AWS
Please note:
- Amazon Web Services (AWS) GovCloud and China regions are also supported.
- Free trials and free tiers, which are usually not a significant part of cloud costs, are ignored. This because Infracost can only see the Terraform projects it is run against but free tiers are account-wide and there are often multiple Terraform projects in an account.
- On-demand prices are used by default. You can also model EC2 Reserved Instances via the usage file.
Please create a GitHub issue if the resource you want isn't supported or your cost estimate looks wrong.
Paid resources
There are Terraform resources that Infracost supports, and AWS charges for.
Service name | Main Terraform resources | Notes |
---|---|---|
API Gateway | aws_api_gateway_rest_api , aws_api_gateway_stage , aws_apigatewayv2_api | |
Application Auto Scaling | aws_appautoscaling_target | |
Backup | aws_backup_vault | AWS Storage Gateway Volume Backup prices could not be found in the AWS pricing data. |
Certificate Manager (ACM) | aws_acmpca_certificate_authority , aws_acm_certificate | |
CloudFormation | aws_cloudformation_stack , aws_cloudformation_stack_set | |
CloudFront | aws_cloudfront_distribution | |
CloudTrail | aws_cloudtrail | |
CloudWatch | aws_cloudwatch_dashboard , aws_cloudwatch_log_group , aws_cloudwatch_metric_alarm | |
CodeBuild | aws_codebuild_project | |
Config | aws_config_config_rule , aws_config_configuration_recorder , aws_config_organization_custom_rule , aws_config_organization_managed_rule | |
Data transfer | Use aws_data_transfer.my_region in the usage file | Most expensive price tier is used. |
Database Migration Service (DMS) | aws_dms_replication_instance | |
Direct Connect | aws_dx_gateway_association , aws_dx_connection | |
Directory Service | aws_directory_service_directory | |
DocumentDB | aws_docdb_cluster , aws_docdb_cluster_instance , aws_docdb_cluster_snapshot | |
DynamoDB | aws_dynamodb_table , aws_appautoscaling_target | DAX is not yet supported. |
Elastic Compute Cloud (EC2) | aws_instance , aws_ebs_volume , aws_ebs_snapshot , aws_ebs_snapshot_copy , aws_autoscaling_group , aws_eip , aws_ec2_host | Costs associated with marketplace AMIs are not supported. For non-standard Linux AMIs such as Windows, operating_system should be specified in the usage file, windows , rhel and suse are supported. Reserved instance settings can also be set in the usage file. EC2 detailed monitoring assumes the standard 7 metrics and the most expensive price tier for CloudWatch. If a root volume is not specified then an 8Gi gp2 volume is assumed. Most expensive price tier is used for EBS IOPS. |
Elastic Container Registry (ECR) | aws_ecr_repository | |
Elastic Container Service (ECS) | aws_ecs_service | When using with EC2, number of instances in aws_autoscaling_group can be set in the usage file |
Elastic File Storage (EFS) | aws_efs_file_system | |
Elastic Load Balancing | aws_alb , aws_lb , aws_elb | |
Elastic Kubernetes Service (EKS) | aws_eks_cluster , aws_eks_fargate_profile , aws_eks_node_group | Reserved instance settings can be set in the usage file. |
ElastiCache | aws_elasticache_cluster , aws_elasticache_replication_group , aws_appautoscaling_target | |
Elasticsearch Service | aws_elasticsearch_domain | |
Elastic Beanstalk Environment | aws_elastic_beanstalk_environment | |
EventBridge | aws_cloudwatch_event_bus | |
FSx for OpenZFS | aws_fsx_openzfs_file_system | |
FSx for Windows File Server | aws_fsx_windows_file_system | Data deduplication is not supported by Terraform. |
Global Accelerator | aws_globalaccelerator_accelerator , aws_globalaccelerator_endpoint_group | |
Glue | aws_glue_catalog_database ,aws_glue_crawler , aws_glue_job | |
Key Management Service (KMS) | aws_kms_external_key , aws_kms_key | |
Kinesis | aws_kinesis_analytics_application , aws_kinesisanalyticsv2_application , aws_kinesisanalyticsv2_application_snapshot , aws_kinesis_firehose_delivery_stream | Terraform doesn’t currently support Analytics Studio, but when it does they will require 2 orchestration KPUs. |
Lambda | aws_lambda_function | Provisioned concurrency is not yet supported. |
Lightsail | aws_lightsail_instance | |
Managed Workflows for Apache Airflow | aws_mwaa_environment | |
MQ | aws_mq_broker | |
Neptune | aws_neptune_cluster , aws_neptune_cluster_instance , aws_neptune_cluster_snapshot | |
Network Firewall | aws_networkfirewall_firewall | |
Redshift | aws_redshift_cluster | |
Relational Database Service (RDS) | aws_rds_cluster , aws_db_instance , aws_rds_cluster_instance | Reserved instance settings can also be set in the usage file for both aws_rds_cluster_instance and aws_db_instance resource types. |
Route 53 | aws_route53_record , aws_route53_zone , aws_route53_resolver_endpoint , aws_route53_health_check | |
Secrets Manager | aws_secretsmanager_secret | |
Simple Notification Service (SNS) | sns_topic sns_topic_subscription | |
Simple Queue Service (SQS) | aws_sqs_queue | Most expensive price tier is used. |
Simple Storage Service (S3) | aws_s3_bucket , aws_s3_bucket_inventory , aws_s3_bucket_analytics_configuration , aws_s3_bucket_lifecycle_configuration | Most expensive price tier is used. S3 replication time control data transfer, and batch operations are not supported by Terraform. |
Simple Systems Manager (SSM) | aws_ssm_parameter , aws_ssm_activation | |
Step Functions | aws_sfn_state_machine | |
Transfer Family | aws_transfer_server | |
Virtual Private Cloud/Network (VPC, VPN, PrivateLink, Transit Gateway) | aws_ec2_client_vpn_endpoint , aws_ec2_client_vpn_network_association , aws_ec2_traffic_mirror_session , aws_ec2_transit_gateway_peering_attachment , aws_ec2_transit_vpc_attachment , aws_nat_gateway , aws_vpc_connection , aws_vpc_endpoint , aws_vpn_connection | |
Web Application Firewall (WAF) | aws_waf_web_acl , aws_wafv2_web_acl |
Free resources
There are Terraform resources that Infracost supports, and we classify as free.
Terraform resources |
---|
aws_acm_certificate_validation |
aws_alb_listener_certificate |
aws_alb_listener_rule |
aws_alb_listener |
aws_alb_target_group_attachment |
aws_alb_target_group |
aws_api_gateway_account |
aws_api_gateway_api_key |
aws_api_gateway_authorizer |
aws_api_gateway_base_path_mapping |
aws_api_gateway_client_certificate |
aws_api_gateway_deployment |
aws_api_gateway_documentation_part |
aws_api_gateway_documentation_version |
aws_api_gateway_domain_name |
aws_api_gateway_integration |
aws_api_gateway_method_response |
aws_api_gateway_method_settings |
aws_api_gateway_method |
aws_api_gateway_model |
aws_api_gateway_request_validator |
aws_api_gateway_resource |
aws_api_gateway_response |
aws_api_gateway_usage_plan_key |
aws_api_gateway_usage_plan |
aws_api_gateway_vpc_link |
aws_apigatewayv2_api_mapping |
aws_apigatewayv2_authorizer |
aws_apigatewayv2_deployment |
aws_apigatewayv2_domain_name |
aws_apigatewayv2_integration_response |
aws_apigatewayv2_integration |
aws_apigatewayv2_model |
aws_apigatewayv2_route_response |
aws_apigatewayv2_route |
aws_apigatewayv2_stage |
aws_apigatewayv2_vpc_link |
aws_appautoscaling_policy |
aws_appautoscaling_scheduled_action |
aws_app_cookie_stickiness_policy |
aws_backup_global_settings |
aws_backup_plan |
aws_backup_region_settings |
aws_backup_selection |
aws_backup_vault_notifications |
aws_backup_vault_policy |
aws_cloudformation_stack_set_instance |
aws_cloudformation_type |
aws_cloudfront_origin_access_identity |
aws_cloudfront_public_key |
aws_cloudwatch_event_permission |
aws_cloudwatch_event_rule |
aws_cloudwatch_event_target |
aws_cloudwatch_log_destination_policy |
aws_cloudwatch_log_destination |
aws_cloudwatch_log_metric_filter |
aws_cloudwatch_log_resource_policy |
aws_cloudwatch_log_stream |
aws_cloudwatch_log_subscription_filter |
aws_codebuild_report_group |
aws_codebuild_source_credential |
aws_codebuild_webhook |
aws_config_aggregate_authorization |
aws_config_configuration_aggregator |
aws_config_configuration_recorder_status |
aws_config_delivery_channel |
aws_config_remediation_configuration |
aws_customer_gateway |
aws_db_instance_role_association |
aws_db_option_group |
aws_db_parameter_group |
aws_db_subnet_group |
aws_default_network_acl |
aws_default_route_table |
aws_default_security_group |
aws_default_subnet |
aws_default_vpc_dhcp_options |
aws_default_vpc |
aws_dms_replication_subnet_group |
aws_dms_replication_task |
aws_docdb_cluster_parameter_group |
aws_docdb_subnet_group |
aws_dx_bgp_peer |
aws_dx_gateway_association_proposal |
aws_dx_gateway |
aws_dx_hosted_private_virtual_interface_accepter |
aws_dx_hosted_private_virtual_interface |
aws_dx_hosted_public_virtual_interface_accepter |
aws_dx_hosted_public_virtual_interface |
aws_dx_hosted_transit_virtual_interface_accepter |
aws_dx_hosted_transit_virtual_interface |
aws_dx_lag |
aws_dx_private_virtual_interface |
aws_dx_public_virtual_interface |
aws_dx_transit_virtual_interface |
aws_dynamodb_table_item |
aws_ebs_default_kms_key |
aws_ebs_encryption_by_default |
aws_ec2_client_vpn_authorization_rule |
aws_ec2_client_vpn_route |
aws_ec2_tag |
aws_ec2_traffic_mirror_filter_rule |
aws_ec2_traffic_mirror_filter |
aws_ec2_traffic_mirror_target |
aws_ec2_transit_gateway_peering_attachment_accepter |
aws_ec2_transit_gateway_route_table_association |
aws_ec2_transit_gateway_route_table_propagation |
aws_ec2_transit_gateway_route_table |
aws_ec2_transit_gateway_route |
aws_ec2_transit_gateway_vpc_attachment_accepter |
aws_ec2_transit_gateway |
aws_ecr_lifecycle_policy |
aws_ecr_repository_policy |
aws_ecs_account_setting_default |
aws_ecs_capacity_provider |
aws_ecs_cluster |
aws_ecs_task_definition |
aws_egress_only_internet_gateway |
aws_efs_access_point |
aws_efs_file_system_policy |
aws_efs_mount_target |
aws_eip_association |
aws_elasticache_parameter_group |
aws_elasticache_security_group |
aws_elasticache_subnet_group |
aws_elasticsearch_domain_policy |
aws_elastic_beanstalk_application |
aws_elb_attachment |
aws_flow_log |
aws_glue_catalog_table |
aws_glue_classifier |
aws_glue_connection |
aws_glue_data_catalog_encryption_settings |
aws_glue_partition |
aws_glue_partition_index |
aws_glue_registry |
aws_glue_resource_policy |
aws_glue_schema |
aws_glue_security_configuration |
aws_glue_trigger |
aws_glue_user_defined_function |
aws_glue_workflow |
aws_iam_access_key |
aws_iam_account_alias |
aws_iam_account_alias |
aws_iam_account_password_policy |
aws_iam_group_membership |
aws_iam_group_policy_attachment |
aws_iam_group_policy |
aws_iam_group |
aws_iam_group |
aws_iam_instance_profile |
aws_iam_instance_profile |
aws_iam_openid_connect_provider |
aws_iam_policy_attachment |
aws_iam_policy |
aws_iam_policy |
aws_iam_role_policy_attachment |
aws_iam_role_policy |
aws_iam_role |
aws_iam_role |
aws_iam_saml_provider |
aws_iam_server_certificate |
aws_iam_server_certificate |
aws_iam_service_linked_role |
aws_iam_user_group_membership |
aws_iam_user_login_profile |
aws_iam_user_policy_attachment |
aws_iam_user_policy |
aws_iam_user_ssh_key |
aws_iam_user |
aws_iam_user |
aws_internet_gateway |
aws_iot_policy |
aws_key_pair |
aws_kms_alias |
aws_kms_ciphertext |
aws_kms_grant |
aws_lambda_alias |
aws_lambda_code_signing_config |
aws_lambda_event_source_mapping |
aws_lambda_function_event_invoke_config |
aws_lambda_layer_version |
aws_lambda_layer_version_permission |
aws_lambda_permission |
aws_launch_configuration |
aws_launch_template |
aws_lb_cookie_stickiness_policy |
aws_lb_listener_certificate |
aws_lb_listener_rule |
aws_lb_listener |
aws_lb_ssl_negotiation_policy |
aws_lb_target_group_attachment |
aws_lb_target_group |
aws_lightsail_domain |
aws_lightsail_key_pair |
aws_lightsail_static_ip_attachment |
aws_lightsail_static_ip |
aws_load_balancer_backend_server_policy |
aws_load_balancer_listener_policy |
aws_load_balancer_policy |
aws_main_route_table_association |
aws_mq_configuration |
aws_msk_configuration |
aws_neptune_cluster_parameter_group |
aws_neptune_event_subscription |
aws_neptune_parameter_group |
aws_neptune_subnet_group |
aws_network_acl_rule |
aws_network_acl |
aws_network_interface_attachment |
aws_network_interface_sg_attachment |
aws_network_interface |
aws_networkfirewall_rule_group |
aws_networkfirewall_firewall_policy |
aws_networkfirewall_logging_configuration |
aws_ram_principal_association |
aws_ram_resource_association |
aws_ram_resource_share_accepter |
aws_ram_resource_share |
aws_rds_cluster_endpoint |
aws_rds_cluster_parameter_group |
aws_resourcegroups_group |
aws_route53_resolver_dnssec_config |
aws_route53_resolver_query_log_config_association |
aws_route53_resolver_query_log_config |
aws_route53_resolver_rule_association |
aws_route53_resolver_rule |
aws_route53_zone_association |
aws_route_table_association |
aws_route_table |
aws_route |
aws_s3_access_point |
aws_s3_account_public_access_block |
aws_s3_acl |
aws_s3_bucket_metric |
aws_s3_bucket_notification |
aws_s3_bucket_object (costs are shown at the bucket level) |
aws_s3_bucket_ownership_controls |
aws_s3_bucket_policy |
aws_s3_bucket_public_access_block |
aws_secretsmanager_secret_policy |
aws_secretsmanager_secret_rotation |
aws_secretsmanager_secret_version |
aws_security_group_rule |
aws_security_group |
aws_service_discovery_service |
aws_ses_domain_dkim |
aws_ses_domain_identity |
aws_sns_platform_application |
aws_sns_sms_preferences |
aws_sns_topic_policy |
aws_sqs_queue_policy |
aws_ssm_association |
aws_ssm_maintenance_window_target |
aws_ssm_maintenance_window_task |
aws_ssm_maintenance_window |
aws_ssm_patch_baseline |
aws_ssm_patch_group |
aws_ssm_resource_data_sync |
aws_subnet |
aws_transfer_access |
aws_transfer_ssh_key |
aws_transfer_user |
aws_volume_attachment |
aws_vpc_dhcp_options_association |
aws_vpc_dhcp_options |
aws_vpc_endpoint_connection_notification |
aws_vpc_endpoint_route_table_association |
aws_vpc_endpoint_service_allowed_principal |
aws_vpc_endpoint_service |
aws_vpc_endpoint_subnet_association |
aws_vpc_ipv4_cidr_block_association |
aws_vpc_peering_connection_accepter |
aws_vpc_peering_connection_options |
aws_vpc_peering_connection |
aws_vpc |
aws_vpn_connection_route |
aws_vpn_gateway_attachment |
aws_vpn_gateway_route_propagation |
aws_vpn_gateway |
aws_waf_byte_match_set |
aws_waf_geo_match_set |
aws_waf_ipset |
aws_waf_rate_based_rule |
aws_waf_regex_match_set |
aws_waf_regex_pattern_set |
aws_waf_rule_group |
aws_waf_rule |
aws_waf_size_constraint_set |
aws_waf_sql_injection_match_set |
aws_waf_xss_match_set |
aws_wafv2_ip_set |
aws_wafv2_regex_pattern_set |
aws_wafv2_rule_group |
aws_wafv2_web_acl_association |
aws_wafv2_web_acl_logging_configuration |