HAQM Verified Permissions Pricing
Pricing overview
HAQM Verified Permissions is a scalable permissions management and fine-grained authorization service for the applications that you build. Using Cedar, an expressive and analyzable open-source policy language, developers and administrators can define policy-based access controls by using roles and attributes for more granular, context-aware access control.
With HAQM Verified Permissions, you pay only for what you use. There are no upfront or minimum fees. There is no minimum number of requests that a customer must make to use HAQM Verified Permissions. The service supports Authorization and Policy Management.
Pricing
Region: US East (N. Virginia) – same pricing for all Regions
Single authorization requests
Single authorization requests are metered on a per API call basis. This means that each call to IsAuthorized or IsAuthorizedWithToken API is metered as one request.
| Usage type | Price per API request |
| Single Authorization Request | $0.000005 per API request |
In billing, each request made to these API’s is metered as a “SingleAuthorizationRequest”.
Batch authorization requests
Batch authorization requests are metered on a per API call basis. This means that each call to BatchIsAuthorized or BatchIsAuthorizedWithToken API is metered as one request, irrespective of the number of authorizations you make within the API request.
| Pricing tier (API requests per month) | Price per API request |
| First 40 million requests per month | $0.00015 per API request |
| Next 60 million requests per month | $0.000075 per API request |
| More than 100 million requests per month | $0.00004 per API request |
There is no minimum number of requests that you must make to use HAQM Verified Permissions. For example, if your application makes 1000 API requests to the BatchIsAuthorized API, then you are charged for 1000 requests ($0.00015 *1,000 requests = $0.15).
In billing, each batch authorization request is metered as a “AuthorizationRequest”
Policy management
Policy management requests, except for BatchGetPolicies, are also metered on a per API call basis. Each call to the CreatePolicy API, UpdatePolicy API, GetPolicy API, and ListPolicy API is metered as a single request. BatchGetPolicies is metered per policy returned. For example, calling the BatchGetPolicies API to return ten policies is metered as ten requests, and is price equivalent to calling the GetPolicy API ten times.
| Usage type | Price per API request |
| Policy management request | $0.00004 per policy management request |
Pricing examples (monthly)
A vendor management application based on a serverless architecture is using Verified Permissions to authorize requests. The application uses API Gateway and has secured APIs using the Verified Permissions quick start wizard. The application is used by 250 vendors to manage product information and inventory. Each vendor uses the application everyday which results in 1000 API calls to the application. Across all vendors the application makes 250,000 API requests daily. The application authorizes requests using an API Gateway Lambda authorizer deployed by the quick start wizard. Overall, the application calls Verified Permissions for 250k authorizations every weekday. Assuming 20 working days each month, the application makes 5M API calls to Verified Permissions.
| Usage type | Number of requests | Price per API request | Charge for the month |
| Single Authorization Requests | 5 million | $0.000005 | 5M * $0.000005 = $25 |
| Total Charges: $25 /month | |||
A pharmaceutical testing company with patient data is using Verified Permissions to filter privacy data using Verified Permissions to authorize access to private patient data attributes based on the API caller. Each patient has an average of 25 private attributes that need to be authorized before they can be displayed or updated. There are 10,000 active patients across all of the lab studies and their data is accessed 3 times per day to view or update vital statistics. The application uses the BatchAuthorization API and makes one API request to BatchIsAuthorized API when user views or updates patient data. The BatchAuthorization API request authorizes access to all 25 private attributes. As a result, they make 900,000 batch authorization request every month (assuming a 30-day month).
Verified Permissions is also used by the lab application to authorize requests to 20 assorted microservices. Each microservice is authorized 250k/month. The application uses the IsAuthorized API to authorize access within microservices.
Authorizations for Patient Data = 900k Authorization Requests/month
Authorizations for accessing Microservices: 250k API Requests/month * 20 microservices = 5M Single Authorization Requests /month
Total Authorization: 2.5M + 900k = 3.4M AuthZ/month
| Usage type | Number of requests | Price per API request | Charge for the month |
| Single Authorization Requests | 5 million | $0.000005 | 5M * $0.000005 = $25 |
| First 40 million authorization requests (BatchIsAuthorized or BatchIsAuthorizedWithToken API) | 900K | $0.00015 | 900k * $0.00015 = $135 |
| Total Charges: $160 /month | |||
A high-frequency trading application requires a high volume of trade authorizations with the lowest latency. The application uses the avp-local-agent to evaluate authorizations inside the application to reduce network latency and provide the fastest response times. The agent performs 200M authorizations per month. To ensure the latest policies are being used, the avp-local-agent has been configured to update its policy cache every 2 minutes. The agent makes a single API call to Verified Permissions per policy to refresh the cache. Assuming there are 10 policies and a 30-day month, each agent makes 216,000 calls per month. There are 20 agents running in the server farm, resulting in 4.32M policy management actions every month.
200M authZ/month * $0 agent authorization = $0
20 agents * 216,000 policy requests/month/agent = 4.32M Policy management actions
| Usage Type | Number of requests | Price per API request | Charge for the month |
| Policy management requests | 4.32 million | $0.00004 | 4.32M * $0.00004 = $172.80 |
| Total Charges: $172.80 /month | |||
In billing, each request made to these API’s is metered as a “SingleAuthorizationRequest".
Additional pricing resources
Easily calculate your monthly costs with AWS
Contact AWS specialists to get a personalized quote