Skip to main content

ShieldCraft AI Pricing

Compare tiers to preview scope, run-rate and the services each IaC template implements.

Guard Suite bundle. Bundle VectorScan, VectorGuard, ComputeGuard, and ModelGuard with any growth or enterprise engagement to keep telemetry, guardrails, and model assurance aligned with the spend shown below. The Guard Suite CLI and blueprints map 1:1 to these tiers, so you can pilot in dev without triggering large downloads or hidden costs.

View Guard Suite pricingDownload VectorScan CLI
Starter
Launch GuardDuty-backed telemetry, ingestion, and curated storage.
Fastest time-to-value
Airbyte (ECS)
Airbyte (ECS)
ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.
EventBridge
EventBridge
$1
ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.
S3
S3
$9
ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.
Glue
Glue
$5
ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.
IAM
IAM
ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.
Lake Formation
Lake Formation
ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.
Lambda
Lambda
$3
ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.
Security Hub
Security Hub
$5
ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.
Step Functions
Step Functions
$2
ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.
CN
Cloud Native Hardening
$5
ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.
Growth
Scale data plane, ML ops, and cross-account automations.
Scale telemetry & automation
Airbyte (ECS)
Airbyte (ECS)
$120
ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.
EventBridge
EventBridge
$10
ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.
MSK
MSK
$548
ShieldCraft streams high-volume telemetry through MSK for durable replay, feature backfills, and cross-account consumers.
OpenSearch Service
OpenSearch Service
$62
ShieldCraft indexes enriched findings and behavioral baselines in OpenSearch to power threat hunts, dashboards, and analyst search.
S3
S3
$36
ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.
SageMaker
SageMaker
$90
ShieldCraft trains, evaluates, and serves detection plus generative models on SageMaker pipelines with managed endpoints.
Glue
Glue
$45
ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.
IAM
IAM
ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.
Lake Formation
Lake Formation
$5
ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.
Lambda
Lambda
$25
ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.
Security Hub
Security Hub
$25
ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.
Step Functions
Step Functions
$20
ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.
CN
Cloud Native Hardening
$30
ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.
Enterprise
Operate with global guardrails, auto-scaling compute, and proactive defenses.
Global resilience & compliance
Airbyte (ECS)
Airbyte (ECS)
$360
ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.
Detective
Detective
ShieldCraft pivots GuardDuty findings and CloudTrail trails into Detective to accelerate graph-based investigations and root-cause analysis.
EventBridge
EventBridge
$100
ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.
Inspector
Inspector
ShieldCraft automates Inspector agent assessments and ECR/CWPP scans on every deployment cycle to surface drift or CVEs.
MSK
MSK
$1 971
ShieldCraft streams high-volume telemetry through MSK for durable replay, feature backfills, and cross-account consumers.
OpenSearch Service
OpenSearch Service
$939
ShieldCraft indexes enriched findings and behavioral baselines in OpenSearch to power threat hunts, dashboards, and analyst search.
S3
S3
$105
ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.
SageMaker
SageMaker
$805
ShieldCraft trains, evaluates, and serves detection plus generative models on SageMaker pipelines with managed endpoints.
AS
Attack Simulation
ShieldCraft executes AWS FIS-based attack simulations to validate coverage, runbooks, and blast-radius assumptions.
Artifact
Artifact
ShieldCraft curates compliance evidence and AWS Artifact audit packages so GRC teams can respond to questionnaires instantly.
Budgets
Budgets
ShieldCraft wires Budgets alerts into FinOps dashboards and runbooks to enforce per-tier spend guardrails.
CodePipeline
CodePipeline
ShieldCraft’s landing zone and model updates flow through CodePipeline with security gating, canary deploys, and manual approvals.
Config
Config
ShieldCraft runs Config conformance packs and custom rules to spot drift, feeding governance dashboards and auto-remediation.
Control Tower
Control Tower
ShieldCraft integrates with Control Tower guardrails and account vending to align environments with enterprise landing zones.
Glue
Glue
$180
ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.
IAM
IAM
ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.
IAM Identity Center
IAM Identity Center
ShieldCraft centralizes workforce access through Identity Center, mapping your IdP groups into least-privilege permission sets across accounts.
Lake Formation
Lake Formation
$50
ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.
Lambda
Lambda
$200
ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.
Secrets Manager
Secrets Manager
ShieldCraft rotates connector credentials, inference keys, and shared secrets in Secrets Manager with full audit trails.
Security Hub
Security Hub
$200
ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.
Shield Advanced
Shield Advanced
ShieldCraft leans on Shield Advanced for managed DDoS detection, telemetry, and rapid escalation into the global SOC.
Step Functions
Step Functions
$200
ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.
CN
Cloud Native Hardening
$200
ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.
DQ
Data Quality
ShieldCraft’s Proton add-on seeds Glue Data Quality monitors and scorecards across high-value tables to keep pipelines trustworthy.

Deployment playbooks

No shared tenancyYou keep the encryption keysRunbook-driven cutovers
Landing zone native
Deploy to Your AWS

Seamlessly integrate ShieldCraft into existing AWS accounts while data stays inside your boundary. We layer onto your tagging model, guardrails, and security controls for a non-disruptive rollout.

  • Multi-account, multi-region ready
    Proton blueprints coordinate dev/staging/prod accounts in parallel with cross-region replication and audit-ready logging.
  • Least-privilege & encrypted-by-default
    IAM boundaries, KMS policies, and automated drift detection keep the control plane secure without slowing shipping velocity.
  • Control Tower & Organizations aligned
    Supports account factories, SCPs, and shared logging buckets so you inherit your existing landing zone baselines.
Control TowerOOrganizationsIAMEventBridge
Launch window: 2–4 weeks including security and tagging workshops.
Disconnected ready
On-Premises / Air-Gapped

Bring ShieldCraft to where your data resides. Deploy on Kubernetes or VMware with S3-compatible storage and Kafka/OpenSearch equivalents, backed by hardened images and offline updates.

  • Kubernetes or VMware footprint
    Validated Helm charts and OVA bundles fit into regulated DMZ or factory zones with limited egress.
  • S3-compatible & Kafka integrations
    Adapters sync with MinIO, Ceph, or Confluent so pipelines run without rewriting ingestion flows.
  • Offline update pipeline
    Signed update bundles, artifact mirrors, and hardware key support keep air-gapped estates current.
S3MSKOpenSearch ServiceLambda
Delivery kit includes hardened container registry exports and detached CI/CD playbooks.