Cost of Running Access Analysis

Access analysis involves monitoring access logs for S3 buckets, RDS datastores and so on. The cost of running this service is completely variable depending on the actual access volumes for the particular datastore. We recommend enabling on access analysis on datastores incrementally in batches, monitor the costs of the access log collection, and then enabling the next batch of datastores.

The primary costs are:
Compute: the Acante Cloudtrail or Cloudwatch lambda service that picks up the logs, filters them, redacts any sensitive data and sends over the reduced logs to Acante log. AWS lambda pricing is document here.
Cloudtrail (S3) Trail : AWS costs of turning on Cloudtrail for a bucket. AWS pricing is documented here
Cloudwatch (RDS) : AWS costs of turning on Cloudwatch access logs for a RDS platform instance. AWS pricing is documented here

All the above resources are tagged with the Acante default (managedBy = acante) or custom tags. The tags can be used for granular cost monitoring as documented here.