizations per month. To ensure the latest policies are being used, the avp-local-agent has been configured to update its policy cache every 2 minutes. The agent makes a single API call to Verified Permissions per policy to refresh the cache. Assuming there are 10 policies and a 30-day month, each agent makes 216,000 calls per month. There are 20 agents running in the server farm, resulting in 4.32M policy management actions every month.
200M authZ/month * $0 agent authorization = $0
20 agents * 216,000 policy requests/month/agent = 4.32M Policy management actions
Usage type | Number of requests | Price per request | Charge for the month |
First 40 million authorization requests | 4.32 million | $0.00004 | 4.32M * $0.00004 = $172.8 |
Total Charges: $172.8 /month |
Additional pricing resources
Easily calculate your monthly costs with AWS
Contact AWS specialists to get a personalized quote